sborah99
asked on
Computer has slowed down in operations
Last week, my computer showed signs of slowing down. Programs, when double-clicked, would take a minute or two to open. Whenever I would go into my hard drive, the cursor would turn into an hourglass and the flashlight icon would appear, indicating that it was looking for my hard drive. And whenever my screen saver would start, the cursor would turn into an hourglass again and then the screen would turn black for a couple of minutes before the screen saver would appear (My screen saver is a My Pictures slideshow). Within the last couple of days, all these symptoms have gotten worse: Sometimes it's minutes before I can get into my hard drive, and a lot of my programs don't come up for a long time -- at least 20 minutes in some cases -- after I have double-clicked on them. I am running Windows XP with Service Pack 2, I have 2 hard drives (C:, 250 GB, and D:, 80 GB), and I have an Intel Celeron processor (2.6 Ghz) with 1.5 GB RAM. I have run Norton Antivirus 2006, Panda Online Software Scan, and Spybot for viruses and spyware and Registry Mechanic and PC Pitstop for performance issues. Nothing seems to have worked. Does anyone have any idea what could be happening here?
Thanks,
Stacy
Thanks,
Stacy
I want to get some further information this is sort of like a witch hunt for the problem... so it is a few steps but we will find a way to resolve the issue
Go to start run and type TASKMGR then go to the "Processes" Tab see if anything is using a high % of CPU you can double click on CPU to sort the highest using items to the top. Please post the name of these.
next go to start run and type EVENTVWR
look under applications and system to see if their has been any warnings or errors reported if so you can double click on the event listed it will open up that specific event and at the lower right hand corner you will see two pieces of paper click that to copy the error to the clipboard and then either right click in your response area here and select paste or place your cursor in the response box here and hit CTRL V on your keyboard this way I can see the any errors you might be having.
Next right click my computer select properties go to hardware and then click on device manager see if their is anything with a yellow mark next to it or red x or anything odd if so please click on it to open it and tell me if it shows an error status. if so what it is and what device it is.
Now a seperate question is did the anti virus or norton find anything wrong ?
If so I would encourage you to also run
http://www.bitdefender.com - however change the default action setting so it does not delete if it cannot cure
http://housecall.trendmicro.com
http://www.lavasoft.com - download and run adaware personal edition
ttp://www.ewido.net - Ewido anti spyware same as above
http://www.intermute.com/spysubtract/cwshredder_download.html -download coolweb shredder
also
Run Rootkit revealer http://www.sysinternals.com/Utilities/RootkitRevealer.html see if it finds anything if it does and it is suspicious then post the result here and we can look at it further
Go to start run and type TASKMGR then go to the "Processes" Tab see if anything is using a high % of CPU you can double click on CPU to sort the highest using items to the top. Please post the name of these.
next go to start run and type EVENTVWR
look under applications and system to see if their has been any warnings or errors reported if so you can double click on the event listed it will open up that specific event and at the lower right hand corner you will see two pieces of paper click that to copy the error to the clipboard and then either right click in your response area here and select paste or place your cursor in the response box here and hit CTRL V on your keyboard this way I can see the any errors you might be having.
Next right click my computer select properties go to hardware and then click on device manager see if their is anything with a yellow mark next to it or red x or anything odd if so please click on it to open it and tell me if it shows an error status. if so what it is and what device it is.
Now a seperate question is did the anti virus or norton find anything wrong ?
If so I would encourage you to also run
http://www.bitdefender.com - however change the default action setting so it does not delete if it cannot cure
http://housecall.trendmicro.com
http://www.lavasoft.com - download and run adaware personal edition
ttp://www.ewido.net - Ewido anti spyware same as above
http://www.intermute.com/spysubtract/cwshredder_download.html -download coolweb shredder
also
Run Rootkit revealer http://www.sysinternals.com/Utilities/RootkitRevealer.html see if it finds anything if it does and it is suspicious then post the result here and we can look at it further
ASKER
Logfile of HijackThis v1.99.1
Scan saved at 6:11:33 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\system32\spools
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Common Files\LightScribe\LSSrvc.e
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\tcpsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Musicmatch\Musicmatc
D:\Program Files\Musicmatch\Musicmatc
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
D:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\
D:\Program Files\Norton Internet Security\comHost.exe
C:\PROGRA~1\Symantec\LIVEU
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
D:\Program Files\hijackthis\HijackThi
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\In
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-2
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] D:\Program Files\PCPitstop\Optimize\R
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\window
O4 - HKLM\..\Run: [MimBoot] D:\PROGRA~1\MUSICM~1\MUSIC
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\window
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3
O16 - DPF: {266B9238-31A5-4B53-9039-2
O16 - DPF: {3451DEDE-631F-421C-8127-F
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {44990200-3C9D-426D-81DF-A
O16 - DPF: {44990301-3C9D-426D-81DF-A
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-5
O16 - DPF: {F04A8AE2-A59D-11D2-8792-0
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.e
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
Scan saved at 6:11:33 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\system32\spools
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Common Files\LightScribe\LSSrvc.e
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\tcpsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Musicmatch\Musicmatc
D:\Program Files\Musicmatch\Musicmatc
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
D:\PROGRA~1\NORTON~1\NORTO
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\
D:\Program Files\Norton Internet Security\comHost.exe
C:\PROGRA~1\Symantec\LIVEU
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
C:\Program Files\Symantec\LiveUpdate\
D:\Program Files\hijackthis\HijackThi
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\In
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-2
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] D:\Program Files\PCPitstop\Optimize\R
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\window
O4 - HKLM\..\Run: [MimBoot] D:\PROGRA~1\MUSICM~1\MUSIC
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\window
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3
O16 - DPF: {266B9238-31A5-4B53-9039-2
O16 - DPF: {3451DEDE-631F-421C-8127-F
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {44990200-3C9D-426D-81DF-A
O16 - DPF: {44990301-3C9D-426D-81DF-A
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-5
O16 - DPF: {F04A8AE2-A59D-11D2-8792-0
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.e
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
Hi,
1. Please, Open HiJackThis
Click on the "Config..." button on the bottom right
Click on the tab "Misc Tools"
Click on "Delete File on Reboot"
Navigate to this file --> C:\WINDOWS\system32\window
Double click on that file.
HJT asks you if you want to reboot, now. Click "Yes"
2. Next, download http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following :
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, a menu with options should appear;
[*]Select the first option, to run Windows in Safe Mode, then press "Enter".
[*]Choose your usual account.
[*] In Safe Mode, right click the SDFix.zip folder and choose "Extract All"
[*] Open the extracted folder and double click "RunThis.bat" to start the script.
[*] Type Y to begin the script.
[*] It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
[*] Press any Key and it will restart the PC.
[*] Your system will take longer that normal to restart as the fixtool will be running and removing files.
[*] When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
[*] Finally open the SDFix folder on your desktop and copy and paste the contents of the results file
Report.txt back
3. After you've done the above, go and rename Hijackthis.exe into "some.exe" or any exe you want to rename it to, then run another scan with the renamed Hijackthis and show us the log, some entries in your are missing so maybe some nasties are monitoring hijackthis.exe process that's why you need to rename it.
You can upload the hijackthis log to EE-Stuff.com,
OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.
2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save". Then post the link to the saved list here.
1. Please, Open HiJackThis
Click on the "Config..." button on the bottom right
Click on the tab "Misc Tools"
Click on "Delete File on Reboot"
Navigate to this file --> C:\WINDOWS\system32\window
Double click on that file.
HJT asks you if you want to reboot, now. Click "Yes"
2. Next, download http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following :
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, a menu with options should appear;
[*]Select the first option, to run Windows in Safe Mode, then press "Enter".
[*]Choose your usual account.
[*] In Safe Mode, right click the SDFix.zip folder and choose "Extract All"
[*] Open the extracted folder and double click "RunThis.bat" to start the script.
[*] Type Y to begin the script.
[*] It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
[*] Press any Key and it will restart the PC.
[*] Your system will take longer that normal to restart as the fixtool will be running and removing files.
[*] When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
[*] Finally open the SDFix folder on your desktop and copy and paste the contents of the results file
Report.txt back
3. After you've done the above, go and rename Hijackthis.exe into "some.exe" or any exe you want to rename it to, then run another scan with the renamed Hijackthis and show us the log, some entries in your are missing so maybe some nasties are monitoring hijackthis.exe process that's why you need to rename it.
You can upload the hijackthis log to EE-Stuff.com,
OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.
2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save". Then post the link to the saved list here.
ASKER
Hey Brian,
TASKMGR only showed Internet Explorer as using 34,212 which was the most out of 5 programs running (IE was 3 of these since I have a few windows opened, the others were NAVW32.EXE -- 33,208; and CCAPP.EXE -- 29,980). I'm waiting on CCLEANER's report which has been going for 30 minutes now. I only posted the errors and warnings from the last 1 days.
Stacy
EVENT VIEWER:
APPLICATIONS
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/6/2006
Time: 10:56:11 PM
User: N/A
Computer: STACYPARTII
Description:
Hanging application wmplayer.exe, version 10.0.0.3802, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 77 6d 70 6c 61 79 wmplay
0018: 65 72 2e 65 78 65 20 31 er.exe 1
0020: 30 2e 30 2e 30 2e 33 38 0.0.0.38
0028: 30 32 20 69 6e 20 68 75 02 in hu
0030: 6e 67 61 70 70 20 30 2e ngapp 0.
0038: 30 2e 30 2e 30 20 61 74 0.0.0 at
0040: 20 6f 66 66 73 65 74 20 offset
0048: 30 30 30 30 30 30 30 30 00000000
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 11/6/2006
Time: 9:17:07 PM
User: NT AUTHORITY\SYSTEM
Computer: STACYPARTII
Description:
Windows saved user STACYPARTII\Stacy Borah registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 11/6/2006
Time: 9:17:04 PM
User: STACYPARTII\Stacy Borah
Computer: STACYPARTII
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/6/2006
Time: 9:13:31 PM
User: N/A
Computer: STACYPARTII
Description:
Hanging application EXCEL.EXE, version 11.0.5612.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 45 58 43 45 4c 2e EXCEL.
0018: 45 58 45 20 31 31 2e 30 EXE 11.0
0020: 2e 35 36 31 32 2e 30 20 .5612.0
0028: 69 6e 20 68 75 6e 67 61 in hunga
0030: 70 70 20 30 2e 30 2e 30 pp 0.0.0
0038: 2e 30 20 61 74 20 6f 66 .0 at of
0040: 66 73 65 74 20 30 30 30 fset 000
0048: 30 30 30 30 30 00000
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/6/2006
Time: 4:16:32 PM
User: N/A
Computer: STACYPARTII
Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 49 45 58 50 4c 4f IEXPLO
0018: 52 45 2e 45 58 45 20 36 RE.EXE 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 32 31 38 30 20 69 6e 20 2180 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/6/2006
Time: 4:05:10 PM
User: N/A
Computer: STACYPARTII
Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x62756f64.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 36 32 37 fset 627
0050: 35 36 66 36 34 56f64
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 11/6/2006
Time: 12:24:50 AM
User: NT AUTHORITY\SYSTEM
Computer: STACYPARTII
Description:
Windows saved user STACYPARTII\Stacy Borah registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/5/2006
Time: 11:52:46 PM
User: N/A
Computer: STACYPARTII
Description:
Hanging application NMain.exe, version 104.0.1.17, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 4e 4d 61 69 6e 2e NMain.
0018: 65 78 65 20 31 30 34 2e exe 104.
0020: 30 2e 31 2e 31 37 20 69 0.1.17 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/5/2006
Time: 11:52:44 PM
User: N/A
Computer: STACYPARTII
Description:
Hanging application NMain.exe, version 104.0.1.17, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 4e 4d 61 69 6e 2e NMain.
0018: 65 78 65 20 31 30 34 2e exe 104.
0020: 30 2e 31 2e 31 37 20 69 0.1.17 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000
SYSTEM
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 36
Date: 11/7/2006
Time: 10:57:47 AM
User: N/A
Computer: STACYPARTII
Description:
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 11/6/2006
Time: 10:58:22 PM
User: STACYPARTII\Stacy Borah
Computer: STACYPARTII
Description:
The server {E08DE58F-82D2-4B97-A063-9
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 11/6/2006
Time: 9:18:20 PM
User: N/A
Computer: STACYPARTII
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00115BC27E7E. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 79 00 00 00 y...
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 11/6/2006
Time: 9:10:02 PM
User: STACYPARTII\Stacy Borah
Computer: STACYPARTII
Description:
The server {F3A614DC-ABE0-11D2-A441-0
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 2:39:26 PM
User: N/A
Computer: STACYPARTII
Description:
The TCP/IP NetBIOS Helper service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 2:39:26 PM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the TCP/IP NetBIOS Helper service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 11/6/2006
Time: 9:03:56 AM
User: STACYPARTII\Stacy Borah
Computer: STACYPARTII
Description:
The server {F3A614DC-ABE0-11D2-A441-0
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 1:00:35 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 1:00:34 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 1:00:33 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 1:00:26 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:59:51 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:59:19 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:58:51 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:58:20 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:57:43 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:57:26 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:56:51 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:56:14 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:55:47 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:55:03 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:54:29 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:53:55 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:53:15 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
(These errors are logged about 20 more times over a 30 minute span)
TASKMGR only showed Internet Explorer as using 34,212 which was the most out of 5 programs running (IE was 3 of these since I have a few windows opened, the others were NAVW32.EXE -- 33,208; and CCAPP.EXE -- 29,980). I'm waiting on CCLEANER's report which has been going for 30 minutes now. I only posted the errors and warnings from the last 1 days.
Stacy
EVENT VIEWER:
APPLICATIONS
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/6/2006
Time: 10:56:11 PM
User: N/A
Computer: STACYPARTII
Description:
Hanging application wmplayer.exe, version 10.0.0.3802, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 77 6d 70 6c 61 79 wmplay
0018: 65 72 2e 65 78 65 20 31 er.exe 1
0020: 30 2e 30 2e 30 2e 33 38 0.0.0.38
0028: 30 32 20 69 6e 20 68 75 02 in hu
0030: 6e 67 61 70 70 20 30 2e ngapp 0.
0038: 30 2e 30 2e 30 20 61 74 0.0.0 at
0040: 20 6f 66 66 73 65 74 20 offset
0048: 30 30 30 30 30 30 30 30 00000000
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 11/6/2006
Time: 9:17:07 PM
User: NT AUTHORITY\SYSTEM
Computer: STACYPARTII
Description:
Windows saved user STACYPARTII\Stacy Borah registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 11/6/2006
Time: 9:17:04 PM
User: STACYPARTII\Stacy Borah
Computer: STACYPARTII
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/6/2006
Time: 9:13:31 PM
User: N/A
Computer: STACYPARTII
Description:
Hanging application EXCEL.EXE, version 11.0.5612.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 45 58 43 45 4c 2e EXCEL.
0018: 45 58 45 20 31 31 2e 30 EXE 11.0
0020: 2e 35 36 31 32 2e 30 20 .5612.0
0028: 69 6e 20 68 75 6e 67 61 in hunga
0030: 70 70 20 30 2e 30 2e 30 pp 0.0.0
0038: 2e 30 20 61 74 20 6f 66 .0 at of
0040: 66 73 65 74 20 30 30 30 fset 000
0048: 30 30 30 30 30 00000
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/6/2006
Time: 4:16:32 PM
User: N/A
Computer: STACYPARTII
Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 49 45 58 50 4c 4f IEXPLO
0018: 52 45 2e 45 58 45 20 36 RE.EXE 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 32 31 38 30 20 69 6e 20 2180 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/6/2006
Time: 4:05:10 PM
User: N/A
Computer: STACYPARTII
Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x62756f64.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 36 32 37 fset 627
0050: 35 36 66 36 34 56f64
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 11/6/2006
Time: 12:24:50 AM
User: NT AUTHORITY\SYSTEM
Computer: STACYPARTII
Description:
Windows saved user STACYPARTII\Stacy Borah registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/5/2006
Time: 11:52:46 PM
User: N/A
Computer: STACYPARTII
Description:
Hanging application NMain.exe, version 104.0.1.17, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 4e 4d 61 69 6e 2e NMain.
0018: 65 78 65 20 31 30 34 2e exe 104.
0020: 30 2e 31 2e 31 37 20 69 0.1.17 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/5/2006
Time: 11:52:44 PM
User: N/A
Computer: STACYPARTII
Description:
Hanging application NMain.exe, version 104.0.1.17, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 4e 4d 61 69 6e 2e NMain.
0018: 65 78 65 20 31 30 34 2e exe 104.
0020: 30 2e 31 2e 31 37 20 69 0.1.17 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000
SYSTEM
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 36
Date: 11/7/2006
Time: 10:57:47 AM
User: N/A
Computer: STACYPARTII
Description:
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 11/6/2006
Time: 10:58:22 PM
User: STACYPARTII\Stacy Borah
Computer: STACYPARTII
Description:
The server {E08DE58F-82D2-4B97-A063-9
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 11/6/2006
Time: 9:18:20 PM
User: N/A
Computer: STACYPARTII
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00115BC27E7E. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 79 00 00 00 y...
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 11/6/2006
Time: 9:10:02 PM
User: STACYPARTII\Stacy Borah
Computer: STACYPARTII
Description:
The server {F3A614DC-ABE0-11D2-A441-0
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 2:39:26 PM
User: N/A
Computer: STACYPARTII
Description:
The TCP/IP NetBIOS Helper service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 2:39:26 PM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the TCP/IP NetBIOS Helper service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 11/6/2006
Time: 9:03:56 AM
User: STACYPARTII\Stacy Borah
Computer: STACYPARTII
Description:
The server {F3A614DC-ABE0-11D2-A441-0
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 1:00:35 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 1:00:34 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 1:00:33 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 1:00:26 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:59:51 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:59:19 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:58:51 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:58:20 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:57:43 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:57:26 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:56:51 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:56:14 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:55:47 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:55:03 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:54:29 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 11/6/2006
Time: 12:53:55 AM
User: N/A
Computer: STACYPARTII
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/6/2006
Time: 12:53:15 AM
User: N/A
Computer: STACYPARTII
Description:
The LiveUpdate service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
(These errors are logged about 20 more times over a 30 minute span)
ASKER
Brian,
Norton Antivirus and Panda Online scan did reveal a few things but nothing major.They took care of all the spyware they found.
Stacy
Norton Antivirus and Panda Online scan did reveal a few things but nothing major.They took care of all the spyware they found.
Stacy
ASKER
CCLEANER removed 305.6 MB from my system.
ASKER
As far as devices with a yellow mark beside them: my PCI modem and my video controller both have those beside them.
Stacy,
follow what rpggamergirl has suggested she is correct that file needs to go according to my information that is zotob or feldor worm but follow her directions... afterwards run another logfile like she said.
You do have a lot of errors in your event logs
I noticed one that really concerns me and that is that LIVEUPDATE IS NOT WORKING!!!! It says the service is failing to start because it did not respond in a timely fashion.
Did you check the date of your virus defintions for your norton anti virus because without live update you have old definitions... I would go syamntec's site itself and run a scan. SOmething has eiyther damaged your norton or is preventing it from updating.
I would run the zotob tool just to be safe
http://www.symantec.com/smb/security_response/writeup.jsp?docid=2005-081514-1503-99
rpggamergirl,
do you have a link for what this is I am just wondering where you got the SDfix from ?
follow what rpggamergirl has suggested she is correct that file needs to go according to my information that is zotob or feldor worm but follow her directions... afterwards run another logfile like she said.
You do have a lot of errors in your event logs
I noticed one that really concerns me and that is that LIVEUPDATE IS NOT WORKING!!!! It says the service is failing to start because it did not respond in a timely fashion.
Did you check the date of your virus defintions for your norton anti virus because without live update you have old definitions... I would go syamntec's site itself and run a scan. SOmething has eiyther damaged your norton or is preventing it from updating.
I would run the zotob tool just to be safe
http://www.symantec.com/smb/security_response/writeup.jsp?docid=2005-081514-1503-99
rpggamergirl,
do you have a link for what this is I am just wondering where you got the SDfix from ?
Okay we have a bunch of issues with your PC then that can be causing issues
1. You still are infected which means do what rpggamergirl said but also do the things listed below
2. You have driver errors in device manager
3. Your live update in symantec appears to be DOA
4. Your probably have a lot of fragmentation if you have never defragmented your drive then this will definately cause issues
5. I am not sure on your status of windows updates but you may be missing some.
--------------------------
Go into control panel add/remove programs and check for odd stuff things that say Internet Accelerator or things that just don't look right post them here and I can tell you if they are junk or you need them...
http://www.bitdefender.com - however change the default action setting so it does not delete if it cannot cure
http://housecall.trendmicro.com
http://www.lavasoft.com - download and run adaware personal edition
ttp://www.ewido.net - Ewido anti spyware same as above
http://www.intermute.com/spysubtract/cwshredder_download.html -download coolweb shredder
Run Rootkit revealer http://www.sysinternals.com/Utilities/RootkitRevealer.html see if it finds anything if it does and it is suspicious then post the result here and we can look at it further
1. You still are infected which means do what rpggamergirl said but also do the things listed below
2. You have driver errors in device manager
3. Your live update in symantec appears to be DOA
4. Your probably have a lot of fragmentation if you have never defragmented your drive then this will definately cause issues
5. I am not sure on your status of windows updates but you may be missing some.
--------------------------
Go into control panel add/remove programs and check for odd stuff things that say Internet Accelerator or things that just don't look right post them here and I can tell you if they are junk or you need them...
http://www.bitdefender.com - however change the default action setting so it does not delete if it cannot cure
http://housecall.trendmicro.com
http://www.lavasoft.com - download and run adaware personal edition
ttp://www.ewido.net - Ewido anti spyware same as above
http://www.intermute.com/spysubtract/cwshredder_download.html -download coolweb shredder
Run Rootkit revealer http://www.sysinternals.com/Utilities/RootkitRevealer.html see if it finds anything if it does and it is suspicious then post the result here and we can look at it further
>>>do you have a link for what this is I am just wondering where you got the SDfix from ?<<<
Brian, the link I have is not accessible by everyone, sorry.
the Asker has something else hiding in his log, but if he doesn't listen its up to him, my advice is there, I've had 3 cases where Asker didn't listen to people's advice and did a repair and made his pc unbootable! lol.
He has a choice to be wise and know when to follow advice or do his own thing, :)
SDFix removes:
Backdoor (IRCBot) Trojans:
RBot/SDBot(newer variants)
HackerDefender
windows.exe <-- is a viariant of R-Bot, that's why I suggested SDFix
Their signatures(telltale sign in hijackthis) is similar to these or same:
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explor
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explor
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\Micros
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\Micros
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\Mysia.
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\Mysia.
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\winlog
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\winlog
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\window
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\window
Brian, the link I have is not accessible by everyone, sorry.
the Asker has something else hiding in his log, but if he doesn't listen its up to him, my advice is there, I've had 3 cases where Asker didn't listen to people's advice and did a repair and made his pc unbootable! lol.
He has a choice to be wise and know when to follow advice or do his own thing, :)
SDFix removes:
Backdoor (IRCBot) Trojans:
RBot/SDBot(newer variants)
HackerDefender
windows.exe <-- is a viariant of R-Bot, that's why I suggested SDFix
Their signatures(telltale sign in hijackthis) is similar to these or same:
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explor
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explor
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\Micros
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\Micros
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\Mysia.
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\Mysia.
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\winlog
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\winlog
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\window
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\window
ASKER
I just ran LiveUpdate and it worked fine. Also, I defragmented my hard drives about 2 months ago. Probably need to do that again. I'll also do what rpggamergirl suggested and I'll let you know what happens with that. Thanks for the help so far, guys.
Stacy
Stacy
BTW, the above are just few of the telltale signs for R-Bot,
the telltale signs of SDBot are different
the telltale signs of Hacker Defender are also very different and located in the 023 entries of HJT.
the telltale signs of SDBot are different
the telltale signs of Hacker Defender are also very different and located in the 023 entries of HJT.
rpggamergirl,
I was just curious where you got info on those from. I used to be extremely up to date on these threats but a handful of them are news to me... That is why I asked I like to stay in the know.
I was just curious where you got info on those from. I used to be extremely up to date on these threats but a handful of them are news to me... That is why I asked I like to stay in the know.
ASKER
Quick note: I opened HijackThis, went to "Config" and then "Misc Tools" and clicked on "Delete a file on Reboot", but the program ended itself. No error message or anything. It's done this 3 times now.
Brian,
I understand, yeah it's good to stay up to date, malware/virus writers always come up with new tricks to evade detection, by the time antivirus detects them they come up with a new one.
It is not a winning battle, but it sure is interesting, :)
I got myself infected with chinese virus 4 days ago, and it sure wasn't easy to get rid of even with all the tools that I already have at hand.
I understand, yeah it's good to stay up to date, malware/virus writers always come up with new tricks to evade detection, by the time antivirus detects them they come up with a new one.
It is not a winning battle, but it sure is interesting, :)
I got myself infected with chinese virus 4 days ago, and it sure wasn't easy to get rid of even with all the tools that I already have at hand.
>>>Quick note: I opened HijackThis, went to "Config" and then "Misc Tools" and clicked on "Delete a file on Reboot", but the program ended itself. No error message or anything. It's done this 3 times now.<<<
You can also manually delete the file, or use Killbox "Delete On Reboot" or "Kill explorer while killing the file"
or just run SDBot.
Most importantly, did you rename hijackthis and scan your system with the rename hijackthis? I have the feeling something is hiding from the scan because some entries are missing.
You can also manually delete the file, or use Killbox "Delete On Reboot" or "Kill explorer while killing the file"
or just run SDBot.
Most importantly, did you rename hijackthis and scan your system with the rename hijackthis? I have the feeling something is hiding from the scan because some entries are missing.
ASKER
No I haven't renamed HijackThis yet or scanned with it renamed. I was doing everything in order and I didn't want to mix up the order you suggested.
ASKER
I am running the Symantec Zotob removal tool right now.
U install NAT to scan Virus
ASKER
Guys,
I downloaded SDFix last night (which wasn't easy, since it took my computer almost 3 hours just to be able to navigate to the site), and after it downloaded, I rebooted my computer in Safe Mode. Then I extracted and ran SDFix and left it going all day. When I got home from work, it was prompting me to hit any button to restart. So I did. It restarted in Normal Mode, and SDFix began running its second phase, saying it would only take 4-5 minutes. It went from repairing registry files to checking for infected files in about 2 minutes. Since then, it seems to be stuck on checking for infected files. It has been running now for about four hours and no change. What should I do?
Stacy
I downloaded SDFix last night (which wasn't easy, since it took my computer almost 3 hours just to be able to navigate to the site), and after it downloaded, I rebooted my computer in Safe Mode. Then I extracted and ran SDFix and left it going all day. When I got home from work, it was prompting me to hit any button to restart. So I did. It restarted in Normal Mode, and SDFix began running its second phase, saying it would only take 4-5 minutes. It went from repairing registry files to checking for infected files in about 2 minutes. Since then, it seems to be stuck on checking for infected files. It has been running now for about four hours and no change. What should I do?
Stacy
Stacy,
unfortunately I am not familiar with this tool.... if it doesn't look like it is progressing and their is no hard drive activity then I would be inclined to think the program possibly hung. If you can check task manager and see what is currently running and then go to processes and see what is running under there and using the most CPU%...
unfortunately I am not familiar with this tool.... if it doesn't look like it is progressing and their is no hard drive activity then I would be inclined to think the program possibly hung. If you can check task manager and see what is currently running and then go to processes and see what is running under there and using the most CPU%...
ASKER
Actually, I did hit Ctrl-Alt-Delete to bring up Task Manager about 30 minutes ago and it still hasn't come up yet. I am currently on an outdated laptop (750 Mhz CPU, 128 MB RAM, Windows 2000), but this can only go for so long before I get frustrated with its slowness.
SDFix was updated on the 11/7/2006, I couldn't access the site yesterday either.
Yeah, sounded like the program crashed.
Can we just look at a renamed hijackthis log? the log should give us bad entries we can just delete and should help.
Yeah, sounded like the program crashed.
Can we just look at a renamed hijackthis log? the log should give us bad entries we can just delete and should help.
ASKER
Ok I'll see if I can get that for you.
ASKER
I renamed HijackThis.exe Stacy.exe and rescanned and here is the logfile:
http://www.hijackthis.de/logfiles/8e2cd6f61b0f1d59f7d07ea43fa5aad3.html
http://www.hijackthis.de/logfiles/8e2cd6f61b0f1d59f7d07ea43fa5aad3.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, it looks as if everything is cleared up now. VundoFix ran for hours and just scanned the same files over and over. So, I used VirtumundoBegone and it cleaned it off in seconds. Then I ran ATF Cleaner and my computer is running very fast now. Here is the log from VirtumundoBegone:
[11/09/2006, 23:15:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Stacy Borah.STACYPARTII\Desktop\
[11/09/2006, 23:16:00] - Detected System Information:
[11/09/2006, 23:16:00] - Windows Version: 5.1.2600, Service Pack 2
[11/09/2006, 23:16:01] - Current Username: Stacy Borah (Admin)
[11/09/2006, 23:16:01] - Windows is in NORMAL mode.
[11/09/2006, 23:16:01] - Searching for Browser Helper Objects:
[11/09/2006, 23:16:01] - BHO 1: {81FB1F8E-6D4B-4A74-8A7C-8
[11/09/2006, 23:16:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/09/2006, 23:16:02] - Checking for HKLM\...\Winlogon\Notify\g
[11/09/2006, 23:16:02] - Found: HKLM\...\Winlogon\Notify\g
[11/09/2006, 23:16:02] - Assigning {81FB1F8E-6D4B-4A74-8A7C-8
[11/09/2006, 23:16:02] - BHO list has been changed! Starting over...
[11/09/2006, 23:16:03] - BHO 1: {81FB1F8E-6D4B-4A74-8A7C-8
[11/09/2006, 23:16:03] - ALERT: Found MSEvents Object!
[11/09/2006, 23:16:03] - BHO 2: {9ECB9560-04F9-4bbc-943D-2
[11/09/2006, 23:16:03] - BHO 3: {A8F38D8D-E480-4D52-B7A2-7
[11/09/2006, 23:16:03] - BHO 4: {AA58ED58-01DD-4d91-8333-C
[11/09/2006, 23:16:03] - Finished Searching Browser Helper Objects
[11/09/2006, 23:16:04] - *** Detected MSEvents Object
[11/09/2006, 23:16:04] - Trying to remove MSEvents Object...
[11/09/2006, 23:16:05] - Terminating Process: IEXPLORE.EXE
[11/09/2006, 23:16:09] - Terminating Process: RUNDLL32.EXE
[11/09/2006, 23:16:15] - Disabling Automatic Shell Restart
[11/09/2006, 23:16:17] - Terminating Process: EXPLORER.EXE
[11/09/2006, 23:16:23] - Suspending the NT Session Manager System Service
[11/09/2006, 23:16:23] - Terminating Windows NT Logon/Logoff Manager
[11/09/2006, 23:16:23] - Re-enabling Automatic Shell Restart
[11/09/2006, 23:16:23] - File to disable: C:\WINDOWS\system32\geede.
[11/09/2006, 23:16:23] - Renaming C:\WINDOWS\system32\geede.
[11/09/2006, 23:16:23] - File successfully renamed!
[11/09/2006, 23:16:23] - Removing HKLM\...\Browser Helper Objects\{81FB1F8E-6D4B-4A7
[11/09/2006, 23:16:23] - Removing HKCR\CLSID\{81FB1F8E-6D4B-
[11/09/2006, 23:16:23] - Adding Kill Bit for ActiveX for GUID: {81FB1F8E-6D4B-4A74-8A7C-8
[11/09/2006, 23:16:23] - Deleting ATLEvents/MSEvents Registry entries
[11/09/2006, 23:16:23] - Removing HKLM\...\Winlogon\Notify\g
[11/09/2006, 23:16:24] - Searching for Browser Helper Objects:
[11/09/2006, 23:16:24] - BHO 1: {9ECB9560-04F9-4bbc-943D-2
[11/09/2006, 23:16:24] - BHO 2: {A8F38D8D-E480-4D52-B7A2-7
[11/09/2006, 23:16:24] - BHO 3: {AA58ED58-01DD-4d91-8333-C
[11/09/2006, 23:16:24] - Finished Searching Browser Helper Objects
[11/09/2006, 23:16:24] - Finishing up...
[11/09/2006, 23:16:24] - A restart is needed.
[11/09/2006, 23:16:33] - Attempting to Restart via STOP error (Blue Screen!)
Is there anything else I need to do?
Stacy
[11/09/2006, 23:15:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Stacy Borah.STACYPARTII\Desktop\
[11/09/2006, 23:16:00] - Detected System Information:
[11/09/2006, 23:16:00] - Windows Version: 5.1.2600, Service Pack 2
[11/09/2006, 23:16:01] - Current Username: Stacy Borah (Admin)
[11/09/2006, 23:16:01] - Windows is in NORMAL mode.
[11/09/2006, 23:16:01] - Searching for Browser Helper Objects:
[11/09/2006, 23:16:01] - BHO 1: {81FB1F8E-6D4B-4A74-8A7C-8
[11/09/2006, 23:16:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/09/2006, 23:16:02] - Checking for HKLM\...\Winlogon\Notify\g
[11/09/2006, 23:16:02] - Found: HKLM\...\Winlogon\Notify\g
[11/09/2006, 23:16:02] - Assigning {81FB1F8E-6D4B-4A74-8A7C-8
[11/09/2006, 23:16:02] - BHO list has been changed! Starting over...
[11/09/2006, 23:16:03] - BHO 1: {81FB1F8E-6D4B-4A74-8A7C-8
[11/09/2006, 23:16:03] - ALERT: Found MSEvents Object!
[11/09/2006, 23:16:03] - BHO 2: {9ECB9560-04F9-4bbc-943D-2
[11/09/2006, 23:16:03] - BHO 3: {A8F38D8D-E480-4D52-B7A2-7
[11/09/2006, 23:16:03] - BHO 4: {AA58ED58-01DD-4d91-8333-C
[11/09/2006, 23:16:03] - Finished Searching Browser Helper Objects
[11/09/2006, 23:16:04] - *** Detected MSEvents Object
[11/09/2006, 23:16:04] - Trying to remove MSEvents Object...
[11/09/2006, 23:16:05] - Terminating Process: IEXPLORE.EXE
[11/09/2006, 23:16:09] - Terminating Process: RUNDLL32.EXE
[11/09/2006, 23:16:15] - Disabling Automatic Shell Restart
[11/09/2006, 23:16:17] - Terminating Process: EXPLORER.EXE
[11/09/2006, 23:16:23] - Suspending the NT Session Manager System Service
[11/09/2006, 23:16:23] - Terminating Windows NT Logon/Logoff Manager
[11/09/2006, 23:16:23] - Re-enabling Automatic Shell Restart
[11/09/2006, 23:16:23] - File to disable: C:\WINDOWS\system32\geede.
[11/09/2006, 23:16:23] - Renaming C:\WINDOWS\system32\geede.
[11/09/2006, 23:16:23] - File successfully renamed!
[11/09/2006, 23:16:23] - Removing HKLM\...\Browser Helper Objects\{81FB1F8E-6D4B-4A7
[11/09/2006, 23:16:23] - Removing HKCR\CLSID\{81FB1F8E-6D4B-
[11/09/2006, 23:16:23] - Adding Kill Bit for ActiveX for GUID: {81FB1F8E-6D4B-4A74-8A7C-8
[11/09/2006, 23:16:23] - Deleting ATLEvents/MSEvents Registry entries
[11/09/2006, 23:16:23] - Removing HKLM\...\Winlogon\Notify\g
[11/09/2006, 23:16:24] - Searching for Browser Helper Objects:
[11/09/2006, 23:16:24] - BHO 1: {9ECB9560-04F9-4bbc-943D-2
[11/09/2006, 23:16:24] - BHO 2: {A8F38D8D-E480-4D52-B7A2-7
[11/09/2006, 23:16:24] - BHO 3: {AA58ED58-01DD-4d91-8333-C
[11/09/2006, 23:16:24] - Finished Searching Browser Helper Objects
[11/09/2006, 23:16:24] - Finishing up...
[11/09/2006, 23:16:24] - A restart is needed.
[11/09/2006, 23:16:33] - Attempting to Restart via STOP error (Blue Screen!)
Is there anything else I need to do?
Stacy
Vundofix failed again, sometimes it seems to have trouble finding the files, but when it works it removes the main file and all the other reversed vundo files.
VirtumondoBeGone just renamed the vundo's main file to this --> C:\WINDOWS\system32\geede.
It's still there in your pc, you can delete it if you wish, or other scanners will find and delete it eventually.
In there are also vundo's reversed files with .bak, tmp, ini extensions --> edeeg.bak, edeeg.bak1, edeeg,ini, eddeg.tmp etc. they are harmless files.
Vundo infection gets in your pc usually thru the vulnerabilities in java so make sure you update your java version.
VirtumondoBeGone just renamed the vundo's main file to this --> C:\WINDOWS\system32\geede.
It's still there in your pc, you can delete it if you wish, or other scanners will find and delete it eventually.
In there are also vundo's reversed files with .bak, tmp, ini extensions --> edeeg.bak, edeeg.bak1, edeeg,ini, eddeg.tmp etc. they are harmless files.
Vundo infection gets in your pc usually thru the vulnerabilities in java so make sure you update your java version.
ASKER
I have a new, bigger problem now, possibly related to my previous problem. I ran RootKit Revealer and turned off my screen saver beforehand. But while it was scanning, Norton Antivirus popped up, saying it had deleted "Trojan.Vundo" from my system. After I clicked OK, it said I needed to restart my computer for the new changes to take effect. I held off on restarting until after RootKit had finished. Thirty minutes later, when it had finished, I tried to save the report it generated and the program closed itself due to an error. I then opened up another program (a DVD converter program) but then I tried to close it. However, it never succeeded in closing itself as the program locked up and also locked up my computer. The cursor would move and then freeze up and after about ten minutes, it froze up completely. I tried to get Task Manager to come up but to no avail. So I held down the power button until it shut off and then turned it on again. Only this time, the computer would not recognize either of my hard drives. My Windows XP disk will not recognize them either. I can't log onto anything and I can't figure out how to get my system to recognize the drives again. What should I do?
Stacy
Stacy
ASKER
Never mind. I got it back up. I just hit Ctrl-Alt-Delete a few times while it was trying to reboot and it found the drives again. Thanks for all of your help, rpggamergirl and Brian.
Stacy
Stacy
Viruses, Spyware and the like
Bloated temporary files and or damaged profile.
Driver / hardware or software issue.
First off we need to get a picture of what is going on in your pc could you please post a HIJACK THIS logfile go to http://tomcoyote.org/hjt and download and run hijack this select to save a log file and post it up here.
Once that is done the first tool I need you to download and run is CCLEANER
you can get it from http://www.ccleaner.com download it and run it select analyze then when it is done hit run cleaner... DO NOT RUN ANY OTHER PART OF THE PROGRAM...
Once that is done please report how much it removed in MB or GB...
Then you can follow my post after this one