Tech Support Guy banner
Not open for further replies.
1 - 20 of 27 Posts

8,256 Posts
Discussion Starter · #1 ·
Vista Home Premium, 32 bit
1 GB ram
Gateway Laptop, Model W340UI

I am not certain that the problem is malware, but I think that malware is likely. I ran memtest86 from a bootable CD. Instead of running for hours, it ran for only 1 pass.

No errors on checkdisk.

The computer freezes, when on the internet, randomly, with unknown BSODs.

When I went to Panda, to try to scan, I received a pale yellow screen, see screen shot. This even occurred in IE, with no add ons.

I slaved the HDD into another computer and scanned at Panda, which only found cookies.

There are many errors in event viewer, some of which I have attached.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:22 PM, on 2/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\AOL\1173654253\ee\aolsoftware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\\Agent\mcagent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173654253\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: ExpressPLNRnote.lnk = C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

End of file - 11864 bytes contains the 5 most recent minidump files

The event viewer files contain some of the most frequent errors.



45,855 Posts
It sure looks like a hardware issue -- but I don't think you've ruled out ram. You might try reseating it-- since it should be relatively accessible in a laptop. Be sure to remove the battery first if you do. You can also try testing one module at a time.

Vista has its own memory checher, try that. Run mdsched.exe and read the additional info and run the extended tests.

Also go to the Control Panel > Performance Information and Tools > Advanced > Reliability monitor and scroll back as far as you can go to see when these problems began and if they corresponded with any new hardware or other changes.

8,256 Posts
Discussion Starter · #4 ·
I agree.

Will do.


ComboFix 08-03-01 - Owner 2008-02-29 14:57:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.362 [GMT -7:00]
Running from: C:\Users\Owner\Desktop\fixing_user\ComboFix.exe
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))

2008-02-29 14:43 . 2006-11-02 02:44 320,000 --a------ C:\kmd.exe
2008-02-28 21:47 . 2008-02-28 21:47 d-------- C:\Program Files\Trend Micro
2008-02-24 12:54 . 2008-02-24 12:54 d-------- C:\Program Files\MSECache
2008-02-17 10:04 . 2008-02-17 10:04 d-------- C:\Users\Owner\AppData\Roaming\McAfee
2008-02-16 02:09 . 2008-01-09 22:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 03:18 . 2008-02-14 03:18 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 03:18 . 2008-02-14 03:18 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 03:10 . 2008-02-14 03:10 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:10 . 2008-02-14 03:10 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 03:10 . 2008-02-14 03:10 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 03:10 . 2008-02-14 03:10 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-14 03:10 . 2008-02-14 03:10 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-14 03:10 . 2008-02-14 03:10 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-14 03:10 . 2008-02-14 03:10 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-14 03:08 . 2008-02-14 03:08 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:08 . 2008-02-14 03:08 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 03:08 . 2008-02-14 03:08 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 03:08 . 2008-02-14 03:08 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 03:08 . 2008-02-14 03:08 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 03:08 . 2008-02-14 03:08 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 03:08 . 2008-02-14 03:08 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-08 09:49 . 2008-02-08 09:49 d-------- C:\Program Files\iTunes
2008-02-08 09:49 . 2008-02-08 09:49 d-------- C:\Program Files\iPod
2008-02-08 09:47 . 2008-02-08 09:47 d-------- C:\Program Files\Bonjour
2008-02-08 09:45 . 2008-02-08 09:46 d-------- C:\Program Files\QuickTime
2008-02-01 11:11 . 2008-02-01 11:11 586,240 --a------ C:\Windows\WLXPGSS.SCR

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-02-29 14:13 --------- d-----w C:\Program Files\McAfee
2008-02-29 05:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-29 05:55 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-02-29 05:55 --------- d-----w C:\Program Files\Windows Mail
2008-02-29 05:55 --------- d-----w C:\Program Files\Windows Journal
2008-02-29 05:55 --------- d-----w C:\Program Files\Windows Defender
2008-02-29 05:55 --------- d-----w C:\Program Files\Windows Calendar
2008-02-27 10:02 --------- d-----w C:\Program Files\Windows Live
2008-02-26 01:05 2,260 ----a-w C:\Users\Owner\AppData\Roaming\wklnhst.dat
2008-02-24 08:36 --------- d-----w C:\Users\Owner\AppData\Roaming\Image Zone Express
2008-02-17 17:05 --------- d-----w C:\ProgramData\McAfee
2008-02-14 19:07 --------- d-----w C:\ProgramData\Symantec
2008-02-14 10:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 10:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-14 10:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 10:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 10:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 10:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 10:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 10:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 10:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 10:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-03 18:20 --------- d-----w C:\Users\Owner\AppData\Roaming\SiteAdvisor
2008-01-21 20:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-09 10:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 10:04 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 10:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-06 19:31 --------- d-----w C:\Users\Owner\AppData\Roaming\Apple Computer
2008-01-06 19:29 --------- d-----w C:\ProgramData\Apple Computer
2008-01-06 19:24 --------- d-----w C:\Program Files\Apple Software Update
2008-01-06 19:21 --------- d-----w C:\ProgramData\Apple
2008-01-06 19:21 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-06 18:48 --------- d-----w C:\ProgramData\WildTangent
2008-01-06 18:48 --------- d-----w C:\Program Files\Gateway Games
2008-01-01 23:05 --------- d-----w C:\Users\Owner\AppData\Roaming\HP
2007-12-13 10:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 10:09 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 10:09 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-08-29 09:14 174 --sha-w C:\Program Files\desktop.ini

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 19:41 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-29 02:09 815104]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 18:12 90112]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-07 22:28 1838592]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-09-06 13:12 323216]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 17:04 2348584]
"HostManager"="C:\Program Files\Common Files\AOL\1173654253\ee\AOLSoftware.exe" [2006-09-25 17:52 50736]
"RegistryMechanic"="" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 11:27 497176]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 11:28 756248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 02:45 222208]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2007-06-13 13:02:12 1685040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ExpressPLNRnote.lnk - C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe [2006-01-16 14:28:06 28200]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-08-04 01:33 582992 C:\Program Files\\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2006-10-18 09:14 35928 C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2100950283-1507416480-3796808343-1000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2100950283-1507416480-3796808343-500]

"{577D95F8-7467-42D9-AFCE-68E9BC2FB707}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A3021845-8C7F-4D4E-9458-C8234775F0FB}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F6164E14-F363-40BA-87AC-CC824E1CE59D}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{874D59BF-AEDA-4C61-9740-88C1E7AB1429}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{8F8A9C61-1193-49CC-A4C0-CF064A3037F0}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{FCCDF6B8-42F3-471F-A66B-48DA59F98872}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{11439E11-3C9E-41D6-A343-CF41CE018342}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{11AD881E-4514-4D8C-8DAD-D4E2C19FD7D7}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{0F06526C-9093-4E2F-8D08-2E1E60CA77BA}"= UDP:C:\Windows\System32\lxcycoms.exe:Lexmark Communications System
"{3B16484E-4EEC-486F-8FE5-0233E774EEBD}"= TCP:C:\Windows\System32\lxcycoms.exe:Lexmark Communications System
"{49A634A7-C1AD-48BC-AA04-1F6834D8723B}"= UDP:C:\Program Files\Lexmark 3400 Series\lxcymon.exe:Device Monitor
"{D35C7597-588F-4FD0-A9FC-D8A836C02DB4}"= TCP:C:\Program Files\Lexmark 3400 Series\lxcymon.exe:Device Monitor
"{0B70C6A5-979F-473C-BC11-10608777D70C}"= UDP:C:\Program Files\Lexmark 3400 Series\lxcyaiox.exe:All In One Center
"{FE581E58-15B3-4C7B-8669-8F484E02019B}"= TCP:C:\Program Files\Lexmark 3400 Series\lxcyaiox.exe:All In One Center
"{9524B698-228A-4111-8441-52535B588AD3}"= UDP:C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{3727D4D8-BAED-410E-8640-2957F5378283}"= TCP:C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{95A61AC4-A67B-4E93-859B-2F91FEA22C1F}"= UDP:C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{FE3CB136-2A1E-45BB-AD0D-FC0D89654736}"= TCP:C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{B5AE1AED-63EF-4C74-925E-1329E6816E19}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{82CADD69-FDF1-4554-8ECA-D563FE8FB541}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{947CD4E0-7878-4C01-937D-AE9634D39266}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{11CC13FA-73BF-47D1-AD5C-C6959B69E742}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{EAF2AB9E-5989-41F9-8ECA-8A33835F3180}C:\program files\yahoo!\messenger\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger|Desc=Yahoo! Messenger
"UDP Query User{CA7D2FA3-416C-4E63-AC2D-E4BB02D03D65}C:\program files\yahoo!\messenger\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger|Desc=Yahoo! Messenger
"TCP Query User{50111BB1-81C5-4F0C-B380-11F9629C3CFC}C:\users\owner\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe"= UDP:C:\users\owner\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe|Desc=yahoo.messenger.ymapp.exe
"UDP Query User{EB8E2A83-9189-4F98-BFC0-2997E5904FCE}C:\users\owner\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe"= TCP:C:\users\owner\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe|Desc=yahoo.messenger.ymapp.exe
"{9376DD04-68D5-4F6C-84C0-77A3E0B971DD}"= UDP:C:\Windows\System32\lxcycoms.exe:Lexmark Communications System
"{58A6805E-604D-4005-A4FB-7CA7EEE89275}"= TCP:C:\Windows\System32\lxcycoms.exe:Lexmark Communications System
"{3D4DA707-1958-41C1-8BAA-4D7FF0731FCF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{B4633754-CD6D-4DFB-A0C9-503D29567E8C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8287BA31-0B89-47C9-B392-9CCDFA09AD59}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E99D78A9-C0FF-461D-8444-A6DCDED6ADA2}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{ED8E38C0-C543-4A75-B0BC-4511D1DD488D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{F8A8D1FB-89C0-421D-8061-DE2E0A5A69D4}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{EF9730DC-09A7-49BE-9462-A00CE777F0B9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1AEC8066-6035-4178-BDC4-4F600B2ACDC4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{82B89082-DC38-48CD-9206-ED10EC0904C6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 NWADI;NWADI Bus Enumerator;C:\Windows\system32\DRIVERS\NWADIenum.sys [2007-04-19 10:09]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-25 20:19]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 16:49]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 00:30]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 00:30]
S4 0018781204294438mcinstcleanup;McAfee Application Installer Cleanup (0018781204294438);C:\Windows\TEMP\001878~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder
"2008-02-29 21:23:02 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-15 09:29:54 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 08:00:06 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-03-01 15:02:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

Completion time: 2008-03-01 15:04:21
ComboFix-quarantined-files.txt 2008-03-01 22:04:14
2008-02-27 10:02:25 --- E O F ---

8,256 Posts
Discussion Starter · #5 ·

When I try to save a restore point, sometimes system restore informs me that system restore has not saved any previous restore points, even though I have created them.


I will also remove the HDD, slave it into another PC, and run manufacturer's diags.


8,256 Posts
Discussion Starter · #7 ·
Is there a way for me to generate a report in "reliability & performance monitor?

The computer is ~ 13 months old. According to R & P M, problems began 11 June 2007; mcproxy.exe stopped working on the same day that the computer was not shutdown properly.

Sony DSC driver was installed 19 June 2007. The DSC seems to be digital camera.
It is not connected, presently.

IE's 1st instance of "stopped working" began 20 June 2007.

The computer froze on me 28 Feb 2008, but has not frozen, subsequently.


8,256 Posts
Discussion Starter · #8 ·
I have just learned that the date on the computer is 1 day ahead.

event viewer has notations about IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot ...
The PCI slots noted are 5 & 4 . They occur in pairs.

These can apparently be ignored.
Device manager has no "!" s.


123,571 Posts
In response to your PM RF, I don't see anything malicious in either the HijackThis log or the ComboFix log. I see entries for both McAfee and Norton though so you shouldn't have both of those.

Beyond that, I'm not familiar enough with Vista yet to comment any further.

8,256 Posts
Discussion Starter · #11 ·

Norton was probably installed by the OEM. It is not listed in programs & features, formerly add / remove programs.

I found suggestions for fixing the IE has stopped working issue, which primarily involve disabling add-ons.

Another suggestion was to run sfc /scannow. I did that, but the problem persists. The CBS log is > 25 MB. It zips to 1.2 MB, but I am unable to upload it to this forum because of the forum's 500 KB limit.

I ran MemTest86 for > 8 hours; no errors found.

Vista's "problem reports and solutions" suggested that I download KB939979. After downloading it, I tried to run it, but Vista informed me that "Windows Update Standalone Installer" "the update does not apply to your system".

I verified that the system is 32 bit & the download is 32 bit.

I fail to understand the logic of Vista instructing me to install and update, then be informed that the update doesn't apply.

In Internet Options, protected mode is enabled. On IE 7's status bar, I am informed that "protected mode is off".

Again, I fail to see the logic.

I am going to request that this thread be moved to the Vista Forum.

Thanks again, CG.


8,256 Posts
Discussion Starter · #12 ·
Some POSSIBLE methods to fix the issue of IE has stopped working.

sfc /scannow


And finally uninstalling Yahoo Browser and Yahoo Install Manager fixed the issue.


first, i started internet explorer with no add-ons. (start>all programs>accessories>system tools>internet explorer (no add-ons). if i-e starts and

runs with all the add-ons turned off, then you need to determine which add-on is causing it to crash. (start>control panel>network and

internet>internet options>programs tab>manage add-ons. click on the add-on you want to turn off, then click disable, and then click ok.) i

disabled each browser add-on individually until i found the one causing internet explorer to crash.


But this is the fix

1. Control Panel

2. Internet Options

3. Advanced

4. Reset

disabiling protected mode has worked for me, internet proterties, security, deselect enable protected mode

Protected mode secures your web-browsing experience by creating more layers of defense for your web-browser and computer. It basically adds

extra shields so that hack-programs have a harder time breaking into your system.

But the real run-down is...if you're not an idiot and don't fall for silly pop-ups that claim to give all god-like powers to your computer... you'll be fine

without it - just like you were with Internet Explorer 6 just 2 years ago.

More information about Microsoft Internet Explorer's Protected Mode can be found here:

Disabling the phishing option helped me solve my VERY ANNOYING problem.

Turn off User Account Control in Control Panel/User Accounts and Family Safety/User Accounts/Turn User Account Control on or off

go to internet option - advance - and uncheck 'enable third-party browser extention. it will work

Sources of above:




I fixed it by doing this. You may want to right click on IE7 then open without addons to make sure that is the problem. I had to go through and

disable all of them and then renable them one at a time and reopen IE each time to narrow down which addon was the problem. Hope this helps.


Internet Options


Manage Add Ons

Disable Addons: Yahoo! Services and Yahoo IE service buttons


FIX: Windows Internet Explorer 7 may crash when you use it to visit a Web site


I've had this problem and tried all of the hints above, but ultimately found the problem to reside with two items: Adobe/Macromedia flash player

and Java Sun Console. You need to search your computer for multiple installs, remove them all and reinstall. You can go add/remove programs to

remove the old versions of the Java Console, but you have to use Adobe's uninstaller to get rid of all your flash versions ... you may have to run the

Adobe uninstaller several times too (and maybe reboot too). A good way to determine if you have multiple version installed is to run

download java from

download flash player from

Remove omnipage or disable omnipage in startup (msconfig).

Ninad was correct...remove Omnipage.

Data Execution Prevention
Disable DEP via the Command Prompt using the bcdedit. Unfortunately, I attempted to disable DEP through the VISTA Control Panel (Control

Panel - System Properties - Advanced - Performance Settings - Data Execution Prevention) options but it didn't work.

Be sure to run the command prompt as an Administrator and then at the command prompt enter:

bcdedit.exe/set nx AlwaysOff

Reboot your computer and try IE 7.0 again (hopefully you will be successful).

If you want to enable DEP again, you can go back into the command prompt and use the following command (although, personally I am not going

to ever enable DEP again!).
bcdedit.exe/set nx AlwaysOn

IE Tab,125574-page,1/article.html

IE View

A discussion of some problems associated with IE View

and of course, using the computer for targit practice.


8,256 Posts
Discussion Starter · #15 ·
Sure, Candy.

This is computer is running Vista, made by Microsoft.

It don't work write.

Passed MemTest86 x 8 hours & Fujitsu HDD diags.

Verizon Access Manager is installed, but Vista states said program is incompatible with Vista.

IE 7 reports that protected mode is off, but IE 7 options report that protected mode is enabled.



Retired Administrator
103,703 Posts
Verizon Access Manager is installed, but Vista states said program is incompatible with Vista.

I found out the hard way :eek: that Vista is usually right about this :)

Have you tried another browser, like Mozilla maybe instead of IE.

45,855 Posts
Are you getting new blue screens?

And is IE still misbehaving with no add-ons? It should be in that mode if you open it from the Start Menu > Accessories > System Tools list.

Not sure what you are asking about the "system health" report -- did you run it? What was specifically failed, if anything?

PS: opening Vista I see there are a number of program compatibility updates newly available. I'm crossing my fingers and toes applying them right now.

Many apply to legacy software -- and some to fairly new apps as well. See what's available and whether you have any of those apps on the system.

8,256 Posts
Discussion Starter · #18 ·
I think FF with IE Tabs or IE View will resolve / work around the "IE has stopped working" issue. But the perplexing nature of the problem has me hooked. I want to try to fix it. But in the words of the philosophers Kenny Rogers & RR, "You got to know when to hold 'em, know when to fold 'em."

Dear RR:
I have experienced on blue screens.

SOMETIMES, IE misbehaves with all add ons loaded. SOMETIMES [ for example, immediately rebooting after "IE has stopped working" ], IE works without problems.

That is what makes this issue so frustrating and perplexing to me. There was no difference in the programs open, the programs that had been opened prior to opening IE; presumably with the same programs running in the background.

"opening Vista I see there are a number of program compatibility updates newly available. I'm crossing my fingers and toes applying them right now."

What, in Vista, did you open, RR?

"Not sure what you are asking about the "system health" report" Are you referring to my question about
"a report in "reliability & performance monitor? " ?
I wonder if there is a text version of the graphic displays.


694 Posts
"IE 7 reports that protected mode is off, but IE 7 options report that protected mode is enabled."

I struggled with this until recently when I re-enabled UAC, and discovered it was on again. I found confirmation of this in a link provided by jonmcc33 in his UAC Poll thread.

" On the other hand, users who want to forgo security in favor of convenience can disable UAC on a system in the User Accounts dialog in the Control Panel, but should be aware that this also disables Protected Mode for Internet Explorer."

The article is here, and it's near the bottom of the page:

If UAC isn't disabled, then I don't know what it is. :)

45,855 Posts
Of the 4 updates that I installed, 2 were ethernet and video chipset drivers that would not apply to you unless you had the same hardware.

Two others were "compatibility" updates >>

I'm still not sure what reliability data you are looking for. You can scroll back the reliability monitor chart to review specific hardware or application errors to see where they began.

The Windows Experience report has its own details log; an xml version of these is available in c:\windows\performance\winsat\datastore

Best opened in Word.

As for the System Diagnostics (Health Report) there is a dated version of what it offers in the Perfomance Monitor tree


1 - 20 of 27 Posts
Not open for further replies.