Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Explorer is crashing and restarting ?????

Status
Not open for further replies.

gumbienes

Technical User
Dec 6, 2007
5
US
im trying to fix a friends computer and the explorer crashes every few seconds and then restarts itself over and over it does this until i crash explorer and then all i can do is run programs threw task manager and the new task iv try everything ran like 5 anti virus scans and like 3 ad aware scans heres the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:44 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAV.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZZ31RMHH\HiJackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {B1DE8B17-63DB-195C-8B26-39E676F40DB0} - C:\WINDOWS\system32\wpkvvplo.dll (file missing)
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\cbxvusr.dll
O2 - BHO: (no name) - {C177ABE9-B518-470E-A0BD-03741C46A2AB} - C:\WINDOWS\system32\pmnnk.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125787942\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\200712213912_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Mqhouly] "C:\Documents and Settings\Owner\My Documents\F?nts\n?tepad.exe"
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: cbxvusr - C:\WINDOWS\SYSTEM32\cbxvusr.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\xuwueqi.html
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\xuwueqi.html

--
End of file - 6756 bytes


thankx for the help
 
I would delete all googletoolbar entries, hate the damn thing causes problems.

Delete the following
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

O2 - BHO: (no name) - {B1DE8B17-63DB-195C-8B26-39E676F40DB0} - C:\WINDOWS\system32\wpkvvplo.dll (file missing)

O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\cbxvusr.dll

O2 - BHO: (no name) - {C177ABE9-B518-470E-A0BD-03741C46A2AB} - C:\WINDOWS\system32\pmnnk.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\200712213912_mcappins.exe /v=3 /cleanup

O4 - HKCU\..\Run: [Mqhouly] "C:\Documents and Settings\Owner\My Documents\F?nts\n?tepad.exe"

O20 - Winlogon Notify: cbxvusr - C:\WINDOWS\SYSTEM32\cbxvusr.dll
 
using regedit? well alst night i tryd to do a system restore and i know it never works but i tryd and it re brought back everything i belive so heres the new list

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:51 AM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125787942\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\200712213912_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Mqhouly] "C:\Documents and Settings\Owner\My Documents\F?nts\n?tepad.exe"
O4 - HKCU\..\Run: [Turbo Searcher] "C:\Program Files\Turbo Searcher\TurboSearcher.exe" /minimized
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\xuwueqi.html

--
End of file - 5819 bytes


ill get rid of all that stuff i hate them too but hey what can u do about the stupid ppl dling stupid things
 
then after clean up

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:37 AM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\taskmgr.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\xuwueqi.html

--
End of file - 4146 bytes
 
then this is from a program called sd fix that


System Report
*************

Run on Fri 12/07/2007 at 03:30 AM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [740]
\??\C:\WINDOWS\system32\csrss.exe [1020]
\??\C:\WINDOWS\system32\winlogon.exe [1184]
C:\WINDOWS\system32\services.exe [1312]
C:\WINDOWS\system32\lsass.exe [1372]
C:\WINDOWS\system32\svchost.exe [600]
C:\WINDOWS\system32\svchost.exe [992]
C:\WINDOWS\System32\svchost.exe [1276]
C:\WINDOWS\system32\svchost.exe [1644]
C:\WINDOWS\System32\svchost.exe [288]
C:\WINDOWS\System32\svchost.exe [696]
C:\WINDOWS\system32\spoolsv.exe [2004]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [1216]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe [1264]
C:\WINDOWS\system32\hkcmd.exe [1660]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [1680]
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe [1684]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [1852]
C:\Program Files\QuickTime\qttask.exe [1652]
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe [1952]
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe [1944]
C:\Program Files\Messenger\msmsgs.exe [464]
C:\Program Files\AIM\aim.exe [860]
C:\WINDOWS\System32\svchost.exe [816]
C:\WINDOWS\System32\alg.exe [888]
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe [1224]
C:\WINDOWS\system32\taskmgr.exe [276]
E:\HiJackThis.exe [1600]


Drivers:

ADDRESS: IMAGE PATH:
804D7000: \WINDOWS\system32\ntoskrnl.exe
806EC000: \WINDOWS\system32\hal.dll
F9762000: \WINDOWS\system32\KDCOM.DLL
F9672000: \WINDOWS\system32\BOOTVID.dll
F9213000: ACPI.sys
F9764000: \WINDOWS\System32\DRIVERS\WMILIB.SYS
F9202000: pci.sys
F9262000: isapnp.sys
F982A000: pciide.sys
F94E2000: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F9766000: intelide.sys
F9272000: MountMgr.sys
F91E3000: ftdisk.sys
F94EA000: PartMgr.sys
F9282000: VolSnap.sys
F91CB000: atapi.sys
F9292000: disk.sys
F92A2000: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F91AB000: fltmgr.sys
F9199000: sr.sys
F9182000: KSecDD.sys
F916F000: WudfPf.sys
F90E2000: Ntfs.sys
F90B5000: NDIS.sys
F909A000: Mup.sys
F94C2000: \SystemRoot\System32\DRIVERS\intelppm.sys
F8E41000: \SystemRoot\System32\DRIVERS\ialmnt5.sys
F8E2D000: \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F95E2000: \SystemRoot\System32\DRIVERS\usbuhci.sys
F8E0A000: \SystemRoot\System32\DRIVERS\USBPORT.SYS
F95EA000: \SystemRoot\System32\DRIVERS\usbehci.sys
F94D2000: \SystemRoot\System32\DRIVERS\bcm4sbxp.sys
F95F2000: \SystemRoot\System32\DRIVERS\fdc.sys
F92C2000: \SystemRoot\System32\DRIVERS\i8042prt.sys
F95FA000: \SystemRoot\System32\DRIVERS\kbdclass.sys
F9602000: \SystemRoot\System32\DRIVERS\mouclass.sys
F92D2000: \SystemRoot\System32\DRIVERS\serial.sys
F971A000: \SystemRoot\System32\DRIVERS\serenum.sys
F8DF6000: \SystemRoot\System32\DRIVERS\parport.sys
F92E2000: \SystemRoot\System32\DRIVERS\imapi.sys
F92F2000: \SystemRoot\System32\DRIVERS\cdrom.sys
F9302000: \SystemRoot\System32\DRIVERS\redbook.sys
F8DD3000: \SystemRoot\System32\DRIVERS\ks.sys
F960A000: \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
F8D42000: \SystemRoot\system32\drivers\smwdm.sys
F8D1E000: \SystemRoot\system32\drivers\portcls.sys
F9312000: \SystemRoot\system32\drivers\drmk.sys
F976E000: \SystemRoot\system32\drivers\aeaudio.sys
F9981000: \SystemRoot\System32\DRIVERS\audstub.sys
F9322000: \SystemRoot\System32\DRIVERS\rasl2tp.sys
F9722000: \SystemRoot\System32\DRIVERS\ndistapi.sys
F8D07000: \SystemRoot\System32\DRIVERS\ndiswan.sys
F9332000: \SystemRoot\System32\DRIVERS\raspppoe.sys
F9342000: \SystemRoot\System32\DRIVERS\raspptp.sys
F9612000: \SystemRoot\System32\DRIVERS\TDI.SYS
F8CF6000: \SystemRoot\System32\DRIVERS\psched.sys
F9352000: \SystemRoot\System32\DRIVERS\msgpc.sys
F961A000: \SystemRoot\System32\DRIVERS\ptilink.sys
F9622000: \SystemRoot\System32\DRIVERS\raspti.sys
F9362000: \SystemRoot\System32\DRIVERS\termdd.sys
F9770000: \SystemRoot\System32\DRIVERS\swenum.sys
F8C67000: \SystemRoot\System32\DRIVERS\update.sys
F9732000: \SystemRoot\System32\DRIVERS\mssmbios.sys
F9372000: \SystemRoot\System32\Drivers\NDProxy.SYS
F9392000: \SystemRoot\System32\DRIVERS\usbhub.sys
F9774000: \SystemRoot\System32\DRIVERS\USBD.SYS
F962A000: \SystemRoot\System32\DRIVERS\flpydisk.sys
F8F2B000: \SystemRoot\System32\Drivers\VETFDDNT.SYS
F977C000: \SystemRoot\System32\Drivers\Fs_Rec.SYS
F0A2E000: \SystemRoot\System32\Drivers\VETEFILE.SYS
F8F23000: \SystemRoot\System32\Drivers\VET-REC.SYS
F963A000: \SystemRoot\System32\Drivers\VET-FILT.SYS
F9642000: \SystemRoot\System32\Drivers\VETMONNT.SYS
F09EE000: \SystemRoot\System32\Drivers\VETEBOOT.SYS
F9972000: \SystemRoot\System32\Drivers\Null.SYS
F977E000: \SystemRoot\System32\Drivers\Beep.SYS
F964A000: \SystemRoot\System32\drivers\vga.sys
F9780000: \SystemRoot\System32\Drivers\mnmdd.SYS
F9782000: \SystemRoot\System32\DRIVERS\RDPCDD.sys
F9652000: \SystemRoot\System32\Drivers\Msfs.SYS
F965A000: \SystemRoot\System32\Drivers\Npfs.SYS
F8F07000: \SystemRoot\System32\DRIVERS\rasacd.sys
F09BB000: \SystemRoot\System32\DRIVERS\ipsec.sys
F0963000: \SystemRoot\System32\DRIVERS\tcpip.sys
F093B000: \SystemRoot\System32\DRIVERS\netbt.sys
F091A000: \SystemRoot\System32\DRIVERS\ipnat.sys
F08F8000: \SystemRoot\System32\drivers\afd.sys
F93D2000: \SystemRoot\System32\DRIVERS\wanarp.sys
F9512000: \SystemRoot\System32\DRIVERS\USBSTOR.SYS
F93F2000: \SystemRoot\System32\DRIVERS\netbios.sys
F08CD000: \SystemRoot\System32\DRIVERS\rdbss.sys
F970A000: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
F0836000: \SystemRoot\System32\DRIVERS\mrxsmb.sys
F9452000: \SystemRoot\System32\Drivers\Fips.SYS
F0813000: \SystemRoot\System32\Drivers\Fastfat.SYS
F07FB000: \SystemRoot\System32\Drivers\dump_atapi.sys
F97A0000: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000: \SystemRoot\System32\win32k.sys
F8C43000: \SystemRoot\System32\drivers\Dxapi.sys
F9532000: \SystemRoot\System32\watchdog.sys
BF9C3000: \SystemRoot\System32\drivers\dxg.sys
F98F4000: \SystemRoot\System32\drivers\dxgthk.sys
BF9E3000: \SystemRoot\System32\ialmdnt5.dll
BF9D5000: \SystemRoot\System32\ialmrnt5.dll
BFA02000: \SystemRoot\System32\ialmdev5.DLL
BFA2E000: \SystemRoot\System32\ialmdd5.DLL
F069F000: \SystemRoot\System32\DRIVERS\ndisuio.sys
F0386000: \SystemRoot\system32\drivers\wdmaud.sys
F044B000: \SystemRoot\system32\drivers\sysaudio.sys
F93C2000: \SystemRoot\System32\Drivers\Cdfs.SYS
F00D3000: \SystemRoot\System32\DRIVERS\mrxdav.sys
F980C000: \SystemRoot\System32\Drivers\ParVdm.SYS
EFEA1000: \SystemRoot\System32\DRIVERS\srv.sys
EFCE6000: \SystemRoot\system32\drivers\kmixer.sys
F01B0000: \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
7C900000: \WINDOWS\system32\ntdll.dll


Files Created/Modified - 60 Days :


C:\

Dec 6 2007 3:10:10a 8,312 A.... "C:\caavsetup.log"
Nov 18 2007 1:22:08p 263,494 A.... "C:\hpfr5700.log"
Dec 7 2007 3:20:46a 399,507,456 A.SH. "C:\pagefile.sys"
Dec 6 2007 4:25:22p 1,803 A.... "C:\rapport.txt"


C:\WINDOWS\

Dec 7 2007 3:21:46a 0 A.... "C:\WINDOWS\0.log"
Dec 6 2007 3:09:46a 111,728 A.... "C:\WINDOWS\AVShlExt.dll"
Dec 7 2007 3:20:48a 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Nov 19 2007 5:06:14p 1,409 A.... "C:\WINDOWS\QTFont.for"
Dec 5 2007 8:39:38p 54,156 A..H. "C:\WINDOWS\QTFont.qfn"
Dec 7 2007 3:20:12a 2,736 A.... "C:\WINDOWS\SchedLgU.Txt"
Dec 2 2007 1:26:50p 0 A.... "C:\WINDOWS\Sti_Trace.log"
Dec 6 2007 3:09:46a 115,824 A.... "C:\WINDOWS\UnVet32.exe"
Dec 7 2007 3:21:34a 159 A.... "C:\WINDOWS\wiadebug.log"
Dec 7 2007 3:21:28a 49 A.... "C:\WINDOWS\wiaservc.log"
Dec 7 2007 3:28:22a 1,316,191 A.... "C:\WINDOWS\WindowsUpdate.log"
Dec 6 2007 12:56:22p 749 A..HR "C:\WINDOWS\WindowsShell.Manifest"
Oct 10 2007 6:29:14p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00001"
Oct 10 2007 6:29:14p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00002"
Oct 10 2007 6:29:14p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00003"
Oct 10 2007 6:29:14p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00004"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00005"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00006"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00007"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00008"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00009"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00010"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00011"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00012"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00013"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00014"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00015"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00016"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00017"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00018"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00019"
Oct 10 2007 6:29:16p 12,288 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00020"
Oct 10 2007 6:29:16p 8,192 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00021"
Oct 10 2007 6:29:16p 81,920 A.... "C:\WINDOWS\$NtUninstallKB939653$\reg00022"
Oct 10 2007 6:29:38p 28,672 A.... "C:\WINDOWS\$NtUninstallKB933729$\reg00001"
Dec 7 2007 3:20:50a 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
Oct 30 2007 4:41:36a 705 ..... "C:\WINDOWS\inf\branches.inf"
Dec 2 2007 12:43:56p 4,100 A.... "C:\WINDOWS\inf\branches.PNF"
Dec 2 2007 12:43:56p 1,375,000 A.... "C:\WINDOWS\inf\INFCACHE.1"
Nov 23 2007 11:01:26a 1,048,576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{73E21C27-F3A8-40DD-950B-5F80F32E4913}.crmlog"
Nov 18 2007 7:06:10a 36,352 ..... "C:\WINDOWS\system32\cbxvusr.dll"
Dec 6 2007 12:56:22p 749 A..HR "C:\WINDOWS\system32\cdplayer.exe.manifest"
Dec 7 2007 3:21:46a 434,576 A.SH. "C:\WINDOWS\system32\knnmp.ini"
Dec 7 2007 3:21:36a 434,411 A.SH. "C:\WINDOWS\system32\knnmp.ini2"
Nov 1 2007 11:12:58p 18,238,072 A.... "C:\WINDOWS\system32\MRT.exe"
Dec 6 2007 12:56:22p 749 A..HR "C:\WINDOWS\system32\ncpa.cpl.manifest"
Dec 6 2007 12:56:22p 749 A..HR "C:\WINDOWS\system32\nwc.cpl.manifest"
Dec 6 2007 3:08:10a 39,992 A.... "C:\WINDOWS\system32\perfc009.dat"
Dec 6 2007 3:08:10a 311,604 A.... "C:\WINDOWS\system32\perfh009.dat"
Dec 2 2007 1:32:04p 356,738 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
Nov 18 2007 7:11:26a 320,608 A.... "C:\WINDOWS\system32\pmnnk.dll"
Dec 6 2007 12:56:22p 749 A..HR "C:\WINDOWS\system32\sapi.cpl.manifest"
Oct 25 2007 7:36:52p 8,454,656 A.... "C:\WINDOWS\system32\shell32.dll"
Dec 6 2007 3:44:02p 3,796 A.... "C:\WINDOWS\system32\tmp.reg"
Dec 6 2007 3:44:02p 0 A.... "C:\WINDOWS\system32\tmp.txt"
Dec 6 2007 3:09:46a 74,864 A.... "C:\WINDOWS\system32\VetRedir.dll"
Dec 5 2007 8:01:26p 2 A.... "C:\WINDOWS\system32\wcpisvsu.exe"
Dec 7 2007 3:22:06a 2,206 A.... "C:\WINDOWS\system32\wpa.dbl"
Dec 6 2007 12:56:22p 749 A..HR "C:\WINDOWS\system32\wuaucpl.cpl.manifest"
Oct 29 2007 2:26:54a 115,712 A.... "C:\WINDOWS\system32\xpsp3res.dll"
Oct 13 2007 9:28:02p 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
Dec 7 2007 3:21:10a 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Dec 7 2007 3:14:34a 616,448 A.SH. "C:\WINDOWS\Temp\2yahzrpb.TMP"
Dec 7 2007 3:28:30a 2,881 A.... "C:\WINDOWS\Temp\scs6.tmp"
Dec 7 2007 3:21:00a 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"
Dec 7 2007 3:22:06a 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"
Oct 10 2007 6:28:10p 10,168 A.... "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.inf"
Oct 10 2007 6:28:02p 370 A.... "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.txt"
Nov 14 2007 7:29:40p 11,495 A.... "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.inf"
Nov 14 2007 7:29:28p 513 A.... "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.txt"
Oct 10 2007 6:29:30p 19,044 A.... "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.inf"
Oct 10 2007 6:29:16p 4,867 A.... "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.txt"
Oct 10 2007 6:29:42p 10,436 A.... "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.inf"
Oct 10 2007 6:29:38p 369 A.... "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.txt"
Dec 6 2007 3:08:46a 84 A.... "C:\WINDOWS\system32\Debug\InoWMI.log"
Oct 25 2007 7:36:52p 8,454,656 A.... "C:\WINDOWS\system32\dllcache\shell32.dll"
Dec 6 2007 3:09:46a 21,031 A.... "C:\WINDOWS\system32\drivers\Vet-Filt.sys"
Dec 6 2007 3:09:46a 15,478 A.... "C:\WINDOWS\system32\drivers\Vet-Rec.sys"
Dec 6 2007 3:12:56a 108,360 A.... "C:\WINDOWS\system32\drivers\VetEBoot.sys"
Dec 6 2007 3:12:56a 879,832 A.... "C:\WINDOWS\system32\drivers\VetEFile.sys"
Dec 6 2007 3:09:46a 15,735 A.... "C:\WINDOWS\system32\drivers\VetFDDNT.sys"
Dec 6 2007 3:13:22a 26,787 A.... "C:\WINDOWS\system32\drivers\vetmonnt.sys"
Oct 25 2007 7:34:02p 8,460,288 A.... "C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll"
Oct 29 2007 2:04:04a 350,720 A.... "C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll"
Oct 30 2007 4:41:36a 705 A.... "C:\WINDOWS\$hf_mig$\KB943460\update\branches.inf"
Oct 30 2007 5:05:02a 11,990 A.... "C:\WINDOWS\$hf_mig$\KB943460\update\KB943460.CAT"
Oct 30 2007 5:32:12a 394 A.... "C:\WINDOWS\$hf_mig$\KB943460\update\update.ver"
Oct 30 2007 4:41:36a 496 A.... "C:\WINDOWS\$hf_mig$\KB943460\update\updatebr.inf"
Oct 30 2007 4:58:54a 23,681 A.... "C:\WINDOWS\$hf_mig$\KB943460\update\update_SP2QFE.inf"
Oct 30 2007 5:05:02a 11,990 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB943460.cat"
Nov 14 2007 7:29:40p 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
Dec 6 2007 9:34:08p 686 A.... "C:\WINDOWS\system32\drivers\etc\HOSTS"
Dec 2 2007 1:41:52p 26,646 A.... "C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log"
Dec 7 2007 3:20:58a 4,096 A.... "C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl"
Nov 23 2007 6:33:44p 24,576 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log"


C:\Program Files\

Nov 22 2007 8:10:36a 787,696 A.... "C:\Program Files\CCleaner\CCleaner.exe"
Dec 2 2007 12:47:32p 111,005 A.... "C:\Program Files\CCleaner\uninst.exe"
Dec 6 2007 3:13:24a 300,680 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\arclib.dll"
Dec 7 2007 3:22:38a 63,816 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\boot.dat"
Dec 6 2007 3:12:56a 94,208 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\cafix.exe"
Dec 6 2007 3:09:46a 328,816 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAV.exe"
Dec 6 2007 3:09:46a 87,152 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVCmd.exe"
Dec 6 2007 3:09:46a 74,864 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVCtx.exe"
Dec 6 2007 3:09:46a 185,456 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe"
Dec 6 2007 3:09:46a 230,512 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
Dec 6 2007 3:09:46a 193,920 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\InoScan.dll"
Dec 6 2007 3:09:46a 259,184 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe"
Dec 6 2007 3:12:56a 1,353,016 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafeEngine.dll"
Dec 6 2007 3:09:46a 128,112 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\LicReg.exe"
Dec 6 2007 3:13:24a 167,936 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\usetup.exe"
Dec 6 2007 3:09:46a 28,032 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vdmdbg.dll"
Dec 7 2007 3:22:38a 13,311,272 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vet.dat"
Dec 6 2007 3:12:56a 1,353,016 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vete.dll"
Dec 6 2007 3:09:46a 201,840 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe"
Dec 6 2007 3:09:46a 9,328 A.... "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetNTMsg.dll"
Oct 31 2007 8:30:30a 45,056 A.... "C:\Program Files\Outerinfo\FF\components\FF.dll"
Dec 2 2007 1:04:30p 51 A.... "C:\Program Files\Webroot\Spy Sweeper\Logs\alkep.dat"
Dec 2 2007 1:04:30p 51 A.... "C:\Program Files\Webroot\Spy Sweeper\Logs\alrem.dat"
Dec 2 2007 1:04:30p 240 A.... "C:\Program Files\Webroot\Spy Sweeper\Quarantine\F_related[1]__htm.dat"
Dec 2 2007 1:19:04p 166 A.... "C:\Program Files\Webroot\Spy Sweeper\Quarantine\qr.dat"
Dec 5 2007 8:07:54p 19,456 A.... "C:\Program Files\CA\SharedComponents\CAUpdate\Plugins\AvBaseCAU1.dll"
Dec 5 2007 8:07:54p 34,304 A.... "C:\Program Files\CA\SharedComponents\CAUpdate\Plugins\InoEngCAU1.dll"
Dec 5 2007 8:05:36p 18,944 A.... "C:\Program Files\CA\SharedComponents\CAUpdate\Plugins\ITMCommonCAU.dll"
Dec 5 2007 8:07:54p 34,304 A.... "C:\Program Files\CA\SharedComponents\CAUpdate\Plugins\VetEngCAU1.dll"


Files with hidden attributes:

Fri 7 Dec 2007 616,448 A.SH. --- "C:\WINDOWS\Temp\2yahzrpb.TMP"
Tue 23 May 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 7 Oct 2007 28,160 ...H. --- "C:\Documents and Settings\Owner\My Documents\~WRL1376.tmp"
Sun 7 Oct 2007 29,696 ...H. --- "C:\Documents and Settings\Owner\My Documents\~WRL3070.tmp"
Sat 6 Oct 2007 27,136 ...H. --- "C:\Documents and Settings\Owner\My Documents\~WRL3726.tmp"
Wed 3 Jan 2007 146,432 ..SHR --- "C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\Setup.exe"
Tue 22 Aug 2006 30,720 A.SHR --- "C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\_Setupx.dll"
Fri 10 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 1 Nov 2007 230,400 ..SHR --- "C:\Documents and Settings\Owner\My Documents\F?nts\n?tepad.exe"
Tue 23 May 2006 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Tue 4 Jul 2006 20 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 3 Sep 2005 312 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"


Catchme:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, Rootkit scan 2007-12-07 03:28:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



Program Folders:

C:\Program Files\

Adobe
AIM
Analog Devices
AOD
AOL
Apple Software Update
Broadcom
CA
Canon
CCleaner
Common Files
ComPlus Applications
Google
Hewlett-Packard
HP
InstallShield Installation Information
Intel
Internet Explorer
iPod
iTunes
Java
LG Drivers
McAfee.com
Messenger
Microsoft ActiveSync
Microsoft Encarta
microsoft frontpage
Microsoft Office
Microsoft Picture It! 7
Microsoft Picture It! 9
Microsoft Streets and Trips
Microsoft Works
Microsoft Works Suite 2004
Movie Maker
MSN
MSN Gaming Zone
MSXML 4.0
NetMeeting
Online Services
Outerinfo
Outlook Express
QuickTime
Turbo Searcher
Uninstall Information
Verizon Wireless
Viewpoint
Webroot
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox

C:\Program Files\Common Files\

Adobe
AOL
Designer
InstallShield
Java
Microsoft Shared
MSSoap
ODBC
Services
SpeechEngines
System


Add/Remove Programs:

Adobe Acrobat 5.0
AOL Instant Messenger
CCleaner (remove only)
HijackThis 2.0.2
iPod Updater 2004-11-15
Broadcom 440x 10/100 Integrated Controller
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893066)
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
LG USB Drivers
Microsoft Compression Client Pack 1.0 for Windows XP
Canon PhotoRecord
Microsoft Picture It! Photo Premium 9
Shockwave
Adobe Flash Player 9 ActiveX
Spy Sweeper
V CAST Music Essentials Manager
eTrust EZ Antivirus
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft Works 2004 Setup Launcher
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Encarta Encyclopedia Standard 2004
iPod Updater 2004-11-15
QuickTime
HP Software Update
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
V CAST Music
Microsoft Works Suite Add-in for Microsoft Word
iTunes
Microsoft Picture It! Photo 7.0
MSXML 4.0 SP2 (KB927978)
Broadcom 440x 10/100 Integrated Controller
HP Deskjet 5700
Microsoft Streets and Trips 2004
Intel(R) Extreme Graphics Driver
Microsoft Office XP Professional
Microsoft Word 2002
Apple Software Update
Microsoft Works
MSXML 4.0 SP2 (KB936181)
Dell ResourceCD
Microsoft Picture It! Photo Premium 9
SoundMAX


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"UserFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,75,00,\
00,00
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"CaAvTray"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\pmnnk.dll\0\0


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\https\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!
 
So now that the wheel on my mouse is overheated, is your problem fixed, still exists, what happened?
 
Were you able to resolve this? I just ran into this problem within the last few days, maybe I can help.
 
Just to get through the basics...
Did you try Safe Mode?
Did you try Last Known Good configuration?
Did you try deleting temp files? (Usually doesn't fix anything, but I've seen some people with literally over 100,000 temp files).
Did you try reinstalling the latest Windows XP Service Pack?
 
By any chance was this a custom built computer? I had a problem similar to this a few years back. It was due to incompatible ram with the board. The ram was of the right type for the board however it had a conflict with it. Might want to check that. Also might want to see if your ram is bad.


Test one stick at a time (have only one stick at a time on the motherboard)

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 

Go to your internet options and select the Advance tab. Click the Reset button. Doing this clears your form data and Username & passwords. You do not lose your Favorites.
 
If you look at your registry in the following location:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\pmnnk.dll\0\0


you see the file pmnnk.dll this is the culprit.
There will be 2 files you need to delete
"pmnnk.dll" and "pmnnk.exe" in your system32 folder

The registry entries will also need to be changed the value for the authenication packages should only be msv1_0

these entries should be in all ControlSet Hives and will also need modified.

after that search the registry for all instances of "pmnnk" and delete only those values

You will not be able to do this within windows not even safe mode. You will need a bootable CD to access the drive and registry. UBCD has worked for me with this infection

Hope this helps
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top