Programs on task manager but not working

June 15, 2013 at 19:28:24
Specs: Windows 7
Hi there,

I have a problem with some programs on my computer, it started with firefox, but now an other program is inflicted as well "Shotonline" (a golf game)

When i'm trying to launch these programs they appear on the task manager, but won't work.

I checked on different website, the symptoms are similar to a virus called "PoisonIvy", i've tried the different process explained but couldn't find the virus, so i'm not sure if the problem really comes from there or if it's something else...

I tried desinstalling and reinstalling firefox and the other program, but the problem still persists.

I ran a full scan of my computer with Malwarebytes Anti-malware but it found nothing.

Edit: I can't use mozilla, but can use IE without problem.

Does anyone know where the problem(s) might come from? Any idea on how to locate and fix the problem(s)?

Thanks for reading me, and the time spent on helping me.

Have a great day.


See More: Programs on task manager but not working

Report •


#1
June 15, 2013 at 20:43:51
Does your system meet the recommended requirements?
http://shotonline.gamescampus.com/d...

CPU - Pentium 4 - 2.4 GHz or better.
RAM - 1GB or better.


Report •

#2
June 15, 2013 at 22:17:45
Yes, i played for quite a while, but the last 2 months i went back home. leaving my computer here (no one was using it), i just put it back last week.

Since i put back the computer i used firefox once, even played one game of shotonline. But the next day i couldn't use any of them. I'm not sure if it's the same problem but they both appear on the task manager.


Report •

#3
June 15, 2013 at 23:08:04
"I ran a full scan of my computer with Malwarebytes Anti-malware but it found nothing"

Lets do some more checks.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

Related Solutions

#4
June 16, 2013 at 00:07:53
Thank you, i've done the Unhide scan, i'll post my log here. I'll download the ESET right after rebooting and do the scan before sleeping tonight as it seems it will take a while

Program started at: 06/16/2013 02:56:00 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 143090 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 8162 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 1479 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 53663 files processed.

The C:\Users\ADMINI~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: <a href="http://www.bleepingcomputer.com/forums/topic405109.html" target="_blank" rel="nofollow">http://www.bleepingcomputer.com/for...</a>

Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  * Start_ShowMyMusic was set to 0! It was set back to 1!
  * Start_ShowMyPics was set to 0! It was set back to 1!

Program finished at: 06/16/2013 02:58:07 PM
Execution time: 0 hours(s), 2 minute(s), and 16 seconds(s)


Report •

#5
June 16, 2013 at 03:04:46
"Thank you, i've done the Unhide scan, i'll post my log here"
Thanks, all normal there.

I'll download the ESET right after rebooting and do the scan before sleeping tonight as it seems it will take a while.
Ok, I shall reply ASAP, depends on your time zone.


Report •

#6
June 16, 2013 at 03:49:20
Ok, i've done the ESET Online Scan.

It didn't give me a log that's what was written on the window once the scan finished:

Scan Result - Step 4 of 4.
*Scanned files : 182670
*Infected Files : 0
*Cleaned Files : 0


Report •

#7
June 16, 2013 at 04:04:58
"Ok, i've done the ESET Online Scan"
Good one, another check I would like to make, before changing direction.

Please download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...
Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Copy and Paste the contents into your reply.


Report •

#8
June 16, 2013 at 06:01:44
The chinese character aren't a problem, i use a chinese version of windows7 as i'm living in china. i wrote down the translation in China.

ListParts by Farbar Version: 10-05-2013
Ran by Administrator (administrator) on 16-06-2013 at 20:55:48
Windows 7 (X86)
Running From: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMFYKY8R
Language: 0804
************************************************************

========================= Memory info ====================== 

Percentage of memory in use: 37%
Total physical RAM: 3487.79 MB
Available physical RAM: 2168.33 MB
Total Pagefile: 6973.88 MB
Available Pagefile: 5397.51 MB
Total Virtual: 3071.88 MB
Available Virtual: 2980.43 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:40 GB) (Free:18.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (软件) (*programs) (Fixed) (Total:142.01 GB) (Free:133.42 GB) NTFS
3 Drive e: (文档) (*documents) (Fixed) (Total:142.01 GB) (Free:132.69 GB) NTFS
4 Drive f: (娱乐) (*entertainment) (Fixed) (Total:141.74 GB) (Free:133.85 GB) NTFS

  磁盘 (*Hard-drive) ###  状态 (*Status)          大小 (*size)     可用(*Available)     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  磁盘 0    联机              465 GB  1024 KB         

退出 DiskPart...

============================== MBR Partition Table ==================


****** End Of Log ****** 


Report •

#9
June 16, 2013 at 06:07:12
"The chinese character aren't a problem, i use a chinese version of windows7 as i'm living in china. i wrote down the translation in China"
Nice work, double check you don't have any hidden partition that is > Active.

Report •

#10
June 16, 2013 at 06:12:25
I'm here & will be going to bed soon. Same time zone as you.
http://www.timeanddate.com/worldclo...

Something has altered or corrupted your settings, if my post #9 result looks good to you, lets see if you can run this.

Run ComboFix & post the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
Run Defogger
http://majorgeeks.com/Defogger_d708...
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#11
June 16, 2013 at 06:13:55
After running Combofix, run Chkdsk, Copy & Paste the contents of the log please.

How to Run Disk Check in Vista & Windows 7 (W7)
http://www.winvistaclub.com/f20.html
http://www.sevenforums.com/tutorial...
http://www.howtogeek.com/howto/wind...
Viewing your chkdsk report Windows Vista & Windows 7 (W7)
http://janetalkstech.com/2009/windo...
Viewing the system log for the scan results of Check Disk (Wininit)
http://www.sevenforums.com/tutorial...
Administrative tools - Event viewer - Windows logs - Application - Click on 'source' at the middle top to sort by ascending/ descending order. Locate 'wininit' and click on it to view.


Report •

#12
June 16, 2013 at 06:27:40
Thanks, i'll do that and let you know :)

Report •

#13
June 16, 2013 at 07:36:37
Here's the Combofix log. I've already done the Checkdisk, time to find it and i'll post it next:

ComboFix 13-06-15.01 - Administrator 3/06/16 周日  21:59:17.2.2 - x86
Microsoft Windows 7 旗舰版   6.1.7601.1.936.86.2052.18.3488.2632 [GMT 8:00]
执行位置: c:\users\Administrator\Downloads\ComboFix.exe
AV: 电脑管家系统防护 *Disabled/Updated* {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: 新毒霸铠甲防御 *Disabled/Updated* {B6A51389-A795-5AC9-13BA-F569D73F3FE8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: 电脑管家系统防护 *Disabled/Updated* {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
 * 成功创造新还原点
.
.
(((((((((((((((((((((((((  2013-05-16 至 2013-06-16 的新的档案  )))))))))))))))))))))))))))))))
.
.
2013-06-16 14:03 . 2013-06-16 14:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-16 08:22 . 2013-06-16 08:22	--------	d-----w-	c:\program files\ESET
2013-06-15 14:59 . 2013-06-16 00:11	--------	d-----w-	c:\users\Administrator\funshion
2013-06-15 13:59 . 2013-06-15 13:59	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Malwarebytes
2013-06-15 13:58 . 2013-06-15 13:58	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-15 13:58 . 2013-04-04 06:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-15 13:58 . 2013-06-15 13:58	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-06-15 13:58 . 2013-06-15 13:58	--------	d-----w-	c:\users\Administrator\AppData\Local\Programs
2013-06-15 08:01 . 2013-05-06 05:06	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-06-15 08:01 . 2013-05-06 05:06	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-14 13:50 . 2013-06-14 13:50	62176	----a-w-	c:\windows\system32\drivers\TSDefenseBt.sys
2013-06-14 13:45 . 2013-06-14 13:45	0	----a-w-	c:\windows\system32\nsiBC11.tmp
2013-06-14 13:45 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-06-14 13:44 . 2012-02-21 09:04	116064	----a-w-	c:\windows\system32\WDCCB.dll
2013-06-14 13:44 . 2011-12-13 08:04	53248	----a-w-	c:\windows\system32\WDCCBpkcs11.dll
2013-06-14 13:44 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-06-14 13:44 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-06-14 13:44 . 2013-06-14 13:44	--------	d-----w-	c:\windows\system32\CCB_HDZB_CCID_USBKey2G
2013-06-14 13:41 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-06-14 13:41 . 2013-01-24 04:47	196328	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-06-14 13:41 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\system32\d3d11.dll
2013-06-14 13:40 . 2013-02-15 04:34	131584	----a-w-	c:\windows\system32\aaclient.dll
2013-06-14 13:40 . 2013-02-15 03:25	36864	----a-w-	c:\windows\system32\tsgqec.dll
2013-06-14 13:40 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\system32\mstscax.dll
2013-06-14 13:40 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-06-14 13:40 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-06-14 13:40 . 2013-05-10 03:20	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-14 13:40 . 2013-04-26 04:55	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-06-14 13:39 . 2013-03-19 04:48	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-06-14 13:39 . 2013-03-19 02:49	69632	----a-w-	c:\windows\system32\smss.exe
2013-06-14 13:38 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-14 13:35 . 2013-06-14 13:35	--------	d-----w-	c:\program files\Common Files\Skype
2013-06-14 13:33 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-06-14 13:33 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-06-14 13:33 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-06-14 13:32 . 2013-06-14 13:32	--------	d-----w-	c:\users\Administrator\AppData\Local\Temp尰
2013-06-14 13:30 . 2013-06-10 16:59	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E47F3C7-BD02-4374-88A2-7388E65B4B8B}\mpengine.dll
2013-06-14 13:29 . 2013-06-14 13:29	--------	d-----w-	c:\users\Administrator\AppData\Local\Kingsoft
2013-06-14 13:20 . 2013-05-13 03:08	43008	----a-w-	c:\windows\system32\certenc.dll
2013-06-14 13:20 . 2013-05-13 04:45	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-14 13:20 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-06-14 13:20 . 2013-05-13 04:45	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-14 13:20 . 2013-05-13 03:08	903168	----a-w-	c:\windows\system32\certutil.exe
2013-06-14 13:19 . 2013-05-08 05:38	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-28 09:09 . 2013-05-28 09:09	3074160	----a-w-	c:\windows\system32\SogouPY.ime
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 13:50 . 2013-02-21 08:17	93280	----a-w-	c:\windows\system32\drivers\TsFltMgr.sys
2013-06-14 13:50 . 2012-09-28 02:39	124064	----a-w-	c:\windows\system32\drivers\TFsFlt.sys
2013-06-14 13:28 . 2012-11-09 11:39	132104	----a-w-	c:\windows\system32\drivers\kmodurlxp.sys
2013-06-14 13:28 . 2012-09-23 05:14	24984	----a-w-	c:\windows\system32\drivers\bc.sys
2013-06-14 13:28 . 2012-09-23 05:14	19352	----a-w-	c:\windows\system32\drivers\ksskrpr.sys
2013-06-14 13:24 . 2012-09-23 05:14	84328	----a-w-	c:\windows\system32\drivers\ksapi.sys
2013-06-14 13:22 . 2012-09-23 05:14	182072	----a-w-	c:\windows\system32\drivers\kisknl.sys
2013-06-14 13:21 . 2012-09-23 05:57	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-14 13:21 . 2012-09-23 05:57	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-23 06:36 . 2013-02-03 11:53	170040	----a-w-	c:\windows\system32\drivers\QQProtect.sys
2013-05-14 02:16 . 2013-05-14 02:16	442232	----a-w-	c:\windows\system32\CCBKCAPIV2.dll
2013-05-13 03:47 . 2013-05-13 03:47	670056	----a-w-	c:\windows\system32\CCB_HD_Token.dll
2013-05-13 01:57 . 2013-05-13 01:57	903528	----a-w-	c:\windows\system32\HD_Crypt32.dll
2013-05-13 01:57 . 2013-05-13 01:57	412096	----a-w-	c:\windows\system32\HDMATH20B.dll
2013-05-13 01:57 . 2013-05-13 01:57	182632	----a-w-	c:\windows\system32\HDCCBpkcs11.dll
2013-05-13 01:57 . 2013-05-13 01:57	54120	----a-w-	c:\windows\system32\HDCCBCtrl.dll
2013-05-13 01:57 . 2013-05-13 01:57	52072	----a-w-	c:\windows\system32\ccb_p11_com.dll
2013-05-13 01:57 . 2013-05-13 01:57	18792	----a-w-	c:\windows\system32\HZ_CommSrv.exe
2013-05-01 18:06 . 2012-09-26 19:01	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-06-14 13:40	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-14 13:40	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-03-23 08:55 . 2013-03-23 08:55	0	----a-w-	c:\windows\system32\nsu948B.tmp
2013-03-19 02:17 . 2011-02-19 15:03	421200	----a-w-	c:\windows\system32\msvcp100.dll
2013-03-19 02:17 . 2011-02-18 16:40	773968	----a-w-	c:\windows\system32\msvcr100.dll
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
2013-06-14 13:50	595992	----a-w-	d:\program files\Tencent\QQPCMgr\8.0.9211.227\TSWebMon.dat
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSafeTray"="d:\program files\kingsoft\ksafe\KSafeTray.exe" [2013-06-14 76440]
"QQPCTray"="d:\program files\Tencent\QQPCMgr\8.0.9211.227\QQPCTray.exe" [2013-06-14 1018008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
   Ime File	REG_SZ         	SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]
@="service"
.
R0 BC;BC;c:\windows\system32\Drivers\BC.sys [2013-06-14 24984]
R2 KSafeSvc;KSafe service;d:\program files\kingsoft\ksafe\KSafeSvc.exe [2013-06-14 201880]
R3 AlipaySecSvc;Alipay security service;c:\program files\alipay\alieditplus\AlipaySecSvc.exe [2013-05-20 431456]
R3 FunshionSvr;FSServicePlatform;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HaozipVirtualCDBus;HaoZip Virtual Bus Driver;c:\windows\system32\DRIVERS\HaoZipVirtualCDBus.sys [2012-07-24 115288]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-04-05 3969336]
R3 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2012-06-08 521344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-09-23 15872]
R3 SkypeUpdate;Skype Updater;d:\program files\skype\Updater\Updater.exe [2013-05-08 161384]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDMonitorCCB;WatchData ccb V3.2;c:\windows\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe [2011-12-29 62816]
S0 kavbootc;kavbootc;c:\windows\system32\drivers\kavbootc.sys [2012-11-24 27240]
S0 TsFltMgr;TsFltMgr;c:\windows\System32\drivers\TsFltMgr.sys [2013-06-14 93280]
S1 KDHacker;KDHacker;d:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [2012-09-25 127992]
S1 kmodurl;kmodurl;d:\program files\kingsoft\ksafe\kmodurl.sys [2013-06-14 131080]
S1 QQProtect;QQProtect;c:\windows\system32\drivers\QQProtect.sys [2013-05-23 170040]
S1 TFsFlt;TFsFlt;c:\windows\system32\Drivers\TFsFlt.sys [2013-06-14 124064]
S1 TSCPM;TSCPM;d:\program files\Tencent\QQPCMgr\8.0.9211.227\tscpm.sys [2013-06-14 37152]
S1 TSDefenseBt;TSDefenseBt;c:\windows\system32\DRIVERS\TSDefenseBt.sys [2013-06-14 62176]
S1 TSKSP;TSKSP;d:\program files\Tencent\QQPCMgr\8.0.9211.227\TSKsp.sys [2013-06-14 173088]
S1 TSSysKit;TSSysKit;d:\program files\Tencent\QQPCMgr\8.0.9211.227\TSSysKit.sys [2013-06-14 95776]
S2 bmdrv;bmdrv;d:\program files\kingsoft\ksafe\KBattery\bmdrv.sys [2012-08-09 38920]
S2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys [2013-06-14 182072]
S2 kxescore;Kingsoft Core Service;d:\program files\kingsoft\kingsoft antivirus\kxescore.exe [2013-06-14 168784]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 QQPCRTP;QQPCMgr RTP Service;d:\program files\Tencent\QQPCMgr\8.0.9211.227\QQPCRtp.exe [2013-06-14 819280]
S2 QQSysMon;QQSysMon;d:\program files\Tencent\QQPCMgr\8.0.9211.227\QQSysMon.sys [2013-06-14 75168]
S3 ksapi;ksapi;c:\windows\system32\drivers\ksapi.sys [2013-06-14 84328]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2011-11-09 46080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-02-16 514152]
S3 TcHardWare;TcHardWare;d:\program files\Tencent\QQPCMgr\8.0.9211.227\QQPCHW.sys [2013-06-14 35544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - QMInject
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
XLServicePlatform	REG_MULTI_SZ   	XLServicePlatform
FunshionServiceTools	REG_MULTI_SZ   	FunshionSvr
.
 ‘计划任务’ 文件夹 里的内容
.
2013-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 13:21]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.duba.com/?f=duba_lock&v=2013.0
IE: 收藏到搜狐影音
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: ccb.cn\b2b
Trusted Zone: ccb.com\*
Trusted Zone: ccb.com\www
Trusted Zone: ccb.com.cn\*
Trusted Zone: ccb.com.cn\ca2
Trusted Zone: ccb.com.cn\ca3
Trusted Zone: ccb.com.cn\ibsbjstar
Trusted Zone: ccb.com.cn\mybank
Trusted Zone: clonewarsadventures.com
Trusted Zone: com\*.ccb
Trusted Zone: com.cn\*.ccb
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.13 192.168.1.12
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fq1u6tt2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hao123.com
FF - ExtSQL: 2013-06-14 21:35; {D119EDE5-84F2-4204-927D-D8811DC193B9}; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fq1u6tt2.default\extensions\{D119EDE5-84F2-4204-927D-D8811DC193B9}
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"d:\\Program Files\\Tencent\\QQPCMgr\\8.0.9211.227\\QQPCTray.exe\"  /regrun"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,07,
   68,c5,80,4a,09,a2,e1,9f,9a,f2,9b,60,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,db,
   c5,70,f2,3d,0c,a8,7e,d7,65,c2,87,c5,b1
"{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}"=hex:51,66,7a,6c,4c,1d,3b,1b,5b,16,35,
   62,95,a1,d3,0f,a0,09,f5,bc,df,28,01,23
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:51,12,1e,72,2d,69,ce,01
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,93,74,bb,61,1a,94,43,9e,5f,34,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,93,74,bb,61,1a,94,43,9e,5f,34,\
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3172592819-3184776002-3592869213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="??捁楴敶?汐杵湩愠摮??敗?汐杵湩 v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="??捁楴敶?汐杵湩愠摮??敗?汐杵湩 v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]
"DisplayName"="QQ游戏"
"UninstallString"="f:\\QQ 游戏\\QQGAME\\Uninstall.EXE"
"Publisher"="腾讯公司"
"DisplayIcon"="f:\\QQ 游戏\\QQGAME\\QQGame.EXE"
"DisplayVersion"="3.0.107.30"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\-N齎鷁緥鰯L圗*飴*俀鰯塠hQ膥鯪塠艌z廭]
"DisplayName"="中国建设银行E路护航网银安全组件 1.0.3.4"
"UninstallString"="c:\\Program Files\\CCBComponents\\uninst.exe"
"DisplayIcon"="c:\\Program Files\\CCBComponents\\uninst.exe"
"DisplayVersion"="1.0.3.4"
"URLInfoAbout"="http://www.ccb.com"
"Publisher"="China Construction Bank"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\'Yf擭2m *鷁L圦鰯]
"DisplayName"="大明五洲 建行网银盾"
"DisplayIcon"="c:\\Program Files\\CCBComponents\\DMWZ\\uninst.exe"
"DisplayVersion"="2.1.4.2"
"URLInfoAbout"="http://www.bdtech.com.cn"
"Publisher"="Beijing Daming Wuzhou science and technology Co.,Ltd"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'Explorer.exe'(6004)
d:\program files\kingsoft\kingsoft antivirus\kwsui.dll
d:\program files\kingsoft\kingsoft antivirus\kswebshield.dll
.
完成时间: 2013-06-16  22:04:54
ComboFix-quarantined-files.txt  2013-06-16 14:04
.
Pre-Run: 15 个目录 19,775,107,072 可用字节
Post-Run: 16 个目录 19,727,351,808 可用字节
.
- - End Of File - - C08B64856A405675760E98EDAA66372C
09CE7397AF23D4C0B331B89D0297CC7E


Report •

#14
June 16, 2013 at 07:45:19
Here's the checkdisk log:

TimeCreated : 2013/6/16 22:31:35
Message     : 
              
              Checking file system on C:
              The type of the file system is NTFS.
              
              A disk check has been scheduled.
              Windows will now check the disk.                         
              
              CHKDSK is verifying files (stage 1 of 5)...
                169472 file records processed.                                 
                      
              File verification completed.
                356 large file records processed.                              
                   
                0 bad file records processed.                                  
                 
                2 EA records processed.                                        
                 
                51 reparse records processed.                                  
                  
              CHKDSK is verifying indexes (stage 2 of 5)...
                208172 index entries processed.                                
                      
              Index verification completed.
                0 unindexed files scanned.                                     
                 
                0 unindexed files recovered.                                   
                 
              CHKDSK is verifying security descriptors (stage 3 of 5)...
                169472 file SDs/SIDs processed.                                
                      
              CHKDSK is compacting the security descriptor stream
              Cleaning up 2040 unused security descriptors.
                19351 data files processed.                                    
                     
              CHKDSK is verifying Usn Journal...
                33829688 USN bytes processed.                                  
                        
              Usn Journal verification completed.
              CHKDSK is verifying file data (stage 4 of 5)...
                169456 files processed.                                        
                      
              File data verification completed.
              CHKDSK is verifying free space (stage 5 of 5)...
                4862784 free clusters processed.                               
                       
              Free space verification is complete.
              CHKDSK discovered free space marked as allocated in the
              master file table (MFT) bitmap.
              Correcting errors in the Volume Bitmap.
              Windows has made corrections to the file system.
              
                41945683 KB total disk space.
                22171980 KB in 87119 files.
                   62456 KB in 19354 indexes.
                       0 KB in bad sectors.
                  260107 KB in use by the system.
                   54432 KB occupied by the log file.
                19451140 KB available on disk.
              
                    4096 bytes in each allocation unit.
                10486420 total allocation units on disk.
                 4862785 allocation units available on disk.
              
              Internal Info:
              00 96 02 00 f1 9f 01 00 a3 1c 03 00 00 00 00 00  ................
              79 06 00 00 33 00 00 00 00 00 00 00 00 00 00 00  y...3...........
              b0 8e 28 00 50 01 27 00 f0 19 27 00 00 00 27 00  ..(.P.'...'...'.
              
              Windows has finished checking your disk.
              Please wait while your computer restarts.


Report •

#15
June 16, 2013 at 17:05:03
"When i'm trying to launch these programs"

How is it running?


Report •

#16
June 16, 2013 at 21:56:26
So task manager thinks they're running but they're not?

As Johnw asks, how are you starting them? Does it make any difference if you right click and choose 'open' or try to open them from the program menu instead of desktop shortcuts?


Report •

#17
June 16, 2013 at 22:02:58
Ir? i suppose you meant IE? If so it runs without any problem.

An other thing i found out is inside the task manager all programs are written using 0 CPU, except for the " System Idle Process" who's writting it uses 90CPU

i sent a printscreen as i feel my explanations aren't really clear

http://tinypic.com/r/2m7g9xv/5


Report •

#18
June 16, 2013 at 22:05:53
Yes it doesn't change a thing no matter how i try to open them. I tried from the shortcuts, start menu even directly from the file where they located

Report •

#19
June 16, 2013 at 22:34:47
Have you tried uninstalling and then reinstalling them?

It's an odd one. I don't think the virus/malware scans have turned anything up but I didn't examine them closely.


Report •

#20
June 16, 2013 at 22:42:30
"System Idle Process" who's writting it uses 90CPU"
Normal.
System Idle Process
http://en.wikipedia.org/wiki/System...
http://www.answers.com/topic/system...
http://www.processlibrary.com/direc...
An option in the Windows XP Task Manager that indicates what percentage of time the CPU is currently doing nothing but waiting for work. If no applications are running that the user is aware of (although there may always be some tasks running in the background), the percentage can be in the high 90s.

Report •

#21
June 16, 2013 at 22:50:55
Run Tweaking.com - Windows Repair
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...

Check/Tick the following:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair MDAC & MS Jet
Remove Policies Set By Infections
Repair File Association
Restore Important Windows Services
Set Windows Services To Default Startup

Using Tweaking.com - Windows Repair:
When you first run the program you will be introduced to 4 steps before the repair options. These steps are highly recommend to do before attempting any repairs.
Step 1. Clean Your System Of Infections.
Trying to fix a system that is currently infected is obviously a very bad idea and can make things worse. An infection can hijack a machine and keep part of the repairs from running correctly. Since only part of a repair will work the other part that failed could end up causing problems. Rule of thumb before
working on a system is to make sure it is clean. Even if you think your system is clean doing a scan before hand is a good idea.
Step 2. Check File System
Doing a check disk on the hard drive is a good idea. This will have Windows check the file system on the drive fixing any problem it finds. Corrupt files can break a lot of things, including the repairs. So making sure the file system is good is a must.
Step 3. System File Check (SFC)
The built in Windows system file checker is a tool that checks that the Windows files are intact, the correct versions and not corrupted. This is a good idea to do before doing repairs as if a file is corrupt and we try a repair that needs that file then the repair will fail.
Step 4. System Restore
Doing a system restore point is a great idea to do before doing any repairs. If any unforeseen problems happen after any repair than a system restore can put the system back to the way it was before the repairs. This is highly recommended.
Start Repairs
In this final step you can choose between 3 modes.
Basic Mode: This will run only the most basic, safe repair options. Extra advanced repairs are disabled.
Advanced Mode: Runs more advanced repairs while leaving a few disabled.
Custom Mode: Every repair is available. The program will remember your repair choices the next time you choose custom mode.

SFC results are in the CBS log.
C:\WINDOWS\LOGS\CBS\CBS.LOG > Copy & Paste the contents.


Report •

#22
June 17, 2013 at 01:43:54
Hi Daveincaps, yes i tried reinstalling them before asking for help here, i even tried reinstalling an older version of firefox once it was all desinstalled the 17 if i reckon, then the v21 also.

Otherwise i haven't tried reinstalling them after Johnw helped me, but the 2 programs are still installed on my computer.

--John I installed Tweaking, i had a look at it, it proposes me to install malwarabyte to do the first step, but i already have it, should I desinstall MB and install it again via Tweaking? At step 4 i should create a system restore and registry backup?

Thanks again for your help guys.


Report •

#23
June 17, 2013 at 02:06:46
OK, I don't have anything to add at this point. Johnw is pretty thorough. But if I think of something I'll pop back.

Report •

#24
June 17, 2013 at 03:01:53
"proposes me to install malwarabyte to do the first step"
Skip that step.

"At step 4 i should create a system restore and registry backup?"
Yes, do that.


Report •

#25
June 17, 2013 at 23:30:47
I've done every steps of Tweaking.

Should i post the log here? It's quite long, but it has other files like this kind i'm not sure what does it means:

WARNING HKEY_CLASSES_ROOT\* : registry key is skipped (contains wildcard)

WARNING HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)

Also some where it's written the access has been denied:


C:\ProgramData\Tencent\TSVulFw\tsvulinfocrp.db - CreateFile Error : 5 拒绝访问。(Access denied*)

Tencent is a chinese program kind of like MSN that my wife uses.

/Edit: i ran tweaking before leaving for 3h, when i came back it was still at the same point when i left so i stopped it and started again, dunno if it's an important detail or not.

I tried opening firefox after restarting my computer via the desktop shortcut, but the same problem happened still.


Report •

#26
June 18, 2013 at 01:08:47
"Also some where it's written the access has been denied"
Most of the info, is due probably due to the difference in language.

"Tencent is a chinese program kind of like MSN that my wife uses"
Yep, I use Tencent email program, Foxmail.

"Should i post the log here? It's quite long"
Is that info from the SFC log, as requested?

If it is, use Image Uploader, to upload the complete file.
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/vf3B7ee.gif
http://i.imgur.com/txFkgpT.gif


Report •

#27
June 18, 2013 at 02:10:41
Ok, here's the link to the file:

http://efshare.com/?s=46PK6E


Report •

#28
June 18, 2013 at 04:23:45
Followed these instructions. Refer my screenshot.
http://i.imgur.com/qR8EeKJ.gif

To receive files:
Step 1
If the sender provided you with an URL, just open this url in the browser and the connection will be established automatically.
If the sender provided you with an Code instead, go to the Receive Tab, then input the Code and click the Connect button.
Step 2
Wait until the loading dialog disappear, then you will see a list of available files shared from the sender. Click the Download button to download the files
Step 3
Click the radio button left to the file names to select the downloaded file. then click the Save to Disk button to pick a saving location.


Report •

#29
June 18, 2013 at 20:28:03
I tried with load.to but everytime it says unable to upload the file.
Also with different servers on image uploader but none of them seem to work in here. I'll try with different file sharing websites.

Hopefully this time it will work :)

http://wikisend.com/download/532100...


Report •

#30
June 18, 2013 at 21:30:03
"Hopefully this time it will work :)"
Bingo! Nice & easy as well, no hoops to go through.

Now to analyze, will take some time.


Report •

#31
June 18, 2013 at 22:35:07
Great :)

No problem take your time, i already really appreciate all the help you gave me


Report •

#32
June 19, 2013 at 00:03:33
The logs show it > Repairing corrupted file ( all game related )

Lets try this & tell me if it fixes the problem.

TFC
http://www.geekstogo.com/forum/file...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Report •

#33
June 21, 2013 at 02:59:56
Hi John, sorry for the late answer i was on a business trip.

I ran the cleaner, reboot the computer tried firefox and SO but none of them are working still.


Report •

#34
June 21, 2013 at 03:33:26
"firefox and SO but none of them are working still"
Ok Shawei, I now would like to try a 3 step plan.

Step1.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...


Report •

#35
June 21, 2013 at 17:08:04
No problem.

I've done the three tabs (common and advanced cleaner also slimming the system).

Should i schedule a weekly cleaning with this tool as well?


Report •

#36
June 21, 2013 at 17:22:06
"Should i schedule a weekly cleaning with this tool as well?"
I don't, I just do it after each update, which it will advise when available.

I use the Wise tools on every comp I work on.

Forgot to ask, let me know if the problems have been fixed, after everything we try.

Step 2.

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...



Report •

#37
June 23, 2013 at 04:04:02
I tried after each step to run mozilla but it still not working. This time after running Wise Registry Cleaner, i tried, uninstall it, install it again but still not working....

Report •

#38
June 23, 2013 at 04:09:44
What I had in mind, was to get everything as clean as possible & then run SFC again & see what the log says.

System File Checker: Run sfc /scannow & Analyze its logs in Windows 7 | 8
http://www.thewindowsclub.com/how-t...
http://windows7support247.blogspot....
http://www.sevenforums.com/tutorial...


Report •

#39
June 23, 2013 at 05:28:52
I've run the SFC, i put the file on wikisend like last time.

http://wikisend.com/download/364236... log6.23.txt

I copied and pasted today's file only, however there's one thing i dont understand on this log.

I've only ran the SFC like 20mins ago (around 8pm), but on the log there's different timeline some around 3am, 10am, 6pm and the one around 8pm... How is it possible?

Around 3am i was watching tv on the computer, around it must be my wife playing her card game, 6pm it's probably around the time i was running Wise Registry Cleaner.


Report •

#40
June 23, 2013 at 05:40:06
" How is it possible?"
Don't know.

The new log is clean in the area i'm looking at, no corruption at all.

Lets try uninstalling Firefox again with Revo. You must use ADVANCED mode.

Revo Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.revouninstaller.com/
Open Revo, double click on a program logo, click > Yes & then you get your options, with Advanced down the bottom.
If you have partially uninstalled your program, you get a message from Revo, that it can't find the uninstaller, hit Cancel & let Revo continue on, to search for the remnants.
If you get a reboot message, ignore it & do it after Revo has finished.
I use Advanced Mode. Screenshots of how to use.

http://i.imgur.com/dXJGX1q.gif
http://i.imgur.com/VonCA.gif
http://i.imgur.com/fGmmb.gif
http://i.imgur.com/pdhbV.gif
http://i.imgur.com/fIgy0.gif
http://i.imgur.com/tDH9Z.gif
http://i.imgur.com/DbfgN.gif
http://i.imgur.com/tDafK.gif
http://i.imgur.com/Bz5j9.gif
http://i.imgur.com/X5S5I.gif


Report •

#41
June 23, 2013 at 06:25:31
Going to bed now, if after reinstalling Firefox it still will not run, here is the next step.

MiniToolBox. Checkmark the following checkboxes.
http://download.bleepingcomputer.co...
[*]Reset FF Proxy Settings
[*]List contents of Hosts
[*]List last 10 Event Viewer log
[*]List Installed Programs
[*]List Users, Partitions and Memory size
[*]List Minidump Files


Report •

#42
June 23, 2013 at 06:57:19
I totally uninstalled firefox with Revo, installed it again but the problem persists....

I post the log on the next post as it isn't that long.

Thanks again for the help :)


Report •

#43
June 23, 2013 at 06:57:34
MiniToolBox by Farbar Version: 16-06-2013
Ran by Administrator (administrator) on 23-06-2013 at 21:47:16
Running from "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUSWDWSJ"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (06/23/2013 09:19:48 PM) (Source: VSS) (User: )
Description: 卷影复制服务错误: 查询 IVssWriterCallback 接口时的错误。hr = 0x80070005, 拒绝访问。

此错误通常是由编写器或请求方过程中的错误安全设置造成的。


操作:
正在搜集写入程序数据

上下文:
写入程序类 ID: {e8132975-6f93-4464-a53e-1050253ae220}
写入程序名称: System Writer
写入程序实例 ID: {0dfb6141-f0bb-46b4-9503-e523198c4557}

Error: (06/22/2013 01:39:47 PM) (Source: SideBySide) (User: )
Description: “Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1”的激活上下文生成失败。
找不到从属程序集 Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"。
请使用 sxstrace.exe 进行详细诊断。

Error: (06/22/2013 01:39:47 PM) (Source: SideBySide) (User: )
Description: “Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1”的激活上下文生成失败。
找不到从属程序集 Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"。
请使用 sxstrace.exe 进行详细诊断。

Error: (06/22/2013 01:39:47 PM) (Source: SideBySide) (User: )
Description: “Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1”的激活上下文生成失败。
找不到从属程序集 Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"。
请使用 sxstrace.exe 进行详细诊断。

Error: (06/22/2013 01:39:46 PM) (Source: SideBySide) (User: )
Description: “Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1”的激活上下文生成失败。
找不到从属程序集 Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"。
请使用 sxstrace.exe 进行详细诊断。

Error: (06/22/2013 01:39:44 PM) (Source: SideBySide) (User: )
Description: “Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1”的激活上下文生成失败。
找不到从属程序集 Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"。
请使用 sxstrace.exe 进行详细诊断。

Error: (06/22/2013 01:37:49 PM) (Source: SideBySide) (User: )
Description: “Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1”的激活上下文生成失败。
找不到从属程序集 Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"。
请使用 sxstrace.exe 进行详细诊断。

Error: (06/22/2013 01:37:46 PM) (Source: SideBySide) (User: )
Description: “Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1”的激活上下文生成失败。
找不到从属程序集 Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"。
请使用 sxstrace.exe 进行详细诊断。

Error: (06/22/2013 01:00:23 PM) (Source: Application Error) (User: )
Description: 错误应用程序名称: tencentdl.exe,版本: 1.0.123.3,时间戳: 0x5135b09c
错误模块名称: DbgHelp.dll_unloaded,版本: 0.0.0.0,时间戳: 0x4ce7b7bc
异常代码: 0xc0000005
错误偏移量: 0x6ff9f2f9
错误进程 ID: 0x2f84
错误应用程序启动时间: 0xtencentdl.exe0
错误应用程序路径: tencentdl.exe1
错误模块路径: tencentdl.exe2
报告 ID: tencentdl.exe3

Error: (06/22/2013 08:00:01 AM) (Source: VSS) (User: )
Description: 卷影复制服务错误: 查询 IVssWriterCallback 接口时的错误。hr = 0x80070005, 拒绝访问。

此错误通常是由编写器或请求方过程中的错误安全设置造成的。


操作:
正在搜集写入程序数据

上下文:
写入程序类 ID: {e8132975-6f93-4464-a53e-1050253ae220}
写入程序名称: System Writer
写入程序实例 ID: {da376f74-8637-4f70-bf89-822c11b37aad}


System errors:
=============
Error: (06/23/2013 09:29:14 PM) (Source: Service Control Manager) (User: )
Description: 下列引导或系统启动驱动程序无法加载:
BC

Error: (06/23/2013 09:13:10 PM) (Source: volsnap) (User: )
Description: 因为用户设置的限制,卷影副本存储无法增长,卷 C: 的卷影复制被终止。

Error: (06/23/2013 09:03:14 PM) (Source: Service Control Manager) (User: )
Description: 下列引导或系统启动驱动程序无法加载:
BC

Error: (06/23/2013 08:13:03 PM) (Source: Service Control Manager) (User: )
Description: 下列引导或系统启动驱动程序无法加载:
BC

Error: (06/23/2013 07:09:41 PM) (Source: Service Control Manager) (User: )
Description: 下列引导或系统启动驱动程序无法加载:
BC

Error: (06/23/2013 06:59:26 PM) (Source: Service Control Manager) (User: )
Description: 下列引导或系统启动驱动程序无法加载:
BC

Error: (06/23/2013 06:58:41 PM) (Source: Service Control Manager) (User: )
Description: Windows Update 服务因下列错误而停止:
%%-2147467243

Error: (06/23/2013 06:56:36 PM) (Source: Service Control Manager) (User: )
Description: 下列引导或系统启动驱动程序无法加载:
BC

Error: (06/23/2013 05:19:34 PM) (Source: Service Control Manager) (User: )
Description: 下列引导或系统启动驱动程序无法加载:
BC

Error: (06/23/2013 10:22:24 AM) (Source: Service Control Manager) (User: )
Description: 下列引导或系统启动驱动程序无法加载:
BC


Microsoft Office Sessions:
=========================
Error: (06/23/2013 09:19:48 PM) (Source: VSS)(User: )
Description: 0x80070005, 拒绝访问。


操作:
正在搜集写入程序数据

上下文:
写入程序类 ID: {e8132975-6f93-4464-a53e-1050253ae220}
写入程序名称: System Writer
写入程序实例 ID: {0dfb6141-f0bb-46b4-9503-e523198c4557}

Error: (06/22/2013 01:39:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"d:\program files\kingsoft\ksafe\sjkmini\DPinst64.exe

Error: (06/22/2013 01:39:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\program files\kingsoft\ksafe\pushapp\driverinstallerx64.exe

Error: (06/22/2013 01:39:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"d:\program files\kingsoft\ksafe\pushapp\DPInst64.exe

Error: (06/22/2013 01:39:46 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"d:\program files\kingsoft\ksafe\kphonemain\DPInst64.exe

Error: (06/22/2013 01:39:44 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\program files\kingsoft\ksafe\KBattery\driverinstallerx64.exe

Error: (06/22/2013 01:37:49 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\program files\kingsoft\kingsoft antivirus\phone\driverinstallerx64.exe

Error: (06/22/2013 01:37:46 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"d:\program files\kingsoft\kingsoft antivirus\dpinst64.exe

Error: (06/22/2013 01:00:23 PM) (Source: Application Error)(User: )
Description: tencentdl.exe1.0.123.35135b09cDbgHelp.dll_unloaded0.0.0.04ce7b7bcc00000056ff9f2f92f8401ce6f05642214f9C:\program files\common files\tencent\qqdownload\123\tencentdl.exeDbgHelp.dlla48e7610-daf8-11e2-963d-902b34543c6d

Error: (06/22/2013 08:00:01 AM) (Source: VSS)(User: )
Description: 0x80070005, 拒绝访问。


操作:
正在搜集写入程序数据

上下文:
写入程序类 ID: {e8132975-6f93-4464-a53e-1050253ae220}
写入程序名称: System Writer
写入程序实例 ID: {da376f74-8637-4f70-bf89-822c11b37aad}


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.6.602.168)
Adobe Reader XI (11.0.03) - Chinese Simplified (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Big Fish Games: Game Manager (Version: 3.0.1.60)
CCleaner (Version: 4.02)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Construction de la Grande Muraille de Chine
Cursed Memories: La Mine Maudite
D3DX10 (Version: 15.4.2368.0902)
Empress of the Deep: Le Secret des Abysses
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
Haunted Domains
Intel(R) Processor Graphics (Version: 6.14.10.5387)
Java 7 Update 13 (Version: 7.0.130)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CHS Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile 简体中文语言包 (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended CHS Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended 简体中文语言包 (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word 2003 稿纸加载项 (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
Online Games Manager v1.10 (Version: 1.10.3)
Pando Media Booster (Version: 2.6.0.8)
QQ音乐2013 (Version: 2013)
QQ游戏 (Version: 3.0.107.30)
Realtek High Definition Audio Driver (Version: 6.0.1.6602)
RealWorld Paint (Version: 11.1.0)
Revo Uninstaller 1.94 (Version: 1.94)
SafeTransaction 5.1.0.0 (Version: 5.1.0.0)
ShotOnline (Version: 1.0)
Skype? 6.3 (Version: 6.3.20)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 5.0.6.0)
Temp File Cleaner (Version: 4.2.2)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.14)
Twilight Phenomena: Les Pensionnaires de la Maison n° 13 Edition Collector
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
VLC media player 2.1.0-git-20121008-0003 (Version: 2.1.0-git-20121008-0003)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Windows Live 软件包 (Version: 16.4.3505.0912)
WinPcap 4.1.1 (Version: 4.1.0.1753)
WinRAR 压缩文件管理器
Wise Disk Cleaner 7.85 (Version: 7.85)
Wise Registry Cleaner 7.73 (Version: 7.73)
百度影音1.19.0.155 (Version: 1.19.0)
大明五洲 建行网银盾 (Version: 2.1.4.2)
电脑管家8.0 (Version: 8.0.9211.227)
风行 (Version: 2.8.5.30)
金山卫士4.6正式版 (Version: 4.6.0.3633 正式版)
搜狗拼音输入法 6.7正式版 (Version: 6.7.0.0163)
搜狐影音 (Version: 4.0.0.129)
腾讯QQ2013 (Version: 1.93.6970.0)
新毒霸(悟空) (Version: 2013.3.5)
扬州广电网络宽带客户端 (Version: Ver )
影视搜索 (Version: 1.2.0)
支付宝安全控件 3.12.0.0 (Version: 3.12.0.0)
支付宝安全控件 3.5.0.0 (Version: 3.5.0.0)
中国建设银行E路护航网银安全组件 1.0.3.4 (Version: 1.0.3.4)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 3487.79 MB
Available physical RAM: 2491.82 MB
Total Pagefile: 6973.88 MB
Available Pagefile: 5906.12 MB
Total Virtual: 3071.88 MB
Available Virtual: 2972.57 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:40 GB) (Free:18.5 GB) NTFS
2 Drive d: (软件) (Fixed) (Total:142.01 GB) (Free:133.3 GB) NTFS
3 Drive e: (文档) (Fixed) (Total:142.01 GB) (Free:118.53 GB) NTFS
4 Drive f: (娱乐) (Fixed) (Total:141.74 GB) (Free:134.92 GB) NTFS

========================= Users: ========================================

\\WIN-I4981PHDM29 的用户帐户

Administrator Guest
命令成功完成。

========================= Minidump Files ==================================

No minidump file found


Report •

#44
June 23, 2013 at 15:46:43
"Edit: I can't use mozilla, but can use IE without problem"
Is IE using a Proxy?
Start > Control Panel > Internet Options > Connections > LAN settings > Use a proxy server for your LAN.

If it is, you need to put those settings into Firefox.
http://www.wikihow.com/Enter-Proxy-...


Report •

#45
June 24, 2013 at 02:19:19
I'm sorry but i can't find internet options on the control panel, i thought i couldn't find it because everything is in chinese but even on this adress i cannot find it .

http://www.techrepublic.com/blog/wi...


Report •

#46
June 24, 2013 at 02:23:47
screenshot control panel windows 7
http://is.gd/vwS7ST
http://www.sevenforums.com/tutorial...
Follow this > 5. For All Control Panel Items with Small Icons View

Report •

#47
June 25, 2013 at 01:59:29
Ok i finally found it :)

it's set to automatic, there's no other LAN adress or number.


Report •

#48
June 25, 2013 at 03:33:43
Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#49
June 25, 2013 at 16:54:34
Here it is.

Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x86 [color=red][b](UAC is disabled!)[/b][/color]
Internet Explorer 10
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
电脑管家系统防护
新毒霸铠甲防御
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Temp File Cleaner
Wise Disk Cleaner 7.85
Wise Registry Cleaner 7.73
Java 7 Update 13
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.6.602.168
Adobe Reader XI
Mozilla Firefox 21.0 [color=red][b]Firefox out of Date![/b][/color]
Google Chrome 27.0.1453.116
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
kingsoft kingsoft antivirus kxescore.exe
kingsoft kingsoft antivirus kxetray.exe
Funshion Online Funshion FunshionService.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#50
June 25, 2013 at 17:11:03
Thanks Shawei, wanted to see if your AV was active.

Also, if you don't need Java ( in other words, you don't have any programs installed that need Java ) uninstall it, using Revo. Virtually all programs that run Java, have a free alternative without Java. Let me know if you have a Java program installed.

One way of finding out, uninstall Java & then run all your programs, any that use Java will tell you it is missing.

Firefox has just updated to version 22.


Report •

#51
June 25, 2013 at 17:14:43
It's difficult for me to understand the Application errors: from MiniToolBox, because of the language, you can try a clean startup, to see if the other problems go away.
Perform a clean startup to determine whether background programs are interfering with your game or program.
http://support.microsoft.com/kb/331796

Check Kingsoft AV & your Firewall for Exceptions in both & make sure Firefox & any others you want running are not black listed.
Send me screenshots ( SS ) of what you find please.


Report •

#52
June 26, 2013 at 04:06:07
I this what you meant?:

http://wikisend.com/download/111110...

Ksafe, Kingsoft, Mozilla, QQpcmanager and Nsafeguard (the security program the golf game uses) were the only only one checked.


Report •

#53
June 26, 2013 at 05:30:21
"I this what you meant?:"
No. Once again I can see language is going to be a problem for me, you will need to do your own research, to make sure Kingsoft is not blocking Firefox etc. Here is where you probably need to look, providing I have your version of Kingsoft.
http://www.softpedia.com/progScreen...

Here are SS of my AV & Windows Firewall where I can check if I have blocked something I shouldn't..
http://i.imgur.com/fr3UUUr.gif
http://i.imgur.com/M2r1UnB.gif


Report •

#54
June 30, 2013 at 16:55:12
Hi, sorry for the late reply mate.

I checked firewall, kingsoft and other security programs, the funny thing is even firefox and Shot Online are installed on the computer they're nowhere to be found on any of these including the firewall.

They're not blocked nor autorized either as strangely they're just not here.


Report •

#55
June 30, 2013 at 17:28:55
Been wondering how you were going.

"nor autorized either"
That's normal, blocking could have been the problem.

Lets try this & see what it reports.

JottiQ
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://whitehat.dcmembers.com/pages...
http://www.addictivetips.com/window...
http://www.makeuseof.com/tag/jottiq...
Portable JottiQ
http://www.softpedia.com/get/PORTAB...


Report •

#56
June 30, 2013 at 18:18:02
No problem, i've installed JottiQ, i sent the desktop shortcut of mozilla and Shotonline on JottiQ, not sure if i should target other specific files?

At the moment it keeps on telling me that the server is busy and the files has been queued.


Report •

#57
June 30, 2013 at 18:34:00
" not sure if i should target other specific files?"
Me either.

"that the server is busy"
Here is another link, that may be different.
http://virusscan.jotti.org/

Whilst waiting for a connection.
SS of the Data Execution Prevention page please.
Start, right click Computer > Properties > Advanced system settings > Advanced > under Performance, click Settings. Click the Data Execution Prevention tab.


Report •

#58
June 30, 2013 at 19:17:00
My DEP is empty, and JottiQ said there was no virus in either of the programs, i'll check the files one by one, hopefully we'll find something.

Report •

#59
June 30, 2013 at 21:28:42
"My DEP is empty"

Try this, after clicking Add, find the exe's of the programs that won't run, click > Apply & OK.
http://i.imgur.com/3n29MZL.gif

After closing, reboot & try the programs.


Report •

#60
July 1, 2013 at 01:21:08
It says i can't add the firefox program on DEP. However i added the shotonline one, reboot the computer but it still ain't working...

Report •

#61
July 1, 2013 at 01:24:09
Maybe it's time for > How to Do a Repair Install to Fix Windows 7
http://www.sevenforums.com/tutorial...
This will show you how to do a repair install (aka: in-place upgrade install) to fix your currently installed Windows 7 and preserve your user accounts, data, programs, and system.

Report •

#62
July 1, 2013 at 02:12:39
Ouch, that seeems pretty complicated to me.

Also i may have a problem running that, as i dont have the Windows7 install CD, i just went to a computer shop last year, told them what components i needed then they put it together themselves. Also I heard that in China most of the Windows version they use aren't really legit ones. So if during the process they ask me for a scan code or something i may not have one in here...

Is this the last option to find out and repair this problem?


Report •

#63
July 1, 2013 at 03:04:18
" told them what components i needed then they put it together themselves"
That's how I do it"

"Is this the last option to find out and repair this problem?"
At the moment yes, unless I can think of another way.

Do you have the product number for W7?
It will be a sticker on the side or with the paper work you got.


Report •

#64
July 3, 2013 at 05:12:18
Nope, unfortunately i don't have the product number. They just install windows in their shop, and don't give a paper with the product number.

I'm not even sure how they do that they always use the same CD for every client


Report •

#65
July 3, 2013 at 05:18:01
Use this version of SIW & let me know if you can get it.
Portable
http://www.softpedia.com/get/PORTAB...
Left hand column. Software > Licenses > Windows Product Key

Report •


Ask Question