Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

szAppName : services.exe szAppVer : 5.1.2600.2180 szModName :

Started by KHall , Nov 28 2005 06:35 AM

  • Please log in to reply

#1
KHall
Posted 28 November 2005 - 06:35 AM

KHall

    New Member

  • Member
  • Pip
  • 1 posts
Hello and thank you for your clear, comprehensive and i suspect ultimately successful help! (almost there??)
This one has eluded every attempt at scans, online scans, etc etc. So i followed your instructions to the best of my abilities and am now pasting the ewido log, additional info at the end of that about the files and exe's which seem to be the culprits, and the HJT log. Look forward to having my computer back!!
Thanks again and kindest regards,
Kevin

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:58:23 AM, 11/29/2005
+ Report-Checksum: 2B4D9F48

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
HKU\S-1-5-21-2136417557-1266486392-598665437-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9527D42F-D666-11D3-B8DD-00600838CD5F} -> Spyware.GhostSurf : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Maritza\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup


::Report End


Error Signature
szAppName : services.exe szAppVer : 5.1.2600.2180 szModName : esent.dll
szModVer : 5.1.2600.2180 offset : 00023352

Error Report Contents
C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WERe799.dir00\services.exe.mdmp
C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WERe799.dir00\appcompat.txt



*Files in WER0889.dir00* - same as files in above folder, generated every couple hours...

file "appcompat.txt"
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="616960" CHECKSUM="0x8E9BCF02" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA0DE4" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:23" UPTO_LINK_DATE="08/04/2004 07:56:23" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="280064" CHECKSUM="0x4034C34C" BIN_FILE_VERSION="5.1.2600.2770" BIN_PRODUCT_VERSION="5.1.2600.2770" PRODUCT_VERSION="5.1.2600.2770" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2770 (xpsp_sp2_gdr.051005-1513)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4F940" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2770" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2770" LINK_DATE="10/06/2005 03:09:36" UPTO_LINK_DATE="10/06/2005 03:09:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="983552" CHECKSUM="0x4CE79457" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFF848" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="708096" CHECKSUM="0x9D20568" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAF2F7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1285120" CHECKSUM="0xA38DDD0E" BIN_FILE_VERSION="5.1.2600.2726" BIN_PRODUCT_VERSION="5.1.2600.2726" PRODUCT_VERSION="5.1.2600.2726" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x13DC6B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2726" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2726" LINK_DATE="07/26/2005 04:39:47" UPTO_LINK_DATE="07/26/2005 04:39:47" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="553472" CHECKSUM="0x4155D7D" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.1.2600.2180" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x96957" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:57:39" UPTO_LINK_DATE="08/04/2004 07:57:39" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8450560" CHECKSUM="0xBA1815C3" BIN_FILE_VERSION="6.0.2900.2763" BIN_PRODUCT_VERSION="6.0.2900.2763" PRODUCT_VERSION="6.00.2900.2763" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2763 (xpsp_sp2_gdr.050922-1642)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x81CD3E" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2763" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2763" LINK_DATE="09/23/2005 03:05:26" UPTO_LINK_DATE="09/23/2005 03:05:26" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="user32.dll" SIZE="577024" CHECKSUM="0xE2FA2429" BIN_FILE_VERSION="5.1.2600.2622" BIN_PRODUCT_VERSION="5.1.2600.2622" PRODUCT_VERSION="5.1.2600.2622" FILE_DESCRIPTION="Windows XP USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9505C" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2622" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2622" LINK_DATE="03/02/2005 18:09:29" UPTO_LINK_DATE="03/02/2005 18:09:29" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="wininet.dll" SIZE="658432" CHECKSUM="0x13F50C71" BIN_FILE_VERSION="6.0.2900.2753" BIN_PRODUCT_VERSION="6.0.2900.2753" PRODUCT_VERSION="6.00.2900.2753" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2753 (xpsp_sp2_gdr.050902-1326)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA4E6B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2753" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2753" LINK_DATE="09/02/2005 23:52:06" UPTO_LINK_DATE="09/02/2005 23:52:06" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows™ Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>


file "manifest.txt"
Server=watson.microsoft.com
UI LCID=1033
Flags=1671504
Brand=WINDOWS
TitleName=Services and Controller app
DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId
ErrorText=If you were in the middle of something, the information you were working on might be lost.
Stage1URL=
Stage1URL=/StageOne/services_exe/5_1_2600_2180/esent_dll/5_1_2600_2180/0002334c.htm
Stage2URL=
Stage2URL=/dw/stagetwo.asp?szAppName=services.exe&szAppVer=5.1.2600.2180&szModName=esent.dll&szModVer=5.1.2600.2180&offset=0002334c
DataFiles=C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00\services.exe.mdmp|C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00\appcompat.txt
Heap=C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00\services.exe.hdmp
ErrorSubPath=services.exe\5.1.2600.2180\esent.dll\5.1.2600.2180\0002334c
DirectoryDelete=C:\DOCUME~1\KEVINH~1\LOCALS~1\Temp\WER2b2d.dir00

exe "services.exe.hdmp"
last line:
S e r v i c e r s t a r t  S - 1 - 5 - 1 8 k L o c a t i o n A w a r e n e s s ( N L A )  r u n n i n g

second file of same name last line:
s e l e c t * f r o m M S F T _ S C M E v e n t L o g E v e n t " , M S F T _ S C M E V E N T L O G E V E N T & M S F T _ N E T B A D A C C O U N T ÝD M S F T _ N E T S E R V I C E E X I T F A I L E D S P E C I F I C * M S F T _ N E T S E R V I C E C R A S H : M S F T _ N E T S E R V I C E S T A R T F A I L E D I I 4 M S F T _ N E T C O N N E C T I O N T I M E O U T 0 M S F T _ N E T R E A D F I L E T I M E O U T : M S F T _ N E T C A L L T O F U N C T I O N F A I L E D < M S F T _ N E T S E R V I C E C O N T R O L S U C C E S S @ M S F T _ N E T S E R V I C E S T A R T F A I L E D G R O U P 4 M S F T _ N E T S E R V I C E E X I T F A I L E D @ M S F T _ N E T R E V E R T E D T O L A S T K N O W N G O O D 2 M S F T _ N E T S E R V I C E S T A R T H U N G B M S F T _ N E T C I R C U L A R D E P E N D E N C Y D E M A N D > M S F T _ N E T C I R C U L A R D E P E N D E N C Y A U T O 6 M S F T _ N E T D E P E N D O N L A T E R G R O U P , M S F T _ N E T T A K E O W N E R S H I P < M S F T _ N E T S E R V I C E R E C O V E R Y F A I L E D F M S F T _ N E T S E R V I C E C O N F I G B A C K O U T F A I L E D > M S F T _ N E T C A L L T O F U N C T I O N F A I L E D I I : M S F T _ N E T S E R V I C E C R A S H N O A C T I O N 0 M S F T _ N E T T R A N S A C T T I M E O U T 8 M S F T _ N E T S E V E R E S E R V I C E F A I L E D 0 M S F T _ N E T T R A N S A C T I N V A L I D < M S F T _ N E T S E R V I C E N O T I N T E R A C T I V E 6 M S F T _ N E T S E R V I C E S T A R T F A I L E D 2 M S F T _ N E T F I R S T L O G O N F A I L E D : M S F T _ N E T S E R V I C E S T A T U S S U C C E S S : M S F T _ N E T D E P E N D O N L A T E R S E R V I C E @ M S F T _ N E T I N V A L I D D R I V E R D E P E N D E N C Y > M S F T _ N E T S E R V I C E S T A R T F A I L E D N O N E 0 M S F T _ N E T B A D S E R V I C E S T
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP