Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

error in opening computer and control panel


  • Please log in to reply
24 replies to this topic

#1 Kps0812

Kps0812

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 02 November 2015 - 01:58 PM

I suffered problem in opening computer and control panel. Error comes up said remote procedure call failed and cannot execute..... explorer.exe & :{26EE0668-A00A-44D7-9371-BEB064C98683}.

 

I did a sfc scannow in cmd and it said some repair of files has done and create a cbs log file.

 

I m wondering if i m infected or having a system problem?

 

My computer information:

Lenovo laptop x220i

Window 7 pro service pack 1 64 bit

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 02 November 2015 - 02:30 PM

Hi Kps0812 :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Kps0812

Kps0812
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 02 November 2015 - 11:27 PM

Hi here are the logs:

 

嚜燐iniToolBox by Farbar  Version: 02-11-2015
Ran by John (administrator) on 03-11-2015 at 03:34:08
Running from "C:\Users\John\Desktop"
Microsoft Windows 7 撠平?? Service Pack 1 (X64)
Model: 4286RZ3 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP 設定

成功清除 DNS 解讀器快取。

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel® 82579LM Gigabit Network Connection = ???? (Connected)
Intel® Centrino® Wireless-N 1000 = ?∠?蝬脰楝??? (Connected)

# ----------------------------------
# IPv4 設定
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=濜C1 subinterface=ethernet_6 mtu=1477
add address name="無線網路連線" address=192.168.137.1 mask=255.255.255.0

popd
# IPv4 設定結束

 

Windows IP 設定

   主機名稱 . . . . . . . . . . . . .: John-THINK
   主要 DNS 尾碼  . . . . . . . . . .:
   節點類型 . . . . . . . . . . . . .: 混合式
   IP 路由啟用 . . . . . . . . . . . : 否
   WINS Proxy 啟用 . . . . . . . . . : 否

PPP 介面卡 寬頻連線:

   連線特定 DNS 尾碼 . . . . . . . . :
   描述 . . . . . . . . . . . . . . .: 寬頻連線
   實體位址 . . . . . . . . . . . . .:
   DHCP 已啟用 . . . . . . . . . . . : 否
   自動設定啟用 . . . . . . . . . . .: 是
   IPv4 位址 . . . . . . . . . . . . : 218.103.229.130(偏好選項)
   子網路遮罩 . . . . . . . . . . . .: 255.255.255.255
   預設閘道 . . . . . . . . . . . . .: 0.0.0.0
   DNS 伺服器 . . . . . . . . . . . .: 219.76.98.66
                                       205.252.144.126
   NetBIOS over Tcpip . . . . . . . .: 停用

乙太網路卡 區域連線:

   連線特定 DNS 尾碼 . . . . . . . . :
   描述 . . . . . . . . . . . . . . .: Intel® 82579LM Gigabit Network Connection
   實體位址 . . . . . . . . . . . . .: F0-DE-F1-54-16-6F
   DHCP 已啟用 . . . . . . . . . . . : 是
   自動設定啟用 . . . . . . . . . . .: 是
   連結-本機 IPv6 位址 . . . . . . . : fe80::28c5:5a94:ff6:5293%13(偏好選項)
   自動設定 IPv4 位址 . . . . . . . .: 169.254.82.147(偏好選項)
   子網路遮罩 . . . . . . . . . . . .: 255.255.0.0
   預設閘道 . . . . . . . . . . . . .:
   DHCPv6 IAID . . . . . . . . . . . : 300998385
   DHCPv6 用戶端 DUID. . . . . . . . : 00-01-00-01-15-47-16-AD-F0-DE-F1-54-16-6F
   DNS 伺服器 . . . . . . . . . . . .: fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip . . . . . . . .: 啟用

通道介面卡 isatap.{D5615C3D-6891-4362-99C8-9003D3C2B158}:

   媒體狀態 . . . . . . . . . . . . .: 媒體已中斷連線
   連線特定 DNS 尾碼 . . . . . . . . :
   描述 . . . . . . . . . . . . . . .: Microsoft ISATAP Adapter #9
   實體位址 . . . . . . . . . . . . .: 00-00-00-00-00-00-00-E0
   DHCP 已啟用 . . . . . . . . . . . : 否
   自動設定啟用 . . . . . . . . . . .: 是

通道介面卡 6TO4 Adapter:

   媒體狀態 . . . . . . . . . . . . .: 媒體已中斷連線
   連線特定 DNS 尾碼 . . . . . . . . :
   描述 . . . . . . . . . . . . . . .: Microsoft 6to4 Adapter
   實體位址 . . . . . . . . . . . . .: 00-00-00-00-00-00-00-E0
   DHCP 已啟用 . . . . . . . . . . . : 否
   自動設定啟用 . . . . . . . . . . .: 是

通道介面卡 Teredo Tunneling Pseudo-Interface:

   媒體狀態 . . . . . . . . . . . . .: 媒體已中斷連線
   連線特定 DNS 尾碼 . . . . . . . . :
   描述 . . . . . . . . . . . . . . .: Teredo Tunneling Pseudo-Interface
   實體位址 . . . . . . . . . . . . .: 00-00-00-00-00-00-00-E0
   DHCP 已啟用 . . . . . . . . . . . : 否
   自動設定啟用 . . . . . . . . . . .: 是

通道介面卡 isatap.{4BCBCACC-6568-4826-ADC9-7A59456F76DC}:

   媒體狀態 . . . . . . . . . . . . .: 媒體已中斷連線
   連線特定 DNS 尾碼 . . . . . . . . :
   描述 . . . . . . . . . . . . . . .: Microsoft ISATAP Adapter #13
   實體位址 . . . . . . . . . . . . .: 00-00-00-00-00-00-00-E0
   DHCP 已啟用 . . . . . . . . . . . : 否
   自動設定啟用 . . . . . . . . . . .: 是

通道介面卡 Reusable Microsoft 6To4 Adapter:

   媒體狀態 . . . . . . . . . . . . .: 媒體已中斷連線
   連線特定 DNS 尾碼 . . . . . . . . :
   描述 . . . . . . . . . . . . . . .: Microsoft 6to4 Adapter #2
   實體位址 . . . . . . . . . . . . .: 00-00-00-00-00-00-00-E0
   DHCP 已啟用 . . . . . . . . . . . : 否
   自動設定啟用 . . . . . . . . . . .: 是

通道介面卡 isatap.{3F8A4024-B59C-45C4-8F87-9358B451C23E}:

   媒體狀態 . . . . . . . . . . . . .: 媒體已中斷連線
   連線特定 DNS 尾碼 . . . . . . . . :
   描述 . . . . . . . . . . . . . . .: Microsoft ISATAP Adapter #11
   實體位址 . . . . . . . . . . . . .: 00-00-00-00-00-00-00-E0
   DHCP 已啟用 . . . . . . . . . . . : 否
   自動設定啟用 . . . . . . . . . . .: 是

通道介面卡 isatap.{291D138D-7A4A-466A-B02F-72BF0A36EE9C}:

   媒體狀態 . . . . . . . . . . . . .: 媒體已中斷連線
   連線特定 DNS 尾碼 . . . . . . . . :
   描述 . . . . . . . . . . . . . . .: Microsoft ISATAP Adapter #14
   實體位址 . . . . . . . . . . . . .: 00-00-00-00-00-00-00-E0
   DHCP 已啟用 . . . . . . . . . . . : 否
   自動設定啟用 . . . . . . . . . . .: 是
伺服器:  dns10.netvigator.com
Address:  219.76.98.66

名稱:    google.com
Addresses:  2404:6800:4005:80b::200e
   216.58.221.142

Ping google.com [216.58.221.142] (使用 32 位元組的資料):
回覆自 216.58.221.142: 位元組=32 時間=17ms TTL=56
回覆自 216.58.221.142: 位元組=32 時間=18ms TTL=56

216.58.221.142 的 Ping 統計資料:
    封包: 已傳送 = 2已收到 = 2, 已遺失 = 0 (0% 遺失)
大約的來回時間 (毫秒):
    最小值 = 17ms最大值 = 18ms平均 = 17ms
伺服器:  dns10.netvigator.com
Address:  219.76.98.66

名稱:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   98.138.253.109
   206.190.36.45
   98.139.183.24

Ping yahoo.com [98.138.253.109] (使用 32 位元組的資料):
回覆自 98.138.253.109: 位元組=32 時間=223ms TTL=53
回覆自 98.138.253.109: 位元組=32 時間=223ms TTL=53

98.138.253.109 的 Ping 統計資料:
    封包: 已傳送 = 2已收到 = 2, 已遺失 = 0 (0% 遺失)
大約的來回時間 (毫秒):
    最小值 = 223ms最大值 = 223ms平均 = 223ms

Ping 127.0.0.1 (使用 32 位元組的資料):
回覆自 127.0.0.1: 位元組=32 time<1ms TTL=128
回覆自 127.0.0.1: 位元組=32 time<1ms TTL=128

127.0.0.1 的 Ping 統計資料:
    封包: 已傳送 = 2已收到 = 2, 已遺失 = 0 (0% 遺失)
大約的來回時間 (毫秒):
    最小值 = 0ms最大值 = 0ms平均 = 0ms
===========================================================================
介面清單
 40...........................寬頻連線
 13...f0 de f1 54 16 6f ......Intel® 82579LM Gigabit Network Connection
  1...........................Software Loopback Interface 1
 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #13
 32...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #11
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #14
===========================================================================

IPv4 路由表
===========================================================================
使用中的路由:
網路目的地                 網路遮罩         閘道          介面       計量
          0.0.0.0          0.0.0.0            在連結上   218.103.229.130     21
        127.0.0.0        255.0.0.0            在連結上         127.0.0.1   4531
        127.0.0.1  255.255.255.255            在連結上         127.0.0.1   4531
  127.255.255.255  255.255.255.255            在連結上         127.0.0.1   4531
      169.254.0.0      255.255.0.0            在連結上    169.254.82.147   4501
   169.254.82.147  255.255.255.255            在連結上    169.254.82.147   4501
  169.254.255.255  255.255.255.255            在連結上    169.254.82.147   4501
  218.103.229.130  255.255.255.255            在連結上   218.103.229.130    276
        224.0.0.0        240.0.0.0            在連結上         127.0.0.1   4531
        224.0.0.0        240.0.0.0            在連結上    169.254.82.147   4502
        224.0.0.0        240.0.0.0            在連結上   218.103.229.130     21
  255.255.255.255  255.255.255.255            在連結上         127.0.0.1   4531
  255.255.255.255  255.255.255.255            在連結上    169.254.82.147   4501
  255.255.255.255  255.255.255.255            在連結上   218.103.229.130    276
===========================================================================
持續路由:
  無

IPv6 路由表
===========================================================================
使用中的路由:
 介面 計量 網路目的地               閘道
  1    306 ::1/128                  在連結上
 13    276 fe80::/64                在連結上
 13    276 fe80::28c5:5a94:ff6:5293/128
                                    在連結上
  1    306 ff00::/8                 在連結上
 13    276 ff00::/8                 在連結上
===========================================================================
持續路由:
  無
========================= Event log errors: ===============================

Application errors:
==================
Error: (11/03/2015 01:33:57 AM) (Source: Application Hang) (User: )
Description: 程式 Explorer.EXE 版本 6.1.7601.17567 已停止與 Windows 互動而且已關閉。若要查看是否有此問題的詳細資訊請檢查位於 [行動作業中心] 控制台中的問題歷程記錄。

處理程序識別碼: a30

開始時間: 01d1159455d67100

終止時間: 0

應用程式路徑: C:\Windows\Explorer.EXE

報告識別碼:

Error: (11/03/2015 01:31:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2015 01:28:44 AM) (Source: LiveUpdate.exe) (User: )
Description: 服務程序無法連接到服務控制站。

Error: (11/02/2015 11:33:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2015 12:29:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2015 09:05:14 PM) (Source: LiveUpdate.exe) (User: )
Description: 服務程序無法連接到服務控制站。

Error: (11/01/2015 06:40:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2015 03:12:01 PM) (Source: LiveUpdate.exe) (User: )
Description: 服務程序無法連接到服務控制站。

Error: (11/01/2015 12:42:37 PM) (Source: LiveUpdate.exe) (User: )
Description: 服務程序無法連接到服務控制站。

Error: (11/01/2015 11:13:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/03/2015 01:32:05 AM) (Source: ipnathlp) (User: )
Description: 169.254.82.147192.168.137.0255.255.255.0

Error: (11/03/2015 01:32:05 AM) (Source: ipnathlp) (User: )
Description:

Error: (11/03/2015 01:31:33 AM) (Source: Service Control Manager) (User: )
Description: 下列開機啟動或系統啟動驅動程式無法載入:
cdrom

Error: (11/03/2015 01:30:58 AM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service 服務因下列錯誤而終止:
%%-2147024894

Error: (11/03/2015 01:30:15 AM) (Source: DCOM) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (11/03/2015 01:19:42 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (11/02/2015 11:33:39 PM) (Source: ipnathlp) (User: )
Description: 169.254.82.147192.168.137.0255.255.255.0

Error: (11/02/2015 11:33:39 PM) (Source: ipnathlp) (User: )
Description:

Error: (11/02/2015 11:33:02 PM) (Source: Service Control Manager) (User: )
Description: 下列開機啟動或系統啟動驅動程式無法載入:
cdrom

Error: (11/02/2015 11:32:28 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service 服務因下列錯誤而終止:
%%-2147024894

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-10-27 22:31:57.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 23:52:24.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 23:52:24.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 23:45:31.574
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 23:43:35.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 23:37:52.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 22:49:01.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 22:45:07.381
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 22:42:28.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 22:42:08.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP73.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Chinese Traditional (HKLM-x32\...\{AC76BA86-7AD7-1028-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1141 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1141 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.122 - IObit)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.20 - Lenovo)
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.03 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5632.21 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (HKLM-x32\...\{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0404-0000-0000000FF1CE}_OMUI.zh-tw_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help 更新程式 (KB963678) (HKLM-x32\...\{90120000-0016-0404-0000-0000000FF1CE}_OMUI.zh-tw_{15EEA099-97F0-4952-8597-88472FF062D2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Chinese (Taiwan)/中文 (繁體) (HKLM-x32\...\OMUI.zh-tw) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help 更新程式 (KB963669) (HKLM-x32\...\{90120000-0018-0404-0000-0000000FF1CE}_OMUI.zh-tw_{A7688131-70CB-4945-BAFA-11053AC34D75}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help 更新程式 (KB963665) (HKLM-x32\...\{90120000-001B-0404-0000-0000000FF1CE}_OMUI.zh-tw_{AD30F628-2AAE-43E0-A0D8-CDFA976E6A9E}) (Version:  - Microsoft)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Octoshape串流播放服務 (HKCU\...\Octoshape Streaming Services) (Version:  - )
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.23.01 - )
RapidBoot (HKLM-x32\...\{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo) Hidden
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH)
SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - www.sopcast.com)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.23 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.45 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.00 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.02 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (HKLM\...\D01A7EE241898C810674C69EB908D655D149BE77) (Version: 01/19/2011 1.62.00.00 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (02/17/2011 15.2.14.0) (HKLM\...\77A943AB876C131591E0EA5DB6AB08D89EE2EA9E) (Version: 02/17/2011 15.2.14.0 - Synaptics)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 3983.23 MB
Available physical RAM: 2083.96 MB
Total Virtual: 7964.68 MB
Available Virtual: 6070.2 MB

========================= Partitions: =====================================

1 Drive c: (Windows7_OS) (Fixed) (Total:285.2 GB) (Free:231.57 GB) NTFS
2 Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.44 GB) NTFS

========================= Users: ========================================

\\JOHN-THINK 的使用者帳戶

Administrator            Guest                    John                    
命令已經成功完成。

**** End of log ****



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 03 November 2015 - 06:18 AM

What is your Windows' language? English? Did you try to install a Chinese language pack?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Kps0812

Kps0812
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 03 November 2015 - 07:03 AM

It is a chinese language pack



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 03 November 2015 - 07:41 AM

Alright, follow the instructions below please.

EndqYRa.pngSystem File Checker (SFC)
Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply;
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Spcusrh.pngRun as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command below and press on Enter;
    sfc /scannow
    Note: There's a space between "sfc" and "/scannow";
  • Once the scan is complete, enter the command below and press on Enter
    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  • A file called cbs.txt will have appeared on your Desktop. Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;
Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Kps0812

Kps0812
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 03 November 2015 - 08:05 AM

These day the sfc /scannow doesn't find anything and no logs generated.

 

When I restart the computer, it is ok to get into c drvie, computer and documents

 

BUT when I get into control panel a long green bar is loading on top and I cannot access to any one of those item, it hangs when I click on those item.

 

Also on destop I cannot get into notification area (bottom right conrner), when I click on customize the notification area doesn't shown up.

 

Those are the problems I am having right now



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 03 November 2015 - 08:22 AM

These day the sfc /scannow doesn't find anything and no logs generated.


Can you please run SFC /scannow anyway and upload the log? Using the command I gave you, you'll have a CBS.txt log on your Desktop that you can upload. Even though SFC might not find anything, there could still be relevant information for me in the CBS.log it output.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Kps0812

Kps0812
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 03 November 2015 - 09:03 AM

Hi, below is the link.

 

https://drive.google.com/file/d/0B3pbZjbNvC0tRlN2dHBob25JRzQ/view?usp=sharing



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 03 November 2015 - 09:51 AM

Alright, can you follow the instructions by Frederik Long in the link below?

https://answers.microsoft.com/en-us/windows/forum/all/26ee0668-a00a-44d7-9371-beb064c986830-no-such/2ec4acab-e81e-4f13-8aef-5b1bacdbd05f

Various discussions I found on the web suggest that the problem is caused by some link library that might not be registered. The following method should fix this:
1. Reboot into Safe Mode
2. Log on as Administrator.
3. Click Start.
4. Type the three letters cmd into the Search box.
5. Press Ctrl+Shift+Enter
6. Start the process as Administrator.
6. Very carefully type this command:
for %a in (c:\Windows\System32\*.dll) do regsvr32.exe /s "%a"
7. Press the Enter key.


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Kps0812

Kps0812
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 03 November 2015 - 12:32 PM

It run half way through and get a prompt insufficient rights and cannot register certificate snap in. It run til the end.

 

I did log as administrator and run cmd as administrator.

 

I have tried both in safe and normal mode

 

If I restart I can acess the control panel item but the only item on taskbar and start menu porperties>Taskbar>customize(notification area), it hangs and when I end process on task manager it will back to the error.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 03 November 2015 - 12:44 PM

Do you still get the "Remote Procedure Call Failed" error, or is this one gone? Also, is the Control Panel accessible normally in Safe Mode?

Edited by Aura, 03 November 2015 - 12:44 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Kps0812

Kps0812
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 03 November 2015 - 01:17 PM

I think my problem right now is  on 'customize in notification area'

 

If I click customize in notification area, it doesn't repond and hangs (both safe & normal mode (admin or user))

 

When I forcely end that process in task manager. It said window explorer has to be closed and later when I click on computer, users or control panel. The "Remote Procedure Call Failed" error comes up only.'



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 03 November 2015 - 01:23 PM

Alright, follow the instructions below please.

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Kps0812

Kps0812
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 03 November 2015 - 01:43 PM

https://drive.google.com/file/d/0B3pbZjbNvC0tZm5Qd3NSR0dGR3c/view?usp=sharing






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users