Tech Support banner
Status
Not open for further replies.
1 - 20 of 22 Posts

·
Registered
Joined
·
12 Posts
Discussion Starter · #1 · (Edited)
I've been having an ongoing issue with BSODs. It comes and goes. When I get one I usually have to restart the system many times and I usually can get back in eventually. I have tried many different virus scans, but everytime I am just about finished the blue screen appears again. I bought my computer in October and I started having trouble about the second month that I had it. Here are the results of my HijackThis. Hopefully you can help shed some light on this for me. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 1:53:41 AM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\phpdev5\apache\Apache.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\phpdev5\apache\Apache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://inst.c-wss.com
O15 - Trusted Zone: http://www.canon.com
O15 - Trusted Zone: http://www.nbc.com
O15 - Trusted Zone: http://viiv.nbcuni.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158605316328
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dev5_ap1 - Unknown owner - C:\phpdev5\apache\Apache.exe" --ntservice (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Was this a new machine, purchased from a reputable retailer? Or a custom build? Or second hand machine?

If relatively new, and having this sort of problem, it should still be under warranty.

Did you install a program or piece of hardware just prior to the Blue Screen appearances?

I'm uncertain that your issue is malware related, which is what this forum specialises in.

Let's run this diagnostic tool, to assist us in finding out.

  1. Download combofix.exe to your desktop.
  2. Double click on combofix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #3 ·
This is a Gateway Laptop that I bought from Best Buy in the middle of September. After it started happening I deleted anything that might have been causing the problem. My Anti-Spyware (Webroot) started acting up so I deleted that. I also deleted Office 2007 Beta, Daemon, and anything else that I thought might be causing it. It seemed to fix the problem, but after a week or so the blue screens came back.
When I installed Spybot Search and Destroy and ran it for the first time it said that it had already been altered and that malware might be the culprit. Whenever I do an online virus scan a bsod appears towards the end of the scan and it can't finish. I at first suspected a hardware malfunction and I performed a memory test that did not produce any problems. With the malfunction of my antivirus and antispyware along with the blue screens it leads me to believe something is causing this besides hardware. The cause of the blue screen changes everytime as well. If I can prove that hardware is causing the problem I am sure gateway would have no problem giving me a new laptop because it is brand new. I hope this information helps. Thanks for your help. Here are the results of the combofix scan:

"Owner" - 06-12-28 22:17:17.62 Service Pack 2
ComboFix 06-12-28.3W-BetaE2 - Running from: "C:\Documents and Settings\Owner.YOUR-A4855E07E3\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


d:\autorun.inf
C:\WINDOWS\system32\aamd532.dll


((((((((((((((((((((((((((((((( Files Created from 2006-11-28 to 2006-12-28 ))))))))))))))))))))))))))))))))))


2006-12-27 01:31 218,112 --a------ C:\HijackThis.exe
2006-12-27 00:47 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-12-27 00:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
2006-12-27 00:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2006-12-26 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-26 22:56 <DIR> d-------- C:\Program Files\Grisoft
2006-12-25 12:30 <DIR> d-------- C:\Program Files\DIFX
2006-12-25 12:29 <DIR> d-------- C:\Program Files\Zune
2006-12-25 12:29 <DIR> d-------- C:\Program Files\Common Files\ComponentOne
2006-12-25 12:28 <DIR> d-------- C:\f4fcb3e842edb5167be145f65a
2006-12-19 18:10 <DIR> d-------- C:\Program Files\Network Stumbler
2006-12-17 02:47 <DIR> d-------- C:\Program Files\Common Files\xing shared
2006-12-17 02:47 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Real
2006-12-12 00:52 <DIR> d-------- C:\Program Files\SpywareBot
2006-12-12 00:16 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Lavasoft
2006-12-12 00:15 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-12 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-28 12:10 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\real
2006-12-28 00:21 -------- d-------- C:\Program Files\mozilla firefox
2006-12-26 22:49 44288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-26 22:02 -------- d--h----- C:\Program Files\installshield installation information
2006-12-17 02:47 -------- d-------- C:\Program Files\Common Files\real
2006-12-12 15:43 -------- d-------- C:\Program Files\bittorrent
2006-12-12 00:16 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\lavasoft
2006-12-12 00:15 -------- d-------- C:\Program Files\google
2006-11-28 09:04 -------- d---s---- C:\DOCUME~1\OWNER~1.YOU\Application Data\microsoft
2006-11-27 17:02 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\adobeum
2006-11-25 19:59 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\apple computer
2006-11-25 19:58 -------- d-------- C:\Program Files\quicktime
2006-11-25 19:56 -------- d-------- C:\Program Files\apple software update
2006-11-22 13:50 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\adobe
2006-11-21 13:48 -------- d-------- C:\Program Files\support tools
2006-11-20 15:02 -------- d-------- C:\Program Files\Common Files\avery
2006-11-16 15:09 -------- d-------- C:\Program Files\Common Files\macromedia
2006-11-16 15:08 -------- d-------- C:\Program Files\macromedia
2006-11-16 15:06 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\macromedia
2006-11-16 14:36 -------- d-------- C:\Program Files\errorclean
2006-11-10 10:57 -------- d-------- C:\Program Files\divx
2006-11-10 09:23 -------- d-------- C:\Program Files\windows media connect 2
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 00:21 -------- d-------- C:\Program Files\Common Files\adobe
2006-11-02 23:01 -------- d-------- C:\Program Files\windows desktop search
2006-11-02 23:00 -------- d-------- C:\Program Files\windows live toolbar
2006-11-01 09:28 -------- d-------- C:\Program Files\real
2006-11-01 09:24 -------- d-------- C:\Program Files\online services
2006-10-31 17:45 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\opera
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 22:47 767488 --a------ C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 22:47 656896 --a------ C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 22:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 22:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 22:47 613376 --a------ C:\WINDOWS\system32\wmpmde.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 22:47 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 22:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 22:47 38400 --a------ C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 22:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 22:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 22:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 22:47 317440 --a------ C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 22:47 295936 --a------ C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 22:47 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 22:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 22:47 2603008 --a------ C:\WINDOWS\system32\wpdshext.dll
2006-10-18 22:47 259072 --a------ C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 22:47 259072 --a------ C:\WINDOWS\system32\mp43decd.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 22:47 212992 --a------ C:\WINDOWS\system32\mfplat.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 22:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 22:47 199168 --a------ C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 22:47 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 22:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 22:47 1574912 --a------ C:\WINDOWS\system32\wmvencod.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 22:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 22:47 1543680 --a------ C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 22:47 1382912 --a------ C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 22:47 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 22:47 132096 --a------ C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 22:47 130048 --a------ C:\WINDOWS\system32\wmpps.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 22:47 101888 --a------ C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 21:00 249856 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-10-18 21:00 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-18 11:45 40 --ahs---- C:\DOCUME~1\OWNER~1.YOU\Application Data\.zreglib
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-02 15:28 312128 --a------ C:\WINDOWS\system32\msdelta.dll
2006-10-02 12:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 12:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 12:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 12:04 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-09-28 20:13 95344 --a------ C:\WINDOWS\system32\wudfcoinstaller.dll
2006-09-28 18:56 55808 --a------ C:\WINDOWS\system32\wudfsvc.dll
2006-09-28 18:56 316416 --a------ C:\WINDOWS\system32\wudfx.dll
2006-09-28 18:56 165376 --a------ C:\WINDOWS\system32\wudfplatform.dll
2006-09-28 18:56 146432 --a------ C:\WINDOWS\system32\wudfhost.exe
2006-09-20 20:38 168 --a------ C:\DOCUME~1\OWNER~1.YOU\Application Data\wklnhst.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
69,6e,64,5f,58,50,2e,65,78,65,00
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe\""
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"MSKDetectorExe"="\"C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe\" /uninstall"
@=""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ifrmewrk"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ZCfgSvc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sm56hlpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
MHN


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-28 22:19:53.04

*******************************************************

Here are the results of the new hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:49 PM, on 12/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\phpdev5\apache\Apache.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\phpdev5\apache\Apache.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zune\Zune.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://inst.c-wss.com
O15 - Trusted Zone: http://www.canon.com
O15 - Trusted Zone: http://www.nbc.com
O15 - Trusted Zone: http://viiv.nbcuni.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158605316328
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dev5_ap1 - Unknown owner - C:\phpdev5\apache\Apache.exe" --ntservice (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #4 ·
I was finally able to complete a virus scan using panda activescan online. The results may be useful. It does say I have 27 Spyware, but they are all cookies so I don't know if they could be causing the issues that I am having. Here are the results:


Incident Status Location

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a73p0zkc.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.com.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.go.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[server.iad.liveperson.net/hc/34774121]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Application Data\Mozilla\Firefox\Profiles\iqp0ywr1.default\cookies.txt[server.iad.liveperson.net/hc/4262392]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner.YOUR-A4855E07E3\Cookies\[email protected][2].txt
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
I think I'd have spoken to the support staff at BestBuy or Gateway when these issues first arose. If it's been happening all along since you owned the machine, and you can't pinpoint an addition of software to the system as the cause, it's quite possibly hardware.

Let's see if we can eliminate malware as the source of issue.

You're right, it's doubtful cookies are causing your issue.

Clear your Firefox cookies. From the open browser, go toTools>Options>Privacy>Cookies>Clear

Let's use one more diagnostic tool, to see if anything is lurking.

Please download this tool > http://www.kztechs.com/sreng/sreng2.zip

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Dont post it. You may need to rename it from SREngLOG.log to SREngLOG.txt
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #6 ·
I first talked to an online Gateway tech support guy who told me to delete any programs I recently installed, which I did. That seemed to work for awhile, but it came back. I also did that memory test. I did not get the best buy warranty so Gateway is my only option.
I just ran the other scan and it told me that a registry value had an abnormal value (Default value is blank). And to check for a virus. I will try and post the screen shot. Attached is the log.
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
The screenshot of the alert is referring to this entry:

O20 - AppInit_DLLs: acaptuser32.dll

Which from what info I was able to gather is part of Adobe's 3D Capture software.

Search for that file on your system using Start>Search>All files and folders (may be in System32), and confirm on the properties version tab that it is indeed from Adobe.

Right click on that file and go to Properties. Then go to the Version tab and see what information you can get from there (Company, Description, etc.) and post it here.

It will take me some time to review the log.
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #8 ·
I was trying to check for some updates from Microsoft and I just found out that I can't get on there either. I get this error: 0x80072EFD error.

It tells me to fix the security settings and add the update sites to the trusted sites list, which I did. It did not help at all. Something is preventing me from getting updates to. This may be related.

Here is the info you wanted:

Company: Adobe Systems inc.
File Version: 7.0.7.6
Product Name: 3D Capture Dynamic Link Library

It is in the system32 folder.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Open HJT and click on Open the Misc Tools section.

Under System Tools, click on Open hosts file manager.

After it loads, click on Open in Notepad. Copy and paste the contents of that Notepad file here.
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #10 ·
It just created a sample one. Here it is though:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #11 ·
I did a CWShredder scan in safe mode and it found cws.msconfig. It did not find that file in Normal mode. What is the best way to get rid of this? This may be the cause of some of the problems.
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #12 ·
I was able to complete a Trend Micro Online scan. It picked up a bunch of vulnerabilities but could not get much information about them except for their names. It also picked up Troj_Generic but was able to clean that without a problem. I have attached screen shots of the vulnerabilities that it could not clean up for some reason.
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
CWShredder can be run in safe mode, simply tell it to fix instead of scan. CoolWebSearch is not typically linked to your symptoms.



The TrendMicro results are more than likely reports based on Windows Updates, which you can't seem to get to to take care of.

There's nothing in your hosts file blocking access.

I'm going to bring out a bigger gun to do some digging:

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
 

·
Registered
Joined
·
12 Posts
OK, this finally found something that might be what we are looking for. If found a modification of Lust.258. I did a google search and nothing helpful turned up. I will attach the log.

mirc.exe;C:\Program Files\mIRC;Program.mIRC.60;Incurable.Moved.;
A0007845.exe;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP31;Adware.Zango;Incurable.Moved.;
A0007846.exe;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP31;Adware.Zango;Incurable.Moved.;
System.DirectoryServices.Protocols.ni.dll;C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\56062ccad064cd4a8cc13f4a44ba14f1;Modification of Lust.258;Moved.;
gtdownlr_126.ocx;C:\WINDOWS\system32;Adware.Gdown;Incurable.Moved.;
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Let's have a look at Windows Event Viewer. It might give us a clue as to what is causing these issues, as I'm still unconvinced it's malware which is causing it, though we are finding some. You may have concurrent issues. Frankly, it would be more efficient to to a repair install/nondestructive restore.

Go to Start > Run - type in eventvwr <Press Enter>




This is a picture of what the event viewer looks like.
You will see Application, Security & System listed in the left pane.
  1. In the left pane click on Application.
  2. Click the gray title "Type" at the top of the source name column in the right pane to sort by type name
    Look for "Error" & double-click on the most recent 5, and evaluate the event description for any indication of the cause of the problem.
  3. Make note of the Description, EventID and Source of these Event Properties.
  4. From the right pane, doubleclick on the line where it says error & you should get a window like the example below





  5. In the upper right corner of this picture, you should see 2 arrows. One is pointing up & the other, pointing down.
    There is another button below the 2 arrows. Click once on it. (this will copy some information to clipboard)
  6. Open notepad & paste the info in there. This will copy the event information to the clipboard. Paste the information for each event here

Repeat steps 1-6 for System
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Also, please do this:

Create an uninstall list:

  • Open HiJackThis
  • Click on the button " Open the Misc Tools section"
  • Click on the Box that says "Open Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from the notepad file into your post
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #17 ·
If this problem is not malware related, then the only other ideas I would have is that the laptop is 1) Overheating or 2) the hard drive is crashing. I am not sure how to find out for sure if that is happening though. The BSODs usually happen after the laptop has been running for awhile and perhaps keep coming back until the computer has cooled down. I did get the updates to work finally after flushing the DNS and following some other instructions on the Microsoft support site. Here is the info you asked for:

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 12/29/2006
Time: 10:31:32 PM
User: N/A
Computer: SHAUNLAPTOP
Description:
Error code 1000000a, parameter1 95942c3c, parameter2 00000002, parameter3 00000000, parameter4 806e4a73.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 30 1000000
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 39 35 eters 95
0030: 39 34 32 63 33 63 2c 20 942c3c,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 38 30 36 65 00, 806e
0050: 34 61 37 33 4a73



Here is the uninstall list made from hijack this:

Ad-Aware SE Personal
Adobe Acrobat 3D 7.0.8 - English, Français, Deutsch
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Software Update
AVG Free Edition
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
DVD Solution
Entriq MediaSphere 3.4.0.15
FlashFXP v3
Google Updater
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
J2SE Runtime Environment 5.0 Update 2
Lavasoft VX2 Cleaner
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mIRC
mIWA
mLogView
mMHouse
Motorola SM56 Data Fax Modem
Mozilla Firefox (1.5.0.9)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
mWlsSafe
mXML
mZConfig
Napster Burn Engine
Network Stumbler 0.4.0 (remove only)
Panda ActiveScan
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SigmaTel Audio
Sonic Encoders
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Battle for Middle-earth (tm) II
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update Rollup 2 for Windows XP Media Center Edition 2005
Windows Backup Utility
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Zune
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
One of the things I see in your Add/Remove programs list is that you have AVG Free in the list, but it doesn't appear to be active.

In addition to that, I see parts of McAfee still present in your HJT log.

Having more than one Anti-Virus on a system can cause system conflict, slowdowns and hangs. (and BSODs as well)

Choose one to keep, and uninstall the other. Or, perhaps, considering the condition of the machine, uninstall both, rebooting in between each time, and then install a fresh version. If you choose this route, you may want to first download the installer file for the Anti-Virus product you do choose to install, disconnect from the internet, then perform the uninstalls, and subsequent new install.

Since it appears as though McAfee is only partially installed, and it's not indicated in Add/Remove Programs, please do this:

Please use the instructions on this page to completely uninstall your McAfee Products.

You can then see about installing a new AntiVirus program, using any one of these:

Here are a few very good free Antivirus products which are available:Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Once you've done this.....post a new HJT log, and let me know how your system is behaving.
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #19 ·
I deleted all of my antivirus stuff and did a clean install of avast. It did find win32:ctx while scanning but it seemed to delete just fine. My system seems to be running pretty well right now. It is hard to tell though because these blue screens come and go a will. Here are the results of the new hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 1:21:44 AM, on 12/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\phpdev5\apache\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\phpdev5\apache\Apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SMSERIAL] ; C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelZeroConfig] ; "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] ; "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DAEMON Tools] ; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] ; "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AnyDVD] ; "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://inst.c-wss.com
O15 - Trusted Zone: http://www.canon.com
O15 - Trusted Zone: http://www.nbc.com
O15 - Trusted Zone: http://viiv.nbcuni.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158605316328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: dev5_ap1 - Unknown owner - C:\phpdev5\apache\Apache.exe" --ntservice (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


Below is the new uninstall list in case you wanted that as well:


Ad-Aware SE Personal
Adobe Acrobat 3D 7.0.8 - English, Français, Deutsch
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Software Update
avast! Antivirus
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
DVD Solution
Entriq MediaSphere 3.4.0.15
FlashFXP v3
Google Updater
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
J2SE Runtime Environment 5.0 Update 2
Lavasoft VX2 Cleaner
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mIRC
mIWA
mLogView
mMHouse
Motorola SM56 Data Fax Modem
Mozilla Firefox (1.5.0.9)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
mWlsSafe
mXML
mZConfig
Napster Burn Engine
Network Stumbler 0.4.0 (remove only)
Panda ActiveScan
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SigmaTel Audio
Sonic Encoders
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Battle for Middle-earth (tm) II
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update Rollup 2 for Windows XP Media Center Edition 2005
Windows Backup Utility
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Zune

Thanks for all of your help.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
I deleted all of my antivirus stuff
This statement is worrisome. Delete indicates a hard removal. The correct term for removing a program is Uninstall. If one simply deletes a program's folder, it leaves all kinds of junk on the system that will confuse poor ol' Windows.

Just so we're clear on that....you Uninstalled, correct?

Did your system blue screen while running the Avast scan? When was the last one? Can you pinpoint it to the system being on and under duress (heavy resource usage) for a while? Using any particluar program? Or is it truly random?
 
1 - 20 of 22 Posts
Status
Not open for further replies.
Top