Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems Finding/killing Malware


  • This topic is locked This topic is locked
1 reply to this topic

#1 Waygook

Waygook

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 07 June 2008 - 08:15 PM

Hello - I've been having some pretty major trouble with my PC in the last few weeks. Basically, my iPod threw a fit and it needed to be restored. About the same time, (which leads me to believe there is a connection), my PC started showing signs of infection - most notably 10-15 start-up and shut down times.

Stupidly, I downloaded McAfee Sercurity Centre. Since then, my windows XP has looked like Windows 95. I have zero connection to the internet - even my connection icon in network places is gone. System restore cannot be used. I cannot use F1 help. I have no desktop.

I have been working with Da Chew in the Am I infected? forum, but he has now suggested I post my logs here. Please read here to find out what I have done so far to fix this, and some more information on the problem.

Please note that I cannot connect to the internet, so downloading programs to fix this has to be done on another computer and transported across using my iPod. I am wary that my iPod could be causing more infections, so if you have some tips on fixing that, that would be good.

If you have a lost of programs that you think I will need over the course of fixing this, please let me know them all at once so I can D/L them all at the same time and have them on stand-by.

Hope that all makes sense!


Deckard's System Scanner v20071014.68

Run by Aidan on 2008-06-08 08:36:05

Computer is in Normal Mode.

--------------------------------------------------------------------------------



-- System Restore --------------------------------------------------------------



Unable to create WMI object; The operation completed successfully.





Backed up registry hives.

Performed disk cleanup.



System Drive C: has 5.28 GiB (less than 15%) free.





-- HijackThis (run as Aidan.exe) -----------------------------------------------



Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------





Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-06-08 08:37:01

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16640)

Boot mode: Normal



Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\VM305_STI.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HDD Thermometer\HDD Thermometer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\WallpaperToy\Wallpapertoy.Exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\Aidan\Desktop\untitled folder 2\dss.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Copy of Ian The Internet.lnk = ?

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109727394607

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

O20 - AppInit_DLLs: icq5s.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: cbXRIbBu - C:\WINDOWS\system32\cbXRIbBu.dll (file missing)

O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll

O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll

O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll

O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll

O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe





--

End of file - 9426 bytes



-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------



backup-20050531-212847-122 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

backup-20050531-212847-683 R3 - Default URLSearchHook is missing

backup-20050531-212847-819 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

backup-20050531-212847-967 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

backup-20050531-232707-907 R3 - Default URLSearchHook is missing

backup-20060922-161103-500 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

backup-20060922-161103-658 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

backup-20060922-161103-678 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

backup-20060922-161103-772 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll

backup-20060922-161103-957 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

backup-20060922-161104-863 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162

backup-20061002-123039-238 O4 - HKCU\..\Run: [Csat] "C:\Program Files\oouo\mwtu.exe" -vt yazr

backup-20061002-123039-248 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

backup-20061002-123039-327 O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)

backup-20061002-123039-423 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

backup-20061002-123039-456 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

backup-20061002-123126-349 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

backup-20061002-125603-300 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

backup-20061002-125603-519 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

backup-20061002-125603-521 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

backup-20061002-125603-696 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

backup-20061002-125603-697 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

backup-20061002-125603-786 O4 - HKCU\..\Run: [Csat] "C:\DOCUME~1\Aidan\MYDOCU~1\SSEMBL~1\ntvdm.exe" -vt yax



-- File Associations -----------------------------------------------------------



.scr - scrfile - shell\open\command - "%1" %*





-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------



3 ac97intc (Intel« 82801DB/DBM Audio Driver Service (WDM)) - c:\windows\system32\drivers\ac97ich4.sys

3 catchme - c:\docume~1\aidan\locals~1\temp\catchme.sys (file missing)

2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys

3 irsir (Microsoft Serial Infrared Driver) - c:\windows\system32\drivers\irsir.sys

3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys

3 ZSMC0305 (VIMICRO USB PC Camera V) - c:\windows\system32\drivers\usbvm305.sys



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------



2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe

2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\program files\bonjour\mdnsresponder.exe

3 FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe

2 SfCtlCom (Trend Micro Central Control Component) - c:\program files\trend micro\internet security\sfctlcom.exe (file missing)





-- Device Manager: Disabled ----------------------------------------------------



Unable to create WMI object.



-- Scheduled Tasks -------------------------------------------------------------



2008-05-21 10:32:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2006-12-26 18:24:24 294 --a------ C:\WINDOWS\Tasks\Pinball.job





-- Files created between 2008-05-08 and 2008-06-08 -----------------------------



2008-06-08 07:54:33 0 d--h----- C:\WINDOWS\PIF

2008-06-07 18:47:09 0 d-------- C:\WINDOWS\ERUNT

2008-06-07 09:11:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2008-06-07 09:04:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com

2008-06-07 09:04:29 0 d-------- C:\Program Files\SUPERAntiSpyware

2008-06-07 09:04:29 0 d-------- C:\Documents and Settings\Aidan\Application Data\SUPERAntiSpyware.com

2008-06-07 09:04:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-06 21:58:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2008-06-06 19:19:55 0 d-------- C:\Documents and Settings\Aidan\Application Data\Malwarebytes

2008-06-06 19:19:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-06 19:19:48 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-05-25 10:15:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\HDD Thermometer

2008-05-23 17:40:18 0 d-------- C:\Program Files\TMInternetSecurity

2008-05-22 21:31:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro

2008-05-22 20:35:08 2624 --a------ C:\WINDOWS\system32\phycsrmg.exe

2008-05-22 19:32:06 2624 --a------ C:\WINDOWS\system32\lmdkchfo.exe

2008-05-21 18:31:06 2624 --a------ C:\WINDOWS\system32\rpennwcv.exe

2008-05-21 18:27:42 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-05-21 13:33:41 2624 --a------ C:\WINDOWS\system32\maqwajgx.exe

2008-05-20 12:12:11 2624 --a------ C:\WINDOWS\system32\dttwhugj.exe

2008-05-17 09:38:35 0 dr-h----- C:\Documents and Settings\Aidan\Recent

2008-05-17 09:34:12 0 d-------- C:\Program Files\CCleaner

2008-05-15 22:17:07 2 --a------ C:\-1674640206

2008-05-15 22:16:29 126976 --a------ C:\WINDOWS\system32\icq5s.dll

2008-05-15 22:07:35 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI

2008-05-15 20:10:15 691545 --a------ C:\WINDOWS\unins000.exe

2008-05-15 20:10:15 2558 --a------ C:\WINDOWS\unins000.dat





-- Find3M Report ---------------------------------------------------------------



2008-06-08 08:24:31 0 d-------- C:\Documents and Settings\Aidan\Application Data\Skype

2008-06-07 13:42:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-06-07 08:59:23 0 d-------- C:\Documents and Settings\Aidan\Application Data\skypePM

2008-05-25 15:32:23 0 d-------- C:\Program Files\Common Files

2008-05-23 18:39:08 0 d-------- C:\Documents and Settings\Aidan\Application Data\Azureus

2008-05-11 17:14:48 0 d-------- C:\Program Files\Common Files\Adobe

2008-05-11 17:12:01 0 d-------- C:\Documents and Settings\Aidan\Application Data\AdobeUM

2008-05-06 21:21:49 0 d-------- C:\Documents and Settings\Aidan\Application Data\Adobe

2008-04-19 10:37:25 0 d-------- C:\Program Files\Azureus

2008-04-16 22:22:25 0 d-------- C:\Program Files\Apple Software Update

2008-04-14 20:30:46 0 d-------- C:\Program Files\iTunes

2008-04-14 20:30:19 0 d-------- C:\Program Files\iPod

2008-04-14 20:28:14 0 d-------- C:\Program Files\QuickTime

2008-03-27 16:12:54 151583 --a------ C:\WINDOWS\system32\msjint40.dll

2008-03-19 17:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys





-- Registry Dump ---------------------------------------------------------------



*Note* empty entries & legit default entries are not shown





[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]

"BigDog305"="C:\WINDOWS\VM305_STI.exe" [05/08/2005 03:15 PM]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]

"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" []



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM]

"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" []

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/02/2008 05:22 PM]

"RSD_HDDThermo"="C:\Program Files\HDD Thermometer\HDD Thermometer.exe" [02/04/2005 01:02 AM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 03:56 PM]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33 AM]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"hx-1"=1

"hx-2"=2



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRIbBu]

cbXRIbBu.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"= icq5s.dll



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Din40.sys]

@="Driver"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"





[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02686366-016b-11da-bf92-000b6ac72e88}]

AutoRun\command- E:\

explore\Command- WScript.exe .\autorun.vbs

open\Command- WScript.exe .\autorun.vbs



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bd3a57a-86d9-11d9-b31b-000b6ac72e88}]

1\Command- H:\.\RECYCLER\RECYCLER\autorun.exe

2\Command- H:\.\RECYCLER\RECYCLER\autorun.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691b6d34-5449-11db-81ad-000b6ac72e88}]

1\Command- F:\.\RECYCLER\RECYCLER\autorun.exe

2\Command- F:\.\RECYCLER\RECYCLER\autorun.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dedc867-1363-11dd-8471-000b6ac72e88}]

Auto\command- E:\sxs.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc8f4d4e-722d-11db-81f3-000b6ac72e88}]

1\Command- .\RECYCLER\RECYCLER\autorun.exe

2\Command- .\RECYCLER\RECYCLER\autorun.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe









-- End of Deckard's System Scanner: finished at 2008-06-08 08:37:41 ------------


I was also given a second log file. Not sure if it's necessary, but here it is...

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------



-- System Information ----------------------------------------------------------



Unable to create WMI object.



Architecture: X86; Language: English



Percentage of Memory in Use: 29%

Physical Memory (total/avail): 1015.48 MiB / 711.92 MiB

Pagefile Memory (total/avail): 1292.29 MiB / 1111.21 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1945.95 MiB



C: is Fixed (NTFS) - 74.52 GiB total, 5.28 GiB free.

D: is CDROM (No Media)





-- Security Center -------------------------------------------------------------



AUOptions is set to notify before install.

Windows Internal Firewall is enabled.



FirewallDisableNotify is set.

FirewallOverride is set.



Unable to create WMI object.



-- Environment Variables -------------------------------------------------------



ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS

APPDATA=C:\Documents and Settings\Aidan\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=DJQ65Y19LTSSYUV

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Aidan

LOGONSERVER=\\DJQ65Y19LTSSYUV

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0209

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Aidan\LOCALS~1\Temp

TMP=C:\DOCUME~1\Aidan\LOCALS~1\Temp

USERDOMAIN=DJQ65Y19LTSSYUV

USERNAME=Aidan

USERPROFILE=C:\Documents and Settings\Aidan

windir=C:\WINDOWS





-- User Profiles ---------------------------------------------------------------



Aidan (admin)

Candice (admin)

Administrator (admin)

Guest.DJQ65Y19LTSSYUV (guest)





-- Add/Remove Programs ---------------------------------------------------------



--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Anchor Service CS3 --> MsiExec.exe /I{A4464AC3-D85E-4649-8748-706191063DF6}

Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Asset Services CS3 --> MsiExec.exe /I{7302810D-7ACF-4339-B27B-57016CAADDCD}

Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}

Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge CS3 --> MsiExec.exe /I{FABA59CC-347B-478B-B2A7-37BF0885CACB}

Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Bridge Start Meeting --> MsiExec.exe /I{CE52110A-7773-444F-9E5D-4A45E4792DB6}

Adobe Camera Raw 4.0 --> MsiExec.exe /I{AED353B9-E6D7-406F-B007-2C55C5265EB3}

Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe CMaps --> MsiExec.exe /I{D8FC8E35-D397-4C16-87AE-141A625221E4}

Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Default Language CS3 --> MsiExec.exe /I{D446BA40-1F5F-44EB-A794-0AC14F809C79}

Adobe Device Central CS3 --> MsiExec.exe /I{265FCC3B-4814-4B2B-89D6-217DFB8AD886}

Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{F36CFE58-47C0-4D75-995B-E0172563FA83}

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All --> MsiExec.exe /I{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}

Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer 1.1 --> MsiExec.exe /I{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}

Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe Linguistics CS3 --> MsiExec.exe /I{E5C28906-EC86-404E-BB4F-6AB2590451FF}

Adobe PDF Library Files --> MsiExec.exe /I{91D829E6-F1D1-433F-861F-0552DFED0EAD}

Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe

Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\Setup.exe

Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Photoshop CS3 --> MsiExec.exe /I{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}

Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}

Adobe Setup --> MsiExec.exe /I{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}

Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Stock Photos CS3 --> MsiExec.exe /I{73B79E83-490B-460D-B0D6-2C7B73980325}

Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Type Support --> MsiExec.exe /I{A78A65E4-1D88-477A-83B4-3EC540F6A55A}

Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client --> MsiExec.exe /I{BF18C55F-791F-4C17-AB75-E397EE01C14B}

Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}

Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

Adobe XMP Panels CS3 --> MsiExec.exe /I{F0CF6455-EDD8-41C6-A96A-223874E660CC}

Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}

Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Azureus --> C:\Program Files\Azureus\Uninstall.exe

CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"

Chinese (Simplified) Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\cn.inf, Uninstall

Codec Pack - All In 1 6.0.2.4 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"

DimSum 0.7.9 --> "C:\Program Files\ChineseTools\unins000.exe"

Family Feud (remove only) --> "C:\Program Files\Yahoo! Games\Family Feud\Uninstall.exe"

FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u

HDD Thermometer --> C:\Program Files\HDD Thermometer\uninstall.exe

HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}

Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}

iPod for Windows 2005-09-06 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} /l1033

iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033

iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}

J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}

J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}

Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Global IME for Office XP (Simplified Chinese) --> MsiExec.exe /X{E0FA36A0-DFB1-4D4D-8F27-D177C112852A}

Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe

Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall

NeroVision Express 3 SE --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG

PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"

PodUtil 3.0.3 --> "C:\Program Files\PodUtil\unins000.exe"

QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Skype˘ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SplitCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00718491-55BF-46C6-83EF-4B3B95AC807A}\setup.exe" -l0x9 -removeonly

SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}

Tournament Maker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97DF1C46-FCCE-4591-9974-5A12CE667B9D}\setup.exe"

Trend Micro Internet Security Pro --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}

VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe

VIMICRO USB PC Camera V --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x9

Wallpaper Changer for Windows XP --> C:\WINDOWS\walltoyUninst.exe UNINSTALL

WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe

Winamp --> "C:\Program Files\Winamp\UninstWA.exe"

Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG





-- Application Event Log -------------------------------------------------------



Event Record #/Type7982 / Error

Event Submitted/Written: 06/08/2008 08:24:02 AM

Event ID/Source: 4609 / EventSystem

Event Description:

The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070424 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.



Event Record #/Type7979 / Error

Event Submitted/Written: 06/08/2008 08:04:08 AM

Event ID/Source: 4609 / EventSystem

Event Description:

The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070424 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.



Event Record #/Type7976 / Error

Event Submitted/Written: 06/08/2008 07:48:40 AM

Event ID/Source: 4609 / EventSystem

Event Description:

The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070424 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.



Event Record #/Type7973 / Error

Event Submitted/Written: 06/07/2008 10:04:30 PM

Event ID/Source: 4609 / EventSystem

Event Description:

The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070424 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.



Event Record #/Type7970 / Error

Event Submitted/Written: 06/07/2008 09:42:59 PM

Event ID/Source: 4609 / EventSystem

Event Description:

The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070424 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.







-- Security Event Log ----------------------------------------------------------



No Errors/Warnings found.





-- System Event Log ------------------------------------------------------------



Event Record #/Type48174 / Warning

Event Submitted/Written: 06/08/2008 08:06:37 AM

Event ID/Source: 51 / Disk

Event Description:

An error was detected on device \Device\Harddisk1\D during a paging operation.



Event Record #/Type48173 / Warning

Event Submitted/Written: 06/08/2008 08:06:37 AM

Event ID/Source: 51 / Disk

Event Description:

An error was detected on device \Device\Harddisk1\D during a paging operation.



Event Record #/Type48169 / Warning

Event Submitted/Written: 06/08/2008 07:52:02 AM

Event ID/Source: 51 / Disk

Event Description:

An error was detected on device \Device\Harddisk1\D during a paging operation.



Event Record #/Type48168 / Warning

Event Submitted/Written: 06/08/2008 07:52:01 AM

Event ID/Source: 51 / Disk

Event Description:

An error was detected on device \Device\Harddisk1\D during a paging operation.



Event Record #/Type48157 / Warning

Event Submitted/Written: 06/07/2008 10:07:39 PM

Event ID/Source: 51 / Disk

Event Description:

An error was detected on device \Device\Harddisk1\D during a paging operation.







-- End of Deckard's System Scanner: finished at 2008-06-08 08:37:41 ------------



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:44 AM

Posted 09 June 2008 - 07:43 AM

This thread is closed as the OP has decided to reformat and do a clean install. See here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users