There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
audio avg avg 8 backup bios boot browser bsod computer cpu crash css desktop driver drivers dvd email error excel explorer firefox firefox 3 freeze game graphics hard drive hardware help please hijackthis hjt install internet internet explorer itunes javascript keyboard lan laptop malware missing monitor msn network networking openoffice outlook outlook 2003 outlook express php popups problem router screen seo slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp wireless word
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Microsoft error reports/blue screen


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 1 of 4 1 234 >
 
Thread Tools
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
24-Apr-2008, 07:18 PM #1
Microsoft error reports/blue screen
Hi

If possible, I'd like to work with CookieGal.

I've been getting Microsoft error reports a lot lately. The files in question are from my temp folder even though when I go to look for them they arent there.

I also got a blue screen when booting windows XP saying it stopped to protect damage from my computer than gave this:

0x0000000A (0x0000001c, 0x00000002, 0x00000001, 0x8053F86D)

It dumped my memory.

I thought it might be associated with my AV (AVG) so I just uninstalled it. I wish I could be more help, but its some intermittent problem. I'm concerned its gonna get worse.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:47 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Cliff\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfoxtampabay.com/myfox/p...CE7?pageId=9.1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_a...Downloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://142.179.159.11:7080/chat/data...ie/msichat.ocx
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7007 bytes
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
27-Apr-2008, 07:11 PM #2
Bump!
Cookiegal's Avatar
Administrator with 51,265 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
29-Apr-2008, 04:27 PM #3
Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
29-Apr-2008, 07:01 PM #4
Hi Cookiegal, its good to be working with you again.

Since my original post, my machine has gotten worse. I would constantly get the blue screen saying it was shutting down windows and dumping my memory to protect from damage. I managed to boot up in safe mode. I lost all my saved settings including Internet Explorer, My Documents, outlook express and outlook emails (all email is gone), etc. Its as if I just bought the computer. The good news is my HD shows it has rougly the same used capacity as when my system was working. I can see my files by going through "My Computer" and than several folders. So I think all is still not lost at least.

Now to today. I downloaded Combofix. Followed its procedure including turning off my firewall, open windows, and Spyware blaster. I ran Combo fix and didnt touch anything. It got to "completed stage_8" and stopped. I dont hear any noises from computer indicating the program is still working. The clock is still working and the Windows screensaver has come on so i dont think its crashed. Its been over an half hour stuck there. I dont see anything in the combofix instructions on what to do if this happens. Should i close the program and try again? I'll wait to hear from you before proceeding....BTW, I'm on another computer so I can send you this.
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
29-Apr-2008, 10:11 PM #5
You must've signed off, so I tried closing combofix but it wouldnt allow me so I shut everything off....After rebooting, I was able to run combofix. Heres the log:

ComboFix 08-04-29.3 - Cliff 2008-04-29 22:00:21.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.727 [GMT -4:00]
Running from: C:\Documents and Settings\Cliff.TIGER.000\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-29 00:05 . 2008-04-29 00:05 <DIR> d-------- C:\Documents and Settings\Cliff.TIGER.000\Application Data\Jasc Software Inc
2008-04-28 23:02 . 2004-10-27 19:54 <DIR> d-------- C:\Documents and Settings\All Users
2008-04-28 22:19 . 2004-10-23 18:23 <DIR> d-------- C:\Documents and Settings\Cliff.TIGER.000\Application Data\Sonic
2008-04-28 22:19 . 2008-04-29 00:05 <DIR> d--h----- C:\Documents and Settings\Cliff.TIGER.000\Application Data\Gtek
2008-04-28 22:19 . 2004-10-23 18:15 <DIR> d-------- C:\Documents and Settings\Cliff.TIGER.000\Application Data\Creative
2008-04-28 22:19 . 2008-04-29 00:04 <DIR> d-------- C:\Documents and Settings\Cliff.TIGER.000
2008-04-28 22:19 . 2008-04-29 22:04 110,592 --ah----- C:\Documents and Settings\Cliff.TIGER.000\ntuser.dat.LOG
2008-04-28 22:09 . 2008-04-29 00:04 <DIR> d-------- C:\Documents and Settings\Cliff.TIGER
2008-04-28 22:09 . 2008-04-29 18:28 1,024 --ah----- C:\Documents and Settings\Cliff.TIGER\ntuser.dat.LOG
2008-04-28 00:08 . 2008-04-29 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-20 13:22 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-03-24 01:13 . 2008-03-24 01:13 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-21 00:37 . 2008-03-21 00:37 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-03-04 23:02 . 2008-03-04 23:37 3,420 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-03-04 23:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-03-04 23:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-03-04 23:01 . 2008-03-02 00:12 86,016 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-03-04 23:01 . 2008-03-01 00:48 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-03-04 23:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-03-04 23:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-03-04 23:01 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-03-02 22:38 . 2008-04-28 00:04 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-02 22:38 . 2008-04-29 18:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 04:25 --------- d-----w C:\Program Files\Lavasoft
2008-04-29 02:07 --------- d-----w C:\Program Files\ZipCentral
2008-04-24 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-20 17:31 --------- d-----w C:\Program Files\PanzerElite
2008-04-08 00:17 --------- d-----w C:\Program Files\SpeedFan
2008-03-24 05:13 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-03-24 05:13 --------- d-----w C:\Program Files\Common Files\Real
2008-03-23 04:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 16:41 --------- d-----w C:\Program Files\LimeWire
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-08 04:11 --------- d-----w C:\Program Files\Java
2008-03-07 00:40 --------- d-----w C:\Program Files\ewido anti-malware
2008-03-02 06:11 --------- d-----w C:\Program Files\WxEx Installer
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2005-05-24 17:06 72 ----a-w C:\Program Files\UNWISE.INI
2005-05-24 17:06 17,256 ----a-w C:\Program Files\INSTALL.LOG
1999-06-25 14:55 149,504 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 08:51 306688]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-09 00:51 98304]
"P17Helper"="P17.dll" [2004-06-10 12:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"DXDllRegExe"="dxdllreg.exe" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19 57344]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-24 01:13 185896]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk
backup=C:\WINDOWS\pss\SpyCatcher Protector.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-25 12:52 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 17:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 06:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 11:06 110592 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2005-10-28 14:08 335872 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-10-24 17:10 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\SYSTEM32\\MSHTA.EXE"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"13017:TCP"= 13017:TCP:*isabled:limewire
"13017:UDP"= 13017:UDP:*isabled:limewire
"6346:TCP"= 6346:TCP:*isabled:Limewire
"6346:UDP"= 6346:UDP:*isabled:Limewire

R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 10:36]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2007-12-11 04:39]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 02:02:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{DF7F15DF-DCC2-412F-8AAE-96261228DD67}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 22:04:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-29 22:05:24
ComboFix-quarantined-files.txt 2008-04-30 02:05:22
ComboFix2.txt 2008-03-06 19:43:14

Pre-Run: 84,462,821,376 bytes free
Post-Run: 84,936,925,184 bytes free

178 --- E O F --- 2008-04-23 15:45:31

Heres the latest Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:00 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Cliff.TIGER.000\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_a...Downloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://142.179.159.11:7080/chat/data...ie/msichat.ocx
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6978 bytes
Cookiegal's Avatar
Administrator with 51,265 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
30-Apr-2008, 09:50 AM #6
That's the log after the fourth run of ComboFix. I would like to see the log from the first run so I can see if it actually removed anything please.
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
30-Apr-2008, 12:33 PM #7
Hmm, Combofix only completed one run as far as I know. As mentioned on 1st run it stopped after part way through ( I left it open for over an hour to make sure it had stopped rather than just having a hard time finishing). I had to reboot and start over. Perhaps it removed something even though it never finish? I tried running it in safe mode after that thinking it would help finish, but as soon as starting the blue screen came up saying windows was being shut down to prevent damage and was dumping the memory. I did that at least twice with same result. Maybe thats the 2nd and 3rd time?

In C:\ComboFix.txt, this is only log I have. Sorry if I screwed things up. I didnt know what else to do after it stopped working the 1st time.

Is there any other place the log could be? Does it overwrite previous logs? Again, sorry.

ComboFix 08-04-29.3 - Cliff 2008-04-29 22:00:21.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.727 [GMT -4:00]
Running from: C:\Documents and Settings\Cliff.TIGER.000\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-29 00:05 . 2008-04-29 00:05 <DIR> d-------- C:\Documents and Settings\Cliff.TIGER.000\Application Data\Jasc Software Inc
2008-04-28 23:02 . 2004-10-27 19:54 <DIR> d-------- C:\Documents and Settings\All Users
2008-04-28 22:19 . 2004-10-23 18:23 <DIR> d-------- C:\Documents and Settings\Cliff.TIGER.000\Application Data\Sonic
2008-04-28 22:19 . 2008-04-29 00:05 <DIR> d--h----- C:\Documents and Settings\Cliff.TIGER.000\Application Data\Gtek
2008-04-28 22:19 . 2004-10-23 18:15 <DIR> d-------- C:\Documents and Settings\Cliff.TIGER.000\Application Data\Creative
2008-04-28 22:19 . 2008-04-29 00:04 <DIR> d-------- C:\Documents and Settings\Cliff.TIGER.000
2008-04-28 22:19 . 2008-04-29 22:04 110,592 --ah----- C:\Documents and Settings\Cliff.TIGER.000\ntuser.dat.LOG
2008-04-28 22:09 . 2008-04-29 00:04 <DIR> d-------- C:\Documents and Settings\Cliff.TIGER
2008-04-28 22:09 . 2008-04-29 18:28 1,024 --ah----- C:\Documents and Settings\Cliff.TIGER\ntuser.dat.LOG
2008-04-28 00:08 . 2008-04-29 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-20 13:22 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-03-24 01:13 . 2008-03-24 01:13 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-21 00:37 . 2008-03-21 00:37 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-03-04 23:02 . 2008-03-04 23:37 3,420 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-03-04 23:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-03-04 23:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-03-04 23:01 . 2008-03-02 00:12 86,016 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-03-04 23:01 . 2008-03-01 00:48 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-03-04 23:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-03-04 23:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-03-04 23:01 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-03-02 22:38 . 2008-04-28 00:04 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-02 22:38 . 2008-04-29 18:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 04:25 --------- d-----w C:\Program Files\Lavasoft
2008-04-29 02:07 --------- d-----w C:\Program Files\ZipCentral
2008-04-24 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-20 17:31 --------- d-----w C:\Program Files\PanzerElite
2008-04-08 00:17 --------- d-----w C:\Program Files\SpeedFan
2008-03-24 05:13 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-03-24 05:13 --------- d-----w C:\Program Files\Common Files\Real
2008-03-23 04:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 16:41 --------- d-----w C:\Program Files\LimeWire
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-08 04:11 --------- d-----w C:\Program Files\Java
2008-03-07 00:40 --------- d-----w C:\Program Files\ewido anti-malware
2008-03-02 06:11 --------- d-----w C:\Program Files\WxEx Installer
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2005-05-24 17:06 72 ----a-w C:\Program Files\UNWISE.INI
2005-05-24 17:06 17,256 ----a-w C:\Program Files\INSTALL.LOG
1999-06-25 14:55 149,504 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 08:51 306688]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-09 00:51 98304]
"P17Helper"="P17.dll" [2004-06-10 12:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"DXDllRegExe"="dxdllreg.exe" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19 57344]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-24 01:13 185896]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk
backup=C:\WINDOWS\pss\SpyCatcher Protector.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-25 12:52 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 17:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 06:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 11:06 110592 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2005-10-28 14:08 335872 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-10-24 17:10 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\SYSTEM32\\MSHTA.EXE"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"13017:TCP"= 13017:TCP:*isabled:limewire
"13017:UDP"= 13017:UDP:*isabled:limewire
"6346:TCP"= 6346:TCP:*isabled:Limewire
"6346:UDP"= 6346:UDP:*isabled:Limewire

R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 10:36]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2007-12-11 04:39]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 02:02:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{DF7F15DF-DCC2-412F-8AAE-96261228DD67}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 22:04:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-29 22:05:24
ComboFix-quarantined-files.txt 2008-04-30 02:05:22
ComboFix2.txt 2008-03-06 19:43:14

Pre-Run: 84,462,821,376 bytes free
Post-Run: 84,936,925,184 bytes free

178 --- E O F --- 2008-04-23 15:45:31
Cookiegal's Avatar
Administrator with 51,265 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
30-Apr-2008, 12:53 PM #8
Please go to Start - Run - type in eventvwr.msc to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
30-Apr-2008, 02:31 PM #9
Wow lots of errors logged! A few Applications and MANY systems. Most of the system errors are the same with same exact date. I'm worn out If you want me to go back farther let me know. I added the dashed lines to help seperate all of them.

I broke it up into parts so it all would fit her.

Application Errors:


Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 4/29/2008
Time: 12:27:43 AM
User: N/A
Computer: TIGER
Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module urlmon.dll, version 7.0.6000.16640, fault address 0x00003d95.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 36 34 30 00.16640
0030: 20 69 6e 20 75 72 6c 6d in urlm
0038: 6f 6e 2e 64 6c 6c 20 37 on.dll 7
0040: 2e 30 2e 36 30 30 30 2e .0.6000.
0048: 31 36 36 34 30 20 61 74 16640 at
0050: 20 6f 66 66 73 65 74 20 offset
0058: 30 30 30 30 33 64 39 35 00003d95
0060: 0d 0a ..


-----------------------------------------------

Event Type: Error
Event Source: EventSystem
Event Category: (50)
Event ID: 4609
Date: 4/29/2008
Time: 12:41:56 AM
User: N/A
Computer: TIGER
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-----------------------------------------------

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 4/29/2008
Time: 9:42:11 PM
User: N/A
Computer: TIGER
Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x83699785.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 36 34 30 00.16640
0030: 20 69 6e 20 75 6e 6b 6e in unkn
0038: 6f 77 6e 20 30 2e 30 2e own 0.0.
0040: 30 2e 30 20 61 74 20 6f 0.0 at o
0048: 66 66 73 65 74 20 38 33 ffset 83
0050: 36 39 39 37 38 35 0d 0a 699785..

------------------------------------------------

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 4/29/2008
Time: 9:57:55 PM
User: N/A
Computer: TIGER
Description:
Faulting application FXSSVC.EXE, version 5.2.2600.2180, faulting module NTDLL.DLL, version 5.1.2600.2180, fault address 0x00010f29.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 46 58 53 ure FXS
0018: 53 56 43 2e 45 58 45 20 SVC.EXE
0020: 35 2e 32 2e 32 36 30 30 5.2.2600
0028: 2e 32 31 38 30 20 69 6e .2180 in
0030: 20 4e 54 44 4c 4c 2e 44 NTDLL.D
0038: 4c 4c 20 35 2e 31 2e 32 LL 5.1.2
0040: 36 30 30 2e 32 31 38 30 600.2180
0048: 20 61 74 20 6f 66 66 73 at offs
0050: 65 74 20 30 30 30 31 30 et 00010
0058: 66 32 39 f29

---------------------------------------------

SYSTEM ERRORS:

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/29/2008
Time: 12:09:38 AM
User: NT AUTHORITY\SYSTEM
Computer: TIGER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

--------------------------------------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 4/29/2008
Time: 12:09:44 AM
User: N/A
Computer: TIGER
Description:
The Ad-Aware 2007 Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------------------------------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 4/29/2008
Time: 12:09:44 AM
User: N/A
Computer: TIGER
Description:
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
prodrv06

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

--------------------------------------------

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/29/2008
Time: 12:10:28 AM
User: TIGER\Cliff
Computer: TIGER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-------------------------------------------

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/29/2008
Time: 12:13:15 AM
User: TIGER\Cliff
Computer: TIGER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------------------------------------

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/29/2008
Time: 12:13:15 AM
User: TIGER\Cliff
Computer: TIGER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


-------------------------------------------

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/29/2008
Time: 12:13:37 AM
User: TIGER\Cliff
Computer: TIGER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


---------------------------------------

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/29/2008
Time: 12:13:37 AM
User: TIGER\Cliff
Computer: TIGER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------------------------------

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/29/2008
Time: 12:14:54 AM
User: TIGER\Cliff
Computer: TIGER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

---------------------------------------

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/29/2008
Time: 12:21:25 AM
User: TIGER\Cliff
Computer: TIGER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


--------------------------------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:40 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-------------------------------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:40 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------------------------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:40 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


--------------------------------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:40 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-----------------------------------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:40 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------------------------------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:40 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-------------------------------------------

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/29/2008
Time: 12:21:40 AM
User: TIGER\Cliff
Computer: TIGER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

//////////////
Last edited by Goldfinger : 30-Apr-2008 02:38 PM.
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
30-Apr-2008, 02:40 PM #10
Continued....

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:41 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:41 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:41 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-----------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:41 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

--------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:41 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:41 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:41 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

---------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:41 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:41 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:42 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:42 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:42 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

--------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:42 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

---------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:42 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:42 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:42 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-----------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:42 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

--------------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/29/2008
Time: 12:21:42 AM
User: N/A
Computer: TIGER
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------

Event Type: Error
Event Source: Service Control Manag