I took the hard drive out of his machine, attached it to mine via USB, and scanned it. MS Security Essentials found and removed two Java exploits (exploit:Java/CVE-2010-0094.CR and the same number ending with .BI). Malwarebytes and Super AntiSpyware portable found nothing.
When I put the drive back, the virus is still there. After some research and scanning, I find he has a version of Vundo, find a removal tool, and remove it.
Today I spent some time trying to get the machine to boot, but I think I have all the malware gone. In addition to the DDS logs I have a combofix log, if you need it.
Here's DDS.txt:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by TonyH at 14:28:06.21 on Tue 03/15/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.617 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\TonyH\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2077543
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog1.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
TB: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog1.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TrayServer] c:\program files\magix\movie_edit_pro_14_plus_download_version\TrayServer.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\tonyh\applic~1\mozilla\firefox\profiles\xa87zfec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://skateboarding.transworld.net/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\docume~1\tonyh\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\docume~1\tonyh\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2008-9-6 1527900]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-12-30 223128]
.
=============== Created Last 30 ================
.
2011-03-15 19:22:52 98816 ----a-w- c:\windows\sed.exe
2011-03-15 19:22:52 89088 ----a-w- c:\windows\MBR.exe
2011-03-15 19:22:52 256512 ----a-w- c:\windows\PEV.exe
2011-03-15 19:22:52 161792 ----a-w- c:\windows\SWREG.exe
2011-03-15 19:19:19 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-03-15 19:19:16 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-03-15 19:19:12 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-03-15 19:19:08 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-03-15 19:19:05 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-03-15 19:19:00 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-03-15 19:17:57 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2011-03-15 19:16:58 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-03-15 19:15:57 82432 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-03-15 19:14:57 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-03-15 19:13:57 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-03-15 19:12:59 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-03-15 19:11:59 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2011-03-15 19:10:59 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-03-15 19:09:57 17792 ----a-w- c:\windows\system32\dllcache\ppa.sys
2011-03-15 19:08:58 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2011-03-15 19:07:58 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-03-15 19:06:58 452736 ----a-w- c:\windows\system32\dllcache\mtxparhm.sys
2011-03-15 19:05:59 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2011-03-15 19:04:58 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2011-03-15 19:03:59 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2011-03-15 19:02:59 68608 ----a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2011-03-15 19:01:58 444416 ----a-w- c:\windows\system32\dllcache\fpcibase.sys
2011-03-15 19:00:59 283904 ----a-w- c:\windows\system32\dllcache\emu10k1m.sys
2011-03-15 18:59:59 65622 ----a-w- c:\windows\system32\dllcache\digiasyn.dll
2011-03-15 18:58:59 119296 ----a-w- c:\windows\system32\dllcache\camext30.dll
2011-03-15 18:57:59 30671 ----a-w- c:\windows\system32\dllcache\ati1raxx.sys
2011-03-15 06:36:00 -------- d-----w- C:\VundoFix Backups
2011-03-14 18:00:28 -------- d-----w- c:\docume~1\tonyh\applic~1\SUPERAntiSpyware.com
2011-03-14 18:00:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-06 15:18:35 -------- d-----w- c:\program files\iPod
2011-03-06 15:18:20 -------- d-----w- c:\program files\iTunes
2011-02-21 03:18:19 -------- d-----w- c:\docume~1\tonyh\applic~1\Need for Speed World
2011-02-21 02:47:58 -------- d-----w- c:\docume~1\tonyh\locals~1\applic~1\Electronic_Arts_Inc
2011-02-21 02:44:46 -------- d--h--w- c:\windows\msdownld.tmp
2011-02-21 02:44:43 -------- d-----w- c:\windows\Logs
2011-02-21 02:44:30 -------- d-----w- C:\Need For Speed World
2011-02-21 02:44:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts
.
==================== Find3M ====================
.
2011-03-13 14:32:17 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-23 17:50:46 0 ----a-w- c:\windows\Jloxehafi.bin
.
============= FINISH: 14:28:43.79 ===============
and here's attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2006 4:41:12 PM
System Uptime: 3/15/2011 1:52:49 PM (1 hours ago)
.
Motherboard: LENOVO | | LENOVO
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket A | 2008/mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket A | 2008/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 127.024 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA GeForce 6100
Device ID: PCI\VEN_10DE&DEV_0242&SUBSYS_101717AA&REV_A2\3&13C0B0C5&0&28
Manufacturer: NVIDIA
Name: NVIDIA GeForce 6100
PNP Device ID: PCI\VEN_10DE&DEV_0242&SUBSYS_101717AA&REV_A2\3&13C0B0C5&0&28
Service: nv
.
==== System Restore Points ===================
.
RP1: 3/15/2011 12:53:29 PM - System Checkpoint
RP2: 3/15/2011 12:53:50 PM - 1
.
==== Installed Programs ======================
.
Access Help
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVS DVDMenu Editor 1.2.1.19
AVS Video Editor 3.5
AVS4YOU Software Navigator 1.2
Bonjour
Civilization III
Digital Photo Navigator 1.5
DivX Web Player
EPSON Printer Software
Firebird SQL Server - MAGIX Edition
Ghost Droolik Screen Saver
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB894686)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB898456)
Hotfix for Windows XP (KB910728)
HSF2014 56K Data Fax Modem
InterActual Player
InterVideo WinDVD
InterVideo WinDVD Creator 3
IS-DV
iTunes
Jahshaka
Lenovo Care
Lenovo Care Supplement
Lenovo Care System Update Toolbar Button for IE
MAGIX Movie Edit Pro 14 PLUS Trial 7.5.2.12 (US)
MAGIX Screenshare 4.3.6.1987 (US)
MAGIX Xtreme Photo Designer 6 6.0.24.0 (US)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Student 2006 DVD
Microsoft Student Graphing Calculator
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mouse Suite
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 Parser and SDK
Need For Speed™ World
NVIDIA Drivers
OpenLibraries
PowerDirector
PowerProducer Express
QuickTime
QuickTime 3.0
Rescue and Recovery
Roxio Digital Media LE
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Sansa Media Converter
Screen Recorder Gold
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918439)
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Suite Specific
System Update
TBS WMP Plug-in
The Weather Channel Desktop 6
The Weather Channel Toolbar
ThinkVantage Technologies Welcome Message
ToggleEN Toolbar
Ulead Photo Explorer 8.0 SE Basic
Ulead Photo Express 5 SE
Update for Windows XP (KB912945)
Vegas Movie Studio 9.0
Wallpapers
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB883517
Windows XP Hotfix - KB883523
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884868
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889315
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB896613
XP Themes
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! ¤u¨ã¦C
Zoo Tycoon 2
.
==== Event Viewer Messages From Past Week ========
.
3/8/2011 3:26:01 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
3/15/2011 12:57:18 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
3/15/2011 1:53:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL sptd
3/15/2011 1:19:20 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
3/15/2011 1:08:21 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\drivers\nv4_mini.sys has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
3/15/2011 1:08:20 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\nv4_disp.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
3/15/2011 1:08:20 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\drivers\nv4_mini.sys has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.8415.
3/15/2011 1:08:19 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\nv4_disp.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.8415.
3/14/2011 6:33:29 PM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 4:31:14 PM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 4:31:09 PM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 4:31:04 PM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 4:31:04 PM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 4:31:04 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 4:31:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
3/14/2011 11:48:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/14/2011 11:35:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
3/14/2011 11:35:37 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2011 11:35:37 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2011 11:35:37 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2011 11:35:37 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2011 11:35:37 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2011 11:35:37 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2011 11:34:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/14/2011 1:01:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips Processor SASDIFSV SASKUTIL
.
==== End Of File ===========================