The computer is not used for business.
GMER log:
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-09-22 20:24:38
Windows 5.1.2600 Service Pack 3
Running: y2u95je1.exe; Driver: C:\DOCUME~1\1\LOCALS~1\Temp\kwldafob.sys
---- System - GMER 1.0.15 ----
SSDT 823DA680 ZwAllocateVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xEFF1D610]
SSDT 823B04F0 ZwCreateKey
SSDT 82360BC0 ZwCreateProcess
SSDT 82360B48 ZwCreateProcessEx
SSDT 82360968 ZwCreateThread
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xEFF1DC10]
SSDT 82360E18 ZwDeleteKey
SSDT 82360C38 ZwDeleteValueKey
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xEFF1D730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xEFF1D4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xEFF1D570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xEFF1D6D0]
SSDT 823DA6F8 ZwQueueApcThread
SSDT 823DA590 ZwReadVirtualMemory
SSDT 82360DA0 ZwRenameKey
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xEFF1D690]
SSDT 82360D28 ZwSetInformationKey
SSDT 82360A58 ZwSetInformationProcess
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xEFF1D650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xEFF1D7D0]
SSDT 82360CB0 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xEFF1D510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xEFF1D590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xEFF1D4D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xEFF1D5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xEFF1D750]
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\intelide.sys entry point in ".rsrc" section [0xF8A3D094]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[360] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[1996] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E465 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[1996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[1996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[1996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[1996] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[1996] kernel32.dll!VirtualFree 7C809B74 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
www.webroot.com))
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 823DA350
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 823DA448
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 823DA448
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 823DA350
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 823DA350
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 823DA448
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 823DA448
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 823DA350
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 823DA448
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 823DA350
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 823DA448
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (
www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \Driver\Tcpip \Device\Ip 823D0168
Device \Driver\Tcpip \Device\Ip 81F62E50
Device \Driver\Tcpip \Device\Ip 820F4408
Device \Driver\Tcpip \Device\Ip 8214BED0
Device \Driver\Tcpip \Device\Ip 8221B738
Device \Driver\Tcpip \Device\Tcp 823D0168
Device \Driver\Tcpip \Device\Tcp 81F62E50
Device \Driver\Tcpip \Device\Tcp 820F4408
Device \Driver\Tcpip \Device\Tcp 8214BED0
Device \Driver\Tcpip \Device\Tcp 8221B738
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
Device \Driver\Tcpip \Device\Udp 823D0168
Device \Driver\Tcpip \Device\Udp 81F62E50
Device \Driver\Tcpip \Device\Udp 820F4408
Device \Driver\Tcpip \Device\Udp 8214BED0
Device \Driver\Tcpip \Device\Udp 8221B738
Device \Driver\Tcpip \Device\RawIp 823D0168
Device \Driver\Tcpip \Device\RawIp 81F62E50
Device \Driver\Tcpip \Device\RawIp 820F4408
Device \Driver\Tcpip \Device\RawIp 8214BED0
Device \Driver\Tcpip \Device\RawIp 8221B738
Device \Driver\Tcpip \Device\IPMULTICAST 823D0168
Device \Driver\Tcpip \Device\IPMULTICAST 81F62E50
Device \Driver\Tcpip \Device\IPMULTICAST 820F4408
Device \Driver\Tcpip \Device\IPMULTICAST 8214BED0
Device \Driver\Tcpip \Device\IPMULTICAST 8221B738
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (
www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
Device -> \Driver\atapi \Device\Harddisk0\DR0 822F9ECC
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\intelide.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
OTL will not run in safemode; the following logs are from the regular guest account because the admin account won't load.
OTL log:
OTL logfile created on: 9/22/2010 8:55:36 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.00 Mb Total Physical Memory | 226.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.41 Gb Free Space | 57.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.72 Gb Total Space | 3.47 Gb Free Space | 93.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-49D09A68D
Current User Name: 1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (
www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (
www.webroot.com))
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (
www.webroot.com))
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ========== DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x86\Sandra.sys File not found
DRV - (qbmmugyy) -- C:\WINDOWS\System32\drivers\qbmmugyy.sys File not found
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (
www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (
www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (
www.webroot.com))
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/?fr=fp-yma2IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?fr=fp-yma2 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606747145-789336058-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/20 14:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/26 20:18:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/06/08 09:10:14 | 000,000,000 | ---D | M]
[2010/08/29 21:48:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/03/07 13:09:44 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (no name) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-21-606747145-789336058-1177238915-1003..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-789336058-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupda ... 9788214234 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (em\\ecurity Packages settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/01 00:28:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/02/20 11:14:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/09/22 19:25:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
[2010/09/17 14:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010/09/16 17:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\My Documents\RegRun2
[2010/09/16 17:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Desktop\UnHackMe.v5.9.5.347.Cracked-MESMERiZE
[2010/09/15 20:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Local Settings\Application Data\ESET
[2010/09/02 07:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\Macromedia
[2010/09/01 20:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Local Settings\Application Data\Identities
[2010/09/01 19:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\Webroot
[2010/09/01 19:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Local Settings\Application Data\Apple Computer
[2010/09/01 19:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\Identities
[2010/09/01 19:49:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\1\My Documents\My Music
[2010/09/01 19:49:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\1\My Documents\My Pictures
[2010/09/01 19:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\Adobe
[2010/09/01 19:37:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\1\Local Settings\Application Data\Microsoft
[2010/09/01 19:37:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\1\Application Data\Microsoft
[2010/09/01 19:37:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\1\SendTo
[2010/09/01 19:37:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\1\Recent
[2010/09/01 19:37:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\1\Application Data
[2010/09/01 19:37:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\1\Start Menu
[2010/09/01 19:37:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\1\My Documents
[2010/09/01 19:37:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\1\Favorites
[2010/09/01 19:37:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\1\Cookies
[2010/09/01 19:37:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\1\Templates
[2010/09/01 19:37:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\1\PrintHood
[2010/09/01 19:37:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\1\NetHood
[2010/09/01 19:37:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\1\Local Settings
[2010/09/01 19:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Desktop
[2010/08/29 22:11:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/08/29 22:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/29 21:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/29 20:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/08/29 20:01:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/09/22 20:45:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/22 20:44:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/22 20:35:58 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\1\NTUSER.DAT
[2010/09/22 20:35:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\1\ntuser.ini
[2010/09/22 20:26:24 | 004,299,532 | -H-- | M] () -- C:\Documents and Settings\1\Local Settings\Application Data\IconCache.db
[2010/09/22 19:25:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
[2010/09/22 19:25:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\1\Desktop\y2u95je1.exe
[2010/09/16 17:55:41 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/16 17:55:41 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/16 17:55:41 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/09/16 17:37:34 | 010,352,444 | ---- | M] () -- C:\Documents and Settings\1\Desktop\UnHackMe.v5.9.5.347.Cracked-MESMERiZE.rar
[2010/09/15 18:49:52 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\1\Desktop\HijackThis.lnk
[2010/09/15 18:14:32 | 003,845,523 | ---- | M] () -- C:\Documents and Settings\1\Desktop\ComboFix.exe
[2010/09/03 21:12:27 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/03 21:12:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/03 21:12:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/09/01 19:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\1\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/01 19:50:04 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/01 18:48:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/01 16:32:02 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\m.lnk
[2010/08/31 11:19:21 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/29 22:26:51 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/29 22:11:02 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/29 12:22:50 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/08/28 20:22:03 | 000,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/28 10:58:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 07:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/09/22 19:25:35 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\1\Desktop\y2u95je1.exe
[2010/09/16 17:37:32 | 010,352,444 | ---- | C] () -- C:\Documents and Settings\1\Desktop\UnHackMe.v5.9.5.347.Cracked-MESMERiZE.rar
[2010/09/15 18:49:52 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\1\Desktop\HijackThis.lnk
[2010/09/15 18:14:22 | 003,845,523 | ---- | C] () -- C:\Documents and Settings\1\Desktop\ComboFix.exe
[2010/09/01 19:50:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\1\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/01 19:50:04 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/01 19:37:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\1\ntuser.ini
[2010/09/01 19:37:17 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\1\ntuser.dat.LOG
[2010/09/01 19:37:16 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\1\NTUSER.DAT
[2010/09/01 16:32:02 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\m.lnk
[2010/08/30 00:36:55 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/29 22:45:25 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/29 22:11:02 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/29 20:34:29 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/08/28 20:22:03 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/28 20:21:09 | 000,000,262 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/19 23:47:28 | 000,000,042 | ---- | C] () -- C:\WINDOWS\JFEXRMC.INI
[2010/04/26 23:42:12 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2010/04/26 23:42:12 | 000,000,398 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/02/20 12:50:57 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
< End of report >
Extras log:
OTL Extras logfile created on: 9/22/2010 8:55:36 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.00 Mb Total Physical Memory | 226.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.41 Gb Free Space | 57.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.72 Gb Total Space | 3.47 Gb Free Space | 93.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-49D09A68D
Current User Name: 1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x86\sandra.mui" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x86\sandra.mui:*:Enabled:SiSoftware Sandra Agent Service -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}" = ESET NOD32 Antivirus
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GoldWave v4.25" = GoldWave v4.25
"GoldWave v5.55" = GoldWave v5.55
"HijackThis" = HijackThis 2.0.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 8/30/2010 4:37:05 AM | Computer Name = OWNER-49D09A68D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 8/30/2010 4:37:05 AM | Computer Name = OWNER-49D09A68D | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 8/30/2010 4:38:49 AM | Computer Name = OWNER-49D09A68D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 8/30/2010 4:38:49 AM | Computer Name = OWNER-49D09A68D | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 8/30/2010 4:39:02 AM | Computer Name = OWNER-49D09A68D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 8/30/2010 4:39:02 AM | Computer Name = OWNER-49D09A68D | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 8/30/2010 4:39:12 AM | Computer Name = OWNER-49D09A68D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 8/30/2010 4:39:12 AM | Computer Name = OWNER-49D09A68D | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 8/30/2010 4:40:14 AM | Computer Name = OWNER-49D09A68D | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 8/30/2010 4:40:14 AM | Computer Name = OWNER-49D09A68D | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
[ System Events ]
Error - 9/1/2010 6:32:15 PM | Computer Name = OWNER-49D09A68D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 9/1/2010 6:33:12 PM | Computer Name = OWNER-49D09A68D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 9/1/2010 6:34:21 PM | Computer Name = OWNER-49D09A68D | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 9/1/2010 6:34:21 PM | Computer Name = OWNER-49D09A68D | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 9/1/2010 6:37:24 PM | Computer Name = OWNER-49D09A68D | Source = DCOM | ID = 10005
Description = DCOM got error "%109" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 9/1/2010 6:37:37 PM | Computer Name = OWNER-49D09A68D | Source = DCOM | ID = 10005
Description = DCOM got error "%230" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 9/1/2010 6:37:57 PM | Computer Name = OWNER-49D09A68D | Source = DCOM | ID = 10005
Description = DCOM got error "%230" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
Error - 9/1/2010 6:38:07 PM | Computer Name = OWNER-49D09A68D | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 9/1/2010 6:50:40 PM | Computer Name = OWNER-49D09A68D | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 9/1/2010 6:50:49 PM | Computer Name = OWNER-49D09A68D | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >