Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » windows 2000 Buffer Overrun Error detected

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

windows 2000 Buffer Overrun Error detected

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 02-12-2006, 12:41 PM
ddd ddd is offline
Newbie
D-A-L Newbie
  
Join Date: Dec 2006
Posts: 2
ddd Is a beginner here at D-A-L
windows 2000 Buffer Overrun Error detected
hi all,

Have been working on this error on a windows 2000 machine and it seems to persist. I have been gettting this error.

Microsoft Visual C++ Runtime Library
Buffer Overrun Dectected

Program: C:\WINNT2\system32\services.exe

A buffer overrrun has been detected which has corrupted the program's internal state.The program cannot safely continue execution and must now be terminated.


I have done a scan on the machine with Norton Antivirus and didnt detect anything. I have also done cleaning up and speeding up on the machine, since after the error come thmachine starts slowing down and then hangs.
I got this from the Hijack this Logs


Logfile of HijackThis v1.99.1
Scan saved at 11:19:20 AM, on 12/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT2\System32\smss.exe
C:\WINNT2\system32\winlogon.exe
C:\WINNT2\system32\services.exe
C:\WINNT2\system32\lsass.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\System32\WBEM\WinMgmt.exe
C:\WINNT2\Explorer.EXE
C:\WINNT2\System32\vsutmsgi.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT2\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINNT2\system32\yaemu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [audiag] C:\WINNT2\system32\audconf.exe
O4 - HKLM\..\Run: [brwdiag] C:\WINNT2\system32\brwconf.exe
O4 - HKLM\..\Run: [ijtdiag] C:\WINNT2\system32\ijtconf.exe
O4 - HKLM\..\Run: [deidiag] C:\WINNT2\system32\deiconf.exe
O4 - HKLM\..\Run: [dxtdiag] C:\WINNT2\system32\dxtconf.exe
O4 - HKLM\..\Run: [fsddiag] C:\WINNT2\system32\fsdconf.exe
O4 - HKLM\..\Run: [isrdiag] C:\WINNT2\system32\isrconf.exe
O4 - HKLM\..\Run: [reggserv] C:\WINNT2\reggserv.exe s
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: Casa 3rdPty - jHelp - http://citidirect-eb.citicorp.com/cabs/casahelp.cab
O16 - DPF: Casa 3rdPty - Misc - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casathrdpty.cab
O16 - DPF: Casa 3rdPty - Swing 1 - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaswing1.cab
O16 - DPF: Casa 3rdPty - Swing 2 - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaswing2.cab
O16 - DPF: Casa Access Profile - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaaccprofmaint.cab
O16 - DPF: Casa Audit - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaaudit.cab
O16 - DPF: Casa AWT - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaawt.cab
O16 - DPF: Casa Broadcast - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casabrdcast.cab
O16 - DPF: Casa BTR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casabtr.cab
O16 - DPF: Casa Cab Verifier - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casacabverifier.cab
O16 - DPF: Casa CBServiceOps - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casacbserviceops.cab
O16 - DPF: Casa Citi-Netting - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casanetting.cab
O16 - DPF: Casa Client Association - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaclntassoc.cab
O16 - DPF: Casa Client Def - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaclntdef.cab
O16 - DPF: Casa Code Pages - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casacodepage.cab
O16 - DPF: Casa CollItems - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casacollitems.cab
O16 - DPF: Casa CustomReport - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\CasaCustomReport.cab
O16 - DPF: Casa Default - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casadefault.cab
O16 - DPF: Casa DtvmrmInvestments - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casadtvmrm.cab
O16 - DPF: Casa Fidelity - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafidelity.cab
O16 - DPF: Casa File Delivery - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafiledelivery.cab
O16 - DPF: Casa File Import - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafileimport.cab
O16 - DPF: Casa Flow Maint - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaflowmaint.cab
O16 - DPF: Casa Framework - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaframework.cab
O16 - DPF: Casa Framework Validators - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaframeworkvalidators.cab
O16 - DPF: Casa Global Trade Common - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaglobaltradecommon.cab
O16 - DPF: Casa Global Trade Detail - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaglobaltradedetail.cab
O16 - DPF: Casa Global Trade Lib - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaglobaltradelib.cab
O16 - DPF: Casa Global Trade PI - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaglobaltradepi.cab
O16 - DPF: Casa Global Trade Summary - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaglobaltradesummary.cab
O16 - DPF: Casa GlobalTrade ApprovalSummary - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\CasaGlobalTradeApprovalSummary.cab
O16 - DPF: Casa IBM XML Parser - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaxml.cab
O16 - DPF: Casa ILC - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casailc.cab
O16 - DPF: Casa Images - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaimages.cab
O16 - DPF: Casa Infrastructure - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casainfr.cab
O16 - DPF: Casa JPIPreLoader - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\Casajpipreloader.cab
O16 - DPF: Casa Language ar_EG - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_ar_eg.cab
O16 - DPF: Casa Language bg_BG - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_bg_bg.cab
O16 - DPF: Casa Language cs_CZ - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_cs_cz.cab
O16 - DPF: Casa Language de_DE - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_de_de.cab
O16 - DPF: Casa Language el_GR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_el_gr.cab
O16 - DPF: Casa Language es_AR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_es_ar.cab
O16 - DPF: Casa Language es_ES - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_es_es.cab
O16 - DPF: Casa Language fr_FR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_fr_fr.cab
O16 - DPF: Casa Language he_IL - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_he_il.cab
O16 - DPF: Casa Language hu_HU - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_hu_hu.cab
O16 - DPF: Casa Language it_IT - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_it_it.cab
O16 - DPF: Casa Language ja_JP - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_ja_jp.cab
O16 - DPF: Casa Language ko_KP - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_ko_kp.cab
O16 - DPF: Casa Language nl_NL - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_nl_nl.cab
O16 - DPF: Casa Language pl_PL - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_pl_pl.cab
O16 - DPF: Casa Language pt_BR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_pt_br.cab
O16 - DPF: Casa Language ro_RO - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_ro_ro.cab
O16 - DPF: Casa Language ru_RU - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_ru_ru.cab
O16 - DPF: Casa Language sk_SK - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_sk_sk.cab
O16 - DPF: Casa Language th_TH - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_th_th.cab
O16 - DPF: Casa Language tr_TR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_tr_tr.cab
O16 - DPF: Casa Language zh_CN - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_zh_cn.cab
O16 - DPF: Casa Language zh_TW - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_zh_tw.cab
O16 - DPF: Casa Libraries - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casalibs.cab
O16 - DPF: Casa Liquidity - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaliquidity.cab
O16 - DPF: Casa List Manager - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casalistmgr.cab
O16 - DPF: Casa Lockbox - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casalockbox.cab
O16 - DPF: Casa Misc - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casamisc.cab
O16 - DPF: Casa Payments Banamex - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casapmtsbanamex.cab
O16 - DPF: Casa Payments Common - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casapmtscomm.cab
O16 - DPF: Casa Payments Detail - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casapmtsdtl.cab
O16 - DPF: Casa Payments Disbursements - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casadisbursements.cab
O16 - DPF: Casa Payments Libraries - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casapmtslibs.cab
O16 - DPF: Casa Payments Misc - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casapmtsmisc.cab
O16 - DPF: Casa Pref Mgr - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaprefmgr.cab
O16 - DPF: Casa Receivables Mandates - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casareceivablesmandates.cab
O16 - DPF: Casa ReceivablesDirectDebit - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casareceivablesdirectdebit.cab
O16 - DPF: Casa ReceivablesInquiries - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casareceivablesinquiries.cab
O16 - DPF: Casa Report - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casareport.cab
O16 - DPF: Casa Safeword - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casasafeword.cab
O16 - DPF: Casa SDR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casasdr.cab
O16 - DPF: Casa Security Admin - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casasecurityadmin.cab
O16 - DPF: Casa ServForCollItems - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaservforcollitems.cab
O16 - DPF: Casa Taiwan CBR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casatwcbr.cab
O16 - DPF: Casa Trade FI Common - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaficommon.cab
O16 - DPF: Casa Trade FI Detail - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafidetail.cab
O16 - DPF: Casa Trade FI Lib - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafilib.cab
O16 - DPF: Casa Trade FI Summary - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafisummary.cab
O16 - DPF: Casa User Maint - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casausrmaint.cab
O16 - DPF: casadiagnosticcab - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casadiagnosticcab.cab
O16 - DPF: CasaReceivablesServices - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casareceivablesservices.cab
O16 - DPF: CasaServForProducts - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\CasaServForProducts.cab
O16 - DPF: CasaSSPymt - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casasspymt.cab
O16 - DPF: CasaSSRpts - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\CasaSSRpts.cab
O16 - DPF: CasaWHPymt - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casawhpymt.cab
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/ega...cess4_1064.cab
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/ega...cess4_1063.cab
O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binari...068_ASPIV4.cab
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/ega...cess4_1062.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binari...CCESS_1070.cab
O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} - http://scripts.downloadv3.com/binari...072_ASPIV4.cab
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binari...iasvc32_EN.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123749079312
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_EN.cab
O16 - DPF: {769A2483-FEFF-11D2-8A61-0008C7453304} (CasaVerify Class) - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaverifier.cab
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/ega...cess4_1061.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/ega...cess4_1059.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binari...CCESS_1074.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binari...CCESS_1068.cab
O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sysia32svc_EN.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/ega...cess4_1060.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binari...etsvc32_EN.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binari...CCESS_1069.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/ega...cess4_1065.cab
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binari...1046_EN_XP.cab
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binari...074_ASPIV4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CAFS.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FD4894D-69D4-4145-8BA7-D4C291F8823C}: NameServer = 192.168.100.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CAFS.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CAFS.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = CAFS.local
O20 - AppInit_DLLs: e1.dll libdcabi.dll confaud.dll audstat.dll confbrw.dll brwstat.dll diagijt.dll statijt.dll diagdei.dll statdei.dll diagcre.dll statcre.dll diagdxt.dll statdxt.dll diagfsd.dll statfsd.dll diagisr.dll statisr.dll
O20 - Winlogon Notify: audmgr - C:\WINNT2\SYSTEM32\audmgr32.dll
O20 - Winlogon Notify: brwmgr - C:\WINNT2\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: deiconf - C:\WINNT2\SYSTEM32\cfgdei.dll
O20 - Winlogon Notify: dxtconf - C:\WINNT2\SYSTEM32\cfgdxt.dll
O20 - Winlogon Notify: fsdconf - C:\WINNT2\SYSTEM32\cfgfsd.dll
O20 - Winlogon Notify: ijtconf - C:\WINNT2\SYSTEM32\cfgijt.dll
O20 - Winlogon Notify: isrconf - C:\WINNT2\SYSTEM32\cfgisr.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT2\system32\NavLogon.dll
O20 - Winlogon Notify: vsutmsgi - C:\WINNT2\system32\vsutmsgi.dll
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT2\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT2\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



Hope to get a solution soon, am desperate.

Daniel
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 03-12-2006, 07:36 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: windows 2000 Buffer Overrun Error detected
Do you know what all the following entries are for - did you set these up? An infected PC with all the banking links is generally not a good sign:

O16 - DPF: Casa .......




We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - HKLM\..\Run: [YAEMU.EXE] C:\WINNT2\system32\yaemu.exe
O4 - HKLM\..\Run: [AUDIAG] C:\WINNT2\system32\audconf.exe
O4 - HKLM\..\Run: [BRWDIAG] C:\WINNT2\system32\brwconf.exe
O4 - HKLM\..\Run: [IJTDIAG] C:\WINNT2\system32\ijtconf.exe
O4 - HKLM\..\Run: [DEIDIAG] C:\WINNT2\system32\deiconf.exe
O4 - HKLM\..\Run: [DXTDIAG] C:\WINNT2\system32\dxtconf.exe
O4 - HKLM\..\Run: [FSDDIAG] C:\WINNT2\system32\fsdconf.exe
O4 - HKLM\..\Run: [ISRDIAG] C:\WINNT2\system32\isrconf.exe
O4 - HKLM\..\Run: [REGGSERV] C:\WINNT2\reggserv.exe

[Related links below are also potentially and highly suspect given the known bad items listed - see: http://www.siteadvisor.com/sites/downloadv3.com in particular]

O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/ega...cess4_1064.cab
O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binari...068_ASPIV4.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binari...CCESS_1070.cab
O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} - http://scripts.downloadv3.com/binari...072_ASPIV4.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binari...CCESS_1068.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binari...etsvc32_EN.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binari...CCESS_1069.cab
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binari...1046_EN_XP.cab

O20 - AppInit_DLLs: e1.dll libdcabi.dll confaud.dll audstat.dll confbrw.dll brwstat.dll diagijt.dll statijt.dll diagdei.dll statdei.dll diagcre.dll statcre.dll diagdxt.dll statdxt.dll diagfsd.dll statfsd.dll diagisr.dll statisr.dll
O20 - Winlogon Notify: audmgr - C:\WINNT2\SYSTEM32\audmgr32.dll
O20 - Winlogon Notify: brwmgr - C:\WINNT2\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: deiconf - C:\WINNT2\SYSTEM32\cfgdei.dll
O20 - Winlogon Notify: dxtconf - C:\WINNT2\SYSTEM32\cfgdxt.dll
O20 - Winlogon Notify: fsdconf - C:\WINNT2\SYSTEM32\cfgfsd.dll
O20 - Winlogon Notify: ijtconf - C:\WINNT2\SYSTEM32\cfgijt.dll
O20 - Winlogon Notify: isrconf - C:\WINNT2\SYSTEM32\cfgisr.dll
O20 - Winlogon Notify: vsutmsgi - C:\WINNT2\system32\vsutmsgi.dll

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



Delete TEMPORARY FILES: Now, use CCleaner to hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

Run CCleaner .

FIRST-TIME USE:
Select the ‘Options’ BUTTON option (top LEFT), ‘Advanced’ BUTTON, and then UNCHECK the ‘Only delete files in Windows Temp Folders older than 48 hours’.

Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.
  • Uncheck ‘Cookies’ option (advisable)
  • Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
  • Click the ‘Analyse’ button.
  • Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.

***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:

C:\WINNT2\system32\yaemu.exe
C:\WINNT2\system32\audconf.exe
C:\WINNT2\system32\brwconf.exe
C:\WINNT2\system32\ijtconf.exe
C:\WINNT2\system32\deiconf.exe
C:\WINNT2\system32\dxtconf.exe
C:\WINNT2\system32\fsdconf.exe
C:\WINNT2\system32\isrconf.exe
C:\WINNT2\reggserv.exe


?? e1.dll libdcabi.dll confaud.dll audstat.dll confbrw.dll brwstat.dll diagijt.dll statijt.dll diagdei.dll statdei.dll diagcre.dll statcre.dll diagdxt.dll statdxt.dll diagfsd.dll statfsd.dll diagisr.dll statisr.dll


C:\WINNT2\SYSTEM32\audmgr32.dll
C:\WINNT2\SYSTEM32\brwmgr32.dll
C:\WINNT2\SYSTEM32\cfgdei.dll
C:\WINNT2\SYSTEM32\cfgdxt.dll
C:\WINNT2\SYSTEM32\cfgfsd.dll
C:\WINNT2\SYSTEM32\cfgijt.dll
C:\WINNT2\SYSTEM32\cfgisr.dll
C:\WINNT2\system32\vsutmsgi.dll
C:\WINNT2\System32\vsutmsgi.exe






POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 04-12-2006, 01:49 PM
ddd ddd is offline
Newbie
D-A-L Newbie
  
Join Date: Dec 2006
Posts: 2
ddd Is a beginner here at D-A-L
Re: windows 2000 Buffer Overrun Error detected
hi,

I have followed to instructions and the problem seems to have gone away, I have done a virus scan on the machine and nothing seems to be there anymore.

