1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive System restore not working, desktop, program file icons hidden

Discussion in 'Malware and Virus Removal Archive' started by mswsportscards, 2011/04/13.

Thread Status:
Not open for further replies.
  1. 2011/04/13
    mswsportscards

    mswsportscards Inactive Thread Starter

    Joined:
    2011/04/13
    Messages:
    6
    Likes Received:
    0
    [Inactive] System restore not working, desktop, program file icons hidden

    I received a message saying my hard drive was crashing and icons began disappearing off my screen. I went to my programs folder in the start menu only to find it empty. I restarted the computer in safe mode and downloaded super antispyware which found 67 threats and I used it to remove them. It didn't solve my problem with my icons being hidden; however, I know they're there because I saw them being scanned. I also ran mbam and it found 2 files named hijack and I removed those. I attempted a restore using the command prompt, but after I hit the next button the hour glass came up and nothing happened. I rebooted in safe mode again and found this site. I ran Microsoft Forefront and found 1 item named Trojan:WinNT/Alureon.S the file was:
    C:\System Volume Information\_restore{59883BF2-F377-43FC-9A09-8FDBB1F1388E}\RP1015A0071498.sys
    I removed that. I am currently running mbam again.

    I just want my icons back. Any help is appreciated.
     
    mswsportscards,
    #1
  2. 2011/04/13
    mswsportscards

    mswsportscards Inactive Thread Starter

    Joined:
    2011/04/13
    Messages:
    6
    Likes Received:
    0
    MBAM Log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6320

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    4/13/2011 2:55:10 AM
    mbam-log-2011-04-13 (02-55-10).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 244723
    Time elapsed: 35 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    mswsportscards,
    #2


  3. to hide this advert.

  4. 2011/04/13
    mswsportscards

    mswsportscards Inactive Thread Starter

    Joined:
    2011/04/13
    Messages:
    6
    Likes Received:
    0
    GMER Log

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-13 03:23:23
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000008f WDC_WD800JD-75MSA3 rev.10.01E04
    Running: gmer.exe; Driver: C:\DOCUME~1\CWHITE~1.CAR\LOCALS~1\Temp\uwrdypoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA6CEE6D0]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB1037 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB1895 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB0EA6 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB0F36 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB130D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1868] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB1B86 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB1037 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB1895 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB0EA6 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB0F36 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB130D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB1B86 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\InProcServer32@ %SystemRoot%\system32\shdocvw.dll
    Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\InProcServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\InprocServer32@ C:\WINDOWS\system32\quartz.dll
    Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\InprocServer32@ThreadingModel Both

    ---- EOF - GMER 1.0.15 ----
     
    mswsportscards,
    #3
  5. 2011/04/13
    mswsportscards

    mswsportscards Inactive Thread Starter

    Joined:
    2011/04/13
    Messages:
    6
    Likes Received:
    0
    MBRCHECK Log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 172):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA5AC000 aliide.sys
    0xBA5AE000 cmdide.sys
    0xBA5B0000 toside.sys
    0xBA5B2000 viaide.sys
    0xBA5B4000 intelide.sys
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5B6000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xBA4BC000 cpqarray.sys
    0xB9F0B000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xB9EF3000 atapi.sys
    0xBA4C0000 aha154x.sys
    0xBA338000 sparrow.sys
    0xBA4C4000 symc810.sys
    0xBA0D8000 aic78xx.sys
    0xBA4C8000 dac960nt.sys
    0xBA0E8000 ql10wnt.sys
    0xBA4CC000 amsint.sys
    0xBA340000 asc.sys
    0xBA4D0000 asc3550.sys
    0xBA348000 mraid35x.sys
    0xBA350000 i2omp.sys
    0xBA4D4000 ini910u.sys
    0xBA0F8000 ql1240.sys
    0xBA108000 aic78u2.sys
    0xBA358000 symc8xx.sys
    0xBA360000 sym_hi.sys
    0xBA368000 sym_u3.sys
    0xBA370000 ABP480N5.SYS
    0xBA378000 asc3350p.sys
    0xBA5B8000 cd20xrnt.sys
    0xBA118000 ultra.sys
    0xBA380000 dpti2o.sys
    0xB9EDA000 adpu160m.sys
    0xBA128000 ql1080.sys
    0xBA138000 ql1280.sys
    0xBA148000 ql12160.sys
    0xB9EC0000 nvata.sys
    0xBA388000 perc2.sys
    0xBA5BA000 perc2hib.sys
    0xBA390000 hpn.sys
    0xBA4D8000 cbidf2k.sys
    0xB9E94000 dac2w2k.sys
    0xBA158000 disk.sys
    0xBA168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9E74000 fltmgr.sys
    0xB9E62000 sr.sys
    0xB9E4B000 KSecDD.sys
    0xB9DBE000 Ntfs.sys
    0xB9D91000 NDIS.sys
    0xBA178000 sisagp.sys
    0xBA188000 viaagp.sys
    0xB9D77000 Mup.sys
    0xBA198000 alim1541.sys
    0xBA1A8000 amdagp.sys
    0xBA1B8000 agp440.sys
    0xBA1C8000 agpCPQ.sys
    0xBA755000 \SystemRoot\system32\DRIVERS\idisw2km.sys
    0xB9C53000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA5D6000 \SystemRoot\system32\DRIVERS\kbstuff5.sys
    0xBA3F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA3F8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
    0xB9A98000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xBA400000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB9A74000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA408000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA248000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA258000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA268000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9A51000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB9A29000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA278000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA588000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB9A15000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA766000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA288000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA58C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB99FE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA2A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA410000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB99ED000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA418000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA420000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB99BD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA2C8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA5D8000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB9897000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9D53000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA428000 \SystemRoot\system32\DRIVERS\omci.sys
    0xB9721000 \SystemRoot\system32\drivers\sthda.sys
    0xB96FD000 \SystemRoot\system32\drivers\portcls.sys
    0xBA2D8000 \SystemRoot\system32\drivers\drmk.sys
    0xBA2E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB9CFF000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB9C83000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xBA5DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA7B6000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5E0000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA448000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA450000 \SystemRoot\System32\drivers\vga.sys
    0xBA5E2000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA458000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA460000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB9C7B000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA9577000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA951E000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA94F6000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA94D0000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA94AE000 \SystemRoot\System32\drivers\afd.sys
    0xB9CDF000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB9CCF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA93EC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xBA468000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xA93C1000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA9351000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB9CAF000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA470000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xBA560000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xBA478000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xBA480000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xBA56C000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB9915000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA578000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xBA57C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xA9225000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
    0xB9CEF000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA920B000 \SystemRoot\System32\Drivers\dump_nvata.sys
    0xBA5EE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB99A9000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA498000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA7C0000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF055000 \SystemRoot\System32\ati2cqag.dll
    0xBF09B000 \SystemRoot\System32\atikvmag.dll
    0xBF0DD000 \SystemRoot\System32\ati3duag.dll
    0xBF37E000 \SystemRoot\System32\ativvaxx.dll
    0xBF52A000 \SystemRoot\System32\ATMFD.DLL
    0xA70D7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA7013000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0xA6E46000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBA65E000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xA6C86000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA6CEE000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
    0xA6569000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA65CE000 \SystemRoot\system32\drivers\sysaudio.sys
    0xBA4B0000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xA6248000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xA5D01000 \??\C:\DOCUME~1\CWHITE~1.CAR\LOCALS~1\Temp\uwrdypoc.sys
    0xA5CD6000 \SystemRoot\system32\drivers\kmixer.sys
    0xA5CAC000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xA5C4F000 \??\C:\DOCUME~1\CWHITE~1.CAR\LOCALS~1\Temp\uwrdypog.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 46):
    0 System Idle Process
    4 System
    576 C:\WINDOWS\system32\smss.exe
    616 csrss.exe
    644 C:\WINDOWS\system32\winlogon.exe
    688 C:\WINDOWS\system32\services.exe
    700 C:\WINDOWS\system32\lsass.exe
    864 C:\WINDOWS\system32\ati2evxx.exe
    880 C:\WINDOWS\system32\svchost.exe
    980 svchost.exe
    1076 C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
    1116 C:\WINDOWS\system32\svchost.exe
    1156 svchost.exe
    1292 svchost.exe
    1420 C:\WINDOWS\system32\spoolsv.exe
    1560 svchost.exe
    1656 C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
    1732 C:\Program Files\Dell\OpenManage\Client\Iap.exe
    1784 C:\Program Files\Java\jre6\bin\jqs.exe
    1848 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1956 C:\WINDOWS\system32\svchost.exe
    2004 C:\Program Files\UPHClean\uphclean.exe
    412 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    460 C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
    492 C:\WINDOWS\system32\CCM\CcmExec.exe
    560 C:\Program Files\Microsoft Operations Manager 2005\MOMService.exe
    1068 wmiprvse.exe
    1340 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2268 wmiprvse.exe
    2312 alg.exe
    2448 wmiprvse.exe
    2636 wmiprvse.exe
    3048 C:\WINDOWS\explorer.exe
    3264 C:\WINDOWS\stsystra.exe
    3320 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    3416 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    3428 C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
    3472 C:\Program Files\Citrix\ICA Client\concentr.exe
    3656 C:\WINDOWS\system32\ctfmon.exe
    3728 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3792 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    2744 C:\Program Files\Internet Explorer\iexplore.exe
    2792 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    1868 C:\Program Files\Internet Explorer\iexplore.exe
    2340 C:\WINDOWS\system32\wuauclt.exe
    3940 C:\Documents and Settings\cwhite.CARBOGA-DT\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007d8200 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
    mswsportscards,
    #4
  6. 2011/04/13
    mswsportscards

    mswsportscards Inactive Thread Starter

    Joined:
    2011/04/13
    Messages:
    6
    Likes Received:
    0
    DDS Log

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by cwhite at 3:31:40.06 on Wed 04/13/2011
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2573 [GMT -5:00]
    .
    AV: Microsoft Forefront Client Security *Enabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Client Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    c:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    c:\Program Files\Microsoft Operations Manager 2005\MOMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\cwhite.CARBOGA-DT\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mDefault_Page_URL = hxxp://1stfarmcredit.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe "
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe "
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe "
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    dRun: [SUPERAntiSpyware] c:\superantispyware\SUPERANTISPYWARE.EXE
    mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: LogonType = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202400011921
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://join-test.webex.com/client/T26L/webex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2010-7-20 16896]
    R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2009-10-22 69512]
    R2 MOM;MOM;c:\program files\microsoft operations manager 2005\MOMService.exe [2005-7-21 134656]
    R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-9-18 71424]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-4 136176]
    .
    =============== Created Last 30 ================
    .
    2011-04-13 04:28:50 -------- d-----w- c:\docume~1\cwhite~1.car\applic~1\SUPERAntiSpyware.com
    2011-04-13 04:28:45 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-04-13 04:17:57 -------- d--h--w- c:\docume~1\cwhite~1.car\applic~1\Malwarebytes
    2011-04-11 13:41:05 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Citrix
    2011-04-09 20:37:40 343 ---ha-w- C:\Start_.cmd
    2011-04-09 20:37:40 -------- d--h--w- C:\lalala845l
    2011-04-09 20:34:16 -------- d--h--w- C:\lalala
    2011-04-09 20:28:02 -------- d--h--w- C:\ccsetup231
    2011-04-09 20:25:23 -------- d--h--w- C:\11221122
    2011-04-09 20:06:32 -------- d--h--w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2011-04-09 20:06:26 -------- d--h--w- C:\SUPERAntiSpyware
    2011-04-09 20:00:47 38224 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-09 20:00:47 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-09 20:00:44 20952 ---ha-w- c:\windows\system32\drivers\mbam.sys
    2011-04-09 20:00:44 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-09 19:42:20 -------- d--h--w- c:\windows\system32\wbem\Repository
    2011-04-09 19:42:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-04-09 14:22:12 -------- d--h--w- c:\docume~1\alluse~1\applic~1\bJj06504hHoOl06504
    .
    ==================== Find3M ====================
    .
    2011-01-21 14:44:37 439296 ---ha-w- c:\windows\system32\shimgvw.dll
    .
    ============= FINISH: 3:32:00.26 ===============
     
    mswsportscards,
    #5
  7. 2011/04/13
    mswsportscards

    mswsportscards Inactive Thread Starter

    Joined:
    2011/04/13
    Messages:
    6
    Likes Received:
    0
    Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/11/2008 12:31:13 PM
    System Uptime: 4/13/2011 2:15:45 AM (1 hours ago)
    .
    Motherboard: Dell Inc | | 0HX340
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket M2 | 2605/1000mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 60.708 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Active Directory Management Pack Helper Object
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.3
    ATI - Software Uninstall Utility
    ATI Display Driver
    Bing Bar
    Bing Bar Platform
    Broadcom Gigabit Integrated Controller
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Critical Update for Windows Media Player 11 (KB959772)
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting/GoToWebinar 3.0.0.198
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HP Officejet Pro 8500 A910 Basic Device Software
    HP Officejet Pro 8500 A910 Help
    HP Officejet Pro 8500 A910 Product Improvement Study
    HP Update
    I.R.I.S. OCR
    Java 2 Runtime Environment, SE v1.4.2_04
    Java(TM) 6 Update 21
    K-Lite Codec Pack 3.8.5 Full
    Malwarebytes' Anti-Malware
    Marketsplash Shortcuts
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Forefront Client Security Antimalware Service
    Microsoft Forefront Client Security State Assessment Service
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Excel Viewer 2003
    Microsoft Office Live Meeting 2005
    Microsoft Office Live Meeting 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Visio Viewer 2003 (English)
    Microsoft Office Word Viewer 2003
    Microsoft Operations Manager 2005 Agent
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Nortel CallPilot Desktop Messaging
    NVIDIA Drivers
    OMCI
    PaperPort Image Printer
    ScanSoft PaperPort 11
    ScanSoft PDF Create! 4
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SigmaTel Audio
    SMS Advanced Client
    SUPERAntiSpyware
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    User Profile Hive Cleanup Service
    WebEx
    WebEx Recorder and Player
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/9/2011 9:43:37 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
    4/9/2011 9:43:35 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 18 time(s).
    4/9/2011 9:43:35 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 39 time(s).
    4/9/2011 9:42:19 AM, error: Service Control Manager [7031] - The SMS Agent Host service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/9/2011 9:40:41 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 17 time(s).
    4/9/2011 9:40:30 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 16 time(s).
    4/9/2011 9:40:19 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 15 time(s).
    4/9/2011 9:39:51 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 14 time(s).
    4/9/2011 9:39:51 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 13 time(s).
    4/9/2011 9:39:38 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {135D7881-D666-4046-A1DF-7EC7B5785A67} to the user CARBOGA-DT\cwhite SID (S-1-5-21-1026543760-3810586928-944558522-1009). This security permission can be modified using the Component Services administrative tool.
    4/9/2011 9:37:20 AM, error: Service Control Manager [7034] - The MOM service terminated unexpectedly. It has done this 6 time(s).
    4/9/2011 9:36:39 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 12 time(s).
    4/9/2011 9:36:27 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 11 time(s).
    4/9/2011 9:36:27 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 10 time(s).
    4/9/2011 9:36:20 AM, error: Service Control Manager [7031] - The MOM service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/9/2011 9:36:13 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 9 time(s).
    4/9/2011 9:35:51 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 8 time(s).
    4/9/2011 9:35:50 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 7 time(s).
    4/9/2011 9:35:45 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 6 time(s).
    4/9/2011 3:35:05 PM, error: Service Control Manager [7034] - The LogMeIn Rescue (3973a4b1-e070-495c-8898-ecc0c3d404eb) service terminated unexpectedly. It has done this 1 time(s).
    4/9/2011 2:54:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
    4/9/2011 2:41:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM ctxusbm Fips
    4/9/2011 2:41:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/9/2011 11:14:42 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 43 time(s).
    4/9/2011 11:14:38 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 42 time(s).
    4/9/2011 11:14:33 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 41 time(s).
    4/9/2011 11:14:31 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 40 time(s).
    4/9/2011 11:10:50 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DC28D12E-B065-4EE4-9468-899D8C47B856} to the user CARBOGA-DT\cwhite SID (S-1-5-21-1026543760-3810586928-944558522-1009). This security permission can be modified using the Component Services administrative tool.
    4/9/2011 11:10:46 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 2 time(s).
    4/9/2011 10:33:45 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 12 time(s).
    4/9/2011 10:33:44 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 11 time(s).
    4/9/2011 10:33:43 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 10 time(s).
    4/9/2011 10:33:42 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 9 time(s).
    4/9/2011 10:33:42 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 8 time(s).
    4/9/2011 10:33:39 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 7 time(s).
    4/9/2011 10:33:39 AM, error: Service Control Manager [7031] - The MOM service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/9/2011 10:33:38 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 6 time(s).
    4/9/2011 10:33:37 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 5 time(s).
    4/9/2011 10:33:36 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 4 time(s).
    4/9/2011 10:33:35 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 3 time(s).
    4/9/2011 10:33:34 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 2 time(s).
    4/9/2011 10:33:34 AM, error: DCOM [10005] - DCOM got error "%109" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
    4/9/2011 10:32:39 AM, error: Service Control Manager [7031] - The MOM service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/9/2011 10:32:00 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 5 time(s).
    4/9/2011 10:31:49 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 4 time(s).
    4/9/2011 10:31:39 AM, error: Service Control Manager [7031] - The MOM service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/9/2011 10:31:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
    4/9/2011 10:31:38 AM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/9/2011 10:31:38 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
    4/9/2011 10:31:37 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 3 time(s).
    4/9/2011 10:31:19 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 2 time(s).
    4/9/2011 10:31:09 AM, error: Service Control Manager [7034] - The Microsoft Forefront Client Security Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
    4/9/2011 10:30:54 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    4/9/2011 10:30:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Live ID Sign-in Assistant service to connect.
    4/9/2011 10:30:49 AM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/9/2011 10:30:39 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
    4/9/2011 10:30:39 AM, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
    4/9/2011 10:30:39 AM, error: Service Control Manager [7034] - The SMS Remote Control Agent service terminated unexpectedly. It has done this 1 time(s).
    4/9/2011 10:30:39 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    4/9/2011 10:30:39 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    4/9/2011 10:30:39 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 1 time(s).
    4/9/2011 10:30:39 AM, error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    4/9/2011 10:30:39 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    4/9/2011 10:30:39 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    4/9/2011 10:30:39 AM, error: Service Control Manager [7031] - The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/9/2011 10:30:39 AM, error: Service Control Manager [7031] - The MOM service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/9/2011 10:30:39 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security State Assessment Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    4/9/2011 10:30:39 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    4/9/2011 10:30:39 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Forefront Client Security State Assessment Service service to connect.
    4/9/2011 10:30:39 AM, error: Service Control Manager [7000] - The Microsoft Forefront Client Security State Assessment Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/9/2011 10:30:16 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
    4/9/2011 10:30:04 AM, error: NETLOGON [5719] - No Domain Controller is available for domain 1STFARM due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    4/9/2011 10:26:22 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 38 time(s).
    4/9/2011 10:26:22 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 37 time(s).
    4/9/2011 10:26:19 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 36 time(s).
    4/9/2011 10:26:17 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 35 time(s).
    4/9/2011 10:26:16 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 34 time(s).
    4/9/2011 10:25:22 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 33 time(s).
    4/9/2011 10:25:19 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 32 time(s).
    4/9/2011 10:25:17 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 31 time(s).
    4/9/2011 10:25:16 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 30 time(s).
    4/9/2011 10:24:30 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 29 time(s).
    4/9/2011 10:24:22 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 28 time(s).
    4/9/2011 10:24:19 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 27 time(s).
    4/9/2011 10:24:17 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 26 time(s).
    4/9/2011 10:24:16 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 25 time(s).
    4/9/2011 10:23:58 AM, error: Service Control Manager [7031] - The SMS Agent Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/9/2011 10:23:22 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 24 time(s).
    4/9/2011 10:23:19 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 23 time(s).
    4/9/2011 10:23:18 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 22 time(s).
    4/9/2011 10:23:17 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 21 time(s).
    4/9/2011 10:23:16 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 20 time(s).
    4/9/2011 10:22:19 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 19 time(s).
    4/9/2011 10:22:18 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 18 time(s).
    4/9/2011 10:22:17 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 17 time(s).
    4/9/2011 10:22:16 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 16 time(s).
    4/9/2011 10:21:31 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 15 time(s).
    4/9/2011 10:21:30 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 14 time(s).
    4/9/2011 10:21:29 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 13 time(s).
    4/9/2011 10:21:16 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Iap service to connect.
    4/9/2011 10:21:16 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
    4/9/2011 10:19:58 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MOM service to connect.
    4/9/2011 10:19:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Forefront Client Security Antimalware Service service to connect.
    4/9/2011 10:19:13 AM, error: Service Control Manager [7000] - The Microsoft Forefront Client Security Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/9/2011 10:19:08 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    4/13/2011 2:09:12 AM, error: FCSAM [1008] - Microsoft Forefront Client Security has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Alureon.S&threatid=2147641912 Scan ID: {BFAB0D16-E04F-41D7-A57D-B219F090759D} Scan Type: AntiMalware User: CARBOGA-DT\cwhite Name: Trojan:WinNT/Alureon.S ID: 2147641912 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508025 Error description: To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website.
    4/13/2011 12:20:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM ctxusbm Fips SASDIFSV SASKUTIL
    4/13/2011 12:13:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM ctxusbm Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    4/12/2011 11:33:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    4/12/2011 11:33:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    4/12/2011 11:33:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/12/2011 11:33:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/12/2011 11:33:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    4/12/2011 11:33:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    4/12/2011 11:18:47 PM, error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Alureon.S&threatid=2147641912 Scan ID: {63466BC4-F524-4E69-8956-4CE571C3C884} User: NT AUTHORITY\SYSTEM Name: Trojan:WinNT/Alureon.S ID: 2147641912 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508025 Error description: To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website.
    .
    ==== End Of File ===========================
     
    mswsportscards,
    #6
  8. 2011/04/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================

    I can see two AV programs running, Symantec AntiVirus Corporate Edition and Microsoft Forefront Client Security.
    Which one is your current security program?

    To unhide your files....
    Download and run UnHide

    When done....

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #7
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...