1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

2ND Trusted Zone *63.219.181.7

Discussion in 'Malware and Virus Removal Archive' started by Zach, 2004/11/17.

Thread Status:
Not open for further replies.
  1. 2004/11/17
    Zach

    Zach Inactive Thread Starter

    Joined:
    2004/11/17
    Messages:
    7
    Likes Received:
    0
    This one is good - whoever wrote this one did good, ***** ***** ***** ******. edit note: please avoid profanity. Not needed and not permitted on the forum. Newt

    I got this one also - and as I can see its as new as it looked to me - I will continue looking for it and post back if I find it - I have scanned everything on my computer - nothing - killed those files mentioned before - nothing - still coming back - it puts itself back in the trusted zones immediately upon finishing.

    Nothing running, it has to be an attached dll to explorer or iexplorer, with the date changed to the same date as all the windows dlls


    Thread split from http://www.windowsbbs.com/showthread.php?t=37349
    Its to confusing working with more that one persons log in same thread.
    Lonny
     
    Zach,
    #1
  2. 2004/11/17
    Zach

    Zach Inactive Thread Starter

    Joined:
    2004/11/17
    Messages:
    7
    Likes Received:
    0
    (I am not trying to jump in this guys thread - I figure any info I got helps him - I have a very big clue of what I am doing, and this one has me stumped)

    I just grabbed all my attached DLLs - will list below - the three files above - I have deleted, are not running, and it still is instantly putting the ip back in the trusted zones


    The very last three DLLs I am about to look into a bit more - they have no listed Date, Size, anything - just that they are attached.


    Explorer DLLS

    d:\program files\google\deskbar-0.5.95.0\deskbarex.dll
    D:\Program Files\Google\deskbar-0.5.95.0\ggtaskbar.dll
    d:\program files\google\deskbar-0.5.95.0\loader.dll
    C:\Program Files\Trillian\events.dll
    D:\WINDOWS\system32\ACTIVEDS.dll
    D:\WINDOWS\system32\actxprxy.dll
    D:\WINDOWS\system32\adsldpc.dll
    D:\WINDOWS\system32\ADVAPI32.dll
    D:\WINDOWS\system32\appHelp.dll
    D:\WINDOWS\system32\asycfilt.dll
    D:\WINDOWS\system32\ATL.DLL
    D:\WINDOWS\system32\BatMeter.dll
    D:\WINDOWS\system32\BROWSEUI.dll
    D:\WINDOWS\system32\CFGMGR32.dll
    D:\WINDOWS\system32\CLBCatQ.DLL
    D:\WINDOWS\system32\CLUSAPI.dll
    D:\WINDOWS\system32\comdlg32.dll
    D:\WINDOWS\system32\COMRes.dll
    D:\WINDOWS\system32\credui.dll
    D:\WINDOWS\system32\CRYPT32.dll
    D:\WINDOWS\System32\CSCDLL.dll
    D:\WINDOWS\System32\cscui.dll
    D:\WINDOWS\system32\GDI32.dll
    D:\WINDOWS\system32\IMM32.DLL
    D:\WINDOWS\system32\iphlpapi.dll
    D:\WINDOWS\system32\kernel32.dll
    D:\WINDOWS\system32\LINKINFO.dll
    D:\WINDOWS\system32\midimap.dll
    D:\WINDOWS\system32\mlang.dll
    D:\WINDOWS\system32\MPR.dll
    D:\WINDOWS\system32\MSACM32.dll
    D:\WINDOWS\system32\msacm32.drv
    D:\WINDOWS\system32\MSASN1.dll
    D:\WINDOWS\system32\MSCTF.dll
    D:\WINDOWS\system32\mshtml.dll
    D:\WINDOWS\system32\msi.dll
    D:\WINDOWS\system32\MSIMG32.dll
    D:\WINDOWS\system32\msimtf.dll
    D:\WINDOWS\system32\MSLS31.DLL
    D:\WINDOWS\system32\msv1_0.dll
    D:\WINDOWS\system32\msvcrt.dll
    D:\WINDOWS\system32\netapi32.dll
    D:\WINDOWS\system32\NETSHELL.dll
    D:\WINDOWS\system32\ntdll.dll
    D:\WINDOWS\system32\ntshrui.dll
    D:\WINDOWS\system32\ole32.dll
    D:\WINDOWS\system32\OLEAUT32.dll
    D:\WINDOWS\system32\POWRPROF.dll
    D:\WINDOWS\system32\printui.dll
    D:\WINDOWS\system32\PSAPI.DLL
    D:\WINDOWS\system32\RASAPI32.DLL
    D:\WINDOWS\system32\rasman.dll
    D:\WINDOWS\system32\RPCRT4.dll
    D:\WINDOWS\system32\rsaenh.dll
    D:\WINDOWS\system32\rtutils.dll
    D:\WINDOWS\system32\SAMLIB.dll
    D:\WINDOWS\system32\Secur32.dll
    D:\WINDOWS\system32\sensapi.dll
    D:\WINDOWS\system32\SETUPAPI.dll
    D:\WINDOWS\system32\shdoclc.dll
    D:\WINDOWS\system32\SHDOCVW.dll
    D:\WINDOWS\system32\SHELL32.dll
    D:\WINDOWS\system32\SHLWAPI.dll
    D:\WINDOWS\system32\stobject.dll
    D:\WINDOWS\system32\TAPI32.dll
    D:\WINDOWS\system32\themeui.dll
    D:\WINDOWS\system32\urlmon.dll
    D:\WINDOWS\system32\USER32.dll
    D:\WINDOWS\system32\USERENV.dll
    D:\WINDOWS\system32\UxTheme.dll
    D:\WINDOWS\system32\VERSION.dll
    D:\WINDOWS\system32\wdmaud.drv
    D:\WINDOWS\system32\WININET.dll
    D:\WINDOWS\system32\WINMM.dll
    D:\WINDOWS\system32\WINSPOOL.DRV
    D:\WINDOWS\system32\WINSTA.dll
    D:\WINDOWS\system32\WLDAP32.dll
    D:\WINDOWS\system32\WS2_32.dll
    D:\WINDOWS\system32\WS2HELP.dll
    D:\WINDOWS\system32\WTSAPI32.dll
    D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.0.0_x-ww_8A69BA05\COMCTL32.dll
    D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.100.0_x-ww_8417450B\comctl32.dll
    d:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
    d:\Program Files\Common Files\Microsoft Shared\VS7Debug\pdm.dll
    D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
    D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
    d:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
    D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
    D:\WINDOWS\system32\mscoree.dll




    IE Explorer DLLs

    D:\WINDOWS\system32\imon.dll
    D:\PROGRA~1\SEARCH~1\deskbar.dll <---- Is an OK DLL
    D:\WINDOWS\system32\DDRAW.dll
    D:\WINDOWS\system32\AlxTB1.dll <---- I like, and have no problem with
    D:\Program Files\FlashCapture\fcbho.dll
    C:\Program Files\Trillian\events.dll
    C:\Program Files\Trillian\MSVCR71.dll
    D:\Program Files\Microsoft Office\OFFICE11\msohev.dll
    D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    D:\WINDOWS\system32\ntdll.dll
    D:\WINDOWS\system32\kernel32.dll
    D:\WINDOWS\system32\msvcrt.dll
    D:\WINDOWS\system32\USER32.dll
    D:\WINDOWS\system32\GDI32.dll
    D:\WINDOWS\system32\SHLWAPI.dll
    D:\WINDOWS\system32\ADVAPI32.dll
    D:\WINDOWS\system32\RPCRT4.dll
    D:\WINDOWS\system32\SHDOCVW.dll
    D:\WINDOWS\system32\ShimEng.dll
    D:\WINDOWS\AppPatch\AcLayers.DLL
    D:\WINDOWS\system32\SHELL32.dll
    D:\WINDOWS\system32\ole32.dll
    D:\WINDOWS\system32\USERENV.dll
    D:\WINDOWS\system32\WINSPOOL.DRV
    D:\WINDOWS\AppPatch\AcGenral.DLL
    D:\WINDOWS\system32\WINMM.dll
    D:\WINDOWS\system32\MSACM32.dll
    D:\WINDOWS\system32\VERSION.dll
    D:\WINDOWS\system32\UxTheme.dll
    D:\WINDOWS\system32\BROWSEUI.dll
    D:\WINDOWS\system32\browselc.dll
    D:\WINDOWS\system32\appHelp.dll
    D:\WINDOWS\system32\CLBCatQ.DLL
    D:\WINDOWS\system32\OLEAUT32.dll
    D:\WINDOWS\system32\COMRes.dll
    D:\WINDOWS\system32\WININET.dll
    D:\WINDOWS\system32\CRYPT32.dll
    D:\WINDOWS\system32\MSASN1.dll
    D:\WINDOWS\system32\Secur32.dll
    D:\WINDOWS\System32\cscui.dll
    D:\WINDOWS\System32\CSCDLL.dll
    D:\WINDOWS\system32\SETUPAPI.dll
    D:\WINDOWS\system32\WSOCK32.dll
    D:\WINDOWS\system32\WS2_32.dll
    D:\WINDOWS\system32\WS2HELP.dll
    D:\WINDOWS\system32\comdlg32.dll
    D:\WINDOWS\system32\urlmon.dll
    D:\WINDOWS\system32\SXS.DLL
    D:\WINDOWS\system32\shdoclc.dll
    D:\WINDOWS\system32\mshtml.dll
    D:\WINDOWS\system32\MLANG.dll
    D:\WINDOWS\system32\netapi32.dll
    D:\WINDOWS\system32\msi.dll
    D:\WINDOWS\system32\msimtf.dll
    D:\WINDOWS\system32\MSCTF.dll
    D:\WINDOWS\system32\NTMARTA.DLL
    D:\WINDOWS\system32\WLDAP32.dll
    D:\WINDOWS\system32\SAMLIB.dll
    D:\WINDOWS\system32\MSLS31.DLL
    D:\WINDOWS\system32\IMM32.DLL
    D:\WINDOWS\system32\mswsock.dll
    D:\WINDOWS\System32\wshtcpip.dll
    D:\WINDOWS\system32\jscript.dll
    D:\WINDOWS\system32\msxml3.dll
    D:\WINDOWS\system32\RASAPI32.DLL
    D:\WINDOWS\system32\rasman.dll
    D:\WINDOWS\system32\TAPI32.dll
    D:\WINDOWS\system32\rtutils.dll
    D:\WINDOWS\system32\msv1_0.dll
    D:\WINDOWS\system32\sensapi.dll
    D:\WINDOWS\system32\rasadhlp.dll
    D:\WINDOWS\system32\DNSAPI.dll
    D:\WINDOWS\System32\winrnr.dll
    D:\WINDOWS\system32\imgutil.dll
    D:\WINDOWS\system32\MPR.dll
    D:\WINDOWS\System32\drprov.dll
    D:\WINDOWS\System32\davclnt.dll
    D:\WINDOWS\system32\iepeers.dll
    D:\WINDOWS\system32\mshtmled.dll
    D:\WINDOWS\system32\dxtrans.dll
    D:\WINDOWS\system32\ATL.DLL
    D:\WINDOWS\system32\DCIMAN32.dll
    D:\WINDOWS\system32\dxtmsft.dll
    D:\WINDOWS\system32\MSRATING.DLL
    D:\WINDOWS\system32\msratelc.dll
    D:\WINDOWS\system32\actxprxy.dll
    D:\WINDOWS\system32\pngfilt.dll
    D:\WINDOWS\system32\plugin.ocx
    D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.100.0_x-ww_8417450B\comctl32.dll
    D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.0.0_x-ww_8A69BA05\COMCTL32.dll
    d:\Program Files\Common Files\Microsoft Shared\VS7Debug\pdm.dll
    d:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
    D:\WINDOWS\system32\ddrawex.dll
    D:\WINDOWS\system32\msacmx.dll
    D:\WINDOWS\system32\winsrv32.dll
    D:\WINDOWS\system32\d3dxov.dll
     
    Zach,
    #2


  3. to hide this advert.

  4. 2004/11/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Zach :)

    I'd like to see if I can help you with this. Would you please start a new thread of your own, that includes a HijackThis log from the current version, 1.98.2, as well as logs from PVZip, dllcompare, getservices.zip and RegLite. (The instructions below are copy/paste from my notes. Please don't be offended by the detailed instructions, as I see you are experienced. Just didn't feel like editing. ;) )

    Download this zip.

    http://tools.zerosrealm.com/pv.zip

    Unzip it to the desktop. It will not work if you run it from inside the zip. After unzipping open the pv folder. Double click on the runme.bat. A dos window will open. Select option 1 for explorer dlls by typing 1 and then pressing enter. Notepad will open with a log in it. Copy and paste the log into this thread. Usually pretty large and take more than one post.



    Please download dllcompare (A scanner to locate hidden DLL files) from either of the following locations:
    Broadbandmedic.com
    brinkster.com
    When you execute dllcompare.exe, by default the c:\windows\system32 is selected. This can be changed to scan your entire computer for any file type - Simply select the path and check off the box labelled "Include SubDirectories "
    Click on "Locate.com" and allow the scan to complete.
    After the scan has finished click on "Compare" to scan for the files that Windows does not see. This step will take a few minutes to run.
    If the box at the bottom of the screen contains any files, these are the ones that are hidden - Click on "Make a Log of what was Found ".
    When prompted to "View Log File" click on "Yes ".
    Notepad will open with the log file contents.
    In Notepad, click on "Edit>Select All" then "Edit>Copy" and post the contents.



    ActiveServices ...
    Please download GetService.zip
    Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
    getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here.
    From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not work.


    Download and install Reglite. Open and copy/paste the following string in the address window then click go.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

    Double click on the AppInit_DLLs entry to open a "Data Editor" properties window. If the Value line contains a .dll filename, copy/paste it here.
     
    noahdfear,
    #3
  5. 2004/11/17
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    After rereading this thread, it appears that some folks may not be following suggested instructions correctly. Myself & others have suggested to use HijackThis and other apps to get rid of these culprit apps and we have also suggested actually locating and DELETING said culprit files.

    HijackThis, and other similar apps can clean registry keys and values, as well as delete files in the Downloaded Programs Folder. However, often these culprit apps are located in c:\windows directory or c:\windows\system32 directory, and very often in Documents & Settiings\User\Local Settings\Temp directory as well as a browser cache.

    Those of you with infections, please DO delete the bad files detected by malware scanners. One way to do this is to use Windows Search to locate and delete the unwanted files. (you must customize Search to search hidden and system files)

    The bottom line is that these malware EFFECTS (trusted zone ip address) will continue to come back until the actual culprit app is located & deleted.

    For example:
    HijackThis cannot completely clean this:
    O4 - HKLM\..\Run: [C:\WINDOWS\System32\pxhping.exe]
    What it does is get rid of THAT particular registry value, but it does NOT delete the program pxhping.exe, this you must do manually.
     
    Last edited: 2004/11/17
    TonyT,
    #4
  6. 2004/11/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    TonyT,

    While I can't and won't argue that not following directions and doing everything suggested to clean up one's system will do no good, I do want to point out that the writers of this junk are getting craftier by the day (maybe by the hour). Using tricks such as hooking registry keys unseen by the traditional tools (S&D, AAW,HTJ), adding dlls hidden not only to the user, but to Windows itself, installing rogue services, etc. Deleting what appears to be the bad registry entries, files, clearing temps, etc, will not get rid of these infections unless all of the other components are found and removed also. Thankfully, there are many other folks in the internet community developing specialized tools, such as the ones I recommended to Zach and Lonny recommended to ugostar in his last post, which help to identify those components and therefore allow them to be removed. Bottom line, it's not as easy to remove this junk as it used to be, and will sometimes require trying many different things before success is achieved.
     
    noahdfear,
    #5
  7. 2004/11/17
    Welshjim

    Welshjim Inactive

    Joined:
    2002/01/07
    Messages:
    5,643
    Likes Received:
    0
    And if the operating system is WinMe-XP, should not System Restore be disabled during the scan and delete process?
     
    Welshjim,
    #6
  8. 2004/11/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Generally, depending upon the nature and location of the infection, YES, as well as a few other key locations I usually recommend in my cleanup instructions. ;)
     
    noahdfear,
    #7
  9. 2004/11/17
    Zach

    Zach Inactive Thread Starter

    Joined:
    2004/11/17
    Messages:
    7
    Likes Received:
    0
    here is what I think


    I dunno




    I think its associated with Fast Web Search


    The files move, delete, map to other files, play all sorts of games, and are really pissing me off.


    I dont know what of this is related - but those that have it might want to check and see if there is something similiar


    in the WINDOWS/system32 dir


    setuplog.txt

    Code:
    Time,File,Line,Tag,Message
11/17/2004 17:53:00,d:\srv03rtm\base\ntsetup\syssetup\oobe.c,1137,,SetupOobeInitDebugLog
11/17/2004 17:53:00,d:\srv03rtm\base\ntsetup\oobe\msobmain\main.cpp,601,,OOBE run with the following parameters: D:\WINDOWS\system32\oobe\msoobe.exe /a
11/17/2004 17:53:00,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,1120,,OpenSCManager succeeded
11/17/2004 17:53:00,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,1124,,OpenService succeeded
11/17/2004 17:53:01,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,1256,,CObMain::Init() succeeded.
11/17/2004 17:53:01,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,7704,,IsScriptingEnabled: ProcessUrlAction on D:\WINDOWS\system32\OOBE\msobshel.htm returned hr=0x0
11/17/2004 17:53:01,d:\srv03rtm\base\ntsetup\syssetup\oobe.c,1154,,SetupOobeInitPreServices
11/17/2004 17:53:01,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,1833,,iWindowHeight:530
11/17/2004 17:53:01,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,1834,,iWindowWidth:640
11/17/2004 17:53:01,d:\srv03rtm\base\ntsetup\oobe\common\cunknown.cpp,32,,CUnknown: Using nondelegating IUnknown.
11/17/2004 17:53:01,d:\srv03rtm\base\ntsetup\oobe\common\cunknown.cpp,32,,CUnknown: Using nondelegating IUnknown.
11/17/2004 17:53:05,d:\srv03rtm\base\ntsetup\oobe\common\cunknown.cpp,32,,CUnknown: Using nondelegating IUnknown.
11/17/2004 17:53:05,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2029,,CObMain::InitApplicationWindow() succeeded.
11/17/2004 17:53:05,d:\srv03rtm\base\ntsetup\oobe\msobweb\msobweb.cpp,529,,Attempting to navigate: 
	Url: file://D:\WINDOWS\system32\OOBE\actshell.htm
	Target: NONE

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4459,,DISPID_EXTERNAL_NEEDACTIVATION
11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4493,,... 1 returned
11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4871,,DISPID_EXTERNAL_GETOOBEMUIPATH
11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4075,,DISPID_EXTERNAL_DEBUG

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2617,,DISPID_EXTERNAL_SIGNUP

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\signup.cpp,243,,DISPID_SIGNUP_GET_OEMNAME

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2617,,DISPID_EXTERNAL_SIGNUP

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\signup.cpp,243,,DISPID_SIGNUP_GET_OEMNAME

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2697,,DISPID_EXTERNAL_API

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2637,,DISPID_EXTERNAL_STATUS

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2657,,DISPID_EXTERNAL_DIRECTIONS

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2574,,DISPID_EXTERNAL_USERINFO

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,267,,D:\WINDOWS\system32\oobe\OOBEINFO.INI/UserInfo/Identity000=
11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,267,,D:\WINDOWS\system32\oobe\OOBEINFO.INI/UserInfo/Identity001=
11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,267,,D:\WINDOWS\system32\oobe\OOBEINFO.INI/UserInfo/Identity002=
11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,267,,D:\WINDOWS\system32\oobe\OOBEINFO.INI/UserInfo/Identity003=
11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,267,,D:\WINDOWS\system32\oobe\OOBEINFO.INI/UserInfo/Identity004=
11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,267,,D:\WINDOWS\system32\oobe\OOBEINFO.INI/UserInfo/Identity005=
11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2677,,DISPID_EXTERNAL_REGISTER

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,3248,,DISPID_EXTERNAL_TAPILOC

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2716,,DISPID_EXTERNAL_LANGUAGE

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1156,,DISPID_USERINFO_GET_FIRSTNAME

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1206,,DISPID_USERINFO_GET_LASTNAME

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1307,,DISPID_USERINFO_GET_ADDRESS1

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1332,,DISPID_USERINFO_GET_ADDRESS2

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1357,,DISPID_USERINFO_GET_CITY

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1407,,DISPID_USERINFO_GET_ZIP

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1457,,DISPID_USERINFO_GET_PRIMARYEMAIL

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1432,,DISPID_USERINFO_GET_COUNTRY

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1382,,DISPID_USERINFO_GET_STATE

11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1590,,DISPID_USERINFO_SET_MSOFFER
11/17/2004 17:53:07,d:\srv03rtm\base\ntsetup\oobe\msobmain\userinfo.cpp,1611,,DISPID_USERINFO_SET_OTHEROFFER
11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,3218,,DISPID_MAINPANE_NAVCOMPLETE

11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,3218,,DISPID_MAINPANE_NAVCOMPLETE

11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4996,,DISPID_EXTERNAL_USEFADEEFFECT
11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4195,,DISPID_EXTERNAL_COMPUTERNAMECHANGECOMPLETE

11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,7262,,OnComputerNameChangeComplete(): Starting services...
11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\syssetup\services.c,71,,SETUP: Waiting on event SC_AutoStartComplete 

11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\syssetup\services.c,75,,SETUP: Wait on event SC_AutoStartComplete completed successfully 

11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,7268,,OnComputerNameChangeComplete(): Services have been started
11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4459,,DISPID_EXTERNAL_NEEDACTIVATION
11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4493,,... 1 returned
11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4182,,DISPID_EXTERNAL_ISSERVERSKU

11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2657,,DISPID_EXTERNAL_DIRECTIONS

11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\direct.cpp,409,,DISPID_DIRECTIONS_GET_APPMODE

11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4182,,DISPID_EXTERNAL_ISSERVERSKU

11/17/2004 17:53:08,OOBE Trace,0,,Calling window.external.GetConnectionCapabilities
11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4343,,DISPID_EXTERNAL_GETCONNECTIONCAPABILITIES

11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobcomm\msobcomm.cpp,431,,CObCommunicationManager::GetConnectionCapabilities

11/17/2004 17:53:08,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,203,,CConnectionManager::GetCapabilities

11/17/2004 17:53:09,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,237,,INetConnectionManager

11/17/2004 17:53:09,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,243,,IEnumNetConnection

11/17/2004 17:53:09,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,264,,INetConnection: Local Area Connection 8--SiS 900-Based PCI Fast Ethernet Adapter--3--2

11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,969,,INetConnectionManager

11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,975,,IEnumNetConnection

11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,1007,,INetConnection: Local Area Connection 8--SiS 900-Based PCI Fast Ethernet Adapter--3--2

11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,394,,Exiting CConnectionManager::GetCapabilities

11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4353,,DISPID_EXTERNAL_GETCONNECTIONCAPABILITIES: Exiting

11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,3033,,DISPID_EXTERNAL_CHECKDIALREADY

11/17/2004 17:53:10,OOBE Trace,0,,GetConnectionCapabilities: 8
11/17/2004 17:53:10,OOBE Trace,0,,GetConnectionCapabilities: 8
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: TOS
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\direct.cpp,409,,DISPID_DIRECTIONS_GET_APPMODE

11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: TOS
11/17/2004 17:53:10,OOBE Trace,0,,GoNavigate: default (1 = actsetup\activ.htm)
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: TOS
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,931,,DISPID_API_SET_REGVALUE: 
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,955,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT, 0

11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,931,,DISPID_API_SET_REGVALUE: 
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,955,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT, TOS

11/17/2004 17:53:10,OOBE Trace,0,,Navigate: D:\WINDOWS\system32\OOBE\actsetup\activ.htm
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,3218,,DISPID_MAINPANE_NAVCOMPLETE

11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4814,,DISPID_EXTERNAL_INHIGHCONTRASTMODE
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4775,,DISPID_EXTERNAL_GETACTIVATIONDAYSLEFT
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4808,,... 0 returned
11/17/2004 17:53:10,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,5033,,DISPID_EXTERNAL_HASTABLET
11/17/2004 17:53:15,OOBE Trace,0,,GoNext: CurrentCKPT = 1
11/17/2004 17:53:15,OOBE Trace,0,,GetConnectionCapabilities: 8
11/17/2004 17:53:15,d:\srv03rtm\base\ntsetup\oobe\msobmain\tapiloc.cpp,514,,DISPID_TAPI_TAPISERVICERUNNING

11/17/2004 17:53:15,d:\srv03rtm\base\ntsetup\oobe\msobmain\tapiloc.cpp,1462,,TapiServiceRunning
11/17/2004 17:53:16,d:\srv03rtm\base\ntsetup\oobe\msobmain\tapiloc.cpp,1467,,OpenSCManager succeeded
11/17/2004 17:53:16,d:\srv03rtm\base\ntsetup\oobe\msobmain\tapiloc.cpp,1471,,OpenService succeeded
11/17/2004 17:53:16,OOBE Trace,0,,GoNavigate: default (5 = actsetup\areg1.htm)
11/17/2004 17:53:16,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:16,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: TOS
11/17/2004 17:53:16,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,931,,DISPID_API_SET_REGVALUE: 
11/17/2004 17:53:16,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,955,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT, 1

11/17/2004 17:53:18,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,931,,DISPID_API_SET_REGVALUE: 
11/17/2004 17:53:18,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,955,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT, TOS

11/17/2004 17:53:18,OOBE Trace,0,,Navigate: D:\WINDOWS\system32\OOBE\actsetup\areg1.htm
11/17/2004 17:53:18,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,3218,,DISPID_MAINPANE_NAVCOMPLETE

11/17/2004 17:53:18,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4814,,DISPID_EXTERNAL_INHIGHCONTRASTMODE
11/17/2004 17:53:22,OOBE Trace,0,,GoNext: CurrentCKPT = 5
11/17/2004 17:53:23,OOBE Trace,0,,GoNavigate: CKPT_REGDIAL
11/17/2004 17:53:23,OOBE Trace,0,,GetPreferredConnection: null
11/17/2004 17:53:23,OOBE Trace,0,,UseModem: false
11/17/2004 17:53:23,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4423,,DISPID_EXTERNAL_CONNECTEDTOINTERNETEx

11/17/2004 17:53:23,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,1560,,tries to connect to the WPA HTTP server
11/17/2004 17:53:23,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,2160,,Save value of RASADP_LoginSessionDisable 0
11/17/2004 17:53:24,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,2170,,Disabled RAS Autodial for current logon session
11/17/2004 17:53:26,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,1480,,HTTP status code from WPA HTTP server 403
11/17/2004 17:53:26,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,2184,,Restore value of RAS Autodial for current logon session
11/17/2004 17:53:26,d:\srv03rtm\base\ntsetup\oobe\msobcomm\connmgr.cpp,1657,,could connect to WPA HTTP server
11/17/2004 17:53:26,OOBE Trace,0,,GetPreferredConnection: null
11/17/2004 17:53:26,OOBE Trace,0,,UseModem: false
11/17/2004 17:53:26,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,3049,,DISPID_EXTERNAL_CONNECT

11/17/2004 17:53:26,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,3054,,DISPID_EXTERNAL_RECONNECT

11/17/2004 17:53:26,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4500,,DISPID_EXTERNAL_ACTIVATE
11/17/2004 17:53:26,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,6979,,Waiting for response from m_pLicenseAgent->AsyncProcessHandshakeRequest()
11/17/2004 17:53:28,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,5720,,m_pLicenseAgent->AsyncProcessHandshakeRequest() succeeded.  Status = 45108
11/17/2004 17:53:28,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,5837,,Waiting for response from m_pLicenseAgent->AsyncProcess*LicenseRequest()
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,5364,,Remove Activation shortcut succeeded
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,313,,ReturnActivationStatus: Status = 0, Detail = 0
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\status.cpp,452,,DISPID_STATUS_SET_STATUS

11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: TOS
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: 1
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: TOS
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: 1
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: TOS
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: 1
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,931,,DISPID_API_SET_REGVALUE: 
11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,955,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT, TOS

11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,1003,,DISPID_API_DELETEREGVALUE

11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2657,,DISPID_EXTERNAL_DIRECTIONS

11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\direct.cpp,409,,DISPID_DIRECTIONS_GET_APPMODE

11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2657,,DISPID_EXTERNAL_DIRECTIONS

11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\direct.cpp,409,,DISPID_DIRECTIONS_GET_APPMODE

11/17/2004 17:53:29,d:\srv03rtm\base\ntsetup\oobe\msobmain\register.cpp,206,,DISPID_REGISTER_POSTTOOEM

11/17/2004 17:53:30,OOBE Trace,0,,GoNavigate: CKPT_ACT_MSG
11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,967,,DISPID_API_GET_REGVALUE: 
11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,991,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT: TOS
11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,931,,DISPID_API_SET_REGVALUE: 
11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,955,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT, 1

11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,931,,DISPID_API_SET_REGVALUE: 
11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\api.cpp,955,,SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE\CKPT, TOS

11/17/2004 17:53:30,OOBE Trace,0,,Navigate: D:\WINDOWS\system32\OOBE\actsetup\adeskerr.htm
11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,3218,,DISPID_MAINPANE_NAVCOMPLETE

11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4814,,DISPID_EXTERNAL_INHIGHCONTRASTMODE
11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,3758,,DISPID_EXTERNAL_CHECKONLINESTATUS

11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4775,,DISPID_EXTERNAL_GETACTIVATIONDAYSLEFT
11/17/2004 17:53:30,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,4808,,... 0 returned
11/17/2004 17:53:32,OOBE Trace,0,,GoNext: CurrentCKPT = 10
11/17/2004 17:53:32,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,2776,,DISPID_EXTERNAL_FINISH

11/17/2004 17:53:32,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,5878,,MainWndProc called PostQuitMessage().
11/17/2004 17:53:32,d:\srv03rtm\base\ntsetup\oobe\msobmain\msobmain.cpp,1455,,RunOOBE - message loop finished
11/17/2004 17:53:32,d:\srv03rtm\base\ntsetup\oobe\msobmain\main.cpp,184,,Starting IE because HKCU\Software\Microsoft\Internet Connection Wizard\Completed = 1
11/17/2004 17:53:32,d:\srv03rtm\base\ntsetup\oobe\common\cunknown.cpp,60,,FinalRelease

11/17/2004 17:53:32,d:\srv03rtm\base\ntsetup\oobe\common\cunknown.cpp,60,,FinalRelease

11/17/2004 17:53:32,d:\srv03rtm\base\ntsetup\oobe\common\cunknown.cpp,60,,FinalRelease

11/17/2004 17:53:33,d:\srv03rtm\base\ntsetup\oobe\msobmain\main.cpp,921,,OOBE has finished.
     
    Zach,
    #8
  10. 2004/11/17
    Zach

    Zach Inactive Thread Starter

    Joined:
    2004/11/17
    Messages:
    7
    Likes Received:
    0
    You got to be kidding me to the post size limit.




    EventSystem.log


    Code:
    ===================== EventSystem =====================
Time:  11/17/2004  13:11:04.339
Type: Error
Category: 54
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier2\notify.cpp
430
80070005
===================== EventSystem =====================
Time:  11/17/2004  13:11:04.699
Type: Error
Category: 54
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier2\notify.cpp
430
80070005
===================== EventSystem =====================
Time:  11/17/2004  15:06:48.894
Type: Error
Category: 50
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier1\eventsystemobj.cpp
44
80080005
===================== EventSystem =====================
Time:  11/17/2004  15:06:49.025
Type: Error
Category: 54
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier2\notify.cpp
435
80040206
===================== EventSystem =====================
Time:  11/17/2004  15:08:49.330
Type: Error
Category: 54
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier2\notify.cpp
430
80070005
===================== EventSystem =====================
Time:  11/17/2004  15:08:50.231
Type: Error
Category: 54
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier2\notify.cpp
430
80070005
===================== EventSystem =====================
Time:  11/17/2004  16:26:02.246
Type: Error
Category: 54
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier2\notify.cpp
430
80070005
===================== EventSystem =====================
Time:  11/17/2004  16:26:03.087
Type: Error
Category: 54
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier2\notify.cpp
430
80070005
===================== EventSystem =====================
Time:  11/17/2004  17:51:05.985
Type: Error
Category: 54
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier2\notify.cpp
430
80070005
===================== EventSystem =====================
Time:  11/17/2004  17:53:55.082
Type: Error
Category: 54
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier2\notify.cpp
430
80070005
===================== EventSystem =====================
Time:  11/17/2004  17:53:55.582
Type: Error
Category: 54
Event ID: 4609
The description for this event could not be found. It contains the following insertion string(s):
d:\srv03rtm\com\complus\src\events\tier2\notify.cpp
430
80070005



    These picnxxxx.ssm files might be normal - can not say I ever noticed them before - and at least one of them was being used at when I went to look at them - but some file names that might or might not be something - the wtest.bat being the most interesting one. I typed in edit pxhping.exe in the command line - and realized a few minutes later - that was the file name I was at.

    picn1320.ssm
    picn1820.ssm
    picn8220.ssm
    picn1520.ssm
    picn1220.ssm
    ã5HuÖ'w
    d3d8caps.dat
    Ωwtest.bat
     
    Zach,
    #9
  11. 2004/11/17
    Zach

    Zach Inactive Thread Starter

    Joined:
    2004/11/17
    Messages:
    7
    Likes Received:
    0
    oh - the kicker is that d:\srv03rtm\ does not exist
     
    Zach,
    #10
  12. 2004/11/17
    Zach

    Zach Inactive Thread Starter

    Joined:
    2004/11/17
    Messages:
    7
    Likes Received:
    0
    I got to get some work done - so I am just going to ignore this for a bit - if someone has any suggestions or ideas or needs any other info - contact me at fantasysportswir - on aim
     
    Zach,
    #11
  13. 2004/11/17
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Zach
    Yes ,, respond to Dave (noahdfear) please, stay in this thread.
    I also asked you via PM for those files ?
     
    Lonny Jones,
    #12
  14. 2004/11/17
    Zach

    Zach Inactive Thread Starter

    Joined:
    2004/11/17
    Messages:
    7
    Likes Received:
    0
    Ok - the ******* name is

    dllhostxp.exe


    reboot into safe mode - sign in as adminstrator

    find the file in you WINDOWS/system32 dir

    open it in notepad - delete all contents - a good place for some profanity.


    save it


    Right click on it - go to the security tab - click the top deny for each user - this will effectively plug the spot - meaning even if some other garbage tried to bring it back - it can't cause a file exists already with that name, and can not be ******* with.
     
    Zach,
    #13
  15. 2004/11/18
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    I have had to merge this post also.

    Please, stay in this thread.
    please avoid profanity. Not needed and not permitted on the forum
     
    Lonny Jones,
    #14
  16. 2004/11/18
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    While I DO agree that these malware apps are getting "smarter', there are but a few places (a finite amount of locations) in the XP registry that enable a file to load at boot tiime. And even less places in older versions of windows. Granted, some of these new malware are using little used or known about registry locations to hide their startup items. However, the bottom line is that if one locates what the exact source of the main malware program is, it can then be deleted, and at worst one would get an error at boot (in event logs) such as "failed to load xyz.dll, file missing" or some such report. Afterwhich, one can get rid of the dead registry keys & values.

    My point in my previous post was that these malware files (exe, dll, etc) MUST get deleted else they will (can) return into action again, esp if they are of the RAT type. (remote access trojan)

    I do apologize if anyone misunderstood what I said. I just noticed today that there is now a sub-forum called Spyware & Virus Removal and that there are 3 current separate threads about "trusted zone ". I myself became confused when I could not locate the thread I thought I was posting in! I had meant to post in that original "trusted site" thread and not this one.
     
    TonyT,
    #15
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...