 |  |  |  |  |  |  |  |
I've been Hijacked! Please help!
 |
OK- your latest log looks more "normal", but I'm not sure A) how much of the following you can do, given the unstable state of your system, and B) how much of the damage was due to malicious infections and how much was due to the problems during the EA game installation. Let's see what kind of headway we can make...
1. Click on the "Run..." option in your Start menu, enter the following in the resulting "Open:" box, and hit OK:
services.msc
That should open the Services utility.
- In the list of services, locate the service named "Remote Packet Capture Protocol" or "rpcapd" and double-click on it.
- In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped.
- Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK.
- Repeat the above steps for the SVCLOAD and SVCMGR
services. Close the Services utility after that.
2. Run HijackThis again and have it fix:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SVCLOAD - Unknown owner - c:\windows\system32\dllcache\sys32\winlogon.exe
O23 - Service: SVCMGR - Unknown owner - c:\windows\system32\dllcache\sys32\winlogon.exe
- Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:
rpcapd
Repeat the above deletion for SVCLOAD and SVCMGR.
3. Reboot into Safe Mode and run ewido again.
When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- Search for and delete the following file if found:
c:\windows\system32\dllcache\sys32\winlogon.exe
- If there are other files in the c:\windows\system32\dllcache\sys32\ folder, please take note of their names and post those in your next response here.
- Delete the following folder entirely:
C:\ProgramFiles\WinPcap
- Empty your Recycle Bin, reboot normally, and run HijackThis again.
4. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated and the names of the files found in the c:\windows\system32\dllcache\sys32\ folder.
1. Click on the "Run..." option in your Start menu, enter the following in the resulting "Open:" box, and hit OK:
services.msc
That should open the Services utility.
- In the list of services, locate the service named "Remote Packet Capture Protocol" or "rpcapd" and double-click on it.
- In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped.
- Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK.
- Repeat the above steps for the SVCLOAD and SVCMGR
services. Close the Services utility after that.
2. Run HijackThis again and have it fix:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SVCLOAD - Unknown owner - c:\windows\system32\dllcache\sys32\winlogon.exe
O23 - Service: SVCMGR - Unknown owner - c:\windows\system32\dllcache\sys32\winlogon.exe
- Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:
rpcapd
Repeat the above deletion for SVCLOAD and SVCMGR.
3. Reboot into Safe Mode and run ewido again.
When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- Search for and delete the following file if found:
c:\windows\system32\dllcache\sys32\winlogon.exe
- If there are other files in the c:\windows\system32\dllcache\sys32\ folder, please take note of their names and post those in your next response here.
- Delete the following folder entirely:
C:\ProgramFiles\WinPcap
- Empty your Recycle Bin, reboot normally, and run HijackThis again.
4. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated and the names of the files found in the c:\windows\system32\dllcache\sys32\ folder.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Whoa. Thanks for the help. I really feel like I'm actually making progress now. I also want to know if I have to do this process for the other user(s) on this computer which consist of: 1. The default administrator in safe mode and 2. My brother who has a separate log in user file than mine at Windows startup (none of his programs or shortcuts are working properly either). By any means, here is my HijackThis log, Ewido log, and sys32 additional files.
1. HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 5:51:30 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///??
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130266793890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132318523125
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
2. EWIDO
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:16:00 PM, 12/26/2005
+ Report-Checksum: C431A8BD
+ Scan result:
C:\Documents and Settings\Gordon\Cookies\gordon@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Gordon\Cookies\gordon@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Walton\Cookies\walton@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Walton\Cookies\walton@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
::Report End
3. C:\WINDOWS\system32\dllcache\sys32
Here are the Additional Files that were found in C:\WINDOWS\system32\dllcache\sys32:
upload (a folder with nothing in it)
hide.EXE
libeay32.dll
psshutdown.exe
ServUStartUpLog.txt
sys.dll
winmgtr.dll
cygcrypt-0.dll
hide.RBO
nfo.nfo (MSInfo document)
run.bat
spooldc.log
TzoLibr.dll
cygwin1.dll
hydrant.bat
pshut.bat
ServUDaemon.ini (Configuration Settings)
ssleay32.dll
welcome.txt
1. HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 5:51:30 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///??
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130266793890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132318523125
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
2. EWIDO
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:16:00 PM, 12/26/2005
+ Report-Checksum: C431A8BD
+ Scan result:
C:\Documents and Settings\Gordon\Cookies\gordon@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Gordon\Cookies\gordon@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Walton\Cookies\walton@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Walton\Cookies\walton@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
::Report End
3. C:\WINDOWS\system32\dllcache\sys32
Here are the Additional Files that were found in C:\WINDOWS\system32\dllcache\sys32:
upload (a folder with nothing in it)
hide.EXE
libeay32.dll
psshutdown.exe
ServUStartUpLog.txt
sys.dll
winmgtr.dll
cygcrypt-0.dll
hide.RBO
nfo.nfo (MSInfo document)
run.bat
spooldc.log
TzoLibr.dll
cygwin1.dll
hydrant.bat
pshut.bat
ServUDaemon.ini (Configuration Settings)
ssleay32.dll
welcome.txt
1. The "sys32" folder and its contents are/were the work of backdoor trojan, but I doubt that the infection was the cause of your program and shortcut problems. Regardless, the entire folder should be deleted if you haven't done so already.
2. It would still be worth seeing if the Event Viewer holds any clues. See if you can access the utility this way:
- Click on the "Run..." option in your Start menu.
- In the resulting "Open:" dialog box, type the following and then click OK: eventvwr
If that works, look through the logs for errors and warnings and tell us if you find anything which might be relevant.
3. Run the System File Checker utility to see if Windows detects any inconsistencies in its system files:
- Click on the "Run..." option in your Start menu.
- In the resulting "Open:" dialog box, type the following and then click OK: cmd
- In the resulting DOS window, type the following at the command prompt and then hit enter: sfc /scannow
2. It would still be worth seeing if the Event Viewer holds any clues. See if you can access the utility this way:
- Click on the "Run..." option in your Start menu.
- In the resulting "Open:" dialog box, type the following and then click OK: eventvwr
If that works, look through the logs for errors and warnings and tell us if you find anything which might be relevant.
3. Run the System File Checker utility to see if Windows detects any inconsistencies in its system files:
- Click on the "Run..." option in your Start menu.
- In the resulting "Open:" dialog box, type the following and then click OK: cmd
- In the resulting DOS window, type the following at the command prompt and then hit enter: sfc /scannow
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Part One of Long Document:
I deleted the "sys32 folder from the dllcache directory. I also ran the sfc/scannow, but it told me to insert my Windows XP Professional Cd 2 in order for files to be copied to the DLL Cache so that XP could run properly "???". I tried my Windows XP Cd for version 5.1.2600 which it asked for, but it told me that I have the wrong cd (I guess I only have disc #1 or something that is not compatible).
The good news is that I was able to access the event viewer and here is the lengthy log for the applications:
Applications log:
Type Date Time Source Category Event User Computer
Error 12/27/2005 6:34:26 PM Application Error None 1000 N/A FLASHGORDON
Error 12/27/2005 6:33:24 PM Application Error None 1001 N/A FLASHGORDON
Error 12/27/2005 6:33:18 PM Application Error None 1000 N/A FLASHGORDON
Warning 12/27/2005 3:26:55 AM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/26/2005 10:02:30 AM Application Hang None 1001 N/A FLASHGORDON
Error 12/26/2005 10:02:28 AM Application Hang None 1001 N/A FLASHGORDON
Error 12/26/2005 10:02:18 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/26/2005 10:02:16 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/25/2005 1:21:04 PM Application Error None 1001 N/A FLASHGORDON
Error 12/25/2005 1:20:57 PM Application Error None 1000 N/A FLASHGORDON
Warning 12/25/2005 12:30:44 PM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/25/2005 10:41:42 AM Application Error None 1001 N/A FLASHGORDON
Error 12/25/2005 10:41:36 AM Application Error None 1000 N/A FLASHGORDON
Error 12/25/2005 5:09:38 AM Application Error None 1000 N/A FLASHGORDON
Error 12/25/2005 5:08:19 AM Application Error None 1000 N/A FLASHGORDON
Warning 12/24/2005 9:01:07 PM Userenv None 1517 SYSTEM FLASHGORDON
Warning 12/24/2005 2:23:16 PM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/24/2005 9:51:34 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/24/2005 1:32:27 AM McLogEvent None 5022 SYSTEM FLASHGORDON
Error 12/24/2005 12:34:31 AM McLogEvent None 5022 SYSTEM FLASHGORDON
Error 12/23/2005 8:34:46 PM McLogEvent None 5022 SYSTEM FLASHGORDON
Error 12/23/2005 8:16:03 PM McLogEvent None 5022 SYSTEM FLASHGORDON
Warning 12/23/2005 4:56:29 PM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/23/2005 3:47:38 PM MpfService None 2 Walton FLASHGORDON
Error 12/23/2005 11:53:14 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:51:10 AM Application Error None 1001 N/A FLASHGORDON
Error 12/23/2005 11:51:03 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:50:35 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:50:06 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:49:49 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:45:35 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:32:37 AM Application Hang None 1001 N/A FLASHGORDON
Error 12/23/2005 11:32:35 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/23/2005 11:31:33 AM Application Error None 1001 N/A FLASHGORDON
Error 12/23/2005 11:31:29 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:27:29 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/23/2005 11:25:47 AM Application Error None 1001 N/A FLASHGORDON
Error 12/23/2005 11:25:42 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 1:16:47 AM Application Hang None 1001 N/A FLASHGORDON
Error 12/23/2005 1:16:43 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/23/2005 12:30:58 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/22/2005 11:46:33 PM Application Hang None 1001 N/A FLASHGORDON
Error 12/22/2005 11:46:29 PM Application Hang (101) 1002 N/A FLASHGORDON
Warning 12/22/2005 5:27:08 PM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/22/2005 3:37:05 PM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/22/2005 1:57:05 PM Application Error None 1001 N/A FLASHGORDON
Error 12/22/2005 1:56:32 PM Application Error (100) 1000 N/A FLASHGORDON
Error 12/22/2005 4:17:29 AM Application Error None 1001 N/A FLASHGORDON
Error 12/22/2005 4:17:26 AM Application Error None 1000 N/A FLASHGORDON
Warning 12/22/2005 3:53:34 AM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/21/2005 5:52:00 AM Application Error None 1000 N/A FLASHGORDON
Error 12/21/2005 5:49:11 AM Application Error None 1000 N/A FLASHGORDON
Error 12/21/2005 5:48:53 AM Application Error None 1000 N/A FLASHGORDON
Error 12/21/2005 5:48:48 AM Application
[Mod's note: log snipped for brevity]
I deleted the "sys32 folder from the dllcache directory. I also ran the sfc/scannow, but it told me to insert my Windows XP Professional Cd 2 in order for files to be copied to the DLL Cache so that XP could run properly "???". I tried my Windows XP Cd for version 5.1.2600 which it asked for, but it told me that I have the wrong cd (I guess I only have disc #1 or something that is not compatible).
The good news is that I was able to access the event viewer and here is the lengthy log for the applications:
Applications log:
Type Date Time Source Category Event User Computer
Error 12/27/2005 6:34:26 PM Application Error None 1000 N/A FLASHGORDON
Error 12/27/2005 6:33:24 PM Application Error None 1001 N/A FLASHGORDON
Error 12/27/2005 6:33:18 PM Application Error None 1000 N/A FLASHGORDON
Warning 12/27/2005 3:26:55 AM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/26/2005 10:02:30 AM Application Hang None 1001 N/A FLASHGORDON
Error 12/26/2005 10:02:28 AM Application Hang None 1001 N/A FLASHGORDON
Error 12/26/2005 10:02:18 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/26/2005 10:02:16 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/25/2005 1:21:04 PM Application Error None 1001 N/A FLASHGORDON
Error 12/25/2005 1:20:57 PM Application Error None 1000 N/A FLASHGORDON
Warning 12/25/2005 12:30:44 PM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/25/2005 10:41:42 AM Application Error None 1001 N/A FLASHGORDON
Error 12/25/2005 10:41:36 AM Application Error None 1000 N/A FLASHGORDON
Error 12/25/2005 5:09:38 AM Application Error None 1000 N/A FLASHGORDON
Error 12/25/2005 5:08:19 AM Application Error None 1000 N/A FLASHGORDON
Warning 12/24/2005 9:01:07 PM Userenv None 1517 SYSTEM FLASHGORDON
Warning 12/24/2005 2:23:16 PM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/24/2005 9:51:34 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/24/2005 1:32:27 AM McLogEvent None 5022 SYSTEM FLASHGORDON
Error 12/24/2005 12:34:31 AM McLogEvent None 5022 SYSTEM FLASHGORDON
Error 12/23/2005 8:34:46 PM McLogEvent None 5022 SYSTEM FLASHGORDON
Error 12/23/2005 8:16:03 PM McLogEvent None 5022 SYSTEM FLASHGORDON
Warning 12/23/2005 4:56:29 PM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/23/2005 3:47:38 PM MpfService None 2 Walton FLASHGORDON
Error 12/23/2005 11:53:14 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:51:10 AM Application Error None 1001 N/A FLASHGORDON
Error 12/23/2005 11:51:03 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:50:35 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:50:06 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:49:49 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:45:35 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:32:37 AM Application Hang None 1001 N/A FLASHGORDON
Error 12/23/2005 11:32:35 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/23/2005 11:31:33 AM Application Error None 1001 N/A FLASHGORDON
Error 12/23/2005 11:31:29 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 11:27:29 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/23/2005 11:25:47 AM Application Error None 1001 N/A FLASHGORDON
Error 12/23/2005 11:25:42 AM Application Error None 1000 N/A FLASHGORDON
Error 12/23/2005 1:16:47 AM Application Hang None 1001 N/A FLASHGORDON
Error 12/23/2005 1:16:43 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/23/2005 12:30:58 AM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/22/2005 11:46:33 PM Application Hang None 1001 N/A FLASHGORDON
Error 12/22/2005 11:46:29 PM Application Hang (101) 1002 N/A FLASHGORDON
Warning 12/22/2005 5:27:08 PM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/22/2005 3:37:05 PM Application Hang (101) 1002 N/A FLASHGORDON
Error 12/22/2005 1:57:05 PM Application Error None 1001 N/A FLASHGORDON
Error 12/22/2005 1:56:32 PM Application Error (100) 1000 N/A FLASHGORDON
Error 12/22/2005 4:17:29 AM Application Error None 1001 N/A FLASHGORDON
Error 12/22/2005 4:17:26 AM Application Error None 1000 N/A FLASHGORDON
Warning 12/22/2005 3:53:34 AM Userenv None 1517 SYSTEM FLASHGORDON
Error 12/21/2005 5:52:00 AM Application Error None 1000 N/A FLASHGORDON
Error 12/21/2005 5:49:11 AM Application Error None 1000 N/A FLASHGORDON
Error 12/21/2005 5:48:53 AM Application Error None 1000 N/A FLASHGORDON
Error 12/21/2005 5:48:48 AM Application
[Mod's note: log snipped for brevity]
Yoiks! :eek: :eek:
I wasn't after the entire log, just the details from some of the entries flagged with "error" or "warning":
Your log shows entries with application errors 1000, 1001, and 1002, as well as error entries related to DCOM; I'd like to see the details of one of each of those. Here's how to post the full details of a given entry:
- Double-click on an entry to open the entry's Properties window.
- In the Properties window, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard.
- You can then paste the details into your next post in the same way that you paste your HijackThis log- by choosing "Paste" from the "File" menu or by hitting CTRL+V.
I wasn't after the entire log, just the details from some of the entries flagged with "error" or "warning":
•
•
•
•
... look through your System and Application logs for entries flagged with "Error" or "Warning". Double-clicking on such an entry will open a window with more detailed information on the error; post that info here.
- Double-click on an entry to open the entry's Properties window.
- In the Properties window, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard.
- You can then paste the details into your next post in the same way that you paste your HijackThis log- by choosing "Paste" from the "File" menu or by hitting CTRL+V.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
I included the activity before and after my MVP Baseball mishap.
Here are the new logs for my System and Application from Eventviewer:
System Log:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 12/24/2005
Time: 1:32:43 AM
User: N/A
Computer: FLASHGORDON
Description:
The McAfee.com McShield service terminated with service-specific error 5022 (0x139E).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/24/2005
Time: 1:31:19 AM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 12/24/2005
Time: 12:38:37 AM
User: N/A
Computer: FLASHGORDON
Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Aspi32
Fips
intelppm
IPSec
MPFIREWL
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/24/2005
Time: 12:38:37 AM
User: N/A
Computer: FLASHGORDON
Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/24/2005
Time: 12:38:37 AM
User: N/A
Computer: FLASHGORDON
Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/24/2005
Time: 12:38:37 AM
User: N/A
Computer: FLASHGORDON
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/24/2005
Time: 12:38:37 AM
User: N/A
Computer: FLASHGORDON
Description:
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/24/2005
Time: 12:37:32 AM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/24/2005
Time: 12:37:22 AM
User: FLASHGORDON\Walton
Computer: FLASHGORDON
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 12/24/2005
Time: 12:34:19 AM
User: N/A
Computer: FLASHGORDON
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00123F7769BE. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c7 04 00 00 Ç...
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 12/23/2005
Time: 8:43:52 PM
User: FLASHGORDON\Walton
Computer: FLASHGORDON
Description:
The server {692E988D-1057-4C57-8078-26CF7AE54263} did not register with DCOM within the required timeout.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 12/23/2005
Time: 8:37:23 PM
User: FLASHGORDON\Walton
Computer: FLASHGORDON
Description:
The server {692E988D-1057-4C57-8078-26CF7AE54263} did not register with DCOM within the required timeout.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/23/2005
Time: 8:31:40 PM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/23/2005
Time: 8:27:38 PM
User: N/A
Computer: FLASHGORDON
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 12/23/2005
Time: 8:11:27 PM
User: N/A
Computer: FLASHGORDON
Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Aspi32
Fips
intelppm
IPSec
MPFIREWL
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/23/2005
Time: 8:11:27 PM
User: N/A
Computer: FLASHGORDON
Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/22/2005
Time: 4:09:46 AM
User: N/A
Computer: FLASHGORDON
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/21/2005
Time: 10:48:47 AM
User: N/A
Computer: FLASHGORDON
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/19/2005
Time: 8:42:59 AM
User: N/A
Computer: FLASHGORDON
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/18/2005
Time: 3:20:29 PM
User: N/A
Computer: FLASHGORDON
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 12/18/2005
Time: 11:47:33 AM
User: FLASHGORDON\Gordon
Computer: FLASHGORDON
Description:
The server {D0AAD3D6-EB93-4363-A24E-2C3D80CDBAC7} did not register with DCOM within the required timeout.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Cdrom
Event Category: None
Event ID: 7
Date: 12/17/2005
Time: 7:55:24 PM
User: N/A
Computer: FLASHGORDON
Description:
The device, \Device\CdRom0, has a bad block.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 00 68 00 01 00 b8 00 ..h...¸.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 3e 40 02 00 ....>@..
0020: 00 00 00 00 00 00 00 00 ........
0028: 2a 9d 01 00 00 00 00 00 *Â?......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 c4 02 00 00 00 @..Ä....
0040: 00 00 0c 12 48 00 00 00 ....H...
0048: 00 00 00 00 88 13 00 00 ....ˆ...
0050: 28 d0 d0 08 88 0d 8c 83 (��.ˆ.Œƒ
0058: 00 00 00 00 98 74 c1 83 ....˜t�ƒ
0060: 02 00 00 00 00 00 00 00 ........
0068: be 04 00 04 ec 5b 00 00 ¾...ì[..
0070: 13 f0 00 00 00 00 00 00 .ð......
0078: 70 00 03 00 00 00 00 0a p.......
0080: 00 00 00 00 11 06 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
Event Type: Error
Event Source: Cdrom
Event Category: None
Event ID: 7
Date: 12/17/2005
Time: 7:54:06 PM
User: N/A
Computer: FLASHGORDON
Description:
The device, \Device\CdRom0, has a bad block.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 00 68 00 01 00 b8 00 ..h...¸.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 3e 40 02 00 ....>@..
0020: 00 00 00 00 00 00 00 00 ........
0028: d5 89 01 00 00 00 00 00 Չ......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 c4 02 00 00 00 @..Ä....
0040: 00 00 0c 12 48 00 00 00 ....H...
0048: 00 00 00 00 88 13 00 00 ....ˆ...
0050: 28 d0 d0 08 b0 77 af 83 (��.°w¯ƒ
0058: 00 00 00 00 b8 4d 9d 83 ....¸M�ƒ
0060: 02 00 00 00 00 00 00 00 ........
0068: be 04 00 04 ec 5b 00 00 ¾...ì[..
0070: 13 f0 00 00 00 00 00 00 .ð......
0078: 70 00 03 00 00 00 00 0a p.......
0080: 00 00 00 00 11 06 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
Application Log
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 12/24/2005
Time: 9:01:07 PM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 12/24/2005
Time: 2:23:16 PM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/24/2005
Time: 9:51:34 AM
User: N/A
Computer: FLASHGORDON
Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 72 75 6e 64 6c 6c rundll
0018: 33 32 2e 65 78 65 20 35 32.exe 5
0020: 2e 31 2e 32 36 30 30 2e .1.2600.
0028: 32 31 38 30 20 69 6e 20 2180 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 12/23/2005
Time: 4:56:29 PM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:53:14 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp.exe, version 0.0.0.0, faulting module mvp.exe, version 0.0.0.0, fault address 0x0031d0e8.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 2e 65 78 65 20 30 2e 30 .exe 0.0
0020: 2e 30 2e 30 20 69 6e 20 .0.0 in
0028: 6d 76 70 2e 65 78 65 20 mvp.exe
0030: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0038: 61 74 20 6f 66 66 73 65 at offse
0040: 74 20 30 30 33 31 64 30 t 0031d0
0048: 65 38 0d 0a e8..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 12/23/2005
Time: 11:51:10 AM
User: N/A
Computer: FLASHGORDON
Description:
Fault bucket 253363698.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 32 35 33 33 36 33 36 39 25336369
0010: 38 0d 0a 8..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:51:03 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp.exe, version 0.0.0.0, faulting module mvp.exe, version 0.0.0.0, fault address 0x0013fbd9.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 2e 65 78 65 20 30 2e 30 .exe 0.0
0020: 2e 30 2e 30 20 69 6e 20 .0.0 in
0028: 6d 76 70 2e 65 78 65 20 mvp.exe
0030: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0038: 61 74 20 6f 66 66 73 65 at offse
0040: 74 20 30 30 31 33 66 62 t 0013fb
0048: 64 39 0d 0a d9..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:50:35 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x003d8a55.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 35 2e 65 78 65 2005.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 35 2e 65 78 65 20 005.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 33 64 38 61 t 003d8a
0050: 35 35 0d 0a 55..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:50:06 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x0013fbd9.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 35 2e 65 78 65 2005.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 35 2e 65 78 65 20 005.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 31 33 66 62 t 0013fb
0050: 64 39 0d 0a d9..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:49:49 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x0013fbd9.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 35 2e 65 78 65 2005.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 35 2e 65 78 65 20 005.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 31 33 66 62 t 0013fb
0050: 64 39 0d 0a d9..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:45:35 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x003d8a55.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 35 2e 65 78 65 2005.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 35 2e 65 78 65 20 005.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 33 64 38 61 t 003d8a
0050: 35 35 0d 0a 55..
Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 12/23/2005
Time: 11:32:37 AM
User: N/A
Computer: FLASHGORDON
Description:
Fault bucket 45558392.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 34 35 35 35 38 33 39 32 45558392
0010: 0d 0a ..
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/23/2005
Time: 11:32:35 AM
User: N/A
Computer: FLASHGORDON
Description:
Hanging application pztrain.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 70 7a 74 72 61 69 pztrai
0018: 6e 2e 65 78 65 20 30 2e n.exe 0.
0020: 30 2e 30 2e 30 20 69 6e 0.0.0 in
0028: 20 68 75 6e 67 61 70 70 hungapp
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 30 30 30 30 et 00000
0048: 30 30 30 000
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 12/23/2005
Time: 11:31:33 AM
User: N/A
Computer: FLASHGORDON
Description:
Fault bucket 91625455.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 39 31 36 32 35 34 35 35 91625455
0010: 0d 0a ..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:31:29 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2004.exe, version 0.0.0.0, faulting module mvp2004.exe, version 0.0.0.0, fault address 0x0031d4d8.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 34 2e 65 78 65 2004.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 34 2e 65 78 65 20 004.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 33 31 64 34 t 0031d4
0050: 64 38 0d 0a d8..
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/23/2005
Time: 11:27:29 AM
User: N/A
Computer: FLASHGORDON
Description:
Hanging application pztrain.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 70 7a 74 72 61 69 pztrai
0018: 6e 2e 65 78 65 20 30 2e n.exe 0.
0020: 30 2e 30 2e 30 20 69 6e 0.0.0 in
0028: 20 68 75 6e 67 61 70 70 hungapp
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 30 30 30 30 et 00000
0048: 30 30 30 000
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 12/23/2005
Time: 11:25:47 AM
User: N/A
Computer: FLASHGORDON
Description:
Fault bucket 91625455.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 39 31 36 32 35 34 35 35 91625455
0010: 0d 0a ..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:25:42 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2004.exe, version 0.0.0.0, faulting module mvp2004.exe, version 0.0.0.0, fault address 0x0031d4d8.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 34 2e 65 78 65 2004.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 34 2e 65 78 65 20 004.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 33 31 64 34 t 0031d4
0050: 64 38 0d 0a d8..
Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 12/23/2005
Time: 1:16:47 AM
User: N/A
Computer: FLASHGORDON
Description:
Fault bucket 131907350.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 31 33 31 39 30 37 33 35 13190735
0010: 30 0d 0a 0..
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/23/2005
Time: 1:16:43 AM
User: N/A
Computer: FLASHGORDON
Description:
Hanging application CTCMS.exe, version 2.2.31.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 43 54 43 4d 53 2e CTCMS.
0018: 65 78 65 20 32 2e 32 2e exe 2.2.
0020: 33 31 2e 30 20 69 6e 20 31.0 in
0028: 68 75 6e 67 61 70 70 20 hungapp
0030: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0038: 61 74 20 6f 66 66 73 65 at offse
0040: 74 20 30 30 30 30 30 30 t 000000
0048: 30 30 00
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 12/22/2005
Time: 5:27:08 PM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Here are the new logs for my System and Application from Eventviewer:
System Log:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 12/24/2005
Time: 1:32:43 AM
User: N/A
Computer: FLASHGORDON
Description:
The McAfee.com McShield service terminated with service-specific error 5022 (0x139E).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/24/2005
Time: 1:31:19 AM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 12/24/2005
Time: 12:38:37 AM
User: N/A
Computer: FLASHGORDON
Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Aspi32
Fips
intelppm
IPSec
MPFIREWL
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/24/2005
Time: 12:38:37 AM
User: N/A
Computer: FLASHGORDON
Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/24/2005
Time: 12:38:37 AM
User: N/A
Computer: FLASHGORDON
Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/24/2005
Time: 12:38:37 AM
User: N/A
Computer: FLASHGORDON
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/24/2005
Time: 12:38:37 AM
User: N/A
Computer: FLASHGORDON
Description:
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/24/2005
Time: 12:37:32 AM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/24/2005
Time: 12:37:22 AM
User: FLASHGORDON\Walton
Computer: FLASHGORDON
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 12/24/2005
Time: 12:34:19 AM
User: N/A
Computer: FLASHGORDON
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00123F7769BE. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c7 04 00 00 Ç...
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 12/23/2005
Time: 8:43:52 PM
User: FLASHGORDON\Walton
Computer: FLASHGORDON
Description:
The server {692E988D-1057-4C57-8078-26CF7AE54263} did not register with DCOM within the required timeout.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 12/23/2005
Time: 8:37:23 PM
User: FLASHGORDON\Walton
Computer: FLASHGORDON
Description:
The server {692E988D-1057-4C57-8078-26CF7AE54263} did not register with DCOM within the required timeout.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/23/2005
Time: 8:31:40 PM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/23/2005
Time: 8:27:38 PM
User: N/A
Computer: FLASHGORDON
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 12/23/2005
Time: 8:11:27 PM
User: N/A
Computer: FLASHGORDON
Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Aspi32
Fips
intelppm
IPSec
MPFIREWL
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/23/2005
Time: 8:11:27 PM
User: N/A
Computer: FLASHGORDON
Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
A device attached to the system is not functioning.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/22/2005
Time: 4:09:46 AM
User: N/A
Computer: FLASHGORDON
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/21/2005
Time: 10:48:47 AM
User: N/A
Computer: FLASHGORDON
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/19/2005
Time: 8:42:59 AM
User: N/A
Computer: FLASHGORDON
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/18/2005
Time: 3:20:29 PM
User: N/A
Computer: FLASHGORDON
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 12/18/2005
Time: 11:47:33 AM
User: FLASHGORDON\Gordon
Computer: FLASHGORDON
Description:
The server {D0AAD3D6-EB93-4363-A24E-2C3D80CDBAC7} did not register with DCOM within the required timeout.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Cdrom
Event Category: None
Event ID: 7
Date: 12/17/2005
Time: 7:55:24 PM
User: N/A
Computer: FLASHGORDON
Description:
The device, \Device\CdRom0, has a bad block.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 00 68 00 01 00 b8 00 ..h...¸.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 3e 40 02 00 ....>@..
0020: 00 00 00 00 00 00 00 00 ........
0028: 2a 9d 01 00 00 00 00 00 *Â?......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 c4 02 00 00 00 @..Ä....
0040: 00 00 0c 12 48 00 00 00 ....H...
0048: 00 00 00 00 88 13 00 00 ....ˆ...
0050: 28 d0 d0 08 88 0d 8c 83 (��.ˆ.Œƒ
0058: 00 00 00 00 98 74 c1 83 ....˜t�ƒ
0060: 02 00 00 00 00 00 00 00 ........
0068: be 04 00 04 ec 5b 00 00 ¾...ì[..
0070: 13 f0 00 00 00 00 00 00 .ð......
0078: 70 00 03 00 00 00 00 0a p.......
0080: 00 00 00 00 11 06 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
Event Type: Error
Event Source: Cdrom
Event Category: None
Event ID: 7
Date: 12/17/2005
Time: 7:54:06 PM
User: N/A
Computer: FLASHGORDON
Description:
The device, \Device\CdRom0, has a bad block.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 00 68 00 01 00 b8 00 ..h...¸.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 3e 40 02 00 ....>@..
0020: 00 00 00 00 00 00 00 00 ........
0028: d5 89 01 00 00 00 00 00 Չ......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 c4 02 00 00 00 @..Ä....
0040: 00 00 0c 12 48 00 00 00 ....H...
0048: 00 00 00 00 88 13 00 00 ....ˆ...
0050: 28 d0 d0 08 b0 77 af 83 (��.°w¯ƒ
0058: 00 00 00 00 b8 4d 9d 83 ....¸M�ƒ
0060: 02 00 00 00 00 00 00 00 ........
0068: be 04 00 04 ec 5b 00 00 ¾...ì[..
0070: 13 f0 00 00 00 00 00 00 .ð......
0078: 70 00 03 00 00 00 00 0a p.......
0080: 00 00 00 00 11 06 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
Application Log
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 12/24/2005
Time: 9:01:07 PM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 12/24/2005
Time: 2:23:16 PM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/24/2005
Time: 9:51:34 AM
User: N/A
Computer: FLASHGORDON
Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 72 75 6e 64 6c 6c rundll
0018: 33 32 2e 65 78 65 20 35 32.exe 5
0020: 2e 31 2e 32 36 30 30 2e .1.2600.
0028: 32 31 38 30 20 69 6e 20 2180 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 12/23/2005
Time: 4:56:29 PM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:53:14 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp.exe, version 0.0.0.0, faulting module mvp.exe, version 0.0.0.0, fault address 0x0031d0e8.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 2e 65 78 65 20 30 2e 30 .exe 0.0
0020: 2e 30 2e 30 20 69 6e 20 .0.0 in
0028: 6d 76 70 2e 65 78 65 20 mvp.exe
0030: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0038: 61 74 20 6f 66 66 73 65 at offse
0040: 74 20 30 30 33 31 64 30 t 0031d0
0048: 65 38 0d 0a e8..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 12/23/2005
Time: 11:51:10 AM
User: N/A
Computer: FLASHGORDON
Description:
Fault bucket 253363698.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 32 35 33 33 36 33 36 39 25336369
0010: 38 0d 0a 8..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:51:03 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp.exe, version 0.0.0.0, faulting module mvp.exe, version 0.0.0.0, fault address 0x0013fbd9.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 2e 65 78 65 20 30 2e 30 .exe 0.0
0020: 2e 30 2e 30 20 69 6e 20 .0.0 in
0028: 6d 76 70 2e 65 78 65 20 mvp.exe
0030: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0038: 61 74 20 6f 66 66 73 65 at offse
0040: 74 20 30 30 31 33 66 62 t 0013fb
0048: 64 39 0d 0a d9..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:50:35 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x003d8a55.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 35 2e 65 78 65 2005.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 35 2e 65 78 65 20 005.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 33 64 38 61 t 003d8a
0050: 35 35 0d 0a 55..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:50:06 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x0013fbd9.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 35 2e 65 78 65 2005.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 35 2e 65 78 65 20 005.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 31 33 66 62 t 0013fb
0050: 64 39 0d 0a d9..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:49:49 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x0013fbd9.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 35 2e 65 78 65 2005.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 35 2e 65 78 65 20 005.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 31 33 66 62 t 0013fb
0050: 64 39 0d 0a d9..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:45:35 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x003d8a55.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 35 2e 65 78 65 2005.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 35 2e 65 78 65 20 005.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 33 64 38 61 t 003d8a
0050: 35 35 0d 0a 55..
Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 12/23/2005
Time: 11:32:37 AM
User: N/A
Computer: FLASHGORDON
Description:
Fault bucket 45558392.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 34 35 35 35 38 33 39 32 45558392
0010: 0d 0a ..
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/23/2005
Time: 11:32:35 AM
User: N/A
Computer: FLASHGORDON
Description:
Hanging application pztrain.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 70 7a 74 72 61 69 pztrai
0018: 6e 2e 65 78 65 20 30 2e n.exe 0.
0020: 30 2e 30 2e 30 20 69 6e 0.0.0 in
0028: 20 68 75 6e 67 61 70 70 hungapp
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 30 30 30 30 et 00000
0048: 30 30 30 000
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 12/23/2005
Time: 11:31:33 AM
User: N/A
Computer: FLASHGORDON
Description:
Fault bucket 91625455.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 39 31 36 32 35 34 35 35 91625455
0010: 0d 0a ..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:31:29 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2004.exe, version 0.0.0.0, faulting module mvp2004.exe, version 0.0.0.0, fault address 0x0031d4d8.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 34 2e 65 78 65 2004.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 34 2e 65 78 65 20 004.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 33 31 64 34 t 0031d4
0050: 64 38 0d 0a d8..
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/23/2005
Time: 11:27:29 AM
User: N/A
Computer: FLASHGORDON
Description:
Hanging application pztrain.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 70 7a 74 72 61 69 pztrai
0018: 6e 2e 65 78 65 20 30 2e n.exe 0.
0020: 30 2e 30 2e 30 20 69 6e 0.0.0 in
0028: 20 68 75 6e 67 61 70 70 hungapp
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 30 30 30 30 et 00000
0048: 30 30 30 000
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 12/23/2005
Time: 11:25:47 AM
User: N/A
Computer: FLASHGORDON
Description:
Fault bucket 91625455.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 39 31 36 32 35 34 35 35 91625455
0010: 0d 0a ..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 12/23/2005
Time: 11:25:42 AM
User: N/A
Computer: FLASHGORDON
Description:
Faulting application mvp2004.exe, version 0.0.0.0, faulting module mvp2004.exe, version 0.0.0.0, fault address 0x0031d4d8.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 76 70 ure mvp
0018: 32 30 30 34 2e 65 78 65 2004.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 6d 76 70 32 in mvp2
0030: 30 30 34 2e 65 78 65 20 004.exe
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 33 31 64 34 t 0031d4
0050: 64 38 0d 0a d8..
Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 12/23/2005
Time: 1:16:47 AM
User: N/A
Computer: FLASHGORDON
Description:
Fault bucket 131907350.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 31 33 31 39 30 37 33 35 13190735
0010: 30 0d 0a 0..
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/23/2005
Time: 1:16:43 AM
User: N/A
Computer: FLASHGORDON
Description:
Hanging application CTCMS.exe, version 2.2.31.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 43 54 43 4d 53 2e CTCMS.
0018: 65 78 65 20 32 2e 32 2e exe 2.2.
0020: 33 31 2e 30 20 69 6e 20 31.0 in
0028: 68 75 6e 67 61 70 70 20 hungapp
0030: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0038: 61 74 20 6f 66 66 73 65 at offse
0040: 74 20 30 30 30 30 30 30 t 000000
0048: 30 30 00
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 12/22/2005
Time: 5:27:08 PM
User: NT AUTHORITY\SYSTEM
Computer: FLASHGORDON
Description:
Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Thanks for the help thus far. Here is some more supplemental info for the MVP Baseball time frame with different explanations:
12/24/2005 9:01:07 PM Userenv Warning None 1517 NT AUTHORITY\SYSTEM FLASHGORDON Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
12/24/2005 5:26:37 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/24/2005 5:26:15 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/24/2005 5:26:15 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/24/2005 3:55:39 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/24/2005 3:55:14 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/24/2005 3:55:13 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/24/2005 2:23:16 PM Userenv Warning None 1517 NT AUTHORITY\SYSTEM FLASHGORDON Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
12/24/2005 9:51:34 AM Application Hang Error (101) 1002 N/A FLASHGORDON Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
12/24/2005 9:24:12 AM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/24/2005 9:23:56 AM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/24/2005 9:23:50 AM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/24/2005 1:33:37 AM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/24/2005 1:32:39 AM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/24/2005 1:32:27 AM McLogEvent Error None 5022 NT AUTHORITY\SYSTEM FLASHGORDON MCSCAN32 Engine Initialisation failed. Engine returned error : The DAT files failed or are missing.
12/24/2005 1:32:24 AM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/24/2005 12:34:45 AM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/24/2005 12:34:31 AM McLogEvent Error None 5022 NT AUTHORITY\SYSTEM FLASHGORDON MCSCAN32 Engine Initialisation failed. Engine returned error : The DAT files failed or are missing.
12/24/2005 12:34:28 AM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 8:35:01 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 8:34:46 PM McLogEvent Error None 5022 NT AUTHORITY\SYSTEM FLASHGORDON MCSCAN32 Engine Initialisation failed. Engine returned error : The DAT files failed or are missing.
12/23/2005 8:34:43 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 8:26:31 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 8:26:05 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 8:26:04 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 8:23:35 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 8:16:16 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 8:16:03 PM McLogEvent Error None 5022 NT AUTHORITY\SYSTEM FLASHGORDON MCSCAN32 Engine Initialisation failed. Engine returned error : The DAT files failed or are missing.
12/23/2005 8:15:59 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 7:54:33 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 7:53:37 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 7:53:14 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 7:53:11 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 7:24:57 PM Winlogon Information None 1002 N/A FLASHGORDON The shell stopped unexpectedly and Explorer.exe was restarted.
12/23/2005 6:13:31 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 6:13:04 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 6:13:03 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 6:02:06 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 6:02:05 PM SecurityCenter Information None 1801 N/A FLASHGORDON The Windows Security Center Service has stopped.
12/23/2005 5:25:28 PM Winlogon Information None 1002 N/A FLASHGORDON The shell stopped unexpectedly and Explorer.exe was restarted.
12/23/2005 4:56:29 PM Userenv Warning None 1517 NT AUTHORITY\SYSTEM FLASHGORDON Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
12/23/2005 4:45:37 PM Winlogon Information None 1002 N/A FLASHGORDON The shell stopped unexpectedly and Explorer.exe was restarted.
12/23/2005 4:28:31 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 4:20:56 PM Winlogon Information None 1002 N/A FLASHGORDON The shell stopped unexpectedly and Explorer.exe was restarted.
12/23/2005 3:47:38 PM MpfService Error None 2 FLASHGORDON\Walton FLASHGORDON The description for Event ID ( 2 ) in Source ( MpfService ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The service process could not connect to the service controller..
12/23/2005 3:25:19 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 3:24:54 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 3:24:53 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 3:13:12 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 3:12:31 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 3:12:27 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 11:53:14 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp.exe, version 0.0.0.0, faulting module mvp.exe, version 0.0.0.0, fault address 0x0031d0e8.
12/23/2005 11:51:10 AM Application Error Error None 1001 N/A FLASHGORDON Fault bucket 253363698.
12/23/2005 11:51:03 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp.exe, version 0.0.0.0, faulting module mvp.exe, version 0.0.0.0, fault address 0x0013fbd9.
12/23/2005 11:50:35 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x003d8a55.
12/23/2005 11:50:06 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x0013fbd9.
12/23/2005 11:49:49 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x0013fbd9.
12/23/2005 11:45:35 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x003d8a55.
12/23/2005 11:32:37 AM Application Hang Error None 1001 N/A FLASHGORDON Fault bucket 45558392.
12/23/2005 11:32:35 AM Application Hang Error (101) 1002 N/A FLASHGORDON Hanging application pztrain.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
12/23/2005 11:31:33 AM Application Error Error None 1001 N/A FLASHGORDON Fault bucket 91625455.
12/23/2005 11:31:29 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2004.exe, version 0.0.0.0, faulting module mvp2004.exe, version 0.0.0.0, fault address 0x0031d4d8.
12/23/2005 11:27:29 AM Application Hang Error (101) 1002 N/A FLASHGORDON Hanging application pztrain.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
12/23/2005 11:25:47 AM Application Error Error None 1001 N/A FLASHGORDON Fault bucket 91625455.
12/23/2005 11:25:42 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2004.exe, version 0.0.0.0, faulting module mvp2004.exe, version 0.0.0.0, fault address 0x0031d4d8.
12/23/2005 8:06:49 AM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 8:05:53 AM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 8:05:48 AM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 2:07:06 AM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 2:06:36 AM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 2:06:30 AM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 1:58:33 AM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 1:16:47 AM Application Hang Error None 1001 N/A FLASHGORDON Fault bucket 131907350.
12/23/2005 1:16:43 AM Application Hang Error (101) 1002 N/A FLASHGORDON Hanging application CTCMS.exe, version 2.2.31.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
12/23/2005 12:30:58 AM Application Hang Error (101) 1002 N/A FLASHGORDON Hanging application ShowTime.exe, version 2.1.0.4, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
csx2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
12/24/2005 9:01:07 PM Userenv Warning None 1517 NT AUTHORITY\SYSTEM FLASHGORDON Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
12/24/2005 5:26:37 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/24/2005 5:26:15 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/24/2005 5:26:15 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/24/2005 3:55:39 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/24/2005 3:55:14 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/24/2005 3:55:13 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/24/2005 2:23:16 PM Userenv Warning None 1517 NT AUTHORITY\SYSTEM FLASHGORDON Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
12/24/2005 9:51:34 AM Application Hang Error (101) 1002 N/A FLASHGORDON Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
12/24/2005 9:24:12 AM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/24/2005 9:23:56 AM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/24/2005 9:23:50 AM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/24/2005 1:33:37 AM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/24/2005 1:32:39 AM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/24/2005 1:32:27 AM McLogEvent Error None 5022 NT AUTHORITY\SYSTEM FLASHGORDON MCSCAN32 Engine Initialisation failed. Engine returned error : The DAT files failed or are missing.
12/24/2005 1:32:24 AM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/24/2005 12:34:45 AM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/24/2005 12:34:31 AM McLogEvent Error None 5022 NT AUTHORITY\SYSTEM FLASHGORDON MCSCAN32 Engine Initialisation failed. Engine returned error : The DAT files failed or are missing.
12/24/2005 12:34:28 AM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 8:35:01 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 8:34:46 PM McLogEvent Error None 5022 NT AUTHORITY\SYSTEM FLASHGORDON MCSCAN32 Engine Initialisation failed. Engine returned error : The DAT files failed or are missing.
12/23/2005 8:34:43 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 8:26:31 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 8:26:05 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 8:26:04 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 8:23:35 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 8:16:16 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 8:16:03 PM McLogEvent Error None 5022 NT AUTHORITY\SYSTEM FLASHGORDON MCSCAN32 Engine Initialisation failed. Engine returned error : The DAT files failed or are missing.
12/23/2005 8:15:59 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 7:54:33 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 7:53:37 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 7:53:14 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 7:53:11 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 7:24:57 PM Winlogon Information None 1002 N/A FLASHGORDON The shell stopped unexpectedly and Explorer.exe was restarted.
12/23/2005 6:13:31 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 6:13:04 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 6:13:03 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 6:02:06 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 6:02:05 PM SecurityCenter Information None 1801 N/A FLASHGORDON The Windows Security Center Service has stopped.
12/23/2005 5:25:28 PM Winlogon Information None 1002 N/A FLASHGORDON The shell stopped unexpectedly and Explorer.exe was restarted.
12/23/2005 4:56:29 PM Userenv Warning None 1517 NT AUTHORITY\SYSTEM FLASHGORDON Windows saved user FLASHGORDON\Walton registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
12/23/2005 4:45:37 PM Winlogon Information None 1002 N/A FLASHGORDON The shell stopped unexpectedly and Explorer.exe was restarted.
12/23/2005 4:28:31 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167703 viruses.
Engine version : 4.4.00
.DAT version : 4658
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 4:20:56 PM Winlogon Information None 1002 N/A FLASHGORDON The shell stopped unexpectedly and Explorer.exe was restarted.
12/23/2005 3:47:38 PM MpfService Error None 2 FLASHGORDON\Walton FLASHGORDON The description for Event ID ( 2 ) in Source ( MpfService ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The service process could not connect to the service controller..
12/23/2005 3:25:19 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 3:24:54 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 3:24:53 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 3:13:12 PM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 3:12:31 PM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 3:12:27 PM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 11:53:14 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp.exe, version 0.0.0.0, faulting module mvp.exe, version 0.0.0.0, fault address 0x0031d0e8.
12/23/2005 11:51:10 AM Application Error Error None 1001 N/A FLASHGORDON Fault bucket 253363698.
12/23/2005 11:51:03 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp.exe, version 0.0.0.0, faulting module mvp.exe, version 0.0.0.0, fault address 0x0013fbd9.
12/23/2005 11:50:35 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x003d8a55.
12/23/2005 11:50:06 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x0013fbd9.
12/23/2005 11:49:49 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x0013fbd9.
12/23/2005 11:45:35 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2005.exe, version 0.0.0.0, faulting module mvp2005.exe, version 0.0.0.0, fault address 0x003d8a55.
12/23/2005 11:32:37 AM Application Hang Error None 1001 N/A FLASHGORDON Fault bucket 45558392.
12/23/2005 11:32:35 AM Application Hang Error (101) 1002 N/A FLASHGORDON Hanging application pztrain.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
12/23/2005 11:31:33 AM Application Error Error None 1001 N/A FLASHGORDON Fault bucket 91625455.
12/23/2005 11:31:29 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2004.exe, version 0.0.0.0, faulting module mvp2004.exe, version 0.0.0.0, fault address 0x0031d4d8.
12/23/2005 11:27:29 AM Application Hang Error (101) 1002 N/A FLASHGORDON Hanging application pztrain.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
12/23/2005 11:25:47 AM Application Error Error None 1001 N/A FLASHGORDON Fault bucket 91625455.
12/23/2005 11:25:42 AM Application Error Error None 1000 N/A FLASHGORDON Faulting application mvp2004.exe, version 0.0.0.0, faulting module mvp2004.exe, version 0.0.0.0, fault address 0x0031d4d8.
12/23/2005 8:06:49 AM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 8:05:53 AM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 8:05:48 AM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 2:07:06 AM SecurityCenter Information None 1800 N/A FLASHGORDON The Windows Security Center Service has started.
12/23/2005 2:06:36 AM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 2:06:30 AM Creative Service for CDROM Access Information None 105 N/A FLASHGORDON The service was started.
12/23/2005 1:58:33 AM McLogEvent Information None 5000 NT AUTHORITY\SYSTEM FLASHGORDON McAfee McShield service started - scanning for 167439 viruses.
Engine version : 4.4.00
.DAT version : 4657
EXTRA.DAT name : None
Number of virus signatures in EXTRA.DAT : None
Names of viruses that EXTRA.DAT can detect : None
12/23/2005 1:16:47 AM Application Hang Error None 1001 N/A FLASHGORDON Fault bucket 131907350.
12/23/2005 1:16:43 AM Application Hang Error (101) 1002 N/A FLASHGORDON Hanging application CTCMS.exe, version 2.2.31.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
12/23/2005 12:30:58 AM Application Hang Error (101) 1002 N/A FLASHGORDON Hanging application ShowTime.exe, version 2.1.0.4, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
csx2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
OK- I have to log off for the night fairly soon, but I'll repost tomorrow after I've had a chance to chew through the event history you posted.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
By the way, my regedit.exe doesn't work at all. When I follow the path of Start\Run\regedit, I get a flash of something on my screen, and then the program just quits with an error report. Can you help me get this working because I think I might be able to fix the problem. I have visited other forums and made posts as well, and I discovered someone who had a similar problem. Below is the potential solution which came from another forum and it is in verbatim form:
Response Number 11
Name: thepcguy
Date: December 09, 2005 at 11:03:33 Pacific
Subject: .exe have changed to .lnk
Reply:
I just came accross this problem and let me tell you, it is a heck of a thing to fix. Here is how you do it though, it involves a little timing and a little luck.
1) Download and save this file to a floppy or CD http://www.kellys-korner-xp.com/regs_edits/exefix.reg
2) Boot into XP and check if you have Outlook Express active on your start menu. Hopefully you have Outlook Express still listed there. If you don't, you are probably hooped.
3) Copy regedit.exe from your c:\windows\ directory to your c:\program files\outlook express\ folder
4) Here is the tricky part; you have to rename MSIMN.EXE to MSIMN.OLD. Then rename REGEDIT.EXE to MSIMN.EXE -- on my system I the MSIMN.EXE kept regenerating itself after being deleted or renamed so you have to be very quick about it. What I did was rename REGEDIT.EXE to MSIMN.EX so I can just add and "E" at the end quickly before MSIMN.EXE regenerates itself. WHEW!
5) Start Regedit from you start menu
6) change permissions on your HKEY_CLASSES_ROOT to allow "EVERYONE" Complete control
7) Import the reg file you saved to disk or cd
8) exit regedit and you should see all your icons re-appear.
9) delete msimn.exe from the outlook express folder and rename MSIMN.OLD ot MSIMN.EXE
DONE!
Response Number 11
Name: thepcguy
Date: December 09, 2005 at 11:03:33 Pacific
Subject: .exe have changed to .lnk
Reply:
I just came accross this problem and let me tell you, it is a heck of a thing to fix. Here is how you do it though, it involves a little timing and a little luck.
1) Download and save this file to a floppy or CD http://www.kellys-korner-xp.com/regs_edits/exefix.reg
2) Boot into XP and check if you have Outlook Express active on your start menu. Hopefully you have Outlook Express still listed there. If you don't, you are probably hooped.
3) Copy regedit.exe from your c:\windows\ directory to your c:\program files\outlook express\ folder
4) Here is the tricky part; you have to rename MSIMN.EXE to MSIMN.OLD. Then rename REGEDIT.EXE to MSIMN.EXE -- on my system I the MSIMN.EXE kept regenerating itself after being deleted or renamed so you have to be very quick about it. What I did was rename REGEDIT.EXE to MSIMN.EX so I can just add and "E" at the end quickly before MSIMN.EXE regenerates itself. WHEW!
5) Start Regedit from you start menu
6) change permissions on your HKEY_CLASSES_ROOT to allow "EVERYONE" Complete control
7) Import the reg file you saved to disk or cd
8) exit regedit and you should see all your icons re-appear.
9) delete msimn.exe from the outlook express folder and rename MSIMN.OLD ot MSIMN.EXE
DONE!
|
Similar Threads
- Hijacked IE (Viruses, Spyware and other Nasties)
- I've been hijacked, please help ! (Viruses, Spyware and other Nasties)
- IE6 has been constantly hijacked by .... (Viruses, Spyware and other Nasties)
- IE6 has been constantly hijacked by .... (Viruses, Spyware and other Nasties)
- IE6 has been constantly hijacked by .... (Viruses, Spyware and other Nasties)
- I've been HiJacked (Viruses, Spyware and other Nasties)
- IE6 has been constantly hijacked by .... (Viruses, Spyware and other Nasties)
- IE6 hijacked - spybot cleared system but start buttons don´t work (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: xp crashed
- Next Thread: Need help
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec threat trojan unwanted update usa virus viruses vista volume warning windows worm yahoo zero-day
