Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

szAppName : services.exe szAppVer : 5.1.2600.2180 szModName :


  • Please log in to reply

#1
KHall

KHall

    New Member

  • Member
  • Pip
  • 1 posts
Hello and thank you for your clear, comprehensive and i suspect ultimately successful help! (almost there??)
This one has eluded every attempt at scans, online scans, etc etc. So i followed your instructions to the best of my abilities and am now pasting the ewido log, additional info at the end of that about the files and exe's which seem to be the culprits, and the HJT log. Look forward to having my computer back!!
Thanks again and kindest regards,
Kevin

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:58:23 AM, 11/29/2005
+ Report-Checksum: 2B4D9F48

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
HKU\S-1-5-21-2136417557-1266486392-598665437-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Maritza\Cookies\maritza@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup


::Report End


Error Signature
szAppName : services.exe szAppVer : 5.1.2600.2180 szModName : esent.dll
szModVer : 5.1.2600.2180 offset : 00023352

Error Report Contents
C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WERe799.dir00\services.exe.mdmp
C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WERe799.dir00\appcompat.txt



*Files in WER0889.dir00* - same as files in above folder, generated every couple hours...

file "appcompat.txt"
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="616960" CHECKSUM="0x8E9BCF02" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA0DE4" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:23" UPTO_LINK_DATE="08/04/2004 07:56:23" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="280064" CHECKSUM="0x4034C34C" BIN_FILE_VERSION="5.1.2600.2770" BIN_PRODUCT_VERSION="5.1.2600.2770" PRODUCT_VERSION="5.1.2600.2770" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2770 (xpsp_sp2_gdr.051005-1513)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4F940" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2770" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2770" LINK_DATE="10/06/2005 03:09:36" UPTO_LINK_DATE="10/06/2005 03:09:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="983552" CHECKSUM="0x4CE79457" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFF848" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="708096" CHECKSUM="0x9D20568" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAF2F7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1285120" CHECKSUM="0xA38DDD0E" BIN_FILE_VERSION="5.1.2600.2726" BIN_PRODUCT_VERSION="5.1.2600.2726" PRODUCT_VERSION="5.1.2600.2726" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x13DC6B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2726" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2726" LINK_DATE="07/26/2005 04:39:47" UPTO_LINK_DATE="07/26/2005 04:39:47" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="553472" CHECKSUM="0x4155D7D" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.1.2600.2180" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x96957" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:57:39" UPTO_LINK_DATE="08/04/2004 07:57:39" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8450560" CHECKSUM="0xBA1815C3" BIN_FILE_VERSION="6.0.2900.2763" BIN_PRODUCT_VERSION="6.0.2900.2763" PRODUCT_VERSION="6.00.2900.2763" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2763 (xpsp_sp2_gdr.050922-1642)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x81CD3E" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2763" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2763" LINK_DATE="09/23/2005 03:05:26" UPTO_LINK_DATE="09/23/2005 03:05:26" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="user32.dll" SIZE="577024" CHECKSUM="0xE2FA2429" BIN_FILE_VERSION="5.1.2600.2622" BIN_PRODUCT_VERSION="5.1.2600.2622" PRODUCT_VERSION="5.1.2600.2622" FILE_DESCRIPTION="Windows XP USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9505C" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2622" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2622" LINK_DATE="03/02/2005 18:09:29" UPTO_LINK_DATE="03/02/2005 18:09:29" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="wininet.dll" SIZE="658432" CHECKSUM="0x13F50C71" BIN_FILE_VERSION="6.0.2900.2753" BIN_PRODUCT_VERSION="6.0.2900.2753" PRODUCT_VERSION="6.00.2900.2753" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2753 (xpsp_sp2_gdr.050902-1326)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA4E6B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2753" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2753" LINK_DATE="09/02/2005 23:52:06" UPTO_LINK_DATE="09/02/2005 23:52:06" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows™ Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>


file "manifest.txt"
Server=watson.microsoft.com
UI LCID=1033
Flags=1671504
Brand=WINDOWS
TitleName=Services and Controller app
DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId
ErrorText=If you were in the middle of something, the information you were working on might be lost.
Stage1URL=
Stage1URL=/StageOne/services_exe/5_1_2600_2180/esent_dll/5_1_2600_2180/0002334c.htm
Stage2URL=
Stage2URL=/dw/stagetwo.asp?szAppName=services.exe&szAppVer=5.1.2600.2180&szModName=esent.dll&szModVer=5.1.2600.2180&offset=0002334c
DataFiles=C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00\services.exe.mdmp|C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00\appcompat.txt
Heap=C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00\services.exe.hdmp
ErrorSubPath=services.exe\5.1.2600.2180\esent.dll\5.1.2600.2180\0002334c
DirectoryDelete=C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00

exe "services.exe.hdmp"
last line:
S e r v i c e r s t a r t  S - 1 - 5 - 1 8 k L o c a t i o n A w a r e n e s s ( N L A )  r u n n i n g

second file of same name last line:
s e l e c t * f r o m M S F T _ S C M E v e n t L o g E v e n t " , M S F T _ S C M E V E N T L O G E V E N T & M S F T _ N E T B A D A C C O U N T ÝD M S F T _ N E T S E R V I C E E X I T F A I L E D S P E C I F I C * M S F T _ N E T S E R V I C E C R A S H : M S F T _ N E T S E R V I C E S T A R T F A I L E D I I 4 M S F T _ N E T C O N N E C T I O N T I M E O U T 0 M S F T _ N E T R E A D F I L E T I M E O U T : M S F T _ N E T C A L L T O F U N C T I O N F A I L E D < M S F T _ N E T S E R V I C E C O N T R O L S U C C E S S @ M S F T _ N E T S E R V I C E S T A R T F A I L E D G R O U P 4 M S F T _ N E T S E R V I C E E X I T F A I L E D @ M S F T _ N E T R E V E R T E D T O L A S T K N O W N G O O D 2 M S F T _ N E T S E R V I C E S T A R T H U N G B M S F T _ N E T C I R C U L A R D E P E N D E N C Y D E M A N D > M S F T _ N E T C I R C U L A R D E P E N D E N C Y A U T O 6 M S F T _ N E T D E P E N D O N L A T E R G R O U P , M S F T _ N E T T A K E O W N E R S H I P < M S F T _ N E T S E R V I C E R E C O V E R Y F A I L E D F M S F T _ N E T S E R V I C E C O N F I G B A C K O U T F A I L E D > M S F T _ N E T C A L L T O F U N C T I O N F A I L E D I I : M S F T _ N E T S E R V I C E C R A S H N O A C T I O N 0 M S F T _ N E T T R A N S A C T T I M E O U T 8 M S F T _ N E T S E V E R E S E R V I C E F A I L E D 0 M S F T _ N E T T R A N S A C T I N V A L I D < M S F T _ N E T S E R V I C E N O T I N T E R A C T I V E 6 M S F T _ N E T S E R V I C E S T A R T F A I L E D 2 M S F T _ N E T F I R S T L O G O N F A I L E D : M S F T _ N E T S E R V I C E S T A T U S S U C C E S S : M S F T _ N E T D E P E N D O N L A T E R S E R V I C E @ M S F T _ N E T I N V A L I D D R I V E R D E P E N D E N C Y > M S F T _ N E T S E R V I C E S T A R T F A I L E D N O N E 0 M S F T _ N E T B A D S E R V I C E S T
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP