Microsoft error reports/blue screen - Page 4

Goldfinger · 09-May-2008, 01:10 AM **#46**

Before you made the post to install the Hive cleanup utility, I did a lot of reading and looked closely at the last hijackthis report I made. I noticed this: C:\Documents and Settings\Cliff.TIGER.000\Desktop\HiJackThis .exe. The correct settings should point to just Cliff I decided to be brave and went into the registry to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Profilelist. Thats where all user profiles are suppose to be located. After backing up the registry, I modified it to read just Cliff. After rebooting, my settings, emails, updates, etc all came back to how I had them before my memory card died. That made me happy.

Than I deleted one user folder in My Computer\Documents and Settings that I knew didnt belong. It was unfortunately replaced by "Default User". And I still have 3 users including the Cliff Tiger 000. I dont think any of them belong, but dont want to screw anything up so not sure I want to delete them too.

I'm glad you pointed me to the Hive Cleanup since my event viewer was showing several warning messages with the same error number that Hive was made to fix. So far since installing, no more of those warning messages. Thank you. Will keep you posted.

My system is near 100% back to normal so we've made great progress. Am getting an Event Viewer error code 10010 saying: The server did not register with DCOM within the required timeout.

Please look at this latest hijackthis log and see if you want me to do anything more. BTW, I reinstalled AVG.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:19 AM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfoxtampabay.com/myfox/p...CE7?pageId=9.1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_a...Downloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://142.179.159.11:7080/chat/data...ie/msichat.ocx
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7744 bytes

**Cookiegal** · 09-May-2008, 09:10 AM **#47**

Good job.

You definitely need the Default User folder so don't delete that. It looks like Windows creates new accounts with .000, possibly to protect profiles during failures. I would leave them all alone as I don't anticipate them causing any problems.The DCOM error you describe is common and should not be a problem.

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

Here are some final instructions for you.

The following program will remove the tools we've used and their associated files and backups and then it will delete itself.

Please download OTMoveIt2 by OldTimer.

Save it to your desktop.
Make sure you have an Internet Connection.
Double-click OTMoveIt.exe to run it. (Vista users, please right-click on OTMoveIt2.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the cleanup of malware will be downloaded.
If your firewall or real-time protection attempts to block OTMoveIt2 to reach the Internet, please allow the application to do so.
Click Yes to begin the cleanup process and remove these components, including this application which will delete itself.
You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.

In the System Restore wizard, select Create a restore point and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading SPYWAREBLASTER for added protection.

Read here for info on how to tighten your security.

Delete Temporary Files:

Go to Start - Run and type in cleanmgr and click OK.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

You should trim down your start-ups (these show as the 04 entries in your HijackThis log) as there are too many running. You can research them at these sites and if they aren’t required at start-up then you can uncheck them in msconfig via Start - Run - type msconfig click OK and then click on the start-up tab.

http://castlecops.com/StartupList.html
http://www.bleepingcomputer.com/startups/
http://www.windowsstartup.com/wso/index.php

Goldfinger · 09-May-2008, 11:08 PM **#48**

I did all the things you asked in last post including getting rid of about half of my start-up list. Thanks for including those websies. Made another System Restore point. Am using Spywareblaster, etc.

The DCOM error has to do with Windows Media Player + PNP and SSDP. I get the error using Windows Media Player and the fix has something to do with PNP and/or SSDP. I will research it on my own so you can help others. As you said, it doesnt seem to hurt anything.

Some questions:

1. Microsoft security just released SP3. I know past service packs have had problems when they 1st came out. Do you recommend me getting this now?
2. I dont like the new AVG 8.0. Is there another similar program you'd recommend?
3. Should I install Zonealarm or keep using the XP firewall?

Thank you once again for all your help Cookiegal!

**Cookiegal** · 10-May-2008, 12:28 PM **#49**

Can you please post the exact DCOM error from the Event Viewer.

I would hold off installing SP3 for a while. Since it was pushed through updates, many people are having problems.

Goldfinger · 11-May-2008, 01:43 AM **#50**

Here it is:

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 5/9/2008
Time: 3:11:14 AM
User: TIGER\Cliff
Computer: TIGER
Description:
The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

---------------------------

Hmmm, now that I see it this way, I wonder if its because its trying to use two user names? Maybe unistall/reinstall Windows Media Player?

I know for a fact that it has to do with WMP because I can get the error any time I want by trying to open a video file through WMP. An offspring of the error message is for some reason sometimes the player wont play the video when double clicking. The FULL file name changes to a part name between double left clicks. This doesnt happen all the time. An example is if file was named: "ZZZZZZ YYYYY EEEEE", after the 1st click and before the 2nd click, the file name would shorten to "ZZZZZZ YYYYY" and not open. IF the FULL file named remained, than it would open. Using one right click than play command plays the file. The error is logged in viewer even if the file opens so its not because of the file not opening, but because WMP is involved somehow.

I noticed no response about my Zonealarm and AVG question

**Cookiegal** · 11-May-2008, 01:36 PM **#51**

Sorry. Instead of AVG you can use Avast which is also free.

Yes, I would use ZoneAlarm rather than just the Windows XP firewall.

I would try uninstalling and reinstalling Windows Media Player.

Goldfinger · 14-May-2008, 02:56 AM **#52**

Uninstalling/reinstalling windows media player 11 didnt help.....I did some more research online and it still comes down to windows media player, Universal plug n play, and SSDP service.

When I take the event log error message number: 204810B9-73B2-11D4-BF42-00B0D0118B56. and look for it in the registry I find it in: HKEY_CLASSES_ROOT\CLSID\{204810b9-73b2-11d4-bf42-00b0d0118b56}
The default is: UPnPRegistrar
The application ID is: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}

Here are the two events that ALWAYS occur right before the system error in the event viewer:

1st:

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 5/14/2008
Time: 2:41:50 AM
User: NT AUTHORITY\SYSTEM
Computer: TIGER
Description:
The Universal Plug and Play Device Host service was successfully sent a start control.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

2nd:

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 5/14/2008
Time: 2:41:50 AM
User: N/A
Computer: TIGER
Description:
The Universal Plug and Play Device Host service entered the stopped state.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Than the error:

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 5/14/2008
Time: 2:42:20 AM
User: TIGER\Cliff
Computer: TIGER
Description:
The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------------------------------------------------------------------

It seems like something needs to be registered within 30 seconds by dont know what. WMP never asks that I register it when installing. I dont know if the "users" in all the events being different has anything to do with it.

Does that help any?

**Cookiegal** · 14-May-2008, 07:28 PM **#53**

Go to Start - Run - type in the following and click OK.

services.msc

Scroll down to the SSDP Discovery Service, double-click to open it and let me know if this service status is "started".

Goldfinger · 14-May-2008, 08:42 PM **#54**

Yes SSDP is started. Its set at "automatic". So is Plug n Play for that matter. If I disable SSDP, than WMP actually works the way it used to where I dont have to wait about 30 seconds between starting videos. I can close and than immediately play another. However doing so than give me these Event Viewer errors. Now its possible that before my recent problems, SSDP was disabled and I never knew it because until I met you, I didnt know there was an Event Viewer

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 5/14/2008
Time: 8:30:55 PM
User: TIGER\Cliff
Computer: TIGER
Description:
DCOM got error "The dependency service or group failed to start. " attempting to start the service upnphost with arguments "" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-----------------------------------------------------------------------
Followed by:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 5/14/2008
Time: 8:30:55 PM
User: N/A
Computer: TIGER
Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

**Cookiegal** · 15-May-2008, 08:18 PM **#55**

Since this is not really my area, I suggest you start a new thread in the XP forum for help with those errors.

Goldfinger · 18-May-2008, 01:41 PM **#56**

Ok thanks for all your help.

**Cookiegal** · 18-May-2008, 02:00 PM **#57**

You're welcome and good luck.

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)