1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

SD Bot Infection?? Error report added to last post

Discussion in 'General Security' started by Shannon SS, Apr 13, 2008.

Thread Status:
Not open for further replies.
  1. Shannon SS

    Shannon SS Thread Starter

    Joined:
    Aug 24, 2007
    Messages:
    2
    SYSTEM INFO
    WINDOWS XP
    VERSION 2002SERVICE PACK 2
    CELERONĀ® CPU 2.53GHz
    504 MB OF RAM
    To make a long story short, after many problems I executed many explorations over days to find the root of the problems, and then I finally ran my virus scan in Safe Mode. It then detected what it labeled as "Backdoor. SdBot. gen" and quarantined it. I've been trying to get rid of it for more days. My Windows malware extraction program cannot detect it, neither can any of my other "defense" programs. I am
    not a "tech gal", but I can read and follow instructions and am not afraid to go into the unknown dark underworld of my PC.........but I need a guide with a light and map to follow. I found directions to manually extract it on Microsoft web site, but it must be a variant because I found none of their mentioned file names in my registry subkeys.
    Please help.....Shannon SS
    PS. Whatever this is interrupts all the security downloads I've been attempting to do.
    I finally succeeded with Hijack This.....log follows:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:14:29 PM, on 4/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
    C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\ADS\ADSService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
    C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
    O2 - BHO: BizFormBarBHO Class - {43A7096B-0623-4BC1-98AD-2BF037902E07} - C:\Program Files\BizForm Bar\Toolbar\vsns.dll
    O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPub.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
    O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
    O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
    O3 - Toolbar: BizForm Bar - {C46CED39-05C9-40C3-88D1-E07AB8128E02} - C:\Program Files\BizForm Bar\Toolbar\BizFormBar.dll
    O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" /tray
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {54D53429-945C-4188-B460-C81356541882} - http://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://check.earthlinksecurity.com/SSMEarthLink.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B9A08F6A-695D-449F-89E9-3DF2B1058B7D}: NameServer = 207.69.188.185 207.69.188.186
    O23 - Service: ADSService - EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe
    O23 - Service: AuthFw - Authentium - C:\Program Files\Authentium\Firewall SDK\AuthFw.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
    O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe
    O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtectionService - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 10843 bytes

    I'll continue the frustrating process of trying to download other suggestions I find on your site with desperate hopes I'll hear from you soon because Shutting down Windows and opening it again is a longer process each time and I fear soon I'll be unable to open it at all.
    Thanks,
    Shannon SS
     
  2. Shannon SS

    Shannon SS Thread Starter

    Joined:
    Aug 24, 2007
    Messages:
    2
    Please read my 1st post on my Backdoor. SdBot. gen infection. I'M ADDING ERROR REPORT...I FIRST NOTICED INFECTION ON APRIL 08, 2008..I HOPE IT HELPS BECAUSE IT'S ALL GREEK TO ME.
    Advanced System Information - Error Log
    Refresh screen
    Error Log
    Date - Time Source Description
    Wednesday, March 26, 2008 Service Control Manager Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    Tuesday, April 01, 2008 Service Control Manager Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    Saturday, April 05, 2008 Service Control Manager Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
    Saturday, April 05, 2008 Windows Update Agent Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.0 Service Pack 1 (KB929300).
    Tuesday, April 08, 2008 Service Control Manager Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    Wednesday, April 09, 2008 DCOM The server {4991D34B-80A1-4291-83B6-33283 66B9097} did not register with DCOM within the required timeout.
    Wednesday, April 09, 2008 Service Control Manager The Automatic Updates service hung on starting.
    Wednesday, April 09, 2008 Service Control Manager The Fast User Switching Compatibility service failed to start due to the following error: The pipe state is invalid.
    Wednesday, April 09, 2008 Service Control Manager The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Wednesday, April 09, 2008 Service Control Manager The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
    REPEATED LOTS OF TIMES
    Wednesday, April 09, 2008 Service Control Manager The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
    Wednesday, April 09, 2008 Service Control Manager The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Telephony service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Wednesday, April 09, 2008 Service Control Manager The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Windows Time service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Wednesday, April 09, 2008 Service Control Manager The Security Center service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Wednesday, April 09, 2008 Service Control Manager The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    Wednesday, April 09, 2008 Service Control Manager The Network Connections service terminated unexpectedly. It has done this 2 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
    Wednesday, April 09, 2008 Service Control Manager The System Event Notification service terminated unexpectedly. It has done this 2 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Wednesday, April 09, 2008 Service Control Manager The Help and Support service terminated unexpectedly. It has done this 3 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Network Connections service terminated unexpectedly. It has done this 3 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 2 time(s).
    Wednesday, April 09, 2008 Service Control Manager The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Wednesday, April 09, 2008 Service Control Manager The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    Wednesday, April 09, 2008 DCOM The server {4991D34B-80A1-4291-83B6-33283 66B9097} did not register with DCOM within the required timeout.
    Wednesday, April 09, 2008 Service Control Manager The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    Wednesday, April 09, 2008 DCOM The server {D3938AB0-5B9D-11D1-8DD2-00AA0 04ABD5E} did not register with DCOM within the required timeout.
    Wednesday, April 09, 2008 DCOM DCOM got error "%109" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8 DD2-00AA004ABD5E}
    Wednesday, April 09, 2008 DCOM DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B 726-00C04FB926AF}
    REPEATED LOTS OF TIMES
    Wednesday, April 09, 2008 Service Control Manager The System Restore Service service failed to start due to the following error: The pipe has been ended.
    Wednesday, April 09, 2008 Service Control Manager The Telephony service failed to start due to the following error: The pipe state is invalid.
    Wednesday, April 09, 2008 Service Control Manager The Fax service depends on the Telephony service which failed to start because of the following error: The pipe state is invalid.
    Wednesday, April 09, 2008 Service Control Manager The Windows Firewall/Internet
    Wednesday, April 09, 2008 Service Control Manager The Windows Image Acquisition (WIA) service hung on starting.
    Wednesday, April 09, 2008 Service Control Manager The Windows Audio service terminated unexpectedly. It has done this 1 time(s).

    Wednesday, April 09, 2008 Service Control Manager The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    Wednesday, April 09, 2008 Rasman Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.
    Wednesday, April 09, 2008 Service Control Manager The Remote Access Connection Manager service terminated with the following error: Access is denied.
    Wednesday, April 09, 2008 DCOM The server {4991D34B-80A1-4291-83B6-33283 66B9097} did not register with DCOM within the required timeout.
    Wednesday, April 09, 2008 Service Control Manager The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    Wednesday, April 09, 2008 Service Control Manager The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    Wednesday, April 09, 2008 Service Control Manager The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    Wednesday, April 09, 2008 DCOM DCOM got error "%109" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8 DD2-00AA004ABD5E}

    Wednesday, April 09, 2008 DCOM The server {D3938AB0-5B9D-11D1-8DD2-00AA0 04ABD5E} did not register with DCOM within the required timeout.

    Wednesday, April 09, 2008 Service Control Manager The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    REPEATED LOTS OF TIMES
    Wednesday, April 09, 2008 Service Control Manager The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
    Wednesday, April 09, 2008 DCOM DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-B F92-0060081ED811}
    Wednesday, April 09, 2008 Rasman Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.
    REPEATED LOTS OF TIMES
    Wednesday, April 09, 2008 DCOM The server {D3938AB0-5B9D-11D1-8DD2-00AA0 04ABD5E} did not register with DCOM within the required timeout.
    REPEATED LOTS OF TIMES
    Wednesday, April 09, 2008 DCOM The server {D3938AB0-5B9D-11D1-8DD2-00AA0 04ABD5EWednesday, April 09, 2008 DCOM DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B 726-00C04FB926AF}
    Wednesday, April 09, 2008 Service Control Manager The following boot-start or system-start driver(s) failed to load: Fips intelppm
    Wednesday, April 09, 2008 DCOM DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-B F92-0060081ED811}
    Wednesday, April 09, 2008 Windows Update Agent Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.0 Service Pack 1 (KB929300).
    REPEATED LOTS OF TIMES
    Thursday, April 10, 2008 Service Control Manager The following boot-start or system-start driver(s) failed to load: Fips intelppm
    Friday, April 11, 2008 Windows Update Agent Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.0 Service Pack 1 (KB929300).
    REPEATED LOTS OF TIMES

    Friday, April 11, 2008 Service Control Manager The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    REPEATED LOTS OF TIMES

    Friday, April 11, 2008 Service Control Manager The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
    Friday, April 11, 2008 Service Control Manager The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    REPEATED LOTS OF TIMES
    Friday, April 11, 2008 Service Control Manager The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
    Sunday, April 13, 2008 Service Control Manager The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    Sunday, April 13, 2008 Service Control Manager The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    Sunday, April 13, 2008 Service Control Manager The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    Sunday, April 13, 2008 Service Control Manager The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    Sunday, April 13, 2008 Service Control Manager The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
    Sunday, April 13, 2008 Service Control Manager The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    Sunday, April 13, 2008 Service Control Manager The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    Sunday, April 13, 2008 Service Control Manager The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
    Sunday, April 13, 2008 DCOM DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B 726-00C04FB926AF}
    Wednesday, April 09, 2008 Applicatio n Error Fault bucket 231251008.
    Wednesday, April 09, 2008 Applicatio n Error Faulting application wordpad.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0xff45ae5b.
    Thursday, April 10, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Thursday, April 10, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Thursday, April 10, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCS' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup6A4B.txt.
    Thursday, April 10, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WF x86' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup6A4B.txt.
    REPEATED LOTS OF TIMES
    Friday, April 11, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCS' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup33C4.txt.
    REPEATED LOTS OF TIMES
    Friday, April 11, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.

    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCS' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup1152.txt.

    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCF' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup1152.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 3' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup1152.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 2 x86 ' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup1152.txt.
    Friday, April 11, 2008 Applicatio n Error Faulting application iexplore.exe, version 7.0.6000.16640, faulting module protctie.dll, version 4.0.85.0, fault address 0x000073d7.
    Friday, April 11, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Friday, April 11, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCS' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup03F8.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WF' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup03F8.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WF x86' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup03F8.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 1' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup03F8.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 2' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup03F8.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 3 x86' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup03F8.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework XPS' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup03F8.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCF' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup03F8.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 3' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup03F8.txt.
    Friday, April 11, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 2 x86 ' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup03F8.txt.
    Saturday, April 12, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Saturday, April 12, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCS' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup177D.txt.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WF' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup177D.txt.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WF x86' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup177D.txt.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 1' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup177D.txt.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 2' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup177D.txt.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 3 x86' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup177D.txt.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework XPS' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup177D.txt.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCF' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup177D.txt.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 3' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup177D.txt.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET Framework WPF 2 x86 ' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup177D.txt.
    Saturday, April 12, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.

    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCS' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup3086.txt.
    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WF' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup3086.txt.

    Saturday, April 12, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.

    Saturday, April 12, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCF' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup4CFB.txt.
    Saturday, April 12, 2008 MPSampleSu bmission EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 download, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
    Sunday, April 13, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Sunday, April 13, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Sunday, April 13, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCS' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup30F6.txt.
    Sunday, April 13, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WF' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup30F6.txt.
    Sunday, April 13, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Sunday, April 13, 2008 .NET Runtime 2.0 Error Reporting EventType clr20r3, P1 servicemodelreg.exe, P2 3.0.4506.648, P3 470e4746, P4 servicemodelreg, P5 3.0.0.0, P6 470e4746, P7 2b, P8 1e, P9 system.badimageformatexception , P10 NIL.
    Sunday, April 13, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WCS' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup134D.txt.
    Sunday, April 13, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WF' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup134D.txt.
    Sunday, April 13, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET Framework WF x86' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framewo rk30_Setup134D.txt.
    Sunday, April 13, 2008 MsiInstall er Product: Microsoft .NET Framework 3.0 Service Pack 1
    Thanks
    Shannon SS
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Infection Error report
  1. fromaway77
    Replies:
    2
    Views:
    2,382
  2. connie189
    Replies:
    3
    Views:
    12,555
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/703771

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice