Hi heir, thanks once again
I decided to post my logs here as I wanna make sure my PC is free from threats.
MBAM LogMalwarebytes' Anti-Malware 1.44
Database version: 3862
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/13/2010 2:52:47 PM
mbam-log-2010-03-13 (14-52-47).txt
Scan type: Quick Scan
Objects scanned: 115518
Time elapsed: 6 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER LogGMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-03-13 15:44:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxriqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF3FB858C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF3FB8E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF3FB9922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF3FB9E94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xF3FB90EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xF3FB7436]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF3FB9D6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF3FB8192]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF3FB9C28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF3FB834E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF3FB9FC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF3FBBC08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF3FB8AAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF3FB9CCA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF3FBB5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xF3FB79FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xF3FB7D88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF3FB9576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF3FBC5CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF3FB7ECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF3FB7F74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xF3FB9382]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF3FBB68C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF3FB7412]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF3FB7424]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xF3FBBCBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF3FB80C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF3FB9F36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xF3FB8E8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xF3FB75DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF3FB9E04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xF3FB8792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF3FBBC32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF3FBA068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xF3FB86B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF3FB801E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF3FB7C46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xF3FBBFD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF3FB7896]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF3FBB922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF3FB7B0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF3FB72B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF3FBA3F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF3FBA2B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF3FBB39A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF3FBEE2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF3FBC4AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF3FB7248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF3FB965C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xF3FB8CC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF3FBAC4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xF3FBB786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF3FBC114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xF3FB771E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF3FBC1F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF3FBC320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF3FBB526]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xF3FB890A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF3FB8860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF3FBBE8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF3FB89EA]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] mywghdua <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\mywghdua@DisplayName Time Manager
Reg HKLM\SYSTEM\CurrentControlSet\Services\mywghdua@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\mywghdua@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\mywghdua@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\mywghdua@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\mywghdua@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\mywghdua@Description Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\mywghdua\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\mywghdua\Parameters@ServiceDll C:\WINDOWS\system32\allougw.dll
Reg HKLM\SYSTEM\ControlSet002\Services\mywghdua@DisplayName Time Manager
Reg HKLM\SYSTEM\ControlSet002\Services\mywghdua@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\mywghdua@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\mywghdua@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\mywghdua@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\mywghdua@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\mywghdua@Description Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\mywghdua\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\mywghdua\Parameters@ServiceDll C:\WINDOWS\system32\allougw.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1
---- EOF - GMER 1.0.15 ----
OTL LogOTL logfile created on: 3/13/2010 3:49:25 PM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 675.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.01 Gb Total Space | 47.17 Gb Free Space | 76.07% Space Free | Partition Type: NTFS
Drive D: | 12.54 Gb Total Space | 1.62 Gb Free Space | 12.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WYFFGOAL
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/03/13 14:43:13 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/09 15:35:13 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/06 02:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/07/22 16:14:20 | 000,210,312 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe
PRC - [2008/07/03 22:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 23:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
========== Modules (SafeList) ========== MOD - [2010/03/13 14:43:13 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/02/09 15:36:40 | 000,102,400 | ---- | M] (RealPlayer) -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2010/02/09 15:35:19 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2010/02/09 15:35:19 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2009/08/13 21:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008/11/05 17:21:57 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://malaysia.msn.com/iat/us_my.aspxIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 86 1E 56 1C A9 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://www.google.com"FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems:
[email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/13 08:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 08:26:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/02/09 08:57:16 | 000,000,000 | ---D | M]
[2010/02/09 08:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/13 08:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ea9uddt2.default\extensions
[2010/02/11 12:11:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ea9uddt2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/11 03:15:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ea9uddt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/15 18:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ea9uddt2.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/03/13 08:57:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/09 08:57:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\
[email protected] O1 HOSTS File: ([2008/04/14 23:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}
http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/09 07:51:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{99cdccfe-29e0-11df-a914-00304f3e8ba6}\Shell - "" = AutoRun
O33 - MountPoints2\{99cdccfe-29e0-11df-a914-00304f3e8ba6}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/09 07:50:35 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 14 Days ========== [2010/03/13 14:58:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/03/13 14:43:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/13 14:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/13 14:42:25 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/13 14:40:24 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/03/13 14:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/03/13 14:03:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/13 14:03:30 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/13 14:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/13 14:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/13 13:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HTML Essential Training
[2010/03/13 13:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\skypePM
[2010/03/13 09:25:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/03/13 08:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/03/13 08:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2010/03/13 08:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/13 08:34:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/03/13 08:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/13 08:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2010/03/13 08:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/13 08:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/03/13 08:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/03/13 08:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2010/03/13 08:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/03/13 08:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/03/13 08:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2010/03/13 07:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Office Genuine Advantage
[2010/03/11 03:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/03/05 20:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/03/04 23:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/03/04 23:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/02/09 08:44:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/09 07:54:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/09 07:51:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/09 07:51:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
========== Files - Modified Within 14 Days ========== [2010/03/13 15:49:22 | 000,001,920 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2010/03/13 15:48:52 | 000,000,094 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2010/03/13 15:47:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/13 15:47:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/13 15:47:28 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/13 15:47:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/13 15:21:33 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/13 14:43:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/13 14:43:19 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/03/13 14:43:19 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/03/13 14:43:13 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/13 14:41:16 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/03/13 14:03:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/13 13:28:55 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/13 13:26:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/13 12:58:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1770027372-1177238915-500UA.job
[2010/03/13 12:24:25 | 000,001,097 | ---- | M] () -- C:\WINDOWS\powerplayer.ini
[2010/03/13 11:43:35 | 1073,741,824 | ---- | M] () -- C:\ppsds.pgf
[2010/03/13 11:18:31 | 000,000,140 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2010/03/13 11:13:46 | 000,000,060 | ---- | M] () -- C:\WINDOWS\MediaList.ini
[2010/03/13 08:58:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1770027372-1177238915-500Core.job
[2010/03/13 08:34:13 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/13 08:19:33 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/13 08:18:54 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/12 19:20:35 | 001,576,122 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/03/11 09:29:14 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/11 03:21:16 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Orbit.lnk
[2010/03/06 21:35:44 | 000,523,404 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/06 21:35:44 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/06 21:35:44 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/04 23:47:02 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
========== Files Created - No Company Name ========== [2010/03/13 14:55:08 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/03/13 14:43:19 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/03/13 14:43:19 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/03/13 14:42:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/03/13 14:03:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/13 13:28:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/13 08:34:13 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/13 08:19:33 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/13 08:18:54 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/04 23:47:02 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/02/09 11:27:39 | 000,000,094 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2010/02/09 11:13:56 | 000,000,140 | ---- | C] () -- C:\WINDOWS\powerlist.ini
[2010/02/09 11:13:56 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2010/02/09 11:13:43 | 000,001,920 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2010/02/09 11:13:41 | 000,001,097 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2010/02/09 07:54:27 | 000,075,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/09 07:45:56 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2010/02/09 07:45:56 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2010/02/09 07:45:56 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
========== LOP Check ========== [2010/02/09 11:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2010/03/13 14:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2010/03/11 20:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PPStream
[2010/03/04 23:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/02/09 08:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/02/16 00:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/02/15 17:47:27 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: ATAPI.SYS >[2008/04/14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/14 23:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 23:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: IASTOR.SYS >[2009/04/19 07:52:05 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\NLDRV\001\iastor.sys
< MD5 for: NETLOGON.DLL >[2009/02/07 02:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\SP2QFE\netlogon.dll
[2009/02/07 02:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\SP2QFE\netlogon.dll
[2009/02/07 05:37:59 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/07 05:37:59 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >[2008/04/14 23:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 23:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[2008/04/14 23:00:00 | 001,384,479 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav >[2010/02/09 06:30:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/09 06:30:36 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/09 06:30:36 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
OTL Extras logfile created on: 3/13/2010 3:49:25 PM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 675.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.01 Gb Total Space | 47.17 Gb Free Space | 76.07% Space Free | Partition Type: NTFS
Drive D: | 12.54 Gb Total Space | 1.62 Gb Free Space | 12.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WYFFGOAL
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3399:TCP" = 3399:TCP:*:Enabled:hxhsmy
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSí???μ?êó -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS í????ó?ù?÷ -- (PPStream Inc)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Orbit_is1" = Orbit Downloader
"PPStream" = PPStream V2.6.86.8999 Final
"RealPlayer 12.0" = RealPlayer
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 3/13/2010 2:45:04 AM | Computer Name = WYFFGOAL | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 3/13/2010 2:58:58 AM | Computer Name = WYFFGOAL | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/13/2010 2:59:01 AM | Computer Name = WYFFGOAL | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/13/2010 2:59:01 AM | Computer Name = WYFFGOAL | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 3/13/2010 3:22:27 AM | Computer Name = WYFFGOAL | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/13/2010 3:22:28 AM | Computer Name = WYFFGOAL | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/13/2010 3:22:28 AM | Computer Name = WYFFGOAL | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 3/13/2010 3:47:30 AM | Computer Name = WYFFGOAL | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/13/2010 3:47:33 AM | Computer Name = WYFFGOAL | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/13/2010 3:47:33 AM | Computer Name = WYFFGOAL | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
[ System Events ]
Error - 3/13/2010 2:59:14 AM | Computer Name = WYFFGOAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 3/13/2010 3:00:23 AM | Computer Name = WYFFGOAL | Source = Service Control Manager | ID = 7023
Description = The Time Manager service terminated with the following error: %%126
Error - 3/13/2010 3:22:27 AM | Computer Name = WYFFGOAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 3/13/2010 3:22:28 AM | Computer Name = WYFFGOAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 3/13/2010 3:22:42 AM | Computer Name = WYFFGOAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 3/13/2010 3:23:50 AM | Computer Name = WYFFGOAL | Source = Service Control Manager | ID = 7023
Description = The Time Manager service terminated with the following error: %%126
Error - 3/13/2010 3:47:30 AM | Computer Name = WYFFGOAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 3/13/2010 3:47:33 AM | Computer Name = WYFFGOAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 3/13/2010 3:47:45 AM | Computer Name = WYFFGOAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 3/13/2010 3:48:53 AM | Computer Name = WYFFGOAL | Source = Service Control Manager | ID = 7023
Description = The Time Manager service terminated with the following error: %%126
< End of report >
Thanks in advance!