[10 DAYS]Computer shuts down spontaneously

 CastleCops -> Trend Micro HijackThis Logs
Author: renstarLocation: Australia PostPosted: Sat Jun 28, 2008 4:27 am    Post subject: Computer shuts down spontaneously
Hello,
I am having a few problems! The computer shuts down for no reason and at anytime. It could shut down after 2 minutes or 1/2 hour. Sometimes it restarts by itself, other times I get the safemode or normal mode option and then it will either go around in loops with the same options and other times resart no problems. It can happen when I am in the middle of a document, or opening a browser and it even happened last log on to castlecops in the middle of this message.
Suddenly, I was getting a warning from SpyBot about a registry change for "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k". Since I had not installed anything new, I blacklisted it and then later whitelisted it, but the shutdown issues are persisting.
Sometimes when it shuts down, it restarts normally, other times it asks me if I want to restart in safe mode or in normal mode. I find that if I restart in normal mode, it keeps looping back to the same screen I then start up in safe mode and then restart in normal mode and it seems OK until it shuts down again.
I have generated a HJT log, a combofix log and a HJT Uninstall log.
There are no other issues, apart from the red X on the C Drive (same problem as last time), but I fixed that in the same way it was fixed in our previous posts (running that ini file). I have restared about 8 times in the time it has taken to generate the logs and make this post!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:32 PM, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe
C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Configuration Wizard.lnk = C:\Program Files\WinFax\WTNSETUP.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152846645155
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152846592170
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssupport.webex.com/client/T26L/support/ieatgpc.cab
O23 - Service: Anonymizer Anti-Spyware Service (AnonAswSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9867 bytes

ComboFix 08-06-20.4 - Rena 2008-06-27 12:49:20.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.532 [GMT 10:00]
Running from: C:\Documents and Settings\Rena\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-24 12:10 . 2008-06-24 12:10 244 --ah----- C:\sqmnoopt08.sqm
2008-06-24 12:10 . 2008-06-24 12:10 232 --ah----- C:\sqmdata08.sqm
2008-06-19 03:26 . 2008-06-19 03:26 244 --ah----- C:\sqmnoopt07.sqm
2008-06-19 03:26 . 2008-06-19 03:26 232 --ah----- C:\sqmdata07.sqm
2008-06-19 03:24 . 2008-06-19 03:24 244 --ah----- C:\sqmnoopt06.sqm
2008-06-19 03:24 . 2008-06-19 03:24 232 --ah----- C:\sqmdata06.sqm
2008-06-17 11:41 . 2008-06-24 11:31 <DIR> d-------- C:\george
2008-06-11 17:39 . 2008-06-13 23:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-30 16:01 . 2008-05-30 16:01 244 --ah----- C:\sqmnoopt05.sqm
2008-05-30 16:01 . 2008-05-30 16:01 232 --ah----- C:\sqmdata05.sqm
2008-05-30 16:00 . 2008-05-30 16:00 244 --ah----- C:\sqmnoopt04.sqm
2008-05-30 16:00 . 2008-05-30 16:00 244 --ah----- C:\sqmnoopt03.sqm
2008-05-30 16:00 . 2008-05-30 16:00 232 --ah----- C:\sqmdata04.sqm
2008-05-30 16:00 . 2008-05-30 16:00 232 --ah----- C:\sqmdata03.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 12:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 01:21 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-20 04:08 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-14 08:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-12 15:22 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-05-12 15:22 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-05-12 12:20 92,064 ----a-w C:\Documents and Settings\Rena\mqdmmdm.sys
2008-05-12 12:20 9,232 ----a-w C:\Documents and Settings\Rena\mqdmmdfl.sys
2008-05-12 12:20 79,328 ----a-w C:\Documents and Settings\Rena\mqdmserd.sys
2008-05-12 12:20 66,656 ----a-w C:\Documents and Settings\Rena\mqdmbus.sys
2008-05-12 12:20 602,112 ----a-w C:\drivertool.exe
2008-05-12 12:20 6,208 ----a-w C:\Documents and Settings\Rena\mqdmcmnt.sys
2008-05-12 12:20 5,936 ----a-w C:\Documents and Settings\Rena\mqdmwhnt.sys
2008-05-12 12:20 4,048 ----a-w C:\Documents and Settings\Rena\mqdmcr.sys
2008-05-12 12:20 25,600 ----a-w C:\Documents and Settings\Rena\usbsermptxp.sys
2008-05-12 12:20 22,768 ----a-w C:\Documents and Settings\Rena\usbsermpt.sys
2008-05-12 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-05-12 11:35 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-05-12 11:13 --------- d-----w C:\Program Files\Avanquest update
2008-05-12 11:13 --------- d-----w C:\Documents and Settings\Rena\Application Data\InstallShield
2008-05-12 11:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 09:47 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-05-12 09:23 --------- d-----w C:\Program Files\Motorola
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:54 1,951,432 ----a-w C:\ppviewer.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-11 12:30 73,384 ----a-w C:\Documents and Settings\Rena\Application Data\GDIPFONTCACHEV1.DAT
2008-03-30 01:08 585,728 ----a-w C:\WINDOWS\system32\bsratswf.dll
2008-03-30 01:08 147,456 ----a-w C:\WINDOWS\system32\bsratwmv.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-25_20.40.27.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 10:30:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-27 02:47:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 10:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 00:56 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-30 14:10 335872]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"GW Port Controller"="C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE" [2003-06-03 14:05 163840]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 19:50 262401]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 00:45 77892]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 10:12 243240]
"WinFaxAppPortStarter"="wfxsnt40.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\FreshWebmaster\\FreshFTP\\freshftp.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LeechFTP\\Leechftp.exe"=
"C:\\Program Files\\Anonymizer\\Anonymizer Software\\common\\AnonProxy.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\downloads\\iis\\Web Server19388582001\\NS2K1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Samsung\\SmarThru\\UtlServer.EXE"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-07-10 15:58]
R2 AnonAswSvc;Anonymizer Anti-Spyware Service;"C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe" [2007-10-22 19:14]
R2 AnonMgmtSvc;Anonymizer Management Service;"C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe" [2007-10-22 19:14]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 12:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 10:13]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 15:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d755a40-19be-11dd-955a-0013a3a4bcde}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-26 13:17:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-27 02:50:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-24 21:00:51 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-06-27 02:50:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B98A41C-FFD8-44D5-AE52-FDAFD6DC0EE1}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 12:51:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-27 12:53:20
ComboFix-quarantined-files.txt 2008-06-27 02:53:15
ComboFix2.txt 2008-06-25 10:40:49
ComboFix3.txt 2008-03-13 13:26:10

Pre-Run: 27,132,022,784 bytes free
Post-Run: 27,169,116,160 bytes free

158 --- E O F --- 2008-06-25 23:25:04

ACDSee 6.0 PowerPack Trial
ACDSee 9 Photo Manager
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
Aid4Mail (Remove only)
Anonymizer Software
Anonymizer Software
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoAdd 4.02
Avanquest update
Avira AntiVir Personal – Free Antivirus
AVS Video Editor 3.3.1.205
AVS Video Tools 5.3
Beyond Compare Version 2.4
Bulent's Screen Recorder 4
Camtasia Studio 5
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Convert Magic
Excel 2000 Quattro Pro 7.0 Converter
FreshFTP
GoldMine PLUS for Microsoft® Office®
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
HP Product Detection
iTunes
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Kaspersky Online Scanner
LeechFTP
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
MailWasher Free
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Motorola Driver Installation
Motorola Phone Tools
Motorola Software Update
MSDN Library - January 2005 DVD
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
PC Registry Cleaner
QuickBooks Pro: Professional Business 2007/08
QuickTime
QuickTime Alternative 1.70
Recover My Files
Remote Control Panel
Samsung SCX-4x16 Series
SCX-4x16 Series
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Serif DrawPlus 4.0
Siemens Subscriber Networks SpeedStream DSL
Smart Menus (Windows Live Toolbar)
SmarThru
Spybot - Search & Destroy
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update Manager
VirtualLab Professional Client
Web CEO 6.0
WebEx
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare Family Safety
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WordPerfect Office X3
Yahoo! Anti-Spy
Yahoo! Toolbar
ZoneAlarm Pro

After this message, I got bluescreened. This is only the second time this particular screen has come up. Its says:
A problem has been detected and windows has shut down to prevent damage to your computer.
DRIVER_IRQL_NOT_LESS_OR_EQUAL
If this is the first time you've seen this stop screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure that any new hardware or software is properly installed. If this is a new installation, ask you hardware or software manufacturer for any windows updates you might need.
If the problem continues, disable or remove any new hardware or software. DIsable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.
Technical information
*** STOP: 0x000000D1, (0x000000A0, 0x00000005,0c00000000, 0x000000A0)
Beginning dump of Physical memory.

Help! How can I fix this?
Author: BigFelixLocation: San Diego PostPosted: Sat Jun 28, 2008 8:56 am    Post subject:
You are at the wrong place! You should post this on Trend Micro HiJackThis Logs.
Author: pwillenerLocation: Japan PostPosted: Sat Jun 28, 2008 9:55 am    Post subject:
Please read this post and follow the instructions CastleCops Link/t192270-Where_to_post_HJT_Logs.html
Author: Mister2 PostPosted: Sat Jun 28, 2008 1:31 pm    Post subject:
Moved to appropriate forum.
Author: Prince_Serendip PostPosted: Sat Jun 28, 2008 2:06 pm    Post subject:
You're Ready for cleaning. Thumbs Up

At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you.
CastleCops -> Trend Micro HijackThis Logs

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group