Hi Guys,

I've been getting the BSOD now off and on for the last month. I tried running Spy Bot three times in the last two days and each time I have gotten the BSOD after the scan starts. I have posted my HJT and Anti Virus scan below.

Thanks in advance for any help



Logfile of HijackThis v1.99.1
Scan saved at 12:07:08 AM, on 29-Sep-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS2\system32\freecell.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubfanzine.com/ipswich_town/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.159.67.115:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS2\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://oneofthoseknights.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153761070106
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://oneofthoseknights.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp2p.com/sfiles/phasex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A120BFB-8DFF-400C-BC54-322D62E69D52}: NameServer = 216.249.40.1 216.249.32.2
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.DLL (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS2\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe





KASPERSKY ONLINE SCANNER REPORT
Saturday, September 29, 2007 6:28:39 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 29/09/2007
Kaspersky Anti-Virus database records: 399094


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 45432
Number of viruses found 3
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 02:32:07

Infected Object Name Virus Name Last Action
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\WINDOWS2\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS2\system32\config\SECURITY Object is locked skipped

C:\WINDOWS2\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS2\system32\config\system.LOG Object is locked skipped

C:\WINDOWS2\system32\config\software.LOG Object is locked skipped

C:\WINDOWS2\system32\config\default.LOG Object is locked skipped

C:\WINDOWS2\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS2\system32\config\SAM Object is locked skipped

C:\WINDOWS2\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS2\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS2\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS2\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS2\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS2\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS2\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS2\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS2\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS2\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS2\system32\h323log.txt Object is locked skipped

C:\WINDOWS2\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS2\Temp\Perflib_Perfdata_5a8.dat Object is locked skipped

C:\WINDOWS2\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS2\Sti_Trace.log Object is locked skipped

C:\WINDOWS2\wiaservc.log Object is locked skipped

C:\WINDOWS2\wiadebug.log Object is locked skipped

C:\WINDOWS2\WindowsUpdate.log Object is locked skipped

C:\WINDOWS2\SchedLgU.Txt Object is locked skipped

C:\WINDOWS2\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/kernels1118.exe Infected: Trojan-Downloader.Win32.Small.dht skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip/vx3t2.game Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip/vx1t1.game Infected: Email-Worm.Win32.Luder.a skipped

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Kevin\ntuser.dat Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Temp\~DFEA59.tmp Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Temp\~DFEA70.tmp Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Temp\~DF2BA.tmp Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Temp\~DF2C6.tmp Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\History\History.IE5\MSHist012007092920070930\index.dat Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows Live Contacts\kgknights@northrock.bm\real\members.stg Object is locked skipped

C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows Live Contacts\kgknights@northrock.bm\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Kevin\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Kevin\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\_restore{16F164EB-7767-4F97-9447-F763B620CF94}\RP575\change.log Object is locked skipped

Scan process completed.

I just ran spybot in safe mode and it completed the task ok, just found a couple of tracking cookies.

Any suggestions would be welcome re my first post,

Anybody ?

I guess not



FYI for the future, please do not bump.
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Close all programs leaving only HijackThis running. Place a check against each of the following,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Click on Fix Checked when finished and exit HijackThis.

Download and run - ATF Cleaner instructions here. (http://forums.security-central.us/showthread.php?t=1925)

Lets run combofix.exe
Download it from one of the links below:
Note:
It is important that it is saved directly to your desktop
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Thanks so much. Here is my combofix log :-


ComboFix 07-10-06.5 - Kevin 2007-10-06 14:04:09.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247 [GMT -3:00]
Running from: C:\Documents and Settings\Kevin\Desktop\combofix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 )))))))))))))))))))))))))))))))
.

2007-10-06 14:01 51,200 --a------ C:\WINDOWS2\NirCmd.exe
2007-09-29 00:18 <DIR> d-------- C:\WINDOWS2\system32\Kaspersky Lab
2007-09-29 00:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Kaspersky Lab
2007-09-11 22:29 <DIR> d-------- C:\0f0bd2335e2d9c1fed1aa910ea9257ff

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 07:09 801144 --a------ C:\WINDOWS2\system32\aswBoot.exe
2007-09-06 07:05 94416 --a------ C:\WINDOWS2\system32\drivers\aswmon2.sys
2007-09-06 07:05 92848 --a------ C:\WINDOWS2\system32\drivers\aswmon.sys
2007-09-06 07:03 23152 --a------ C:\WINDOWS2\system32\drivers\aswRdr.sys
2007-09-06 07:02 42912 --a------ C:\WINDOWS2\system32\drivers\aswTdi.sys
2007-09-06 07:00 95608 --a------ C:\WINDOWS2\system32\AVASTSS.scr
2007-09-06 07:00 26624 --a------ C:\WINDOWS2\system32\drivers\aavmker4.sys
2007-09-02 01:14 --------- d-------- C:\Program Files\Gold Miner
2007-09-01 10:41 --------- d-------- C:\Program Files\Common Files\Skype
2007-08-21 15:28 --------- d-------- C:\Program Files\Luxor
2007-08-21 15:27 --------- d-------- C:\Program Files\ReflexiveArcade
2007-07-30 19:19 92504 --a------ C:\WINDOWS2\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS2\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS2\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS2\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS2\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS2\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS2\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS2\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS2\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS2\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS2\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS2\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS2\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS2\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS2\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS2\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS2\system32\dllcache\wups.dll
2007-07-19 04:00 3583488 --a------ C:\WINDOWS2\system32\dllcache\mshtml.dll
2007-07-12 20:31 765952 --a------ C:\WINDOWS2\system32\dllcache\vgx.dll
2002-08-25 00:33 266 ---hs---- C:\Program Files\desktop.ini
2002-08-25 00:33 11079 --ah----- C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS2\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 23:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS2\system32\ctfmon.exe" [2004-08-04 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 07:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS2\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 sdcplh;sdcplh;C:\WINDOWS2\system32\drivers\sdcplh.sys
S3 KLSIENET;Driver for USB Ethernet Adapter;C:\WINDOWS2\system32\DRIVERS\usb101et.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 14:15:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-06 14:20:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-06 14:20
.
--- E O F ---

Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.

I've posted my HijckThis log below.

I still get the same problem though. Just tried to do a Spybot scan. It let me download updates, but when I started running the scan I got the BSOD, after running about two minutes. This was the BSOD error:

0x0000008E (0x80000004,0xF84CA9E5,0xEE731B7C,
0x00000000 )

ACPI Sys-ADDRESS F84CA9E5 base at F84B0000

Datestamp 41107d27

And this message : Problem caused by Device Driver

You received this message because a device driver installed on your computer caused the Windows operating system to stop unexpectedly. This type of error is referred to as a "stop error." A stop error requires you to restart your computer




Logfile of HijackThis v1.99.1
Scan saved at 10:55:11 PM, on 06-Oct-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\ctfmon.exe
C:\WINDOWS2\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS2\system32\dumprep.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Logitech\Video\FxSvr2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubfanzine.com/ipswich_town/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.159.67.115:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS2\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://oneofthoseknights.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153761070106
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://oneofthoseknights.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp2p.com/sfiles/phasex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.DLL (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS2\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Sorry for the delay.

Please go HERE (http://www.pandasoftware.com/products/activescan.htm) to run Panda's ActiveScan

* You need to use IE to run this scan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

I ran into problems and am having to use my computer at work to send this.

I tried running the Panda Scan last night, it took about half an hour to download the files and the scan was taking ages so I left it running overnight. It had completed this morning but my system froze and I have been unable to re-boot ever since.

I will probaly end up buying a new system which I was planning to do anyway. If I get running again and can complete the scan etc I'll get back to you, but thanks very much for the help anyway.

Boogster54

Restart your PC tapping F8 while the BIOS is loading.
Chose "Last good known configuration"

See if it will load then.

Thanks I finally re-booted using the F8 thing, however it would not complete the disc check afterwards it kept freezing on 0%, 5%, or 8% , although I tried a few times but eventually had to skip the check.

Anyhow I ran the Panda scan and it detected nothing, so no report to file.

Close all programs leaving only HijackThis running. Place a check against each of the following,

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://oneofthoseknights.spaces.live...d/MsnPUpld.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp2p.com/sfiles/phasex.cab

Click on Fix Checked when finished and exit HijackThis.

-----------------------------

Then delete combofix from your desktop.

----------------------------

Make sure that you box has been cleaned out / dust can cause it to heat up and freeze.

--------------------------

Let me know when you have finished.

OK I've done that.

After running HijackThis the first thing you said check:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

wasn't there though, but I checked and fixed the other three.

Start spybot and then select recovery and delete all of them.

Then check the Avast4 and delete the quarantined files.

Reset your restore points, please note that you will need to log into your computer with an account
which has full administrator access. You will know if the account has administrator access because
you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Let me know if you get BSOD after all this.

No sorry, tried all that and it's just the same. Got through about 25% of the Spybot scan and bam, BSOD again.

I am wondering if it might be associated to bad RAM . Earlier today I tried a video conference with a friend overseas and got BSOD. It has also happened in the past when I have tried to play a small movie such as youtube or a wmv/mpeg file.

First to see how much memory you have, click Start>>Control Panel. Double- click System.
On the General tab, total memory will be listed near the bottom.

To enlarge the area set aside for virtual memory. To do that, click Start>>Control Panel. Double-click System.
Select the Advanced tab. Under Performance, click Settings. Select the Advanced tab.
Find Virtual Memory at the bottom of the window, and click Change.
Click the option button next to "Custom Size."
Increase it to atleast 1.5 times your memory size.

The maximum should be three times your memory.
If you continue to have trouble, raise the maximum.
Keep raising it until you no longer get the message.


----------------------------
You can use this tool SIW (http://security-central.us/downloads/siw.exe) to check you memory.

No, thought it had worked at first as the scan went past the usual 25% where it usually stops but got the BSDOD at about 50% completetion. Same stop 0x0000008E message

How much memory do you have?

504 MB of RAM

Sound like you may have a memory stick going out.

Another thing may be a new AV, firewall or another program that you recently installed.

I do not think it is spyware.

Sorry for the delay in replying , I had problems re-booting again even using F8 and I have only just got it restarted.

Ok Thanks, I wondered if it might be a memory problem.

Appreciate all your help anyway and thanks again