Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus damage problems?


  • Please log in to reply

#46
kathgirl

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Application Run Log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/06/2010 12:08:44 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/06/2010 1:05:35 PM
Type: error Category: 0
Event: 5000 Source: MSSecurityEssentials
The event description cannot be found.

Log: 'Application' Date/Time: 12/06/2010 1:05:35 PM
Type: error Category: 0
Event: 5000 Source: MSSecurityEssentials
The event description cannot be found.

Log: 'Application' Date/Time: 11/06/2010 9:39:10 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1669655770.

Log: 'Application' Date/Time: 11/06/2010 9:39:07 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 7.0.6000.16981, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 11/06/2010 6:39:06 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1669655770.

Log: 'Application' Date/Time: 11/06/2010 6:39:01 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 7.0.6000.16981, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 11/06/2010 2:06:34 PM
Type: error Category: 0
Event: 5000 Source: MSSecurityEssentials
The event description cannot be found.

Log: 'Application' Date/Time: 11/06/2010 12:45:09 AM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 1.1.5802.0, P3 1.83.1523.0, P4 1.83.1523.0, P5 0031a713-0000-0000-0000-000000000000_55c0adee78138d12eb2f6183ccaed872b06b41b9, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Log: 'Application' Date/Time: 10/06/2010 8:46:41 PM
Type: error Category: 0
Event: 5000 Source: MSSecurityEssentials
The event description cannot be found.

Log: 'Application' Date/Time: 09/06/2010 1:17:55 PM
Type: error Category: 0
Event: 5000 Source: MSSecurityEssentials
The event description cannot be found.

Log: 'Application' Date/Time: 09/06/2010 1:17:55 PM
Type: error Category: 0
Event: 5000 Source: MSSecurityEssentials
The event description cannot be found.

Log: 'Application' Date/Time: 08/05/2010 8:10:37 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 62166632.

Log: 'Application' Date/Time: 08/05/2010 8:10:28 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application lxbkaiox.exe, version 2.0.2.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 08/05/2010 5:48:52 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile, P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Log: 'Application' Date/Time: 07/05/2010 10:09:51 AM
Type: error Category: 1
Event: 485 Source: ESENT
wuauclt (1484) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 07/05/2010 10:09:51 AM
Type: error Category: 1
Event: 485 Source: ESENT
wuauclt (1484) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 08/04/2010 2:38:07 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1765894641.

Log: 'Application' Date/Time: 08/04/2010 2:38:03 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 21/03/2010 1:58:21 PM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket 1241136064.

Log: 'Application' Date/Time: 21/03/2010 1:58:08 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application winamp.exe, version 5.5.5.2435, faulting module gen_ml.dll, version 0.0.0.0, fault address 0x00007df3.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/06/2010 12:43:53 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 15/06/2010 11:51:34 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 15/06/2010 12:42:39 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 14/06/2010 11:35:17 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 12/06/2010 11:22:15 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 11/06/2010 9:56:39 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 11/06/2010 7:35:11 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 11/06/2010 5:28:46 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 11/06/2010 4:56:05 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 11/06/2010 3:25:26 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 10/06/2010 1:49:29 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 09/06/2010 1:18:49 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 17/04/2010 9:24:47 PM
Type: warning Category: 0
Event: 5603 Source: WinMgmt
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Log: 'Application' Date/Time: 17/04/2010 9:24:47 PM
Type: warning Category: 0
Event: 5603 Source: WinMgmt
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Log: 'Application' Date/Time: 17/04/2010 9:17:57 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 17/04/2010 8:53:37 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 15/04/2010 10:45:27 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 13/04/2010 9:19:30 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 06/04/2010 9:29:17 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 05/04/2010 7:08:20 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GOD\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
  • 0

Advertisements


#47
kathgirl

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Oh! My mouse is the old ball type.
TY Ron!
  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,320 posts
  • MVP
The mouse may just need cleaning. With the computer off, unplug the mouse and turn it over. Unscrew the ring around the ball. The ring will come loose and the ball will fall out. You will see three or four rollers that the ball rests on. Using a pair of tweezers, remove any hair or other debris that may be wrapped around the rollers. Then using a q-tip with some alcohol on it clean the rollers. Make sure you turn the rollers so you clean all sides. Reassemble the mouse and plug it back in. The start the computer back up again.

I did see one problem with the mouse in the event logs:
"Log: 'System' Date/Time: 16/06/2010 11:03:24 PM
Type: error Category: 0
Event: 40 Source: i8042prt
An error occurred while trying to acquire the device ID of the mouse "

It just happened once so it's probably not the major problem but the fix I found for it is:
Right click on My Computer and select Manage then Device Manager. In the right pane find
Mouse and other tracking devices -> IBM PS/2 TrackPoint -> Advance Settings, and disable “Fast Initialization” (Enabled by Default).

The good news from your event logs is that the virut detection is definitely a false positive. The detection is from:
D:\i386\drv\app29091\64devcon.exe
which I'm pretty sure is a file in a hidden partition used by your PC maker to allow you to return the PC to factory specs. This was by MSSecurityEssentials which you should have uninstalled. It is important that we only have one anti-virus. You also have a remnant from Norton. Download, Save and Run the norton removal tool:
ftp://ftp.symantec.com/public/english_us_...emoval_Tool.exe


I see a problem during shutdown. Download, Save and Run UPHClean.
http://www.microsoft...70-42470E2F3582

AVG is also having problems starting. It should probably be downloaded and saved then uninstalled and reinstalled from the new saved copy.

You need to try to upgrade to XP Service Pack 3. Lots of bug fixes in that SP plus lots of security holes patched.

Ron
  • 0

#49
kathgirl

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

The mouse may just need cleaning. With the computer off, unplug the mouse and turn it over. Unscrew the ring around the ball. The ring will come loose and the ball will fall out. You will see three or four rollers that the ball rests on. Using a pair of tweezers, remove any hair or other debris that may be wrapped around the rollers. Then using a q-tip with some alcohol on it clean the rollers. Make sure you turn the rollers so you clean all sides. Reassemble the mouse and plug it back in. The start the computer back up again.

I did see one problem with the mouse in the event logs:
"Log: 'System' Date/Time: 16/06/2010 11:03:24 PM
Type: error Category: 0
Event: 40 Source: i8042prt
An error occurred while trying to acquire the device ID of the mouse "

It just happened once so it's probably not the major problem but the fix I found for it is:
Right click on My Computer and select Manage then Device Manager. In the right pane find
Mouse and other tracking devices -> IBM PS/2 TrackPoint -> Advance Settings, and disable “Fast Initialization” (Enabled by Default).

The good news from your event logs is that the virut detection is definitely a false positive. The detection is from:
D:\i386\drv\app29091\64devcon.exe
which I'm pretty sure is a file in a hidden partition used by your PC maker to allow you to return the PC to factory specs. This was by MSSecurityEssentials which you should have uninstalled. It is important that we only have one anti-virus. You also have a remnant from Norton. Download, Save and Run the norton removal tool:
ftp://ftp.symantec.com/public/english_us_...emoval_Tool.exe


I see a problem during shutdown. Download, Save and Run UPHClean.
http://www.microsoft...70-42470E2F3582

AVG is also having problems starting. It should probably be downloaded and saved then uninstalled and reinstalled from the new saved copy.

You need to try to upgrade to XP Service Pack 3. Lots of bug fixes in that SP plus lots of security holes patched.

Ron


All done!
TYTYTY!
Maureen :)
  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,320 posts
  • MVP
Did that help the mouse?

Ron
  • 0

#51
kathgirl

kathgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Did that help the mouse?

Ron


The cleaning did help the mouse. Thanks for everything!
God bless you!
Maureen
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP