Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

minilegs

65 Posts

4890

January 31st, 2007 14:00

stupid computer

my computer turns on and off my virus protection and spyware programs and log me in and out on messenger . It seems the processor runs full speed ahead and games that are under the requirements for my computer are freezing and running weird or erroe on loading .HELP
 
 
Logfile of HijackThis v1.99.1
Scan saved at 11:23:11 AM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPV5Updater.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 205.238.40.52 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

minilegs

65 Posts

February 1st, 2007 12:00

ok modem is uninstalled but every time i restart computer it tries to reload it , says found new hardware . I ran the k... scan and it founs nothing . I tried the housecalls but could not get it to work , it would error when it tried to scan so i cut off my virus protection but it didn't help. I went to dells site and updated my bios but haven't been on here long enough to tell if it helped . My memory say 522,320 kb is that the same as 512 mb , I couldn't remeber how to convert it . I tried the memory test but it wouldn't run . I figure I will take my computer cover off and see if i have a loose cable on my cd/dvd thing and would you suggest reseating my memory .?

minilegs

65 Posts

February 1st, 2007 12:00

oh yeah almost forgot I ran disk check and everything was fine there too. What is the HJT scan for the messenger problem . Sorry again computer stupid . I know the insides and how to hook them up good but the programs I am still learning . I am planning on going back to school and doing computers.

minilegs

65 Posts

February 1st, 2007 13:00

and more
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:11:41 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:11:40 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:11:40 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:11:46 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      

minilegs

65 Posts

February 1st, 2007 13:00

and here are more
 
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date:  1/26/2007
Time:  6:50:43 PM
User:  NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows saved user COMPUTER\What registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date:  1/26/2007
Time:  7:03:58 PM
User:  NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows saved user COMPUTER\What registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date:  1/26/2007
Time:  7:44:21 PM
User:  NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows saved user COMPUTER\What registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11904
Date:  1/26/2007
Time:  8:04:28 PM
User:  COMPUTER\What
Computer: COMPUTER
Description:
Product: Macromedia Flash Player -- Error 1904. Module C:\WINDOWS\system32\Macromed\Flash\Flash.ocx failed to register.  HRESULT -2147319780.  Contact your support personnel.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 30 34 35 36 65 62 64   {0456ebd
0008: 37 2d 35 66 36 37 2d 34   7-5f67-4
0010: 61 62 36 2d 38 35 32 65   ab6-852e
0018: 2d 36 33 37 38 31 65 33   -63781e3
0020: 66 33 38 39 63 7d         f389c} 
 
Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11904
Date:  1/26/2007
Time:  8:05:36 PM
User:  COMPUTER\What
Computer: COMPUTER
Description:
Product: Macromedia Flash Player -- Error 1904. Module C:\WINDOWS\system32\Macromed\Flash\Flash.ocx failed to register.  HRESULT -2147319780.  Contact your support personnel.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 30 34 35 36 65 62 64   {0456ebd
0008: 37 2d 35 66 36 37 2d 34   7-5f67-4
0010: 61 62 36 2d 38 35 32 65   ab6-852e
0018: 2d 36 33 37 38 31 65 33   -63781e3
0020: 66 33 38 39 63 7d         f389c} 
 
 

minilegs

65 Posts

February 1st, 2007 13:00

---- Devices - GMER 1.0.12 ----
Device  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE                                                                                     [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE                                                                                      [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL                                                                             [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                    [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP                                                                                    [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE                                                                                    [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE                                                                                     [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL                                                                            [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                   [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP                                                                                   [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE                                                                                    [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE                                                                                     [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL                                                                            [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                   [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP                                                                                   [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE                                                                                  [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE                                                                                   [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL                                                                          [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                 [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP                                                                                 [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE                                                                            [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE                                                                             [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL                                                                    [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL                                                           [EFD06800] vsdatant.sys
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP                                                                           [EFD06800] vsdatant.sys
---- Files - GMER 1.0.12 ----
ADS     C:\Documents and Settings\What\Favorites\Local Weather Forecast for Randleman, NC (27317) - weather.com.url:favicon       
ADS     C:\Documents and Settings\What\Favorites\NHRA Lucas Oil Drag Racing Series 2007 Schedule.url:favicon                      
ADS     C:\Documents and Settings\What\Favorites\NHRA POWERade Series national event schedule.url:favicon                         
ADS     C:\Documents and Settings\What\Favorites\Retail Services Online Customer Care - Jump Page.url:favicon                     
ADS     C:\Documents and Settings\What\Favorites\stupid computer - Software - HijackThis - Dell Community Forum.url:favicon       
ADS     C:\Documents and Settings\What\Favorites\Taxidermy Net Squirrel Reference Photos.url:favicon                              
ADS     C:\Documents and Settings\What\Favorites\Taxidermy Net.url:favicon                                                        
ADS     C:\Documents and Settings\What\Favorites\Taxidermy.Net Forum - neat critters for sale. new pics-animals added.url:favicon 
ADS     C:\Documents and Settings\What\Favorites\University of North Carolina - Official Athletic Site.url:favicon                
---- EOF - GMER 1.0.12 ----

minilegs

65 Posts

February 1st, 2007 13:00

and even more
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:11:46 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:14:08 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:14:08 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:14:09 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:14:09 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:14:12 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
 
 
 
 

minilegs

65 Posts

February 1st, 2007 13:00

I don't have a wrist wrap but i'm glad I asked first because I had forgotten about static electricity . I bought this computer from dell because my husband thought the other one I built had something wrong but it just wasn't much in it . Although my hd did go bad on it eventually ...not my fault and so i offered to build him another but he so no. Is my memory correct? I will go try the scans and check my event log and post back ...thanks for comming back to me this morning , i was afraid you would think I was not going to repost since I didn't last night.

minilegs

65 Posts

February 1st, 2007 13:00

and finally
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:14:12 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  8:14:13 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application setup.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 73 65 74 75 70 2e     setup.
0018: 65 78 65 20 30 2e 30 2e   exe 0.0.
0020: 30 2e 30 20 69 6e 20 68   0.0 in h
0028: 75 6e 67 61 70 70 20 30   ungapp 0
0030: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0038: 74 20 6f 66 66 73 65 74   t offset
0040: 20 30 30 30 30 30 30 30    0000000
0048: 30                        0      
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date:  1/26/2007
Time:  8:33:27 PM
User:  NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows saved user COMPUTER\What registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
Event Type: Warning
Event Source: ASP.NET 1.1.4322.0
Event Category: Setup
Event ID: 1020
Date:  1/26/2007
Time:  8:47:05 PM
User:  N/A
Computer: COMPUTER
Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 62
Date:  1/26/2007
Time:  8:52:12 PM
User:  N/A
Computer: COMPUTER
Description:
WMI ADAP was unable to process the .NET CLR Data performance library since one of the data blobs reported to have classes but had zero size
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
 

RKinner

2 Intern

 • 

5.9K Posts

February 1st, 2007 13:00

I'd leave the memory alone if it seems to be working OK unless you are experienced at removing & inserting memory and have a wrist strap.  Static electricity is very bad this time of year unless you live some place like Florida (which I do) and if you are not careful it can kill your memory.  Also getting the chips out and back in without breaking the catches that hold them in place can be tricky.
 
Your CD ROM and hard drives will have a flat ribbon cable and another cable with separate wires for the power.  Check both of them and check the ribbon cable where it plugs into the motherboard.  Might as well check all the cables why you are in there.
 
In Device Manager the modem should have an option to disable it or not to use it in this profile somewhere.  I don't have access to Device Manager on this computer so I can't say for sure.
 
I put in the bit about messenger because you seemed to be having problems with it.
 
We can run another scan with a program called gmer and see if it finds anything. ( If we can find a site that is not under attack.  The rootkit people hate it.)  Try to download it from:
 
 
or
 
 
This page explains how to use it.
 
 
Have you had any more errors show up in the Events logs?
 
Ron

RKinner

2 Intern

 • 

5.9K Posts

February 1st, 2007 13:00

Memory is close.  Probably not a problem but if it seems a bit low.  At least if you figure 1024 bytes = 1 Kilo Byte and 1024 Kilo Byte = 1 Mega Byte.  I found a site that converts for you:
 
 
but I can't make it come out right on my PC either so I wouldn't worry about it.  No telling how Microsoft counts memory.   Usually we see major drops like by 1/4 or 1/2.
 
What went wrong with the memory test?  Would it not start or what?
 
Ron
 
 

minilegs

65 Posts

February 1st, 2007 13:00

 
 
 
I forgot to give you the application ones earlier here they are
 
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date:  1/26/2007
Time:  3:26:54 PM
User:  NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date:  1/26/2007
Time:  4:19:09 PM
User:  NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows saved user COMPUTER\What registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date:  1/26/2007
Time:  5:58:43 PM
User:  NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows saved user COMPUTER\What registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/26/2007
Time:  6:39:21 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application HelpCtr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 48 65 6c 70 43 74     HelpCt
0018: 72 2e 65 78 65 20 35 2e   r.exe 5.
0020: 31 2e 32 36 30 30 2e 32   1.2600.2
0028: 31 38 30 20 69 6e 20 68   180 in h
0030: 75 6e 67 61 70 70 20 30   ungapp 0
0038: 2e 30 2e 30 2e 30 20 61   .0.0.0 a
0040: 74 20 6f 66 66 73 65 74   t offset
0048: 20 30 30 30 30 30 30 30    0000000
0050: 30                        0      
 

minilegs

65 Posts

February 1st, 2007 13:00

oops a few more
 
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 62
Date:  1/26/2007
Time:  8:52:12 PM
User:  N/A
Computer: COMPUTER
Description:
WMI ADAP was unable to process the .NET CLR Networking performance library since one of the data blobs reported to have classes but had zero size
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
Event Type: Error
Event Source: TrueVector Service
Event Category: None
Event ID: 5007
Date:  1/27/2007
Time:  9:49:38 AM
User:  N/A
Computer: COMPUTER
Description:
TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt and has been copied to "C:\WINDOWS\Internet Logs\xDB1.tmp".  File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt and has been deleted.
 
Event Type: Error
Event Source: TrueVector Service
Event Category: None
Event ID: 5007
Date:  1/27/2007
Time:  9:49:38 AM
User:  N/A
Computer: COMPUTER
Description:
TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt, restoring from backup "C:\WINDOWS\Internet Logs\BACKUP.RDB".
 
Event Type: Error
Event Source: TrueVector Service
Event Category: None
Event ID: 5007
Date:  1/27/2007
Time:  9:49:38 AM
User:  N/A
Computer: COMPUTER
Description:
TrueVector engine: File "C:\WINDOWS\Internet Logs\COMPUTER.ldb" was corrupt and has been copied to "C:\WINDOWS\Internet Logs\xDB2.tmp".  File "C:\WINDOWS\Internet Logs\COMPUTER.ldb" was corrupt and has been deleted.
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/28/2007
Time:  4:50:21 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application iexplore.exe, version 7.0.5730.11, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 69 65 78 70 6c 6f     iexplo
0018: 72 65 2e 65 78 65 20 37   re.exe 7
0020: 2e 30 2e 35 37 33 30 2e   .0.5730.
0028: 31 31 20 69 6e 20 68 75   11 in hu
0030: 6e 67 61 70 70 20 30 2e   ngapp 0.
0038: 30 2e 30 2e 30 20 61 74   0.0.0 at
0040: 20 6f 66 66 73 65 74 20    offset
0048: 30 30 30 30 30 30 30 30   00000000
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/28/2007
Time:  4:50:21 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application iexplore.exe, version 7.0.5730.11, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 69 65 78 70 6c 6f     iexplo
0018: 72 65 2e 65 78 65 20 37   re.exe 7
0020: 2e 30 2e 35 37 33 30 2e   .0.5730.
0028: 31 31 20 69 6e 20 68 75   11 in hu
0030: 6e 67 61 70 70 20 30 2e   ngapp 0.
0038: 30 2e 30 2e 30 20 61 74   0.0.0 at
0040: 20 6f 66 66 73 65 74 20    offset
0048: 30 30 30 30 30 30 30 30   00000000
 

minilegs

65 Posts

February 1st, 2007 13:00

last ones i promise
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/28/2007
Time:  4:50:22 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application iexplore.exe, version 7.0.5730.11, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 69 65 78 70 6c 6f     iexplo
0018: 72 65 2e 65 78 65 20 37   re.exe 7
0020: 2e 30 2e 35 37 33 30 2e   .0.5730.
0028: 31 31 20 69 6e 20 68 75   11 in hu
0030: 6e 67 61 70 70 20 30 2e   ngapp 0.
0038: 30 2e 30 2e 30 20 61 74   0.0.0 at
0040: 20 6f 66 66 73 65 74 20    offset
0048: 30 30 30 30 30 30 30 30   00000000
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/28/2007
Time:  4:50:24 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application iexplore.exe, version 7.0.5730.11, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 69 65 78 70 6c 6f     iexplo
0018: 72 65 2e 65 78 65 20 37   re.exe 7
0020: 2e 30 2e 35 37 33 30 2e   .0.5730.
0028: 31 31 20 69 6e 20 68 75   11 in hu
0030: 6e 67 61 70 70 20 30 2e   ngapp 0.
0038: 30 2e 30 2e 30 20 61 74   0.0.0 at
0040: 20 6f 66 66 73 65 74 20    offset
0048: 30 30 30 30 30 30 30 30   00000000
 
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date:  1/28/2007
Time:  4:50:24 PM
User:  N/A
Computer: COMPUTER
Description:
Hanging application iexplore.exe, version 7.0.5730.11, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 69 65 78 70 6c 6f     iexplo
0018: 72 65 2e 65 78 65 20 37   re.exe 7
0020: 2e 30 2e 35 37 33 30 2e   .0.5730.
0028: 31 31 20 69 6e 20 68 75   11 in hu
0030: 6e 67 61 70 70 20 30 2e   ngapp 0.
0038: 30 2e 30 2e 30 20 61 74   0.0.0 at
0040: 20 6f 66 66 73 65 74 20    offset
0048: 30 30 30 30 30 30 30 30   00000000
 
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date:  1/30/2007
Time:  7:08:30 PM
User:  N/A
Computer: COMPUTER
Description:
Faulting application winmx.exe, version 3.5.3.0, faulting module winmx.exe, version 3.5.3.0, fault address 0x000fbbb3.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 77 69 6e   ure  win
0018: 6d 78 2e 65 78 65 20 33   mx.exe 3
0020: 2e 35 2e 33 2e 30 20 69   .5.3.0 i
0028: 6e 20 77 69 6e 6d 78 2e   n winmx.
0030: 65 78 65 20 33 2e 35 2e   exe 3.5.
0038: 33 2e 30 20 61 74 20 6f   3.0 at o
0040: 66 66 73 65 74 20 30 30   ffset 00
0048: 30 66 62 62 62 33 0d 0a   0fbbb3..
 
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date:  2/1/2007
Time:  9:19:31 AM
User:  N/A
Computer: COMPUTER
Description:
Faulting application pestpatrol5.exe, version 5.0.1.6, faulting module mfc42.dll, version 6.2.4131.0, fault address 0x0005c2bd.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 70 65 73   ure  pes
0018: 74 70 61 74 72 6f 6c 35   tpatrol5
0020: 2e 65 78 65 20 35 2e 30   .exe 5.0
0028: 2e 31 2e 36 20 69 6e 20   .1.6 in
0030: 6d 66 63 34 32 2e 64 6c   mfc42.dl
0038: 6c 20 36 2e 32 2e 34 31   l 6.2.41
0040: 33 31 2e 30 20 61 74 20   31.0 at
0048: 6f 66 66 73 65 74 20 30   offset 0
0050: 30 30 35 63 32 62 64 0d   005c2bd.
0058: 0a                        .      
 

minilegs

65 Posts

February 1st, 2007 13:00

Her's the scan in 2 parts
 
 
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-02-01 10:26:30
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                          ZwConnectPort
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                          ZwDeleteKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                          ZwDeleteValueKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                          ZwLoadKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                          ZwOpenProcess
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                          ZwReplaceKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                          ZwRestoreKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                          ZwSetValueKey
Code    59550A30                                                                                                                   IoWriteOperationCount
---- User code sections - GMER 1.0.12 ----
.text   C:\Program Files\Internet Explorer\iexplore.exe[952] USER32.dll!DialogBoxParamW                                            77D5662C 5 Bytes  JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[952] USER32.dll!DialogBoxIndirectParamW                                    77D62043 5 Bytes  JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[952] USER32.dll!MessageBoxIndirectA                                        77D6A05A 5 Bytes  JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[952] USER32.dll!DialogBoxParamA                                            77D6B11C 5 Bytes  JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[952] USER32.dll!MessageBoxExW                                              77D80538 5 Bytes  JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[952] USER32.dll!MessageBoxExA                                              77D8055C 5 Bytes  JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[952] USER32.dll!DialogBoxIndirectParamA                                    77D86CAD 5 Bytes  JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[952] USER32.dll

minilegs

65 Posts

February 1st, 2007 13:00

Active Connections
  Proto  Local Address          Foreign Address        State           PID
  TCP    computer:2029          by1msg4276310.phx.gbl:1863  ESTABLISHED     1548
  TCP    computer:1025          localhost:1032         ESTABLISHED     996
  TCP    computer:1025          localhost:2888         ESTABLISHED     996
  TCP    computer:1026          localhost:1033         ESTABLISHED     996
  TCP    computer:1026          localhost:2889         ESTABLISHED     996
  TCP    computer:1032          localhost:1025         ESTABLISHED     936
  TCP    computer:1033          localhost:1026         ESTABLISHED     936
  TCP    computer:2025          localhost:2026         CLOSE_WAIT      996
  TCP    computer:2888          localhost:1025         ESTABLISHED     1420
  TCP    computer:2889          localhost:1026         ESTABLISHED     1420
 
No New Processes

Was this post helpful?

View All

No Events found!

Top