thluong
2008-12-23, 05:25
Here are my Attach and DDS files.
Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Version 1.0)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/21/2008 1:52:19 PM
System Uptime: 12/22/2008 10:12:41 PM (0 hours ago)
Motherboard: MSI | | MS-7366
Processor: Intel Pentium III Xeon processor | CPU 1 | 2533/267mhz
Processor: Intel Pentium III Xeon processor | CPU 1 | 2533/267mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 40 GiB total, 32.112 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627366&REV_1000\4&A6CA32A&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627366&REV_1000\4&A6CA32A&0&0001
Service:
==== System Restore Points ===================
RP1: 9/21/2008 6:56:46 PM - System Checkpoint
RP2: 9/21/2008 7:13:43 PM - Installed Realtek High Definition Audio Driver
RP3: 9/21/2008 7:09:41 PM - Installed Windows XP KB888111WXP.
RP4: 9/21/2008 7:36:10 PM - Installed Windows XP KB822603.
RP5: 9/21/2008 7:46:18 PM - Installed EVGA Display Driver
RP6: 9/21/2008 7:49:59 PM - Installed DirectX
RP7: 9/22/2008 8:07:25 PM - System Checkpoint
RP8: 9/23/2008 8:22:16 PM - System Checkpoint
RP9: 9/24/2008 9:27:05 PM - System Checkpoint
RP10: 9/25/2008 10:06:04 PM - System Checkpoint
RP11: 9/27/2008 12:39:57 AM - System Checkpoint
RP12: 9/28/2008 1:24:10 AM - System Checkpoint
RP13: 9/29/2008 2:34:17 AM - System Checkpoint
RP14: 9/30/2008 2:38:42 AM - System Checkpoint
RP15: 10/1/2008 3:06:26 AM - System Checkpoint
RP16: 10/2/2008 4:24:14 AM - System Checkpoint
RP17: 10/3/2008 5:31:30 AM - System Checkpoint
RP18: 10/4/2008 6:28:44 AM - System Checkpoint
RP19: 10/5/2008 7:15:35 AM - System Checkpoint
RP20: 10/6/2008 7:19:50 AM - System Checkpoint
RP21: 10/7/2008 7:45:51 AM - System Checkpoint
RP22: 10/8/2008 7:46:56 AM - System Checkpoint
RP23: 10/9/2008 9:07:03 AM - System Checkpoint
RP24: 10/10/2008 10:12:36 AM - System Checkpoint
RP25: 10/11/2008 10:50:01 AM - System Checkpoint
RP26: 10/12/2008 11:31:01 AM - System Checkpoint
RP27: 10/13/2008 1:07:47 PM - System Checkpoint
RP28: 10/14/2008 1:34:40 PM - System Checkpoint
RP29: 10/15/2008 1:45:22 PM - System Checkpoint
RP30: 10/16/2008 2:17:11 PM - System Checkpoint
RP31: 10/17/2008 3:38:07 PM - System Checkpoint
RP32: 10/18/2008 4:08:23 PM - System Checkpoint
RP33: 10/19/2008 4:55:28 PM - System Checkpoint
RP34: 10/20/2008 4:55:48 PM - System Checkpoint
RP35: 10/21/2008 9:41:25 PM - System Checkpoint
RP36: 10/22/2008 10:10:32 PM - System Checkpoint
RP37: 10/23/2008 10:51:55 PM - System Checkpoint
RP38: 10/24/2008 11:21:27 PM - System Checkpoint
RP39: 10/25/2008 11:04:14 PM - System Checkpoint
RP40: 10/26/2008 11:27:31 PM - System Checkpoint
RP41: 10/28/2008 6:01:42 PM - System Checkpoint
RP42: 10/29/2008 6:06:26 PM - System Checkpoint
RP43: 10/30/2008 6:24:50 PM - System Checkpoint
RP44: 11/1/2008 12:58:15 AM - System Checkpoint
RP45: 11/2/2008 1:27:48 AM - System Checkpoint
RP46: 11/3/2008 3:20:17 AM - System Checkpoint
RP47: 11/4/2008 4:10:33 AM - System Checkpoint
RP48: 11/5/2008 5:01:05 AM - System Checkpoint
RP49: 11/6/2008 5:30:59 AM - System Checkpoint
RP50: 11/7/2008 6:02:10 AM - System Checkpoint
RP51: 11/8/2008 8:14:08 AM - System Checkpoint
RP52: 11/9/2008 9:22:56 AM - System Checkpoint
RP53: 11/10/2008 9:31:52 AM - System Checkpoint
RP54: 11/11/2008 10:14:53 AM - System Checkpoint
RP55: 11/12/2008 11:09:39 AM - System Checkpoint
RP56: 11/13/2008 12:01:21 PM - System Checkpoint
RP57: 11/14/2008 12:24:55 PM - System Checkpoint
RP58: 11/15/2008 1:23:50 PM - System Checkpoint
RP59: 11/16/2008 2:23:50 PM - System Checkpoint
RP60: 11/17/2008 3:50:27 PM - System Checkpoint
RP61: 11/18/2008 4:02:32 PM - System Checkpoint
RP62: 11/19/2008 7:50:43 PM - System Checkpoint
RP63: 11/20/2008 8:30:34 PM - System Checkpoint
RP64: 11/21/2008 9:16:16 PM - System Checkpoint
RP65: 11/22/2008 9:31:39 PM - System Checkpoint
RP66: 11/23/2008 10:06:06 PM - System Checkpoint
RP67: 11/24/2008 10:31:28 PM - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player ActiveX
Auto-Keyboard 4.0
AutoUpdate
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EVGA Display Driver
High Definition Audio Driver Package - KB888111
NVIDIA Drivers
Silkroad
WebFldrs XP
Windows XP Hotfix - KB822603
Windows XP Hotfix (SP2) [See q329256 for more information]
WinRAR archiver
==== Event Viewer Messages From Past Week ========
12/16/2008 3:03:23 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.72. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.
12/16/2008 2:11:55 AM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
12/16/2008 2:11:55 AM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is COREDUAL16.
12/15/2008 3:37:09 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TRINHAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2504A0C-269A-44EF-B. The master browser is stopping or an election is being forced.
12/17/2008 8:34:15 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.72. The machine with the IP address 192.168.1.75 did not allow the name to be claimed by this machine.
12/22/2008 4:13:03 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D9262BDB9. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
==== End Of File ===========================
DDS:
DDS (Version 1.1.0) - NTFSx86
Run by annie at 22:13:50.12 on Mon 12/22/2008
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.816 [GMT -6:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
E:\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://mail.yahoo.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\uesiuqcr.exe,
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\uesiuqcr.exe,
BHO: getfn32.msiets: {21A237A4-3A94-4198-911D-647ED2263DD2} - c:\windows\system32\getfn32.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
============= SERVICES / DRIVERS ===============
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\annie\my documents\srobot\NtProcDrv.sys [2008-9-21 3584]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
=============== Created Last 30 ================
2008-12-22 21:50 <DIR> --d----- c:\windows\system32\security
2008-12-22 21:50 <DIR> --d----- c:\windows\security
2008-12-22 21:45 <DIR> --d----- C:\SpyDoc500169
2008-12-16 02:35 <DIR> --d----- c:\program files\Silkroad
2008-11-28 22:20 0 a------- c:\windows\system32\wertyu.dll
2008-11-28 22:20 0 a------- c:\windows\system32\getwn32.dll
2008-11-28 22:20 0 a------- c:\windows\system32\av.exe
2008-11-25 01:14 1,965 a------- c:\windows\default.htm
2008-11-25 00:58 89,614 a------- c:\windows\system32\uesiuqcr.exe
2008-11-25 00:58 63,488 a------- c:\windows\system32\smwin32.dll
2008-11-25 00:58 14,848 a------- c:\windows\system32\getfn32.dll
2008-11-25 00:53 89,614 a------- c:\windows\system32\av.dat
==================== Find3M ====================
============= FINISH: 22:14:03.89 ===============
I would appreciate if yo can help me solve this problem.
Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Version 1.0)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/21/2008 1:52:19 PM
System Uptime: 12/22/2008 10:12:41 PM (0 hours ago)
Motherboard: MSI | | MS-7366
Processor: Intel Pentium III Xeon processor | CPU 1 | 2533/267mhz
Processor: Intel Pentium III Xeon processor | CPU 1 | 2533/267mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 40 GiB total, 32.112 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627366&REV_1000\4&A6CA32A&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627366&REV_1000\4&A6CA32A&0&0001
Service:
==== System Restore Points ===================
RP1: 9/21/2008 6:56:46 PM - System Checkpoint
RP2: 9/21/2008 7:13:43 PM - Installed Realtek High Definition Audio Driver
RP3: 9/21/2008 7:09:41 PM - Installed Windows XP KB888111WXP.
RP4: 9/21/2008 7:36:10 PM - Installed Windows XP KB822603.
RP5: 9/21/2008 7:46:18 PM - Installed EVGA Display Driver
RP6: 9/21/2008 7:49:59 PM - Installed DirectX
RP7: 9/22/2008 8:07:25 PM - System Checkpoint
RP8: 9/23/2008 8:22:16 PM - System Checkpoint
RP9: 9/24/2008 9:27:05 PM - System Checkpoint
RP10: 9/25/2008 10:06:04 PM - System Checkpoint
RP11: 9/27/2008 12:39:57 AM - System Checkpoint
RP12: 9/28/2008 1:24:10 AM - System Checkpoint
RP13: 9/29/2008 2:34:17 AM - System Checkpoint
RP14: 9/30/2008 2:38:42 AM - System Checkpoint
RP15: 10/1/2008 3:06:26 AM - System Checkpoint
RP16: 10/2/2008 4:24:14 AM - System Checkpoint
RP17: 10/3/2008 5:31:30 AM - System Checkpoint
RP18: 10/4/2008 6:28:44 AM - System Checkpoint
RP19: 10/5/2008 7:15:35 AM - System Checkpoint
RP20: 10/6/2008 7:19:50 AM - System Checkpoint
RP21: 10/7/2008 7:45:51 AM - System Checkpoint
RP22: 10/8/2008 7:46:56 AM - System Checkpoint
RP23: 10/9/2008 9:07:03 AM - System Checkpoint
RP24: 10/10/2008 10:12:36 AM - System Checkpoint
RP25: 10/11/2008 10:50:01 AM - System Checkpoint
RP26: 10/12/2008 11:31:01 AM - System Checkpoint
RP27: 10/13/2008 1:07:47 PM - System Checkpoint
RP28: 10/14/2008 1:34:40 PM - System Checkpoint
RP29: 10/15/2008 1:45:22 PM - System Checkpoint
RP30: 10/16/2008 2:17:11 PM - System Checkpoint
RP31: 10/17/2008 3:38:07 PM - System Checkpoint
RP32: 10/18/2008 4:08:23 PM - System Checkpoint
RP33: 10/19/2008 4:55:28 PM - System Checkpoint
RP34: 10/20/2008 4:55:48 PM - System Checkpoint
RP35: 10/21/2008 9:41:25 PM - System Checkpoint
RP36: 10/22/2008 10:10:32 PM - System Checkpoint
RP37: 10/23/2008 10:51:55 PM - System Checkpoint
RP38: 10/24/2008 11:21:27 PM - System Checkpoint
RP39: 10/25/2008 11:04:14 PM - System Checkpoint
RP40: 10/26/2008 11:27:31 PM - System Checkpoint
RP41: 10/28/2008 6:01:42 PM - System Checkpoint
RP42: 10/29/2008 6:06:26 PM - System Checkpoint
RP43: 10/30/2008 6:24:50 PM - System Checkpoint
RP44: 11/1/2008 12:58:15 AM - System Checkpoint
RP45: 11/2/2008 1:27:48 AM - System Checkpoint
RP46: 11/3/2008 3:20:17 AM - System Checkpoint
RP47: 11/4/2008 4:10:33 AM - System Checkpoint
RP48: 11/5/2008 5:01:05 AM - System Checkpoint
RP49: 11/6/2008 5:30:59 AM - System Checkpoint
RP50: 11/7/2008 6:02:10 AM - System Checkpoint
RP51: 11/8/2008 8:14:08 AM - System Checkpoint
RP52: 11/9/2008 9:22:56 AM - System Checkpoint
RP53: 11/10/2008 9:31:52 AM - System Checkpoint
RP54: 11/11/2008 10:14:53 AM - System Checkpoint
RP55: 11/12/2008 11:09:39 AM - System Checkpoint
RP56: 11/13/2008 12:01:21 PM - System Checkpoint
RP57: 11/14/2008 12:24:55 PM - System Checkpoint
RP58: 11/15/2008 1:23:50 PM - System Checkpoint
RP59: 11/16/2008 2:23:50 PM - System Checkpoint
RP60: 11/17/2008 3:50:27 PM - System Checkpoint
RP61: 11/18/2008 4:02:32 PM - System Checkpoint
RP62: 11/19/2008 7:50:43 PM - System Checkpoint
RP63: 11/20/2008 8:30:34 PM - System Checkpoint
RP64: 11/21/2008 9:16:16 PM - System Checkpoint
RP65: 11/22/2008 9:31:39 PM - System Checkpoint
RP66: 11/23/2008 10:06:06 PM - System Checkpoint
RP67: 11/24/2008 10:31:28 PM - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player ActiveX
Auto-Keyboard 4.0
AutoUpdate
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EVGA Display Driver
High Definition Audio Driver Package - KB888111
NVIDIA Drivers
Silkroad
WebFldrs XP
Windows XP Hotfix - KB822603
Windows XP Hotfix (SP2) [See q329256 for more information]
WinRAR archiver
==== Event Viewer Messages From Past Week ========
12/16/2008 3:03:23 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.72. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.
12/16/2008 2:11:55 AM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
12/16/2008 2:11:55 AM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is COREDUAL16.
12/15/2008 3:37:09 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TRINHAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2504A0C-269A-44EF-B. The master browser is stopping or an election is being forced.
12/17/2008 8:34:15 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.72. The machine with the IP address 192.168.1.75 did not allow the name to be claimed by this machine.
12/22/2008 4:13:03 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D9262BDB9. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
==== End Of File ===========================
DDS:
DDS (Version 1.1.0) - NTFSx86
Run by annie at 22:13:50.12 on Mon 12/22/2008
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.816 [GMT -6:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
E:\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://mail.yahoo.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\uesiuqcr.exe,
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\uesiuqcr.exe,
BHO: getfn32.msiets: {21A237A4-3A94-4198-911D-647ED2263DD2} - c:\windows\system32\getfn32.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
============= SERVICES / DRIVERS ===============
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\annie\my documents\srobot\NtProcDrv.sys [2008-9-21 3584]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
=============== Created Last 30 ================
2008-12-22 21:50 <DIR> --d----- c:\windows\system32\security
2008-12-22 21:50 <DIR> --d----- c:\windows\security
2008-12-22 21:45 <DIR> --d----- C:\SpyDoc500169
2008-12-16 02:35 <DIR> --d----- c:\program files\Silkroad
2008-11-28 22:20 0 a------- c:\windows\system32\wertyu.dll
2008-11-28 22:20 0 a------- c:\windows\system32\getwn32.dll
2008-11-28 22:20 0 a------- c:\windows\system32\av.exe
2008-11-25 01:14 1,965 a------- c:\windows\default.htm
2008-11-25 00:58 89,614 a------- c:\windows\system32\uesiuqcr.exe
2008-11-25 00:58 63,488 a------- c:\windows\system32\smwin32.dll
2008-11-25 00:58 14,848 a------- c:\windows\system32\getfn32.dll
2008-11-25 00:53 89,614 a------- c:\windows\system32\av.dat
==================== Find3M ====================
============= FINISH: 22:14:03.89 ===============
I would appreciate if yo can help me solve this problem.