this is the current hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 1:57:47 PM, on 12/4/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT2\System32\smss.exe
C:\WINNT2\system32\winlogon.exe
C:\WINNT2\system32\services.exe
C:\WINNT2\system32\lsass.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\System32\WBEM\WinMgmt.exe
C:\WINNT2\Explorer.EXE
C:\Program Files\HIJACKTHIS\HijackThis.exe
C:\WINNT2\System32\vsutmsgi.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = CAFSBS:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT2\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: Casa 3rdPty - jHelp - http://citidirect-eb.citicorp.com/cabs/casahelp.cab
O16 - DPF: Casa 3rdPty - Misc - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casathrdpty.cab
O16 - DPF: Casa 3rdPty - Swing 1 - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaswing1.cab
O16 - DPF: Casa 3rdPty - Swing 2 - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaswing2.cab
O16 - DPF: Casa Access Profile - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaaccprofmaint.cab
O16 - DPF: Casa Audit - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaaudit.cab
O16 - DPF: Casa AWT - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaawt.cab
O16 - DPF: Casa Broadcast - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casabrdcast.cab
O16 - DPF: Casa BTR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casabtr.cab
O16 - DPF: Casa Cab Verifier - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casacabverifier.cab
O16 - DPF: Casa CBServiceOps - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casacbserviceops.cab
O16 - DPF: Casa Citi-Netting - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casanetting.cab
O16 - DPF: Casa Client Association - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaclntassoc.cab
O16 - DPF: Casa Client Def - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaclntdef.cab
O16 - DPF: Casa Code Pages - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casacodepage.cab
O16 - DPF: Casa CollItems - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casacollitems.cab
O16 - DPF: Casa CustomReport - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\CasaCustomReport.cab
O16 - DPF: Casa Default - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casadefault.cab
O16 - DPF: Casa DtvmrmInvestments - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casadtvmrm.cab
O16 - DPF: Casa Fidelity - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafidelity.cab
O16 - DPF: Casa File Delivery - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafiledelivery.cab
O16 - DPF: Casa File Import - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafileimport.cab
O16 - DPF: Casa Flow Maint - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaflowmaint.cab
O16 - DPF: Casa Framework - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaframework.cab
O16 - DPF: Casa Framework Validators - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaframeworkvalidators.cab
O16 - DPF: Casa Global Trade Common - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaglobaltradecommon.cab
O16 - DPF: Casa Global Trade Detail - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaglobaltradedetail.cab
O16 - DPF: Casa Global Trade Lib - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaglobaltradelib.cab
O16 - DPF: Casa Global Trade PI - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaglobaltradepi.cab
O16 - DPF: Casa Global Trade Summary - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaglobaltradesummary.cab
O16 - DPF: Casa GlobalTrade ApprovalSummary - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\CasaGlobalTradeApprovalSummary.cab
O16 - DPF: Casa IBM XML Parser - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaxml.cab
O16 - DPF: Casa ILC - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casailc.cab
O16 - DPF: Casa Images - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaimages.cab
O16 - DPF: Casa Infrastructure - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casainfr.cab
O16 - DPF: Casa JPIPreLoader - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\Casajpipreloader.cab
O16 - DPF: Casa Language ar_EG - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_ar_eg.cab
O16 - DPF: Casa Language bg_BG - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_bg_bg.cab
O16 - DPF: Casa Language cs_CZ - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_cs_cz.cab
O16 - DPF: Casa Language de_DE - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_de_de.cab
O16 - DPF: Casa Language el_GR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_el_gr.cab
O16 - DPF: Casa Language es_AR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_es_ar.cab
O16 - DPF: Casa Language es_ES - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_es_es.cab
O16 - DPF: Casa Language fr_FR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_fr_fr.cab
O16 - DPF: Casa Language he_IL - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_he_il.cab
O16 - DPF: Casa Language hu_HU - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_hu_hu.cab
O16 - DPF: Casa Language it_IT - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_it_it.cab
O16 - DPF: Casa Language ja_JP - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_ja_jp.cab
O16 - DPF: Casa Language ko_KP - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_ko_kp.cab
O16 - DPF: Casa Language nl_NL - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_nl_nl.cab
O16 - DPF: Casa Language pl_PL - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_pl_pl.cab
O16 - DPF: Casa Language pt_BR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_pt_br.cab
O16 - DPF: Casa Language ro_RO - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_ro_ro.cab
O16 - DPF: Casa Language ru_RU - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_ru_ru.cab
O16 - DPF: Casa Language sk_SK - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_sk_sk.cab
O16 - DPF: Casa Language th_TH - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_th_th.cab
O16 - DPF: Casa Language tr_TR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_tr_tr.cab
O16 - DPF: Casa Language zh_CN - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_zh_cn.cab
O16 - DPF: Casa Language zh_TW - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casa_zh_tw.cab
O16 - DPF: Casa Libraries - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casalibs.cab
O16 - DPF: Casa Liquidity - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaliquidity.cab
O16 - DPF: Casa List Manager - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casalistmgr.cab
O16 - DPF: Casa Lockbox - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casalockbox.cab
O16 - DPF: Casa Misc - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casamisc.cab
O16 - DPF: Casa Payments Banamex - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casapmtsbanamex.cab
O16 - DPF: Casa Payments Common - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casapmtscomm.cab
O16 - DPF: Casa Payments Detail - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casapmtsdtl.cab
O16 - DPF: Casa Payments Disbursements - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casadisbursements.cab
O16 - DPF: Casa Payments Libraries - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casapmtslibs.cab
O16 - DPF: Casa Payments Misc - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casapmtsmisc.cab
O16 - DPF: Casa Pref Mgr - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaprefmgr.cab
O16 - DPF: Casa Receivables Mandates - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casareceivablesmandates.cab
O16 - DPF: Casa ReceivablesDirectDebit - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casareceivablesdirectdebit.cab
O16 - DPF: Casa ReceivablesInquiries - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casareceivablesinquiries.cab
O16 - DPF: Casa Report - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casareport.cab
O16 - DPF: Casa Safeword - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casasafeword.cab
O16 - DPF: Casa SDR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casasdr.cab
O16 - DPF: Casa Security Admin - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casasecurityadmin.cab
O16 - DPF: Casa ServForCollItems - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaservforcollitems.cab
O16 - DPF: Casa Taiwan CBR - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casatwcbr.cab
O16 - DPF: Casa Trade FI Common - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaficommon.cab
O16 - DPF: Casa Trade FI Detail - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafidetail.cab
O16 - DPF: Casa Trade FI Lib - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafilib.cab
O16 - DPF: Casa Trade FI Summary - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casafisummary.cab
O16 - DPF: Casa User Maint - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casausrmaint.cab
O16 - DPF: casadiagnosticcab - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casadiagnosticcab.cab
O16 - DPF: CasaReceivablesServices - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casareceivablesservices.cab
O16 - DPF: CasaServForProducts - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\CasaServForProducts.cab
O16 - DPF: CasaSSPymt - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casasspymt.cab
O16 - DPF: CasaSSRpts - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\CasaSSRpts.cab
O16 - DPF: CasaWHPymt - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casawhpymt.cab
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/ega...cess4_1063.cab
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/ega...cess4_1062.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123749079312
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_EN.cab
O16 - DPF: {769A2483-FEFF-11D2-8A61-0008C7453304} (CasaVerify Class) - file://\\Cafsbs\Users\Citidirect\CitiDirect August 06\ie\casaverifier.cab
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/ega...cess4_1061.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/ega...cess4_1059.cab
O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sysia32svc_EN.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/ega...cess4_1060.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/ega...cess4_1065.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CAFS.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FD4894D-69D4-4145-8BA7-D4C291F8823C}: NameServer = 192.168.100.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CAFS.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CAFS.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = CAFS.local
O20 - AppInit_DLLs: e1.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT2\system32\NavLogon.dll
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT2\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT2\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Any more percaution measures to be taken?
Thanks for the assistance.
DDD
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 04-12-2006, 02:39 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: windows 2000 Buffer Overrun Error detected
Please disable the ‘active protection’ components of the following application(s), as it/they may hinder the removal of some entries. Otherwise, certain cleaning attempts may be wrongly recognized and blocked as hijacking attempts or other potentially inappropriate behavior. You can re-enable such tools after your computer is clean.


Disable Spybot Search & Destroy (Teatimer)

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.



SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O20 - AppInit_DLLs: e1.dll

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



Delete the following FILES in SAFE MODE:

e1.dll (likely C:\WINNT2\System32\e1.dll)
C:\WINNT2\System32\vsutmsgi.exe


POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.




To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:
  1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
    http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
    http://www.microsoft.com/windows/ie/default.asp
    • http://www.securityfocus.com/news/11273
      If you surf to questionable (blockable) parts of the Web, you could encounter sites that compromise your PC without any user interaction. In experiments [reported Aug 2005], Microsoft identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system. Also, be aware that the WinXP Service Pack 2 was an update that focused almost exclusively on security. Also reported was that a fully patched Windows XP SP2 system cannot be compromised by any such discovered rogue Web sites.

  2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
    AVG: http://free.grisoft.com/doc/1
    Avast: http://www.avast.com/eng/avast_4_home.html

  3. In addition to using Ad-aware, consider using another free malware scanning/removal program :
    Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
    Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1


    AVG Anti-Spyware : http://free.grisoft.com/doc/20/lng/us/tpl/v5


    Microsoft Windows Defender beta 2 : http://www.download.com/Microsoft-Wi...ml?tag=lst-0-1

  4. Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
    Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
    *** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
    Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

    It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.

  5. Consider using an alternate free browser for general web surfing but you must use IE for windows updates. The use of Firefox (or similar alternate) mitigates the many types of malware that are now possible when using IE ActiveX based components.
    Mozilla Firefox: http://www.mozilla.org/products/firefox/

  6. Consider increasing your browser security by using these programs:
    SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
    SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
  7. A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
    • Run the HiJackThis tool and select ‘Open the Misc Tools section’.
    • Next select ‘Open host file manager’ button.
    • Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
    • Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.

      EXCERPT:
      Quote:
      #start of lines added by WinHelp2002
      # [Misc A - Z]
      127.0.0.1 phpadsnew.abac.com
      127.0.0.1 a.abnad.net
      127.0.0.1 e.abnad.net
      127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
      .
      .
      .
      #end of lines added by WinHelp2002




*Remember just like your primary anti-virus software, it is important to:
  • Keep all of these programs up-to-date (using auto-updates where possible), and
  • Use them on a regular (minimum weekly) basis.




REALITY CHECK:
  • Who else uses your PC? What are the potential risks created by multiple (potentially loose cannon) users and why?
  • What about bad luck, simple mistakes, and bad browsing choices (SEE: www.siteadvisor.com and their BLOG)?
  • SEE: The Dangers of Popularity (for Popular SEARCH TERMS):
    http://blog.siteadvisor.com/2006/08/...pularity.shtml
    Quote:
    The correlation of search term popularity and search term riskiness illustrates how malicious activity tends to follow and exploit consumer behavior. Users demand "free," and bad actors flock to fill corresponding search results with their deceptive offerings. All too often, users don't realize the detrimental consequences of these sites until their systems crash from spyware or their inboxes become choked with spam.


ABOVE ALL, it is most imperative that users exercise "safe surfing" habits such as banning or at least verifying email attachments (with scanning tools) before opening, and by not executing programs unless obtained from a trusted (or researched) source, etc.



In general, always research any unfamiliar links or products that you might want to access or download. In particular, the SiteAdvisor site and other links listed in my signature have continued to make a significant difference to my clients’ PC health due to better-informed browsing habits and choices. Peer-to-Peer and FREE download sites add a level of risk that many should seriously take into account and adjust their behavior accordingly.

Additionally, TEMPORARY files are both a significant source of clutter and potential hiding places for MALWARE content. Clean out those areas periodically - at least weekly.




Those that continue to want to use 'BitTorrent','Bearshare', ‘Morpheus’ or other P2P applications, can expect to see the possibility of more malware issues (such as bad executables):

http://www.siteadvisor.com/sites/bearshare.com


You would be well-advised to at least consider strengthening your real-time prevention tools and use either Spy Sweeper or Spyware Doctor, and possibly also run AVG Anti-Spyware - formally known as EWIDO (mainly for anti-trojan defensive purposes) in real-time, as well (paid version=realtime). No combination of tools, however, can ever be completely fail-safe for all possible issues.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Buffer overrun detected nazzangr Spyware, Adware, Viruses and HijackThis Logs 1 13-03-2008 08:51 PM
Buffer Overrun detected using DC++! epai88 Spyware, Adware, Viruses and HijackThis Logs 3 26-01-2008 12:39 AM
Buffer overrun detected c:\windows\explorer.exe The Clan Spyware, Adware, Viruses and HijackThis Logs 1 12-09-2007 12:02 AM
Buffer overrun detected? Johnny66 Windows XP Help 4 27-04-2007 11:50 PM


All times are GMT +1. The time now is 10:23 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav