RE: ER_KRNLCRASH_LOG

Tech-Archive recommends: Fix windows errors by optimizing your registry



"Gateway man" wrote:

Since you have a P2P programs that can harbour the infection I advise you to
run a thorough clean/scan for malware and viruses by following the steps
below:
Go through these Cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the Non/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (off-line scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Lots of tools to download and disinfect your machine (off-line scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting:
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to:
http://www.spywareinfo.com/~merijn/downloads.html
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7
http://www.bleepingcomputer.com/tutorials/tutorial42.html
http://www.bleepingcomputer.com/forums/
Or other appropriate
forums for expert analysis, not here.

Then after knowing if the system clean or there are some infection you can
see the info here:
=================================
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 4/15/2008
Time: 10:20:16 PM
User: N/A
Computer: PAUL
Description:
Hanging application msimn.exe, version 6.0.2900.3311, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Outlook Express
=======================================================
Event Type: Error
Event Source: LoadPerf
Event Category: None
Event ID: 3012
Date: 3/17/2008
Time: 9:01:55 PM
User: N/A
Computer: PAUL
Description:
The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from
Performance registry is the first DWORD in Data section, LastCounter value is
the second DWORD in Data section, and LastHelp value is the third DWORD in
Data section.
Event ID 3012 — Performance Counter Loading
http://technet2.microsoft.com/windowsserver2008/en/library/cecc3eb2-4a8d-4169-9e71-0ebe9695c2371033.mspx?mfr=true
=============================================================
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 3/13/2008
Time: 5:20:56 PM
User: N/A
Computer: PAUL
Description:
Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Corrupt or damaged Plug-ins or third-party toolbars/applications can cause
this error.
===================================================
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 3/8/2008
Time: 10:46:19 AM
User: N/A
Computer: PAUL
Description:
Hanging application SetupWizard.exe, version 2.2.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Do you have Linksys Router or AP wireless access point

====================================================
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 3/5/2008
Time: 6:12:45 PM
User: N/A
Computer: PAUL
Description:
Faulting application prestopm.exe, version 7.15.13.0, faulting module
pmview.dll, version 1.0.0.1, fault address 0x000309c5.

New Soft Presto! Page Manager came bundled with a scanner?.

C:\program files\newsoft\presto! pagemanager 7.15\pmview.dll
===================================================
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 1/26/2008
Time: 12:02:47 PM
User: N/A
Computer: PAUL
Description:
Faulting application desktopweather.exe, version 5.2.0.1, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

This for weatherbug free app that display the Temp in the Try
icon/Notification Area!.
===========================================================
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/20/2007
Time: 2:13:42 PM
User: N/A
Computer: PAUL
Description:
Hanging application sms.exe, version 1.1.0.0, hang module hungapp, version
0.0.0.0, hang address 0x00000000.

Win32/Deathat.A Trojan if not the a web cam with Messenger!.
======================================================
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/20/2007
Time: 2:08:08 PM
User: N/A
Computer: PAUL
Description:
Hanging application qw.exe, version 15.1.5.4, hang module hungapp, version
0.0.0.0, hang address 0x00000000.
Quicken2007, if you don't then you may have this:
http://www.sophos.com/security/analyses/viruses-and-spyware/w32leworm.html
=========================================
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 12/15/2007
Time: 1:28:12 AM
User: N/A
Computer: PAUL
Description:
Hanging application DesktopWeather.exe, version 5.2.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
====================================================
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 4/14/2008
Time: 9:47:28 PM
User: N/A
Computer: PAUL
Description:
Error code 000000b8, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

http://msmvps.com/blogs/obts/archive/2005/10/05/69069.aspx
=====================================================
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 1/26/2008
Time: 10:41:50 PM
User: N/A
Computer: PAUL
Description:
Faulting application dllhost.exe, version 5.1.2600.2180, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.


http://support.microsoft.com/kb/896989
==========================================================

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
Date: 4/14/2008
Time: 9:46:35 PM
User: NT AUTHORITY\SYSTEM
Computer: PAUL
Description:
The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission
can be modified using the Component Services administrative tool.

DCOM Error Messages Logged in Event Log:
http://support.microsoft.com/kb/298095/en-us

HTH.
nass
---
http://www.nasstec.co.uk

.

Quantcast