Unsolved
This post is more than 5 years old
14 Posts
0
1400
worms/trojans - cant remove | UPDATED!! new log
with norton online scan i noticed that i had 2 worms/trojans it was w32.esbot.A and w32.zotob.E
i searched in a couple of forums how to remove them, but nothing of their help worked. i read about them and found out, that esbot.A crash windows plug and play function and zotob.E restarts the computer if the plug and play function crashes..
heres my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 14:00:14, on 17-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Scan saved at 14:00:14, on 17-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\HJT\HijackThis.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129545872000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129545872000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
regards Benjamin
Message Edited by XuRyZ on 10-18-2005 10:09 AM
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
October 17th, 2005 12:00
XuRyZ
14 Posts
0
October 18th, 2005 09:00
Scan saved at 12:53:10, on 18-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129545872000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
October 18th, 2005 16:00
XuRyZ
14 Posts
0
October 18th, 2005 17:00
RKinner
5.9K Posts
0
October 18th, 2005 23:00
XuRyZ
14 Posts
0
October 19th, 2005 08:00
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programmer\Messenger\msmsgs.exe" /background" [MS]
"MsnMsgr" = ""C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"NAV CfgWiz" = ""C:\Programmer\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"" ["Symantec Corporation"]
"SunJavaUpdateSched" = "C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrolpanel-udvidelse til skærmpanorering"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikon"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Landskab.bmp"
Enabled Screen Saver:
---------------------
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programmer\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 26 seconds, including 18 seconds for message boxes)
XuRyZ
14 Posts
0
October 19th, 2005 08:00
BCCode : 1000008e BCP1 : C0000005 BCP2 : 80629D5C BCP3 : F44D78BC
BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 768_1
when i send the report to windwos, it opens a IE windows and say that is a device driver error
http://oca.microsoft.com/en/response.aspx?SGD=2f398104-4655-4b4f-bfae-0ab0955d285c&SID=10
ps. sorry for the bad translation from my language to english. hope you can understand it :D
- regards Benjamin
RKinner
5.9K Posts
0
October 19th, 2005 13:00
XuRyZ
14 Posts
0
October 19th, 2005 14:00
sorry to type the word but there is a freaking load of these errors (not finished yet)(http://files.upl.silentwhisper.net/upload0/many.JPG)
i grouped them and counted. there is 205 red marks, and 3 yellow. do i have to write them all down?
Message Edited by XuRyZ on 10-19-2005 10:43 AM
XuRyZ
14 Posts
0
October 19th, 2005 14:00
sorry missed a point in the first post about sigverif. i searched with the program and it came with following result:
http://files.upl.silentwhisper.net/upload4/sigverif.JPG
Hændelseskategori: (102)
Hændelses-id: 1003
Date: 19-10-2005
time: 16:49:37
User: not accisable (think its spelled that way...)
Computer: ECS-BA
descripition:
errorcode 10000050, parameter 1 fff5b308, parameter 2 00000001, parameter 3 bfa5b0df, parameter 4 00000000.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 35 1000005
0020: 30 20 20 50 61 72 61 6d 0 Param
0028: 65 74 65 72 73 20 66 66 eters ff
0030: 66 35 62 33 30 38 2c 20 f5b308,
0038: 30 30 30 30 30 30 30 31 00000001
0040: 2c 20 62 66 61 35 62 30 , bfa5b0
0048: 64 66 2c 20 30 30 30 30 df, 0000
0050: 30 30 30 30 0000
Hændelsestype: warning
Hændelseskilde: Tcpip
Hændelseskategori: none
Hændelses-id: 4226
Date: 19-10-2005
Time: 16:41:27
User: not accisable
Computer: ECS-BA
Description:
TCP/IP has reached the safetylimit, there is given number of simultaneous time attempt on establishing of TCP-conections
other information can be found under help and support on:http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ......
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
error 3)
Hændelseskilde: DCOM
Hændelseskategori: none
Hændelses-id: 10010
Date: 19-10-2005
Time: 16:33:58
User: ECS-BA\XuRyZ
Computer: ECS-BA
Description:
the server {AF24674E-2204-438D-8092-E3424E2399D8} didnt get recognized by DCOM in the desired period of time
Hændelseskategori: (102)
Hændelses-id: 1003
Date: 19-10-2005
Time: 15:06:48
Bruger: not accisable
Computer: ECS-BA
Beskrivelse:
Fejlkode 1000000a, parameter 1 00679efc, parameter 2 00000002, parameter 3 00000001, parameter 4 80521bfb.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 30 1000000
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 36 37 39 65 66 63 2c 20 679efc,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 31 2c 20 38 30 35 32 01, 8052
0050: 31 62 66 62 1bfb
Hændelseskilde: System Error
Hændelseskategori: (102)
Hændelses-id: 1003
Dato: 19-10-2005
Klokkeslæt: 15:06:41
Bruger: not accisable
Beskrivelse:
error code 1000000a, parameter 1 002187b8, parameter 2 00000002, parameter 3 00000000, parameter 4 804f9a84.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 30 1000000
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 32 31 38 37 62 38 2c 20 2187b8,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 38 30 34 66 00, 804f
0050: 39 61 38 34 9a84
Hændelseskilde: System Error
Hændelseskategori: (102)
Hændelses-id: 1003
Dato: 19-10-2005
Klokkeslæt: 14:47:55
Bruger: Ikke tilgængelig
Computer: ECS-BA
Beskrivelse:
Fejlkode 10000050, parameter 1 ff0ecf88, parameter 2 00000001, parameter 3 bfa5b0df, parameter 4 00000000.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 35 1000005
0020: 30 20 20 50 61 72 61 6d 0 Param
0028: 65 74 65 72 73 20 66 66 eters ff
0030: 30 65 63 66 38 38 2c 20 0ecf88,
0038: 30 30 30 30 30 30 30 31 00000001
0040: 2c 20 62 66 61 35 62 30 , bfa5b0
0048: 64 66 2c 20 30 30 30 30 df, 0000
0050: 30 30 30 30 0000
Hændelseskilde: System Error
Hændelseskategori: (102)
Hændelses-id: 1003
Dato: 19-10-2005
Klokkeslæt: 13:46:06
Bruger: Ikke tilgængelig
Computer: ECS-BA
Beskrivelse:
Fejlkode 100000d1, parameter 1 751c5564, parameter 2 00000002, parameter 3 00000000, parameter 4 f66a8328.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 64 100000d
0020: 31 20 20 50 61 72 61 6d 1 Param
0028: 65 74 65 72 73 20 37 35 eters 75
0030: 31 63 35 35 36 34 2c 20 1c5564,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 66 36 36 61 00, f66a
0050: 38 33 32 38 8328
Hændelseskilde: System Error
Hændelseskategori: (102)
Hændelses-id: 1003
Dato: 19-10-2005
Klokkeslæt: 12:28:01
Bruger: Ikke tilgængelig
Computer: ECS-BA
Beskrivelse:
Fejlkode 1000000a, parameter 1 539a1700, parameter 2 00000002, parameter 3 00000001, parameter 4 805138ec.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 30 1000000
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 35 33 eters 53
0030: 39 61 31 37 30 30 2c 20 9a1700,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 31 2c 20 38 30 35 31 01, 8051
0050: 33 38 65 63 38ec
Hændelseskilde: System Error
Hændelseskategori: (102)
Hændelses-id: 1003
Dato: 19-10-2005
Klokkeslæt: 12:03:39
Bruger: Ikke tilgængelig
Computer: ECS-BA
Beskrivelse:
Fejlkode 10000050, parameter 1 ef0a6000, parameter 2 00000000, parameter 3 8051f4a3, parameter 4 00000000.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 35 1000005
0020: 30 20 20 50 61 72 61 6d 0 Param
0028: 65 74 65 72 73 20 65 66 eters ef
0030: 30 61 36 30 30 30 2c 20 0a6000,
0038: 30 30 30 30 30 30 30 30 00000000
0040: 2c 20 38 30 35 31 66 34 , 8051f4
0048: 61 33 2c 20 30 30 30 30 a3, 0000
0050: 30 30 30 30 0000
RKinner
5.9K Posts
0
October 19th, 2005 16:00
dir /ogd \windows >>\junk2.txt
dir /ogd \windows\inf >>\junk2.txt
dir /ogd \"program files" >>\junk2.txt
net start >>\junk2.txt
Download the Killbox.
http://www.downloads.subratam.org/KillBox.exe
http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Save it to the desktop
reboot into Safe Mode (F8) and run the escan(mwav) program. Select DRIVE and SCAN ALL FILES then Clean Scan or Scan Clean (I forget the button label)
Fri Jul 29 10:25:26 2005 => File C:\WINDOWS\System32\06wu29rd.exe tagged as not-a-virus:AdWare.F1Organizer.g. No Action Taken.
(hint use Wordpad's Edit, Find to search for: Action Taken)
Select "Delete on Reboot".
Place the full path in the "Full Path of File to Delete" box in Killbox:
example: C:\WINDOWS\System32\06wu29rd.exe
Press the red button, agree you want to delete the file but do not let it reboot yet. Repeat for every not-a-virus entry then let it reboot after the last one.
XuRyZ
14 Posts
0
October 19th, 2005 17:00
Message Edited by XuRyZ on 10-19-2005 04:37 PM
RKinner
5.9K Posts
0
October 19th, 2005 23:00
XuRyZ
14 Posts
0
October 20th, 2005 07:00
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
________________________________________________
Total of file sizes: 603.766.584 bytes 575,79 M
XuRyZ
14 Posts
0
October 20th, 2005 10:00