TechSpot

[A] Rookit virus and 100% CPU usage

By SamNoMore
Mar 13, 2012
  1. Hello All,
    This morning I was on my laptop and started to receive a message from my anti-virus about malicious programs trying to start, do not remember what the programs where I just hit "Quarantine". I am running windows XP and the anti-virus is Malwarebyes. So I decided to update the anti-virus so I can scan the computer. The update took for ever but it did update. I checked the Task Manager to find out that my CPU Usage is 100%.
    I rebooted in SAFE mode to run a a full scan. After scan finished I was told to reboot to remove the viruses. After reboot the CPU is still running on 100% CPU Usage.

    I was only able to run GMER in Normal mode, Marlwarebyes and DDS was run in Safe Mode.

    Appreciate any help.
    Sam


    Malwarebytes Anti-Malware (PRO) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.13.05

    Windows XP Service Pack 3 x86 NTFS (Safe Mode)
    Internet Explorer 8.0.6001.18702
    Administrator :: ESAADEH [limited]

    Protection: Disabled

    3/13/2012 4:59:48 PM
    mbam-log-2012-03-13 (16-59-48).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 491267
    Time elapsed: 2 hour(s), 48 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETWORKLOG (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\WINDOWS\svcs.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 8
    C:\WINDOWS\system32\dlcj_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{DBFAF92B-4BD1-40A8-9CAC-90DB38E1AE1B}\RP245\A0029968.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lvupdtio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\388.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\389.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\38F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\ewynjr\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\WINDOWS\svcs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    (end)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-13 22:20:12
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
    Running: 3zw7buqx.exe; Driver: C:\DOCUME~1\Essam\LOCALS~1\Temp\pwldapow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 852AE0AE
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 852ADF76
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 852AE0AE
    Device \Driver\atapi \Device\Ide\IdePort0 852ADF76
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 852AE0AE
    Device \Driver\atapi \Device\Ide\IdePort1 852ADF76
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 852AE0AE
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 852ADF76

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- Processes - GMER 1.0.15 ----

    Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 336
    Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 3404
    Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 3496
    Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 3628

    ---- EOF - GMER 1.0.15 ----
     
  2. SamNoMore

    SamNoMore TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Administrator at 21:05:54 on 2012-03-13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.750 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    "C:\WINDOWS\system32\svchost.exe"
    "C:\WINDOWS\system32\svchost.exe"
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\Explorer.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AgentUiRunKey] "c:\program files\iron mountain\connected backuppc\Agent.exe" -ni -sss -e http://localhost:16386/
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex
    dExplorerRun: [JavaSoft] c:\windows\system32\config\systemprofile\application data\A40C14.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5BD2CDE5-169A-442D-9F45-8989D19A7133} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\u17i13kw.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    S2 AgentService;AgentService;c:\program files\iron mountain\connected backuppc\AgentService.exe [2011-9-21 7632288]
    S2 inpout32;inpout32;c:\windows\system32\drivers\inpout32.sys [2011-12-12 11936]
    S2 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [2011-9-21 45384]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-21 652360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-21 20464]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-13 40776]
    S3 PTLIBUSB0;PRUFTECHNIK-USB-WIN-KERNEL DRIVER 02/25/2008, 1.12.0.1;c:\windows\system32\drivers\PTLIBUSB0.SYS [2011-12-12 22144]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-8-21 11520]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
    .
    =============== File Associations ===============
    .
    .txt=SigilTXT
    .
    =============== Created Last 30 ================
    .
    2012-03-14 00:49:21 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
    2012-03-14 00:38:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-03-13 20:59:00 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
    2012-03-13 04:14:03 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-13 04:13:20 847872 ----a-w- c:\documents and settings\all users\application data\5D40.tmp
    2012-03-13 04:13:20 847872 ----a-w- c:\documents and settings\all users\application data\23C1.tmp
    2012-02-20 16:08:25 -------- d-----w- c:\windows\XSxS
    2012-02-20 16:08:25 -------- d-----w- c:\program files\Xenocode
    2012-02-15 23:18:15 -------- d-----w- c:\program files\Jtag Tool
    2012-02-15 02:42:25 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-15 02:42:25 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-13 21:47:09 -------- d-----w- c:\program files\CommViewWiFi
    .
    ==================== Find3M ====================
    .
    2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
    2012-01-09 21:19:18 203976 ----a-w- c:\windows\system32\Richtx32.ocx
    2012-01-07 17:47:09 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX
    2012-01-03 07:28:06 2570286 ----a-w- c:\windows\system32\abgx360.exe
    2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
    2009-02-09 12:10:48 31744 --sh--w- c:\windows\system32\config\systemprofile\application data\A40C14.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    called modules: ntoskrnl.exe >>UNKNOWN [0x86DD8A2E]<<
    _asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; PUSH ESI; MOV ESI, [EBP+0x8]; CMP ESI, [0x86ddb180]; JZ 0x25; PUSH EBX; PUSH ESI; CALL [0x86ddb178]; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86F73AB8]
    \Driver\Disk[0x86F749A8] -> IRP_MJ_READ -> 0x86DD8A2E
    kernel: MBR read successfully
    _asm { XOR EAX, EAX; MOV DS, AX; NOP ; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, 0x7c00; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; REP MOVSD ; NOP ; JMP FAR 0x0:0x624; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x86DD90AE
    \Driver\atapi -> 0x86dd8f76
    IoDeviceObjectType -> ParseProcedure -> 0x86dd820c
    \Device\Harddisk0\DR0 -> ParseProcedure -> 0x86dd820c
    user != kernel MBR !!!
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 21:06:10.07 ===============





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/21/2011 11:59:14 AM
    System Uptime: 3/13/2012 8:46:43 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0YD632
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1997/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 18.094 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01CF1028&REV_01\4&2FE911E8&0&0AF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01CF1028&REV_01\4&2FE911E8&0&0AF0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01CF1028&REV_0A\4&2FE911E8&0&0BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01CF1028&REV_0A\4&2FE911E8&0&0BF0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01CF1028&REV_05\4&2FE911E8&0&0CF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01CF1028&REV_05\4&2FE911E8&0&0CF0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01CF1028&REV_01\3&61AAA01&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01CF1028&REV_01\3&61AAA01&0&FB
    Service:
    .
    ==== System Restore Points ===================
    .
    RP185: 1/12/2012 1:50:19 AM - System Checkpoint
    RP186: 1/13/2012 2:48:27 AM - System Checkpoint
    RP187: 1/14/2012 3:48:27 AM - System Checkpoint
    RP188: 1/15/2012 4:51:47 AM - System Checkpoint
    RP189: 1/16/2012 5:13:05 AM - System Checkpoint
    RP190: 1/17/2012 6:13:00 AM - System Checkpoint
    RP191: 1/18/2012 7:13:08 AM - System Checkpoint
    RP192: 1/19/2012 8:13:08 AM - System Checkpoint
    RP193: 1/20/2012 9:13:16 AM - System Checkpoint
    RP194: 1/21/2012 10:13:09 AM - System Checkpoint
    RP195: 1/22/2012 11:13:08 AM - System Checkpoint
    RP196: 1/23/2012 12:38:38 AM - Software Distribution Service 3.0
    RP197: 1/24/2012 12:49:47 AM - System Checkpoint
    RP198: 1/25/2012 12:55:28 AM - System Checkpoint
    RP199: 1/26/2012 1:54:33 AM - System Checkpoint
    RP200: 1/27/2012 2:54:32 AM - System Checkpoint
    RP201: 1/28/2012 3:54:38 AM - System Checkpoint
    RP202: 1/29/2012 4:54:36 AM - System Checkpoint
    RP203: 1/30/2012 5:54:32 AM - System Checkpoint
    RP204: 1/31/2012 6:09:01 AM - System Checkpoint
    RP205: 2/1/2012 6:54:37 AM - System Checkpoint
    RP206: 2/2/2012 7:54:47 AM - System Checkpoint
    RP207: 2/3/2012 9:07:11 AM - System Checkpoint
    RP208: 2/4/2012 9:54:41 AM - System Checkpoint
    RP209: 2/5/2012 10:55:46 AM - System Checkpoint
    RP210: 2/6/2012 11:53:38 AM - System Checkpoint
    RP211: 2/7/2012 3:28:41 PM - System Checkpoint
    RP212: 2/8/2012 5:43:33 PM - System Checkpoint
    RP213: 2/9/2012 5:49:40 PM - System Checkpoint
    RP214: 2/10/2012 5:54:33 PM - System Checkpoint
    RP215: 2/11/2012 6:55:47 PM - System Checkpoint
    RP216: 2/12/2012 8:08:08 PM - System Checkpoint
    RP217: 2/13/2012 8:57:26 PM - System Checkpoint
    RP218: 2/14/2012 10:24:26 PM - System Checkpoint
    RP219: 2/15/2012 11:06:16 PM - System Checkpoint
    RP220: 2/16/2012 11:48:25 PM - System Checkpoint
    RP221: 2/17/2012 11:52:34 PM - System Checkpoint
    RP222: 2/19/2012 12:04:37 AM - System Checkpoint
    RP223: 2/20/2012 12:43:38 AM - System Checkpoint
    RP224: 2/21/2012 12:46:58 AM - System Checkpoint
    RP225: 2/22/2012 1:00:23 AM - System Checkpoint
    RP226: 2/23/2012 2:00:20 AM - System Checkpoint
    RP227: 2/24/2012 3:01:02 AM - System Checkpoint
    RP228: 2/25/2012 4:00:29 AM - System Checkpoint
    RP229: 2/26/2012 5:00:39 AM - System Checkpoint
    RP230: 2/27/2012 5:47:09 AM - System Checkpoint
    RP231: 2/28/2012 6:47:15 AM - System Checkpoint
    RP232: 2/29/2012 7:48:31 AM - System Checkpoint
    RP233: 3/1/2012 8:47:23 AM - System Checkpoint
    RP234: 3/2/2012 9:01:48 AM - System Checkpoint
    RP235: 3/3/2012 9:47:36 AM - System Checkpoint
    RP236: 3/4/2012 10:47:37 AM - System Checkpoint
    RP237: 3/5/2012 12:08:17 PM - System Checkpoint
    RP238: 3/6/2012 12:49:35 PM - System Checkpoint
    RP239: 3/7/2012 2:44:40 PM - System Checkpoint
    RP240: 3/8/2012 3:06:05 PM - System Checkpoint
    RP241: 3/9/2012 3:56:53 PM - System Checkpoint
    RP242: 3/10/2012 4:47:42 PM - System Checkpoint
    RP243: 3/10/2012 8:40:47 PM - Software Distribution Service 3.0
    RP244: 3/11/2012 10:03:50 PM - System Checkpoint
    RP245: 3/12/2012 10:15:31 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    7-Zip 9.20
    abgx360 v1.0.6
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BayGenie eBay Auction Sniper Pro Edition 3.3.5.8
    bitRipper
    Bonjour
    Broadcom Gigabit Integrated Controller
    Broadcom TPM Driver Installer
    calibre
    CloneCD
    CommView for WiFi
    Conexant HDA D110 MDC V.92 Modem
    Connected Backup/PC Agent
    ConvertXtoDVD 4.1.19.365
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    GDR 1617 for SQL Server 2008 R2 (KB2494088)
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    ImgBurn
    Intel PROSet Wireless
    Intel(R) PROSet/Wireless WiFi Software
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    JDownloader 0.9
    Juniper Networks Network Connect 6.5.0
    Juniper Networks Setup Client Activex Control
    K-Lite Mega Codec Pack 7.0.0
    KProbe 2.5.2
    LeapFrog Connect
    LeapFrog My Pals Plugin
    Lexmark Software Uninstall
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Compact Framework 1.0 SP3 Developer
    Microsoft .NET Compact Framework 2.0
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Device Emulator version 1.0 - ENU
    Microsoft DirectX 9.0 SDK Update (October 2005)
    Microsoft Document Explorer 2005
    Microsoft Office 2003 Web Components
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Speech SDK 5.1
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Backward compatibility
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
    Microsoft SQL Server 2005 Tools
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual SourceSafe 6.0
    Microsoft Visual Studio 2005 Professional Edition - ENU
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSXML 6.0 Parser
    NVIDIA Drivers
    Oz776 SCR Driver V1.1.4.2
    Python 2.7 pycrypto-2.3
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2553010)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SES Driver
    Sigil 0.4.2
    SigmaTel Audio
    Snagit 10.0.1
    SQL Server 2008 R2 Client Tools
    SQL Server 2008 R2 Common Files
    SQL Server 2008 R2 Management Studio
    StAPH ver 1.25 - "Rise Of The Themes"
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
    visionapp Remote Desktop 2010 R2
    VNC Free Edition 4.1.3
    WebFldrs XP
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows PowerShell(TM) 1.0 MUI pack
    Windows XP Service Pack 3
    WinRAR 4.01 (32-bit)
    WinSCP 4.3.4
    XMPEG 5.0
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2012 9:21:54 AM, error: Dhcp [1002] - The IP address lease 172.30.102.25 for the Network Card with network address 00FF983CCA86 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
    3/7/2012 9:28:57 AM, error: Dhcp [1002] - The IP address lease 172.30.102.6 for the Network Card with network address 00FF983CCA86 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
    3/13/2012 9:53:45 AM, error: Service Control Manager [7023] - The Db2governor service terminated with the following error: The specified procedure could not be found.
    3/13/2012 9:38:40 AM, error: Service Control Manager [7023] - The Stac97 service terminated with the following error: The specified procedure could not be found.
    3/13/2012 9:37:46 AM, error: Service Control Manager [7023] - The StkScan service terminated with the following error: The specified procedure could not be found.
    3/13/2012 9:32:58 AM, error: Service Control Manager [7023] - The Winsock service terminated with the following error: The specified module could not be found.
    3/13/2012 9:32:58 AM, error: Service Control Manager [7023] - The Upperdev service terminated with the following error: The specified module could not be found.
    3/13/2012 9:32:58 AM, error: Service Control Manager [7023] - The ScFBPNT3 service terminated with the following error: The specified module could not be found.
    3/13/2012 9:32:58 AM, error: Service Control Manager [7023] - The Nmsaccess service terminated with the following error: The specified module could not be found.
    3/13/2012 9:32:58 AM, error: Service Control Manager [7023] - The Meraksmtp service terminated with the following error: The specified module could not be found.
    3/13/2012 9:22:50 AM, error: Service Control Manager [7023] - The MicroSoft Team Provider service terminated with the following error: The specified procedure could not be found.
    3/13/2012 9:22:50 AM, error: Service Control Manager [7023] - The Meraksmtp service terminated with the following error: The specified procedure could not be found.
    3/13/2012 8:53:26 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    3/13/2012 8:51:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/13/2012 8:27:11 PM, error: Service Control Manager [7023] - The Npptnt2 service terminated with the following error: The specified module could not be found.
    3/13/2012 4:58:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    3/13/2012 4:58:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2012 4:58:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/13/2012 4:25:55 PM, error: Service Control Manager [7023] - The Rpaservice service terminated with the following error: The specified module could not be found.
    3/13/2012 3:47:55 AM, error: VolSnap [20] - The shadow copy of volume G: was aborted because of a failed free space computation.
    3/13/2012 2:31:47 AM, error: PlugPlayManager [11] - The device Root\LEGACY_.NETBT\0000 disappeared from the system without first being prepared for removal.
    3/13/2012 12:19:13 AM, error: Service Control Manager [7023] - The Nmsaccess service terminated with the following error: The specified procedure could not be found.
    3/13/2012 12:18:15 AM, error: Service Control Manager [7023] - The Winsock service terminated with the following error: The specified procedure could not be found.
    3/13/2012 12:15:14 AM, error: Service Control Manager [7023] - The Upperdev service terminated with the following error: The specified procedure could not be found.
    3/13/2012 12:14:18 AM, error: Service Control Manager [7023] - The ScFBPNT3 service terminated with the following error: The specified procedure could not be found.
    3/13/2012 11:47:57 AM, error: Service Control Manager [7023] - The Tng-dtmg service terminated with the following error: The specified module could not be found.
    3/13/2012 11:47:57 AM, error: Service Control Manager [7023] - The StkScan service terminated with the following error: The specified module could not be found.
    3/13/2012 11:47:57 AM, error: Service Control Manager [7023] - The Stac97 service terminated with the following error: The specified module could not be found.
    3/13/2012 11:47:57 AM, error: Service Control Manager [7023] - The Db2governor service terminated with the following error: The specified module could not be found.
    3/13/2012 11:47:57 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    3/13/2012 11:42:09 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    3/13/2012 10:08:48 AM, error: Service Control Manager [7023] - The Tng-dtmg service terminated with the following error: The specified procedure could not be found.
    3/12/2012 9:38:22 AM, error: Service Control Manager [7023] - The DNS Client service terminated with the following error: No protocol sequences have been registered.
    3/12/2012 9:38:20 AM, error: dnscache [11004] - Unable to start DNS Client service. Could not start the Remote Procedure Call (RPC) interface for this service. To correct the problem, you may restart the RPC and DNS Client services. To do so, use the following commands at a command prompt: (1) type "net start rpc" to start the RPC service, and (2) type "net start dnscache" to start the DNS Client service. For specific error code information, see the record data displayed below.
    3/12/2012 9:38:05 AM, error: Dhcp [1002] - The IP address lease 172.30.102.16 for the Network Card with network address 00FF8804D986 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
    3/11/2012 10:32:51 AM, error: Dhcp [1002] - The IP address lease 172.30.102.25 for the Network Card with network address 00FF8804D986 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
    3/10/2012 6:54:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Volume Shadow Copy service to connect.
    3/10/2012 6:54:21 PM, error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/10/2012 6:54:19 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    3/10/2012 10:19:34 PM, error: LV_Tracker [68] -
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...