Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

i dont know whats wong with my comp [CLOSED]

Started by amommyslife03 , Jun 18 2008 08:48 PM

  • This topic is locked This topic is locked

#1
amommyslife03
Posted 18 June 2008 - 08:48 PM

amommyslife03

    Member

  • Member
  • PipPip
  • 11 posts
hi there i'm susan i live n nh the middle of no where and i'v had my comp for 4 yrs its a gateway but only used it for 2 yrs the other 2 it waz n a box packed up my cuz added some extra ram in it for me but not much just what he had and i'm still runing very slow and it locks up alot just trying to open a web page or opening spider solitair
if someone could help me fix this i'v done the virus scan from trend micro had some viruses on there n they got rid of it and i also have nod32 on my comp n running and windows defender goes everyday at 10am i have to do the disk clean up atleast 10-20 times a day and i defrag 1-3 times a mo and i also do the temp files every other day and have nothing but nog running on start up if you can help BIG thx a head of time ok heres the log
:)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:25 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1193719392\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O3 - Toolbar: FLYLADY BenefitBar - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Susan"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk120LYUS
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.tr...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1li...h/weblaunch.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.c...ropper1_3us.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com...te/UCSearch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{137A0D08-1E2A-4B58-8ABD-69749F542AF7}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{137A0D08-1E2A-4B58-8ABD-69749F542AF7}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PerfectDisk - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9107 bytes

Edited by amommyslife03, 19 June 2008 - 09:12 AM.

  • 0

Advertisements

#2
amommyslife03
Posted 19 June 2008 - 09:14 AM

amommyslife03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i am doing all the scans and ect from the form for new to hijacked this n here are the logs

Malwarebytes' Anti-Malware 1.17
Database version: 869

11:09:30 AM 6/19/2008
mbam-log-6-19-2008 (11-09-30).txt

Scan type: Quick Scan
Objects scanned: 42294
Time elapsed: 12 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
Generated 06/19/2008 at 01:21 PM

Application Version : 3.6.1000

Core Rules Database Version : 3485
Trace Rules Database Version: 1476

Scan type : Complete Scan
Total Scan Time : 00:50:14

Memory items scanned : 479
Memory threats detected : 0
Registry items scanned : 6610
Registry threats detected : 1
File items scanned : 45206
File threats detected : 0

Adware.MyWay
HKU\S-1-5-21-57989841-1580818891-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}

Edited by amommyslife03, 19 June 2008 - 01:19 PM.

  • 0

#3
koko_crunch
Posted 23 June 2008 - 09:17 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello amommyslife03 and Welcome to Geeks to Go!

Sorry for the delay.
We've been quite busy this week.

Please read this post completely before proceeding.
Since the state of your system is not the same as it was when you posted,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download Brute Force Uninstaller.
Unzip it to it’s own folder (c:\BFU)

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download 2Search Remover. Save it in the folder you made earlier (c:\BFU)

Now close all visible IE windows, because the script will kill one iexplorer process. It is meant to target an invisible one, but having IE windows open could cause it to stop the wrong one.

Do not be startled when your taskbar and desktop disappear. The script does this to be able to delete one very stubborn file.

Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute copy and paste c:\bfu\2search.bfu
Press execute and let it do it’s job.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Post back to this topic using the add reply button with a fresh HijackThis log along with the Malwarebytes log.
  • 0

#4
amommyslife03
Posted 23 June 2008 - 09:48 PM

amommyslife03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here is the 2 logs you gave me and the new hijacked log

Malwarebytes' Anti-Malware 1.17
Database version: 869

11:45:32 PM 6/23/2008
mbam-log-6-23-2008 (23-45-32).txt

Scan type: Quick Scan
Objects scanned: 42267
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BFU v1.11.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 11:54:27 PM, on 6/23/2008

Option Unload Explorer: Yes
Success: ProcessKillByPID 2896
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Warning: The following line has unexpanded aliases and will be skipped: # For use with Merijn's Brute Force Uninstaller
# available from http://www.merijn.org/
#
# Script Name: 2search.bfu
# Author: Pieter Arntz

ProcessKill C:\Program Files\Internet Explorer\iexplore.exe|1
ProcessKill C:\Program Files\IM Names\IM-svr.EXE|1

OptionUnloadShell

DllUnregister C:\Program Files\2search\plugin.dll|1
DllUnregister C:\Program Files\2search\2search.dll|1

FolderDelete C:\Program Files\2SEARCH
FolderDelete C:\Program Files\IM Names

RegDeleteKey HKCR\IEsearch.clsIESpy
RegDeleteKey HKCR\GoogleCatch.clsIESpy
RegDeleteKey HKCR\The007Guard.The007GuardCtrl.1
RegDeleteKey HKCR\STOPLITE.StopLiteCtrl.1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4508E20C-ACAD-11D2-9FC0-00550076E06F}
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4508E20C-ACAD-11D2-9FC0-00550076E06F}
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall|2search
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall|2search
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall|the guard
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall|the guard
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|svchost
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|svchost
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\2search
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\2search
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|2Search
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IMprocess
RegDelValue HKLM\SOFTWARE\WinRAR SFX|C#Program Files%The Guard
RegDelValue HKLM\SOFTWARE\WinRAR SFX|C#Program Files%IM Names
RegDelValue HKCU\WinRAR SFX|C#Program Files%The Guard
RegDelValue HKCU\WinRAR SFX|C#Program Files%IM Names
RegDelValue HKCU\SOFTWARE\WinRAR SFX|C#Program Files%2search
RegDelValue HKLM\SOFTWARE\WinRAR SFX|C#Program Files%2search
RegDeleteKey HKCR\CLSID\{4508E20C-ACAD-11D2-9FC0-00550076E06F}
RegDeleteKey HKCR\CLSID\{20048BB3-DB68-11CF-9CAF-00AA006CB425}
RegDeleteKey HKCR\Interface\{03BE31FE-6526-4D9C-B197-4A3E5DCFF696}
RegDeleteKey HKCR\Interface\{0EB61AF8-0B15-48B6-A971-1F206F2E3D5E}
RegDeleteKey HKCR\Interface\{20048BB1-DB68-11CF-9CAF-00AA006CB425}
RegDeleteKey HKCR\TypeLib\{68E774CB-72D1-4A52-B55B-C0B1011E013B}
RegDeleteKey HKCR\TypeLib\{20048BB0-DB68-11CF-9CAF-00AA006CB425}
RegDeleteKey HKCR\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HostsFileDelLine 69.20.16.183 auto.search.msn.com
HostsFileDelLine 69.20.16.183 search.netscape.com
HostsFileDelLine 69.20.16.183 ieautosearch

FolderDelete C:\WINDOWS\system32\feeds
FolderDelete C:\Program Files\The Guard
FileDelete C:\WINDOWS\system32\007guard.exe
FileDelete C:\WINDOWS\system32\2searchinstaller.exe
FileDelete C:\WINDOWS\system32\2search.exe
FileDelete C:\WINDOWS\system32\svmhost.exe
FileDelete C:\WINDOWS\system32\spectreysb.exe
FileDelete C:\WINDOWS\system32\access.ocx
Failed: DllUnregister C:\Program Files\2search\plugin.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\2search\2search.dll|1 (file not found)
Failed: FolderDelete C:\Program Files\2SEARCH (folder not found)
Failed: FolderDelete C:\Program Files\IM Names (folder not found)
Failed: RegDeleteKey HKCR\IEsearch.clsIESpy (key does not exist)
Failed: RegDeleteKey HKCR\GoogleCatch.clsIESpy (key does not exist)
Failed: RegDeleteKey HKCR\The007Guard.The007GuardCtrl.1 (key does not exist)
Failed: RegDeleteKey HKCR\STOPLITE.StopLiteCtrl.1 (key does not exist)
Failed: RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4508E20C-ACAD-11D2-9FC0-00550076E06F} (key does not exist)
Failed: RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4508E20C-ACAD-11D2-9FC0-00550076E06F} (key does not exist)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall|2search (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall|the guard (key not found)
Failed: RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\2search (key does not exist)
Failed: RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\2search (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{4508E20C-ACAD-11D2-9FC0-00550076E06F} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{20048BB3-DB68-11CF-9CAF-00AA006CB425} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{03BE31FE-6526-4D9C-B197-4A3E5DCFF696} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{0EB61AF8-0B15-48B6-A971-1F206F2E3D5E} (key does not exist)
Failed: RegDeleteKey HKCR\Interface\{20048BB1-DB68-11CF-9CAF-00AA006CB425} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{68E774CB-72D1-4A52-B55B-C0B1011E013B} (key does not exist)
Failed: RegDeleteKey HKCR\TypeLib\{20048BB0-DB68-11CF-9CAF-00AA006CB425} (key does not exist)
Failed: RegDeleteKey HKCR\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} (key does not exist)
Success: HostsFileDelLine 69.20.16.183 auto.search.msn.com
Success: HostsFileDelLine 69.20.16.183 search.netscape.com
Success: HostsFileDelLine 69.20.16.183 ieautosearch
Failed: FolderDelete C:\WINDOWS\system32\feeds (folder not found)
Failed: FolderDelete C:\Program Files\The Guard (folder not found)
Success: SystemRun C:\WINDOWS\explorer.exe||1
Script completed at 11:54:30 PM.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:47 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\1193719392\ee\aolsoftware.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O3 - Toolbar: FLYLADY BenefitBar - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Susan"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.tr...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1li...h/weblaunch.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.c...ropper1_3us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com...te/UCSearch.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7748 bytes

Edited by amommyslife03, 23 June 2008 - 09:58 PM.

  • 0

#5
koko_crunch
Posted 23 June 2008 - 10:30 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Looks good but we still have some more cleaning up to do.

Next,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com...te/UCSearch.CAB
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1li...h/weblaunch.cab

Now close all windows other than HiJackThis, then click Fix Checked.
Close HiJackThis.

Then,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

Please make sure the logs doesn't get cut off.
Logs required on next post
DSS main and extra
  • 0

#6
amommyslife03
Posted 24 June 2008 - 06:02 AM

amommyslife03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok well i did the hijacked thangy but then tryed that dss and i got it downloaded and when i try to do the scan it keeps timing out on me n dose the send error report so it wont let me do it and i dont know why but heres the new hijacked log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:17 AM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\1193719392\ee\aolsoftware.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O3 - Toolbar: FLYLADY BenefitBar - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Susan"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.tr...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.c...ropper1_3us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{137A0D08-1E2A-4B58-8ABD-69749F542AF7}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{137A0D08-1E2A-4B58-8ABD-69749F542AF7}: NameServer = 205.188.146.145
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7031 bytes
  • 0

#7
koko_crunch
Posted 24 June 2008 - 10:41 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Let's see what triggering the errors.

Please download PsLogList by Mark Russinovich
Save it to your desktop.

  • Once downloaded, right-click on Pstools.zip then extract it to C:\PsTools
  • Next, click Start >> Run then Copy/Paste text in codebox below

    cmd /c "c:\PsTools\psloglist" -d 2 >> events.txt & notepad events.txt
  • Please post back with contents of Events.txt on your next reply.

Edited by koko_crunch, 24 June 2008 - 10:42 AM.

  • 0

#8
amommyslife03
Posted 24 June 2008 - 11:02 AM

amommyslife03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
System log on \\SUSAN:
[137504] WinDefend
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 10:55:53 AM ID: 1001
Windows Defender scan has finished.

Scan ID: {FCA2D569-3EE9-46FF-B5B7-AC757027779C}

Scan Type: AntiSpyware

Scan Parameters: Full Scan

User: NT AUTHORITY\NETWORK SERVICE

Scan Time: 0:53:56


[137503] WinDefend
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 10:01:56 AM ID: 1000
Windows Defender scan has started.

Scan ID: {FCA2D569-3EE9-46FF-B5B7-AC757027779C}

Scan Type: AntiSpyware

Scan Parameters: Full Scan

User: NT AUTHORITY\NETWORK SERVICE


[137502] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:39:12 AM ID: 7036
The Windows Installer service entered the stopped state.


[137501] RemoteAccess
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:30:40 AM ID: 20158
The user successfully established a connection to The Internet (1) using the device IRDA8-1.


[137500] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:30:10 AM ID: 7035
User: NT AUTHORITY\SYSTEM
The ATWPKT2 service was successfully sent a start control.


[137499] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:30:04 AM ID: 7035
User: NT AUTHORITY\SYSTEM
The ATWPKT2 service was successfully sent a start control.


[137498] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:57 AM ID: 7035
User: NT AUTHORITY\SYSTEM
The ATWPKT2 service was successfully sent a start control.


[137497] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:51 AM ID: 7035
User: NT AUTHORITY\SYSTEM
The ATWPKT2 service was successfully sent a start control.


[137496] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:45 AM ID: 7035
User: NT AUTHORITY\SYSTEM
The ATWPKT2 service was successfully sent a start control.


[137495] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:39 AM ID: 7035
User: NT AUTHORITY\SYSTEM
The ATWPKT2 service was successfully sent a start control.


[137494] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137493] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7036
The Application Management service entered the stopped state.


[137492] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137491] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137490] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7036
The Application Management service entered the stopped state.


[137489] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137488] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137487] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7036
The Application Management service entered the stopped state.


[137486] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137485] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137484] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7036
The Application Management service entered the stopped state.


[137483] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:23 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137482] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137481] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7036
The Application Management service entered the stopped state.


[137480] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137479] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137478] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7036
The Application Management service entered the stopped state.


[137477] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137476] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137475] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7036
The Application Management service entered the stopped state.


[137474] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137473] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137472] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7036
The Application Management service entered the stopped state.


[137471] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137470] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137469] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7036
The Application Management service entered the stopped state.


[137468] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137467] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137466] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7036
The Application Management service entered the stopped state.


[137465] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137464] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137463] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7036
The Application Management service entered the stopped state.


[137462] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137461] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137460] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7036
The Application Management service entered the stopped state.


[137459] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137458] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137457] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7036
The Application Management service entered the stopped state.


[137456] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:22 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137455] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137454] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7036
The Application Management service entered the stopped state.


[137453] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137452] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137451] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7036
The Application Management service entered the stopped state.


[137450] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137449] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137448] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7036
The Application Management service entered the stopped state.


[137447] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137446] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137445] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7036
The Application Management service entered the stopped state.


[137444] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137443] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137442] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7036
The Application Management service entered the stopped state.


[137441] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137440] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137439] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7036
The Application Management service entered the stopped state.


[137438] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137437] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137436] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7036
The Application Management service entered the stopped state.


[137435] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137434] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137433] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7036
The Application Management service entered the stopped state.


[137432] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137431] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137430] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7036
The Application Management service entered the stopped state.


[137429] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:21 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137428] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137427] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7036
The Application Management service entered the stopped state.


[137426] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137425] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137424] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7036
The Application Management service entered the stopped state.


[137423] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137422] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137421] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7036
The Application Management service entered the stopped state.


[137420] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137419] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137418] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7036
The Application Management service entered the stopped state.


[137417] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137416] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137415] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7036
The Application Management service entered the stopped state.


[137414] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137413] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137412] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7036
The Application Management service entered the stopped state.


[137411] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137410] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137409] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7036
The Application Management service entered the stopped state.


[137408] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137407] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137406] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7036
The Application Management service entered the stopped state.


[137405] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137404] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137403] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7036
The Application Management service entered the stopped state.


[137402] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:20 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137401] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137400] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7036
The Application Management service entered the stopped state.


[137399] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137398] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137397] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7036
The Application Management service entered the stopped state.


[137396] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137395] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137394] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7036
The Application Management service entered the stopped state.


[137393] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137392] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137391] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7036
The Application Management service entered the stopped state.


[137390] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137389] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137388] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7036
The Application Management service entered the stopped state.


[137387] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137386] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137385] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7036
The Application Management service entered the stopped state.


[137384] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137383] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137382] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7036
The Application Management service entered the stopped state.


[137381] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137380] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137379] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7036
The Application Management service entered the stopped state.


[137378] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137377] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137376] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7036
The Application Management service entered the stopped state.


[137375] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:19 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137374] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137373] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7036
The Application Management service entered the stopped state.


[137372] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137371] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137370] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7036
The Application Management service entered the stopped state.


[137369] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137368] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137367] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7036
The Application Management service entered the stopped state.


[137366] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137365] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137364] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7036
The Application Management service entered the stopped state.


[137363] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137362] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137361] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7036
The Application Management service entered the stopped state.


[137360] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137359] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137358] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7036
The Application Management service entered the stopped state.


[137357] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137356] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137355] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7036
The Application Management service entered the stopped state.


[137354] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137353] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137352] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7036
The Application Management service entered the stopped state.


[137351] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137350] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137349] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7036
The Application Management service entered the stopped state.


[137348] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137347] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137346] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7036
The Application Management service entered the stopped state.


[137345] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:18 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137344] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137343] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7036
The Application Management service entered the stopped state.


[137342] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137341] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137340] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7036
The Application Management service entered the stopped state.


[137339] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137338] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137337] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7036
The Application Management service entered the stopped state.


[137336] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137335] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137334] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7036
The Application Management service entered the stopped state.


[137333] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137332] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137331] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7036
The Application Management service entered the stopped state.


[137330] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137329] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137328] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7036
The Application Management service entered the stopped state.


[137327] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137326] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137325] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7036
The Application Management service entered the stopped state.


[137324] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137323] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137322] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7036
The Application Management service entered the stopped state.


[137321] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137320] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137319] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7036
The Application Management service entered the stopped state.


[137318] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:17 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137317] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137316] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7036
The Application Management service entered the stopped state.


[137315] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137314] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137313] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7036
The Application Management service entered the stopped state.


[137312] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137311] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137310] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7036
The Application Management service entered the stopped state.


[137309] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137308] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137307] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7036
The Application Management service entered the stopped state.


[137306] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137305] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137304] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7036
The Application Management service entered the stopped state.


[137303] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137302] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137301] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7036
The Application Management service entered the stopped state.


[137300] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137299] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137298] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7036
The Application Management service entered the stopped state.


[137297] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137296] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137295] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7036
The Application Management service entered the stopped state.


[137294] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137293] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137292] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7036
The Application Management service entered the stopped state.


[137291] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:16 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137290] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137289] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7036
The Application Management service entered the stopped state.


[137288] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137287] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137286] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7036
The Application Management service entered the stopped state.


[137285] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137284] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137283] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7036
The Application Management service entered the stopped state.


[137282] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137281] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137280] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7036
The Application Management service entered the stopped state.


[137279] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137278] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137277] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7036
The Application Management service entered the stopped state.


[137276] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137275] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137274] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7036
The Application Management service entered the stopped state.


[137273] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137272] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137271] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7036
The Application Management service entered the stopped state.


[137270] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137269] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137268] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7036
The Application Management service entered the stopped state.


[137267] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137266] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137265] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7036
The Application Management service entered the stopped state.


[137264] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:15 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137263] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:14 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137262] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:14 AM ID: 7036
The Application Management service entered the stopped state.


[137261] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:14 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully sent a start control.


[137260] Service Control Manager
Type: ERROR
Computer: SUSAN
Time: 6/24/2008 9:29:14 AM ID: 7023
The Application Management service terminated with the following error:

The specified module could not be found.


[137259] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:14 AM ID: 7036
The Application Management service entered the stopped state.


[137258] Service Control Manager
Type: INFORMATION
Computer: SUSAN
Time: 6/24/2008 9:29:14 AM ID: 7035
User: SUSAN\Susan
The Application Management service was successfully
  • 0

#9
koko_crunch
Posted 24 June 2008 - 11:54 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Could you reboot your computer before performing the steps below. :)

Disable Windows Defender

1. Open Windows Defender.
2. Select Tools
3. Select Options.
4. Scroll to the bottom of the list.
5. Under Administrator options, uncheck the Use Windows Defender checkbox.
6. Click Save.
7. When the a prompt appears, click Continue.

A window will then appear, notifying you that Windows Defender is turned off.
Click Close.

Next,


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com...te/UCSearch.CAB
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1li...h/weblaunch.cab

Now close all windows other than HiJackThis, then click Fix Checked.
Close HiJackThis.

Then,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

Please make sure the logs doesn't get cut off.
Logs required on next post
DSS main and extra
  • 0

#10
amommyslife03
Posted 24 June 2008 - 12:42 PM

amommyslife03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i did the hijacked thang and there was none of thoese in it and the dss still wont run threw its timing out at cleaning files heres the log from the hijacked

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:22 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1193719392\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: FlyLady Toolbar - {231ac525-91f7-422a-9d9b-660344ea2abc} - C:\Program Files\FlyLady\tbFlyL.dll
O3 - Toolbar: FLYLADY BenefitBar - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Susan"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.tr...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay10...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.c...ropper1_3us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{137A0D08-1E2A-4B58-8ABD-69749F542AF7}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{137A0D08-1E2A-4B58-8ABD-69749F542AF7}: NameServer = 205.188.146.145
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6959 bytes
  • 0

Advertisements

#11
koko_crunch
Posted 24 June 2008 - 04:58 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Before running a new scan let's clean out the temporary folders.


Download ATF Cleaner to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans,
    • click on the Select all button.
      Make sure that Non-Microsoft checkbox is checked.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.

Use the Add Reply button and attach the file in your next post.
  • 0

#12
amommyslife03
Posted 24 June 2008 - 06:19 PM

amommyslife03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
k i did the atf cleaner but the ot scan wont download ?? and now my arobe reader and other arobe stuff is not working i dont know if we did something but idk??
  • 0

#13
koko_crunch
Posted 24 June 2008 - 07:40 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hmmm, that's strange.

Let's do another scan.
Hopefully you can download this program.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#14
amommyslife03
Posted 25 June 2008 - 10:58 AM

amommyslife03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
heres the log i sorta got the adobe to work at least the flash player but the reader wont download thxs so much for helping with all his ok heres the log sry took me so long dealing with 3 kids ya know the deal

ComboFix 08-06-20.4 - Susan 2008-06-25 12:13:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.468 [GMT -4:00]
Running from: C:\Documents and Settings\Susan\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Susan\Application Data\FunWebProducts
C:\WINDOWS\bundles
C:\WINDOWS\bundles\log.bak.txt
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-24 13:00 . 2008-06-24 13:00 <DIR> d-------- C:\PsTools
2008-06-24 09:20 . 2008-06-24 09:20 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-24 01:24 . 2008-06-24 01:24 <DIR> d-------- C:\Deckard
2008-06-19 12:03 . 2008-06-25 01:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 12:03 . 2008-06-19 12:03 <DIR> d-------- C:\Documents and Settings\Susan\Application Data\SUPERAntiSpyware.com
2008-06-19 12:03 . 2008-06-19 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 12:02 . 2008-06-19 12:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 10:49 . 2008-06-19 10:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 10:49 . 2008-06-19 10:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-19 10:49 . 2008-06-19 10:49 <DIR> d-------- C:\Documents and Settings\Susan\Application Data\Malwarebytes
2008-06-19 10:49 . 2008-06-19 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-19 10:49 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 10:49 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-18 21:56 . 2008-06-18 22:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-17 00:51 . 2007-11-27 22:51 35,216 --a------ C:\WINDOWS\system32\drivers\TMPassthru.sys
2008-06-12 01:16 . 2008-06-12 01:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-03 21:21 . 2008-06-03 21:23 <DIR> d-------- C:\Program Files\BenefitBarIE
2008-05-31 22:49 . 2008-02-02 16:39 117,094 --------- C:\WINDOWS\hpoins11.dat.temp
2008-05-31 22:49 . 2006-05-05 19:19 11,634 --------- C:\WINDOWS\hpomdl11.dat.temp
2008-05-27 21:09 . 2008-05-27 21:09 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
2008-05-25 19:40 . 2008-05-25 19:40 <DIR> d-------- C:\FUNPACK
2008-05-25 19:40 . 2008-05-25 19:40 <DIR> d-------- C:\FBDEMO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 04:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-20 02:50 --------- d-----w C:\Program Files\Washer
2008-06-19 16:37 --------- d-----w C:\Program Files\Smart Panel
2008-06-19 01:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 10:07 --------- d-----w C:\Documents and Settings\Susan\Application Data\HouseCall 6.6
2008-06-13 13:31 --------- d-----w C:\Program Files\AOL Toolbar
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-01 02:53 --------- d-----w C:\Program Files\HP
2008-05-28 15:42 --------- d-----w C:\Program Files\AOL 9.1
2008-05-21 12:09 --------- d-----w C:\Program Files\Managed DirectX (0901)
2008-05-19 02:15 --------- d-----w C:\Program Files\America Online 9.0
2008-05-19 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-12 03:27 --------- d-----w C:\Program Files\MySpace
2008-05-10 02:10 --------- d-----w C:\Program Files\Java
2008-05-09 15:28 --------- d-----w C:\Documents and Settings\Susan\Application Data\U3
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-03 04:14 --------- d-----w C:\Documents and Settings\Susan\Application Data\AOL
2008-05-03 04:12 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-03 04:10 --------- d-----w C:\Program Files\Common Files\aolshare
2008-05-03 04:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-02 00:10 --------- d-----w C:\Program Files\CachemanXP
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\msjint40.dll
2008-02-27 14:16 23 --sha-w C:\WINDOWS\system32\debeb0_d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{231ac525-91f7-422a-9d9b-660344ea2abc}]
2008-04-03 10:40 1523736 --a------ C:\Program Files\FlyLady\tbFlyL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{231AC525-91F7-422A-9D9B-660344EA2ABC}"= "C:\Program Files\FlyLady\tbFlyL.dll" [2008-04-03 10:40 1523736]

[HKEY_CLASSES_ROOT\clsid\{231ac525-91f7-422a-9d9b-660344ea2abc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{231AC525-91F7-422A-9D9B-660344EA2ABC}"= C:\Program Files\FlyLady\tbFlyL.dll [2008-04-03 10:40 1523736]

[HKEY_CLASSES_ROOT\clsid\{231ac525-91f7-422a-9d9b-660344ea2abc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-25 01:38 1506544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 19:27 9117696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-25 01:38 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-25 01:38 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Susan^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Susan\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Dialer]
-ra------ 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOlDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400]
--a------ 2003-05-26 16:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor]
--a------ 2003-11-05 12:23 303180 C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-10-08 17:50 41824 C:\Program Files\Common Files\AOL\1193719392\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-11-18 00:11 118784 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-11-18 00:24 155648 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-12-17 04:40 1241138 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-09 00:45 28672 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2003-12-12 18:55 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 05:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2007-11-16 19:58 949376 C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-07-02 20:27 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
--a------ 2007-02-21 00:48 1003520 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-06-25 01:38 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-07-18 22:25 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray]
--a------ 2007-12-19 00:18 288088 C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer]
C:\Program Files\Washer\washer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
--a------ 2004-03-12 15:53 20480 C:\WINDOWS\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Y!TunnelBasic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Y!TunnelPro]
--------- 2007-09-19 15:51 1208832 C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--a------ 2003-12-01 12:38 892928 C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Common Files\\AOL\\1193719392\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R2 RUBotted;Trend Micro RUBotted Service;"C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe" [2007-12-19 00:18]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S3 P101bVID;Creative WebCam;C:\WINDOWS\system32\DRIVERS\P101bVid.sys [2002-04-28 13:00]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 13:38]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-25 14:13:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-21 05:01:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-04 05:01:07 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-21 05:47:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-11-04 06:46:44 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 12:15:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-25 12:18:57
ComboFix-quarantined-files.txt 2008-06-25 16:17:54

Pre-Run: 19,776,372,736 bytes free
Post-Run: 19,761,557,504 bytes free

258 --- E O F --- 2008-06-21 04:33:18
  • 0

#15
koko_crunch
Posted 25 June 2008 - 05:14 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
That's OK, I completely understand. :)
Moving on...

First,

Open Notepad.
Copy and paste text in codeboxbelow
Type filename as seek.bat then Set Filetype to "all files"
Save to your Desktop then click Save.

dir C:\FUNPACK\*.* /o:n /s >> files.txt
dir C:\FBDEMO\*.* /o:n /s >> files.txt & notepad files.txt

Double-click on seek.bat.
Notepad will open with the results of the query.
Post the content on you next reply.

Next,

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\debeb0_d.dll
  • Click on the submit button
  • Please post the results in your next reply.

Then,

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Logs required on next post.
- Files.txt
- Jotti log
- Gmer log
-
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP