Tech Support Forum banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Any help you could give would be really appreciated. Thanks :4-dontkno

My system locks up and I need to reboot. I believe this is in reference to my EZ Antivirus scan but not sure.

I have an Event Viewer error as follows:

Source: ESENT
Category: Logging/Recovery
Type: Error
Event ID: 455
wuaueng.dll (896) SUS20ClientDataStore: Error 1032 (Oxfffffbf8) occurred while opening D:\Windows\SoftwareDistribution\DataStore\Logs\edb.log

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:20:45 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\System32\umonit.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
D:\Program Files\Sony Handheld\HOTSYNC.EXE
D:\PROGRA~1\Webshots\webshots.scr
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINDOWS\system32\mmc.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
D:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UMonit] D:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = D:\Program Files\Sony Handheld\HOTSYNC.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121132080621
O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
 

·
Registered
Joined
·
6,574 Posts
Hi, welcome to TSF.

Concerning the ESENT message you recieve. This link may beof interest to you:

http://www.winxptutor.com/sp2/esent.htm

FYI - Microsoft Antispyware - it’s rogueware (or known to be rogueware in the past) and we highly recommend that you uninstall it. Rogue/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection. Please read the following discussion to help you decide. http://www.techsupportforum.com/showthread.php?goto=newpost&t=59797

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

Perform an online scan in Internet Explorer with Panda ActiveScan

  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #3 ·
System Locks up

I uninstalled MS AntiSpyWare. Rebooted. Downloaded TrendMicro and ran scan, deleting all virus' and spyware noted. Here are those results:

Started Scanning
Internet Cookies
Found 'fastclick.net' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'as-us.falkag.net' in 'Internet Explorer Cache'
Found 'bluestreak.com' in 'Internet Explorer Cache'
Found 'serving-sys.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'atwola.com' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'ads.pointroll.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Found 'zedo.com' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Found 'bravenet.com' in 'Internet Explorer Cache'
Found 'estat.com' in 'Internet Explorer Cache'
Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'edge.ru4.com' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'centrport.net' in 'Internet Explorer Cache'
Found 'bannerspace.com' in 'Internet Explorer Cache'
Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'maxserving.com' in 'Internet Explorer Cache'
Found 'adknowledge.com' in 'Internet Explorer Cache'
Found 'spylog.com' in 'Internet Explorer Cache'
Found 'trafficmp.com' in 'Internet Explorer Cache'
Found 'c5.zedo.com' in 'Internet Explorer Cache'
Found 'perf.overture.com' in 'Internet Explorer Cache'
Found 'adtrak.net' in 'Internet Explorer Cache'
Found 'www.burstbeacon.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'statcounter.com' in 'Internet Explorer Cache'
Found 'about.com' in 'Internet Explorer Cache'
Found 'apmebf.com' in 'Internet Explorer Cache'
Found 'qksrv.net' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Internet URL Shortcuts
Found 'Ab scissor.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Broadband comparison.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Credit counseling.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Credit report.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Crm software.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Debt credit card.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Escorts.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Fha.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Health insurance.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Help desk software.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Insurance home.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Loan for debt consolidation.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Loan for people with bad credit.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Marketing email.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Mortgage insurance.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Nevada corporations.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Online Betting Site.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Online gambling casino.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Online instant loan.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Order phentermine.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Payroll advance.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Personal loans online.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Personal loans with bad credit.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Prescription Drugs Rx Online.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Refinancing my mortgage.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Tahoe vacation rental.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Unsecured bad credit loans.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'Videos.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Found 'What is hydrocodone.url' in 'D:\Documents and Settings\Grandma's Computer\Favorites\Sites about\'
Files and Directories
Found '' in 'C:\Program Files\MemoryWatcher'
Found 'setupmpe.exe' in 'C:\morpheus'
Found 'delfinLO.ebd' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinAD.ebd' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinST.ebd' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinBD.edx' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinED.edx' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinID.edx' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinDL.edx' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinAF.edx' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinCO.edx' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinLD.edx' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinTG.ebd' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinKY.edx' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'delfinSI.edx' in 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc'
Found 'bb.exe' in 'C:\Documents and Settings\Bonnie Myers\Local Settings\Temp'
Found 'travel.ico' in 'C:\'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Program Files\MemoryWatcher' in shortcut areas.
Checking for 'C:\Program Files\MemoryWatcher' in startup areas.
Cleaning 'C:\Program Files\MemoryWatcher'
Checking for 'C:\morpheus\setupmpe.exe' in shortcut areas.
Checking for 'C:\morpheus\setupmpe.exe' in startup areas.
Cleaning 'C:\morpheus\setupmpe.exe'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinLO.ebd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinLO.ebd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinLO.ebd'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinAD.ebd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinAD.ebd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinAD.ebd'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinST.ebd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinST.ebd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinST.ebd'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinBD.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinBD.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinBD.edx'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinED.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinED.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinED.edx'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinID.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinID.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinID.edx'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinDL.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinDL.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinDL.edx'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinAF.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinAF.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinAF.edx'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinCO.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinCO.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinCO.edx'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinLD.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinLD.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinLD.edx'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinTG.ebd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinTG.ebd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinTG.ebd'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinKY.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinKY.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinKY.edx'
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinSI.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinSI.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\delfinSI.edx'
Checking for 'C:\Documents and Settings\Bonnie Myers\Local Settings\Temp\bb.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\Bonnie Myers\Local Settings\Temp\bb.exe' in startup areas.
Cleaning 'C:\Documents and Settings\Bonnie Myers\Local Settings\Temp\bb.exe'
Checking for 'C:\travel.ico' in shortcut areas.
Checking for 'C:\travel.ico' in startup areas.
Cleaning 'C:\travel.ico'
Finished Cleaning

Downloaded and scanned using PandaSoftware. Nothing was detected. Uninstalling MS AntiSpyWare seems to have speeded up my computer so far. I have EZ Antivirus set to scan in 15 minutes. I'll let it run and see what happens next.
 
1 - 4 of 4 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Status
Not open for further replies.
Top