Reply
Stone Esquire
fallenstranger
Posts: 4
Registered: ‎08-25-2009

Unknown Problem

Computer freezes.  Try to reboot.  Sometimes it boots up Windows again and sometimes I get prompted for a Boot CD.  The event viewer often points to MCSTRM but I can't find it on my computer.  Not sure if it's a problem with the hard drive or if a virus damaged the hard drive.  Wondering if someone could take a look at my log and help me out.

 

Thanks.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:49 PM, on 25/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Please use plain text.
Stone Esquire
fallenstranger
Posts: 4
Registered: ‎08-25-2009

Re: Unknown Problem

 


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster 2009\launcher.exe" delay 20000
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126828960593
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://shawsecure.ca/virusscanner/fscax.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://isweb.mala.bc.ca/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CE0F4A2E-CF7B-403C-9751-88BABC7CF518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c9b09e84feb098) (gupdate1c9b09e84feb098) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--

Please use plain text.
Trend Micro Employee
chaste02
Posts: 289
Registered: ‎08-18-2009

Re: Unknown Problem

@fallenstranger,

 

base on the web First mcstrm.sys file is created in the system32/drivers folder by Realplayer. It is a required file for Rhapsody to work.

 

Since the log files seems clean and free from malware your issue might be caused by incorrect file location in the registry. In order to stop getting errors in your system log about the file being not a valid Win32 application or the path being invalid please try the procedures below:

1. Run regedit
2. Go to HKLM > SYSTEM > ControlSet001 > Services > MCSTRM (or you can search for mcstrm in the registry until you get to a key that contains a ImagePath string value
3. Change the ImagePath value to this EXACTLY: System32\DRIVERS\mcstrm.sys

- This should be the location where mcstrm is installed. If this doesn't work the first time, delete the file mcstrm.sys from C:\Windows\System32\drivers and then reinstall Real and Rhapsody.

 

If the procdueres fail, try to reinstall Realplayer and Rhapsody.


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Stone Noble
unbreakable
Posts: 31
Registered: ‎08-17-2009

Re: Unknown Problem

can you try the tools below to make sure that you are not infected by a malware? HJT might not be enough to know if a malware is really present on your computer.

 

Housecall 7.0 - browser independent

http://go.trendmicro.com/housecall7/HousecallLauncher.exe

 

Rootkit buster - To check for MBR rootkits

http://www.trendmicro.com/ftp/products/rootkitbuster/RootkitBuster_2.52.1013.zip

Please use plain text.
Stone Esquire
fallenstranger
Posts: 4
Registered: ‎08-25-2009

Re: Unknown Problem


+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 2.52.0.1013
+----------------------------------------------------


--== Dump Hidden MBR and Hidden File on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

Please use plain text.
Trend Micro Employee
chaste02
Posts: 289
Registered: ‎08-18-2009

Re: Unknown Problem

Since you are experiencing occasional restarts can you please attached the latest crash dump from C:\Windows\Minidump?


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Stone Esquire
fallenstranger
Posts: 4
Registered: ‎08-25-2009

Re: Unknown Problem

I am also getting a message saying:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

 

I uninstalled Real Player many years ago.

Please use plain text.
Trend Micro Employee
chaste02
Posts: 289
Registered: ‎08-18-2009

Re: Unknown Problem

The attached Minidump document doesn't say much.

 

Probably caused by : csrss.exe

Can you pease attach the latest file in C:\WINDOWS\Minidump\?

 

Base on some forums the TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, appears in the system’s event log.


This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.