Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help With Win32.P2P-Worm.Alcan.a [RESOLVED]

Started by Shadow_Fox , Oct 17 2005 06:43 AM

  • This topic is locked This topic is locked

#1
Shadow_Fox
Posted 17 October 2005 - 06:43 AM

Shadow_Fox

    Member

  • Member
  • PipPip
  • 10 posts
I'm having problems with this Win32.P2P-Worm.Alcan.a, Ad-aware seems to delete it but then it seems to restore itself.

Heres my HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 14:28:52, on 17.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\MsMovies\MsMovies.exe
C:\WINDOWS\system32\winlogi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Xfire\Xfire.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/Default.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Programfiler\Burn4Free Toolbar\v2.0.0.2\Burn4Free_Toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Programfiler\Burn4Free Toolbar\v2.0.0.2\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Desksite CMA] C:\Programfiler\desksite\bin\cma.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsMovies] C:\Programfiler\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe
O4 - Global Startup: dlbcserv.lnk = C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programfiler\bonjour\mdnsnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Programfiler\ThemeManager\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Programfiler\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
Armodeluxe
Posted 20 October 2005 - 11:41 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Shadow_Fox,

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
Shadow_Fox
Posted 21 October 2005 - 12:46 PM

Shadow_Fox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you for taking time to help me.
I've done what you told me to, heres the Kaspersky report.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, October 21, 2005 20:40:23
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 21/10/2005
Kaspersky Anti-Virus database records: 155453
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 50366
Number of viruses found: 7
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 5635 sec

Infected Object Name - Virus Name
C:\oo.exe Infected: Backdoor.Win32.Rbot.afu
C:\Programfiler\MsMovies\MsMovies.exe Infected: Trojan-Dropper.Win32.WinAD.h
C:\Programfiler\MsMovies\p.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h
C:\Programfiler\MsMovies\p.zip Infected: Trojan-Dropper.Win32.WinAD.h
C:\Programfiler\MsMovies\v.tmp Infected: Trojan-Dropper.Win32.WinAD.h
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\00374D03.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\00374D03.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\00374D03.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\00374D03.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\299657FD.exe Infected: Worm.Win32.VB.an
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\2AC36EB2.exe Infected: Worm.Win32.VB.an
C:\Programfiler\TacticalOpsSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP44\A0022888.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP45\A0023888.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP45\A0024018.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP45\A0024038.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP58\A0030529.dll Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP67\A0039397.exe Infected: Backdoor.Win32.Rbot.afu
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP67\A0039465.exe Infected: Backdoor.Win32.Rbot.afu
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP68\A0040418.exe Infected: Backdoor.Win32.Rbot.afu
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP68\A0041426.exe Infected: Backdoor.Win32.Rbot.afu
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP68\A0042419.exe Infected: Backdoor.Win32.Rbot.afu
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP69\A0042431.exe Infected: Backdoor.Win32.Rbot.afu
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP69\A0043419.exe Infected: Backdoor.Win32.Rbot.afu
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP69\A0044426.exe Infected: Backdoor.Win32.Rbot.afu
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP70\A0045418.exe Infected: Backdoor.Win32.Rbot.afu
C:\System Volume Information\_restore{FB5638F6-5931-4F4A-9D57-CF83E64AEF9F}\RP70\A0046427.exe Infected: Backdoor.Win32.Rbot.afu
C:\WINDOWS\system32\winlogi.exe Infected: Backdoor.Win32.Rbot.afu

Scan process completed.

My new HJT
Logfile of HijackThis v1.99.1
Scan saved at 20:45:35, on 21.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\MsMovies\MsMovies.exe
C:\WINDOWS\system32\winlogi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Xfire\Xfire.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/Default.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Programfiler\Burn4Free Toolbar\v2.0.0.2\Burn4Free_Toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Programfiler\Burn4Free Toolbar\v2.0.0.2\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Desksite CMA] C:\Programfiler\desksite\bin\cma.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsMovies] C:\Programfiler\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe
O4 - Global Startup: dlbcserv.lnk = C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programfiler\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Programfiler\ThemeManager\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Programfiler\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
Armodeluxe
Posted 21 October 2005 - 03:20 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
*Click Here to download Killbox by Option^Explicit.
*Double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\oo.exe
C:\Programfiler\MsMovies\MsMovies.exe
C:\Programfiler\MsMovies\p.zip/Video.exe
C:\Programfiler\MsMovies\p.zip
C:\Programfiler\MsMovies\v.tmp
C:\WINDOWS\system32\winlogi.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\msconfig.com

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the Do you want to reboot prompt.

After the reboot run HijackThis again. Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [MsMovies] C:\Programfiler\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe

Close HiJackThis.

Reboot once more and post the resulting HijackThis log.
  • 0

#5
Shadow_Fox
Posted 21 October 2005 - 03:43 PM

Shadow_Fox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 23:41:42, on 21.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programfiler\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/Default.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Programfiler\Burn4Free Toolbar\v2.0.0.2\Burn4Free_Toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Programfiler\Burn4Free Toolbar\v2.0.0.2\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Desksite CMA] C:\Programfiler\desksite\bin\cma.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe
O4 - Global Startup: dlbcserv.lnk = C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programfiler\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Programfiler\ThemeManager\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Programfiler\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

The computer seems to run much faster too now, and didnt have any problems restarting, which it usually do. And task manager is working.

Edited by Shadow_Fox, 21 October 2005 - 03:44 PM.

  • 0

#6
Armodeluxe
Posted 22 October 2005 - 12:59 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Looks good to me, the virus entries are gone.. :tazz:

Now let's reset your restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Please take the following into consideration to maintain a clean computer.

I'll recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.

Winpatrol

Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#7
Shadow_Fox
Posted 22 October 2005 - 02:35 PM

Shadow_Fox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for all the help, so do it seems clean now? cause my computer still seems to have some issues, like problems turning off, rather high amount of crashing programs and so.
  • 0

#8
Armodeluxe
Posted 23 October 2005 - 06:35 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Start>All Programs>Administrative tools>Performance>Alerts

Start>All Programs>Administrative tools>Event Viewer


See if there are any alerts first..

Then under Event Viewer there are three logs, check for warnings and errors there..

You can double click on an entry for more info..
  • 0

#9
Shadow_Fox
Posted 23 October 2005 - 08:12 AM

Shadow_Fox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
There were several errors and alerts in the Event Viewer, but none in Performace\Alert.
  • 0

#10
Armodeluxe
Posted 23 October 2005 - 08:20 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Post the information for those errors after double clicking on the entries..
  • 0

Advertisements

#11
Shadow_Fox
Posted 23 October 2005 - 08:26 AM

Shadow_Fox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
i got Norwegian Windows XP though, so its not in english.
You want me to translate it into english?
  • 0

#12
Armodeluxe
Posted 24 October 2005 - 06:24 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Well, we wouldn't lose anything by trying, so please do..
  • 0

#13
Shadow_Fox
Posted 24 October 2005 - 04:10 PM

Shadow_Fox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Program errors:

Eventtype: Error
EventSource: EventSystem
EventCatogory: (50)
Event-ID: 4609
Date: 24.10.2005
Clock: 16:04:53
User: N/A
Computer: KIM
Description:
COM+-eventsystem found an invalid returncode during the internal treatment. HRESULT was C0000005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contact Microsoft Customer Service to report this error.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp.
(This error seems to come up several times.)


Eventtype: Error
Eventsource: Application Hang
Eventcatogory: (101)
Event-ID: 1002
Date: 22.10.2005
Clock: 21:57:14
User: N/A
Computer: KIM
Description:
Hanging program spywareblaster.exe, version 3.4.0.0, hanging modul hungapp, version 0.0.0.0, hangadress 0x00000000.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 73 70 79 77 61 72 spywar
0018: 65 62 6c 61 73 74 65 72 eblaster
0020: 2e 65 78 65 20 33 2e 34 .exe 3.4
0028: 2e 30 2e 30 20 69 6e 20 .0.0 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00

Eventtype: Error
Eventsource: EventSystem
Eventcatogory: (50)
Event-ID: 4609
Date: 22.10.2005
Clock: 21:35:2
User: N/A
Computer: KIM
Beskrivelse:
COM+-eventsystem found an invalid returncode during the internal treatment. HRESULT was C0000005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contact Microsoft Customer Service to rapport this error.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp.

Eventtype: Error
Eventsource: Application Hang
Eventcatogory: (101)
Event-ID: 1002
Date: 22.10.2005
Clock: 15:49:27
User: N/A
Computer: KIM
Description:
Hanging program CCAPP.EXE, version 103.0.5.2, hanging modul hungapp, version 0.0.0.0, hangadress 0x00000000.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 43 43 41 50 50 2e CCAPP.
0018: 45 58 45 20 31 30 33 2e EXE 103.
0020: 30 2e 35 2e 32 20 69 6e 0.5.2 in
0028: 20 68 75 6e 67 61 70 70 hungapp
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 30 30 30 30 et 00000
0048: 30 30 30 000


Eventtype: Error
Eventsource: Application Hang
Eventcatogory: (101)
Event-ID: 1002
Date: 22.10.2005
Clock: 02:32:01
Computer: KIM
Description:
Hanging program PowerDVD.exe, version 5.0.0.0, hanging modul hungapp, versjon 0.0.0.0, hangadress 0x00000000.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 50 6f 77 65 72 44 PowerD
0018: 56 44 2e 65 78 65 20 35 VD.exe 5
0020: 2e 30 2e 30 2e 30 20 69 .0.0.0 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000

Eventtype: Error
Eventsource: EventSystem
Eventcatogory: (50)
Event-ID: 4609
Date: 22.10.2005
Clock: 01:54:12
User: N/A
Computer: KIM
Description:
COM+-Eventsystem found an invalid returncode during the internal treatment. HRESULT was C0000005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contact Microsoft Support service to report this error.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp.


Eventtype: Error
Eventcatogory: (50)
Event-ID: 4609
Date: 22.10.2005
Clock: 01:37:58
User: N/A
Computer: KIM
Description:
COM+-Eventsystem found an invalid returncode during the internal treatment. HRESULT was C0000005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contact Microsoft Support service to report this error.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp.

Eventtype: Error
Eventsource: EventSystem
Eventcatogory: (50)
Event-ID: 4609
Date: 21.10.2005
Clock: 23:41:07
User: N/A
Computer: KIM
Description:
COM+-Eventsystem found an invalid returncode during the internal treatment. HRESULT was C0000005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contact Microsoft Support service to report this error.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp.


Same one again,
and again
and again
and again

Eventtype: Error
Eventsource: Application Error
Eventcatogory: None
Event-ID: 1000
Date: 16.10.2005
Clock: 11:52:18
User: N/A
Computer: KIM
Description:
Erroring program navw32.exe, version 11.0.9.16, erroing module uxtheme.dll, version 6.0.2900.2180, erroradress 0x0000458a.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6e 61 76 ure nav
0018: 77 33 32 2e 65 78 65 20 w32.exe
0020: 31 31 2e 30 2e 39 2e 31 11.0.9.1
0028: 36 20 69 6e 20 75 78 74 6 in uxt
0030: 68 65 6d 65 2e 64 6c 6c heme.dll
0038: 20 36 2e 30 2e 32 39 30 6.0.290
0040: 30 2e 32 31 38 30 20 61 0.2180 a
0048: 74 20 6f 66 66 73 65 74 t offset
0050: 20 30 30 30 30 34 35 38 0000458
0058: 61 0d 0a a..

EventSystem again

Eventtype: Error
Eventsource: Application Hang
Event-ID: 1002
Date: 15.10.2005
User: N/A
Computer: KIM
Description:
Hanging program BF2.exe, version 0.0.0.0, hanging module hungapp, version 0.0.0.0, hangadress 0x00000000.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 42 46 32 2e 65 78 BF2.ex
0018: 65 20 30 2e 30 2e 30 2e e 0.0.0.
0020: 30 20 69 6e 20 68 75 6e 0 in hun
0028: 67 61 70 70 20 30 2e 30 gapp 0.0
0030: 2e 30 2e 30 20 61 74 20 .0.0 at
0038: 6f 66 66 73 65 74 20 30 offset 0
0040: 30 30 30 30 30 30 30 0000000


Eventtype: Error
Eventsource: Application Hang
Eventcatogory: (101)
Event-ID: 1002
Date: 15.10.2005
Clock: 12:23:18
User: N/A
Computer: KIM
Description:
Hanging program QuickTimePlayer.exe, version 6.5.0.48, hanging module hungapp, version 0.0.0.0, hangadress 0x00000000.

If you want more information, look Help and Support on http://go.microsoft....link/events.asp
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 51 75 69 63 6b 54 QuickT
0018: 69 6d 65 50 6c 61 79 65 imePlaye
0020: 72 2e 65 78 65 20 36 2e r.exe 6.
0028: 35 2e 30 2e 34 38 20 69 5.0.48 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000

I can't do much more at the moment.
  • 0

#14
Armodeluxe
Posted 25 October 2005 - 12:22 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
You've got quite a few different programs hanging..spywareblaster, norton, powerdvd, quicktime, battlefield..

I would say you may be running low on memory and adding RAM may help..

You may also run the full pctuneup tests at this forum to see if there are any other problems with your computer, it's free..

http://pcpitstop.com/
  • 0

#15
Shadow_Fox
Posted 30 October 2005 - 04:26 PM

Shadow_Fox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I'll try add some more ram when i can afford. It seemed like it had no problems turning off if i exited things like WinPatrol, Msn and all that before telling it to turn off.
But still. Ad-Aware seems to find tracker cookies, even though i don't enter Internet explorer. you got any idea why?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP