This one has eluded every attempt at scans, online scans, etc etc. So i followed your instructions to the best of my abilities and am now pasting the ewido log, additional info at the end of that about the files and exe's which seem to be the culprits, and the HJT log. Look forward to having my computer back!!
Thanks again and kindest regards,
Kevin
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:58:23 AM, 11/29/2005
+ Report-Checksum: 2B4D9F48
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
HKU\S-1-5-21-2136417557-1266486392-598665437-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Maritza\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
::Report End
Error Signature
szAppName : services.exe szAppVer : 5.1.2600.2180 szModName : esent.dll
szModVer : 5.1.2600.2180 offset : 00023352
Error Report Contents
C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WERe799.dir00\services.exe.mdmp
C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WERe799.dir00\appcompat.txt
*Files in WER0889.dir00* - same as files in above folder, generated every couple hours...
file "appcompat.txt"
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="616960" CHECKSUM="0x8E9BCF02" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA0DE4" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:23" UPTO_LINK_DATE="08/04/2004 07:56:23" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="280064" CHECKSUM="0x4034C34C" BIN_FILE_VERSION="5.1.2600.2770" BIN_PRODUCT_VERSION="5.1.2600.2770" PRODUCT_VERSION="5.1.2600.2770" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2770 (xpsp_sp2_gdr.051005-1513)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4F940" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2770" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2770" LINK_DATE="10/06/2005 03:09:36" UPTO_LINK_DATE="10/06/2005 03:09:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="983552" CHECKSUM="0x4CE79457" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFF848" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="708096" CHECKSUM="0x9D20568" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAF2F7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1285120" CHECKSUM="0xA38DDD0E" BIN_FILE_VERSION="5.1.2600.2726" BIN_PRODUCT_VERSION="5.1.2600.2726" PRODUCT_VERSION="5.1.2600.2726" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x13DC6B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2726" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2726" LINK_DATE="07/26/2005 04:39:47" UPTO_LINK_DATE="07/26/2005 04:39:47" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="553472" CHECKSUM="0x4155D7D" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.1.2600.2180" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x96957" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:57:39" UPTO_LINK_DATE="08/04/2004 07:57:39" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8450560" CHECKSUM="0xBA1815C3" BIN_FILE_VERSION="6.0.2900.2763" BIN_PRODUCT_VERSION="6.0.2900.2763" PRODUCT_VERSION="6.00.2900.2763" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2763 (xpsp_sp2_gdr.050922-1642)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x81CD3E" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2763" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2763" LINK_DATE="09/23/2005 03:05:26" UPTO_LINK_DATE="09/23/2005 03:05:26" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="user32.dll" SIZE="577024" CHECKSUM="0xE2FA2429" BIN_FILE_VERSION="5.1.2600.2622" BIN_PRODUCT_VERSION="5.1.2600.2622" PRODUCT_VERSION="5.1.2600.2622" FILE_DESCRIPTION="Windows XP USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9505C" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2622" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2622" LINK_DATE="03/02/2005 18:09:29" UPTO_LINK_DATE="03/02/2005 18:09:29" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="wininet.dll" SIZE="658432" CHECKSUM="0x13F50C71" BIN_FILE_VERSION="6.0.2900.2753" BIN_PRODUCT_VERSION="6.0.2900.2753" PRODUCT_VERSION="6.00.2900.2753" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2753 (xpsp_sp2_gdr.050902-1326)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA4E6B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2753" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2753" LINK_DATE="09/02/2005 23:52:06" UPTO_LINK_DATE="09/02/2005 23:52:06" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>
file "manifest.txt"
Server=watson.microsoft.com
UI LCID=1033
Flags=1671504
Brand=WINDOWS
TitleName=Services and Controller app
DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId
ErrorText=If you were in the middle of something, the information you were working on might be lost.
Stage1URL=
Stage1URL=/StageOne/services_exe/5_1_2600_2180/esent_dll/5_1_2600_2180/0002334c.htm
Stage2URL=
Stage2URL=/dw/stagetwo.asp?szAppName=services.exe&szAppVer=5.1.2600.2180&szModName=esent.dll&szModVer=5.1.2600.2180&offset=0002334c
DataFiles=C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00\services.exe.mdmp|C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00\appcompat.txt
Heap=C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00\services.exe.hdmp
ErrorSubPath=services.exe\5.1.2600.2180\esent.dll\5.1.2600.2180\0002334c
DirectoryDelete=C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00
exe "services.exe.hdmp"
last line:
S e r v i c e r s t a r t S - 1 - 5 - 1 8 k L o c a t i o n A w a r e n e s s ( N L A ) r u n n i n g
second file of same name last line:
s e l e c t * f r o m M S F T _ S C M E v e n t L o g E v e n t " , M S F T _ S C M E V E N T L O G E V E N T & M S F T _ N E T B A D A C C O U N T ÝD M S F T _ N E T S E R V I C E E X I T F A I L E D S P E C I F I C * M S F T _ N E T S E R V I C E C R A S H : M S F T _ N E T S E R V I C E S T A R T F A I L E D I I 4 M S F T _ N E T C O N N E C T I O N T I M E O U T 0 M S F T _ N E T R E A D F I L E T I M E O U T : M S F T _ N E T C A L L T O F U N C T I O N F A I L E D < M S F T _ N E T S E R V I C E C O N T R O L S U C C E S S @ M S F T _ N E T S E R V I C E S T A R T F A I L E D G R O U P 4 M S F T _ N E T S E R V I C E E X I T F A I L E D @ M S F T _ N E T R E V E R T E D T O L A S T K N O W N G O O D 2 M S F T _ N E T S E R V I C E S T A R T H U N G B M S F T _ N E T C I R C U L A R D E P E N D E N C Y D E M A N D > M S F T _ N E T C I R C U L A R D E P E N D E N C Y A U T O 6 M S F T _ N E T D E P E N D O N L A T E R G R O U P , M S F T _ N E T T A K E O W N E R S H I P < M S F T _ N E T S E R V I C E R E C O V E R Y F A I L E D F M S F T _ N E T S E R V I C E C O N F I G B A C K O U T F A I L E D > M S F T _ N E T C A L L T O F U N C T I O N F A I L E D I I : M S F T _ N E T S E R V I C E C R A S H N O A C T I O N 0 M S F T _ N E T T R A N S A C T T I M E O U T 8 M S F T _ N E T S E V E R E S E R V I C E F A I L E D 0 M S F T _ N E T T R A N S A C T I N V A L I D < M S F T _ N E T S E R V I C E N O T I N T E R A C T I V E 6 M S F T _ N E T S E R V I C E S T A R T F A I L E D 2 M S F T _ N E T F I R S T L O G O N F A I L E D : M S F T _ N E T S E R V I C E S T A T U S S U C C E S S : M S F T _ N E T D E P E N D O N L A T E R S E R V I C E @ M S F T _ N E T I N V A L I D D R I V E R D E P E N D E N C Y > M S F T _ N E T S E R V I C E S T A R T F A I L E D N O N E 0 M S F T _ N E T B A D S E R V I C E S T