Spybot and BSOD

**boogster54** · 2007-09-29, 11:34

Hi Guys,

I've been getting the BSOD now off and on for the last month. I tried running Spy Bot three times in the last two days and each time I have gotten the BSOD after the scan starts. I have posted my HJT and Anti Virus scan below.

Thanks in advance for any help

Logfile of HijackThis v1.99.1
Scan saved at 12:07:08 AM, on 29-Sep-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS2\system32\freecell.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubfanzine.com/ipswich_town/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.159.67.115:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS2\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://oneofthoseknights.spaces.live...d/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153761070106
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://oneofthoseknights.spaces.live...d/MsnPUpld.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp2p.com/sfiles/phasex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A120BFB-8DFF-400C-BC54-322D62E69D52}: NameServer = 216.249.40.1 216.249.32.2
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.DLL (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS2\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

KASPERSKY ONLINE SCANNER REPORT
Saturday, September 29, 2007 6:28:39 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 29/09/2007
Kaspersky Anti-Virus database records: 399094

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 45432
Number of viruses found 3
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 02:32:07

Infected Object Name Virus Name Last Action
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\WINDOWS2\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS2\system32\config\SECURITY Object is locked skipped

C:\WINDOWS2\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS2\system32\config\system.LOG Object is locked skipped

C:\WINDOWS2\system32\config\software.LOG Object is locked skipped

C:\WINDOWS2\system32\config\default.LOG Object is locked skipped

C:\WINDOWS2\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS2\system32\config\SAM Object is locked skipped

C:\WINDOWS2\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS2\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS2\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS2\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS2\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS2\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS2\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS2\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS2\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS2\system32\h323log.txt Object is locked skipped

C:\WINDOWS2\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS2\Temp\Perflib_Perfdata_5a8.dat Object is locked skipped

C:\WINDOWS2\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS2\Sti_Trace.log Object is locked skipped

C:\WINDOWS2\wiaservc.log Object is locked skipped

C:\WINDOWS2\wiadebug.log Object is locked skipped

C:\WINDOWS2\WindowsUpdate.log Object is locked skipped

C:\WINDOWS2\SchedLgU.Txt Object is locked skipped

C:\WINDOWS2\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/kernels1118.exe Infected: Trojan-Downloader.Win32.Small.dht skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip/vx3t2.game Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip/vx1t1.game Infected: Email-Worm.Win32.Luder.a skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Kevin\ntuser.dat Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Temp\~DFEA59.tmp Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Temp\~DFEA70.tmp Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Temp\~DF2BA.tmp Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Temp\~DF2C6.tmp Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\History\History.IE5\MSHist012007092920070930\index.dat Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows Live Contacts\kgknights@northrock.bm\real\members.stg Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows Live Contacts\kgknights@northrock.bm\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Kevin\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Kevin\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\_restore{16F164EB-7767-4F97-9447-F763B620CF94}\RP575\change.log Object is locked skipped

Scan process completed.

**boogster54** · 2007-10-02, 12:39

I just ran spybot in safe mode and it completed the task ok, just found a couple of tracking cookies.

Any suggestions would be welcome re my first post,

**boogster54** · 2007-10-04, 04:51

Anybody ?

**boogster54** · 2007-10-05, 13:14

I guess not

FYI for the future, please do not bump.
The Waiting Room: Post here if waiting for help longer than four days

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

**little eagle** · 2007-10-06, 18:21

Close all programs leaving only HijackThis running. Place a check against each of the following,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Click on Fix Checked when finished and exit HijackThis.

Download and run - ATF Cleaner instructions here.

Lets run combofix.exe
Download it from one of the links below:
Note:
It is important that it is saved directly to your desktop
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

**boogster54** · 2007-10-06, 19:27

Thanks so much. Here is my combofix log :-

ComboFix 07-10-06.5 - Kevin 2007-10-06 14:04:09.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247 [GMT -3:00]
Running from: C:\Documents and Settings\Kevin\Desktop\combofix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 )))))))))))))))))))))))))))))))
.

2007-10-06 14:01 51,200 --a------ C:\WINDOWS2\NirCmd.exe
2007-09-29 00:18 <DIR> d-------- C:\WINDOWS2\system32\Kaspersky Lab
2007-09-29 00:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Kaspersky Lab
2007-09-11 22:29 <DIR> d-------- C:\0f0bd2335e2d9c1fed1aa910ea9257ff

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 07:09 801144 --a------ C:\WINDOWS2\system32\aswBoot.exe
2007-09-06 07:05 94416 --a------ C:\WINDOWS2\system32\drivers\aswmon2.sys
2007-09-06 07:05 92848 --a------ C:\WINDOWS2\system32\drivers\aswmon.sys
2007-09-06 07:03 23152 --a------ C:\WINDOWS2\system32\drivers\aswRdr.sys
2007-09-06 07:02 42912 --a------ C:\WINDOWS2\system32\drivers\aswTdi.sys
2007-09-06 07:00 95608 --a------ C:\WINDOWS2\system32\AVASTSS.scr
2007-09-06 07:00 26624 --a------ C:\WINDOWS2\system32\drivers\aavmker4.sys
2007-09-02 01:14 --------- d-------- C:\Program Files\Gold Miner
2007-09-01 10:41 --------- d-------- C:\Program Files\Common Files\Skype
2007-08-21 15:28 --------- d-------- C:\Program Files\Luxor
2007-08-21 15:27 --------- d-------- C:\Program Files\ReflexiveArcade
2007-07-30 19:19 92504 --a------ C:\WINDOWS2\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS2\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS2\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS2\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS2\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS2\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS2\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS2\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS2\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS2\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS2\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS2\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS2\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS2\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS2\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS2\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS2\system32\dllcache\wups.dll
2007-07-19 04:00 3583488 --a------ C:\WINDOWS2\system32\dllcache\mshtml.dll
2007-07-12 20:31 765952 --a------ C:\WINDOWS2\system32\dllcache\vgx.dll
2002-08-25 00:33 266 ---hs---- C:\Program Files\desktop.ini
2002-08-25 00:33 11079 --ah----- C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS2\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 23:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS2\system32\ctfmon.exe" [2004-08-04 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 07:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS2\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 sdcplh;sdcplh;C:\WINDOWS2\system32\drivers\sdcplh.sys
S3 KLSIENET;Driver for USB Ethernet Adapter;C:\WINDOWS2\system32\DRIVERS\usb101et.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 14:15:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-06 14:20:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-06 14:20
.
--- E O F ---

**little eagle** · 2007-10-06, 19:33

Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.

**boogster54** · 2007-10-07, 04:06

I've posted my HijckThis log below.

I still get the same problem though. Just tried to do a Spybot scan. It let me download updates, but when I started running the scan I got the BSOD, after running about two minutes. This was the BSOD error:

0x0000008E (0x80000004,0xF84CA9E5,0xEE731B7C,
0x00000000 )

ACPI Sys-ADDRESS F84CA9E5 base at F84B0000

Datestamp 41107d27

And this message : Problem caused by Device Driver

You received this message because a device driver installed on your computer caused the Windows operating system to stop unexpectedly. This type of error is referred to as a "stop error." A stop error requires you to restart your computer

Logfile of HijackThis v1.99.1
Scan saved at 10:55:11 PM, on 06-Oct-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\ctfmon.exe
C:\WINDOWS2\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS2\system32\dumprep.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Logitech\Video\FxSvr2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubfanzine.com/ipswich_town/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.159.67.115:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS2\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://oneofthoseknights.spaces.live...d/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153761070106
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://oneofthoseknights.spaces.live...d/MsnPUpld.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp2p.com/sfiles/phasex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.DLL (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS2\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

**little eagle** · 2007-10-11, 04:21

Sorry for the delay.

Please go HERE to run Panda's ActiveScan

* You need to use IE to run this scan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

**boogster54** · 2007-10-12, 02:05

I ran into problems and am having to use my computer at work to send this.

I tried running the Panda Scan last night, it took about half an hour to download the files and the scan was taking ages so I left it running overnight. It had completed this morning but my system froze and I have been unable to re-boot ever since.

I will probaly end up buying a new system which I was planning to do anyway. If I get running again and can complete the scan etc I'll get back to you, but thanks very much for the help anyway.

Boogster54

Thread: Spybot and BSOD

Thread Tools

Display

Spybot and BSOD

Posting Permissions