[rainforest123]

Vista Home Premium, 32 bit
1 GB ram
Gateway Laptop, Model W340UI

I am not certain that the problem is malware, but I think that malware is likely. I ran memtest86 from a bootable CD. Instead of running for hours, it ran for only 1 pass.

No errors on checkdisk.

The computer freezes, when on the internet, randomly, with unknown BSODs.

When I went to Panda, to try to scan, I received a pale yellow screen, see screen shot. This even occurred in IE, with no add ons.

I slaved the HDD into another computer and scanned at Panda, which only found cookies.

There are many errors in event viewer, some of which I have attached.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:22 PM, on 2/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\AOL\1173654253\ee\aolsoftware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=PTB&M=MT3705
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173654253\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: ExpressPLNRnote.lnk = C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...PUplden-us.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 11864 bytes

today.zip contains the 5 most recent minidump files

The event viewer files contain some of the most frequent errors.

RF123

[rainforest123]

debugging results attached

RF123

[Rollin' Rog]

It sure looks like a hardware issue -- but I don't think you've ruled out ram. You might try reseating it-- since it should be relatively accessible in a laptop. Be sure to remove the battery first if you do. You can also try testing one module at a time.

Vista has its own memory checher, try that. Run mdsched.exe and read the additional info and run the extended tests.

Also go to the Control Panel > Performance Information and Tools > Advanced > Reliability monitor and scroll back as far as you can go to see when these problems began and if they corresponded with any new hardware or other changes.

[rainforest123]

RR:
I agree.

Will do.

RF123

ComboFix 08-03-01 - Owner 2008-02-29 14:57:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.362 [GMT -7:00]
Running from: C:\Users\Owner\Desktop\fixing_user\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-02-29 14:43 . 2006-11-02 02:44 320,000 --a------ C:\kmd.exe
2008-02-28 21:47 . 2008-02-28 21:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 12:54 . 2008-02-24 12:54 <DIR> d-------- C:\Program Files\MSECache
2008-02-17 10:04 . 2008-02-17 10:04 <DIR> d-------- C:\Users\Owner\AppData\Roaming\McAfee
2008-02-16 02:09 . 2008-01-09 22:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 03:18 . 2008-02-14 03:18 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 03:18 . 2008-02-14 03:18 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 03:10 . 2008-02-14 03:10 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:10 . 2008-02-14 03:10 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 03:10 . 2008-02-14 03:10 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 03:10 . 2008-02-14 03:10 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-14 03:10 . 2008-02-14 03:10 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-14 03:10 . 2008-02-14 03:10 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-14 03:10 . 2008-02-14 03:10 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-14 03:08 . 2008-02-14 03:08 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:08 . 2008-02-14 03:08 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 03:08 . 2008-02-14 03:08 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 03:08 . 2008-02-14 03:08 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 03:08 . 2008-02-14 03:08 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 03:08 . 2008-02-14 03:08 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 03:08 . 2008-02-14 03:08 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-08 09:49 . 2008-02-08 09:49 <DIR> d-------- C:\Program Files\iTunes
2008-02-08 09:49 . 2008-02-08 09:49 <DIR> d-------- C:\Program Files\iPod
2008-02-08 09:47 . 2008-02-08 09:47 <DIR> d-------- C:\Program Files\Bonjour
2008-02-08 09:45 . 2008-02-08 09:46 <DIR> d-------- C:\Program Files\QuickTime
2008-02-01 11:11 . 2008-02-01 11:11 586,240 --a------ C:\Windows\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 14:13 --------- d-----w C:\Program Files\McAfee
2008-02-29 05:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-29 05:55 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-02-29 05:55 --------- d-----w C:\Program Files\Windows Mail
2008-02-29 05:55 --------- d-----w C:\Program Files\Windows Journal
2008-02-29 05:55 --------- d-----w C:\Program Files\Windows Defender
2008-02-29 05:55 --------- d-----w C:\Program Files\Windows Calendar
2008-02-27 10:02 --------- d-----w C:\Program Files\Windows Live
2008-02-26 01:05 2,260 ----a-w C:\Users\Owner\AppData\Roaming\wklnhst.dat
2008-02-24 08:36 --------- d-----w C:\Users\Owner\AppData\Roaming\Image Zone Express
2008-02-17 17:05 --------- d-----w C:\ProgramData\McAfee
2008-02-14 19:07 --------- d-----w C:\ProgramData\Symantec
2008-02-14 10:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 10:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-14 10:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 10:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 10:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 10:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 10:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 10:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 10:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 10:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-03 18:20 --------- d-----w C:\Users\Owner\AppData\Roaming\SiteAdvisor
2008-01-21 20:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-09 10:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 10:04 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 10:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-06 19:31 --------- d-----w C:\Users\Owner\AppData\Roaming\Apple Computer
2008-01-06 19:29 --------- d-----w C:\ProgramData\Apple Computer
2008-01-06 19:24 --------- d-----w C:\Program Files\Apple Software Update
2008-01-06 19:21 --------- d-----w C:\ProgramData\Apple
2008-01-06 19:21 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-06 18:48 --------- d-----w C:\ProgramData\WildTangent
2008-01-06 18:48 --------- d-----w C:\Program Files\Gateway Games
2008-01-01 23:05 --------- d-----w C:\Users\Owner\AppData\Roaming\HP
2007-12-13 10:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 10:09 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 10:09 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-08-29 09:14 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 19:41 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-29 02:09 815104]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 18:12 90112]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-07 22:28 1838592]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-09-06 13:12 323216]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 17:04 2348584]
"HostManager"="C:\Program Files\Common Files\AOL\1173654253\ee\AOLSoftware.exe" [2006-09-25 17:52 50736]
"RegistryMechanic"="" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 11:27 497176]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 11:28 756248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 02:45 222208]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2007-06-13 13:02:12 1685040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ExpressPLNRnote.lnk - C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe [2006-01-16 14:28:06 28200]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-08-04 01:33 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2006-10-18 09:14 35928 C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2100950283-1507416480-3796808343-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2100950283-1507416480-3796808343-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{577D95F8-7467-42D9-AFCE-68E9BC2FB707}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A3021845-8C7F-4D4E-9458-C8234775F0FB}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F6164E14-F363-40BA-87AC-CC824E1CE59D}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{874D59BF-AEDA-4C61-9740-88C1E7AB1429}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{8F8A9C61-1193-49CC-A4C0-CF064A3037F0}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{FCCDF6B8-42F3-471F-A66B-48DA59F98872}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{11439E11-3C9E-41D6-A343-CF41CE018342}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{11AD881E-4514-4D8C-8DAD-D4E2C19FD7D7}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{0F06526C-9093-4E2F-8D08-2E1E60CA77BA}"= UDP:C:\Windows\System32\lxcycoms.exe:Lexmark Communications System
"{3B16484E-4EEC-486F-8FE5-0233E774EEBD}"= TCP:C:\Windows\System32\lxcycoms.exe:Lexmark Communications System
"{49A634A7-C1AD-48BC-AA04-1F6834D8723B}"= UDP:C:\Program Files\Lexmark 3400 Series\lxcymon.exeevice Monitor
"{D35C7597-588F-4FD0-A9FC-D8A836C02DB4}"= TCP:C:\Program Files\Lexmark 3400 Series\lxcymon.exeevice Monitor
"{0B70C6A5-979F-473C-BC11-10608777D70C}"= UDP:C:\Program Files\Lexmark 3400 Series\lxcyaiox.exe:All In One Center
"{FE581E58-15B3-4C7B-8669-8F484E02019B}"= TCP:C:\Program Files\Lexmark 3400 Series\lxcyaiox.exe:All In One Center
"{9524B698-228A-4111-8441-52535B588AD3}"= UDP:C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{3727D4D8-BAED-410E-8640-2957F5378283}"= TCP:C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{95A61AC4-A67B-4E93-859B-2F91FEA22C1F}"= UDP:C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{FE3CB136-2A1E-45BB-AD0D-FC0D89654736}"= TCP:C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{B5AE1AED-63EF-4C74-925E-1329E6816E19}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{82CADD69-FDF1-4554-8ECA-D563FE8FB541}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{947CD4E0-7878-4C01-937D-AE9634D39266}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{11CC13FA-73BF-47D1-AD5C-C6959B69E742}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{EAF2AB9E-5989-41F9-8ECA-8A33835F3180}C:\program files\yahoo!\messenger\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger|Desc=Yahoo! Messenger
"UDP Query User{CA7D2FA3-416C-4E63-AC2D-E4BB02D03D65}C:\program files\yahoo!\messenger\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger|Desc=Yahoo! Messenger
"TCP Query User{50111BB1-81C5-4F0C-B380-11F9629C3CFC}C:\users\owner\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe"= UDP:C:\users\owner\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe|Desc=yahoo.messen ger.ymapp.exe
"UDP Query User{EB8E2A83-9189-4F98-BFC0-2997E5904FCE}C:\users\owner\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe"= TCP:C:\users\owner\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe|Desc=yahoo.messen ger.ymapp.exe
"{9376DD04-68D5-4F6C-84C0-77A3E0B971DD}"= UDP:C:\Windows\System32\lxcycoms.exe:Lexmark Communications System
"{58A6805E-604D-4005-A4FB-7CA7EEE89275}"= TCP:C:\Windows\System32\lxcycoms.exe:Lexmark Communications System
"{3D4DA707-1958-41C1-8BAA-4D7FF0731FCF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{B4633754-CD6D-4DFB-A0C9-503D29567E8C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8287BA31-0B89-47C9-B392-9CCDFA09AD59}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E99D78A9-C0FF-461D-8444-A6DCDED6ADA2}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{ED8E38C0-C543-4A75-B0BC-4511D1DD488D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{F8A8D1FB-89C0-421D-8061-DE2E0A5A69D4}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{EF9730DC-09A7-49BE-9462-A00CE777F0B9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1AEC8066-6035-4178-BDC4-4F600B2ACDC4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{82B89082-DC38-48CD-9206-ED10EC0904C6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\S tatic\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 NWADI;NWADI Bus Enumerator;C:\Windows\system32\DRIVERS\NWADIenum.sys [2007-04-19 10:09]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-25 20:19]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 16:49]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 00:30]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 00:30]
S4 0018781204294438mcinstcleanup;McAfee Application Installer Cleanup (0018781204294438);C:\Windows\TEMP\001878~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 21:23:02 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-15 09:29:54 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 08:00:06 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 15:02:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-01 15:04:21
ComboFix-quarantined-files.txt 2008-03-01 22:04:14
.
2008-02-27 10:02:25 --- E O F ---

[rainforest123]

Also.

When I try to save a restore point, sometimes system restore informs me that system restore has not saved any previous restore points, even though I have created them.

SOMETIMES.

I will also remove the HDD, slave it into another PC, and run manufacturer's diags.

RF123

[rainforest123]

Microsoft's mem diag detected NO errors.

RF123

[rainforest123]

RR:
Is there a way for me to generate a report in "reliability & performance monitor?

The computer is ~ 13 months old. According to R & P M, problems began 11 June 2007; mcproxy.exe stopped working on the same day that the computer was not shutdown properly.

Sony DSC driver was installed 19 June 2007. The DSC seems to be digital camera.
It is not connected, presently.

IE's 1st instance of "stopped working" began 20 June 2007.

The computer froze on me 28 Feb 2008, but has not frozen, subsequently.

RF123

[rainforest123]

RR:
I have just learned that the date on the computer is 1 day ahead.

event viewer has notations about IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot ...
The PCI slots noted are 5 & 4 . They occur in pairs.

These can apparently be ignored.
Device manager has no "!" s.
http://support.microsoft.com/kb/930062

RF123

[rainforest123]

The computer is running on a Fujitsu IDE HDD.

I downloaded & ran Fujitsu's diagnostics from a boot disk. All tests passed.

I could not find diags for the motherboard at Gateway.
It is a model MT3705.

RF123

[Cookiegal]

In response to your PM RF, I don't see anything malicious in either the HijackThis log or the ComboFix log. I see entries for both McAfee and Norton though so you shouldn't have both of those.

Beyond that, I'm not familiar enough with Vista yet to comment any further.

[rainforest123]

CG:
Thanks.

Norton was probably installed by the OEM. It is not listed in programs & features, formerly add / remove programs.

I found suggestions for fixing the IE has stopped working issue, which primarily involve disabling add-ons.

Another suggestion was to run sfc /scannow. I did that, but the problem persists. The CBS log is > 25 MB. It zips to 1.2 MB, but I am unable to upload it to this forum because of the forum's 500 KB limit.

I ran MemTest86 for > 8 hours; no errors found.

Vista's "problem reports and solutions" suggested that I download KB939979. After downloading it, I tried to run it, but Vista informed me that "Windows Update Standalone Installer" "the update does not apply to your system".

I verified that the system is 32 bit & the download is 32 bit.

I fail to understand the logic of Vista instructing me to install and update, then be informed that the update doesn't apply.

In Internet Options, protected mode is enabled. On IE 7's status bar, I am informed that "protected mode is off".

Again, I fail to see the logic.

I am going to request that this thread be moved to the Vista Forum.

Thanks again, CG.

RF123

[rainforest123]

Some POSSIBLE methods to fix the issue of IE has stopped working.

sfc /scannow

**********************************

And finally uninstalling Yahoo Browser and Yahoo Install Manager fixed the issue.

**********************************

first, i started internet explorer with no add-ons. (start>all programs>accessories>system tools>internet explorer (no add-ons). if i-e starts and

runs with all the add-ons turned off, then you need to determine which add-on is causing it to crash. (start>control panel>network and

internet>internet options>programs tab>manage add-ons. click on the add-on you want to turn off, then click disable, and then click ok.) i

disabled each browser add-on individually until i found the one causing internet explorer to crash.

**********************************

But this is the fix

1. Control Panel

2. Internet Options

3. Advanced

4. Reset

**********************************
disabiling protected mode has worked for me, internet proterties, security, deselect enable protected mode

**********************************
Protected mode secures your web-browsing experience by creating more layers of defense for your web-browser and computer. It basically adds

extra shields so that hack-programs have a harder time breaking into your system.

But the real run-down is...if you're not an idiot and don't fall for silly pop-ups that claim to give all god-like powers to your computer... you'll be fine

without it - just like you were with Internet Explorer 6 just 2 years ago.

More information about Microsoft Internet Explorer's Protected Mode can be found here:

http://msdn.microsoft.com/library/de...tectedMode.asp


**********************************
Disabling the phishing option helped me solve my VERY ANNOYING problem.


**********************************
Turn off User Account Control in Control Panel/User Accounts and Family Safety/User Accounts/Turn User Account Control on or off


**********************************
go to internet option - advance - and uncheck 'enable third-party browser extention. it will work


Sources of above:
http://forums.microsoft.com/Genuine/...4169&SiteID=25

http://forums.microsoft.com/TechNet/...9586&SiteID=17

http://www.rfuz.com/tech-guides/comp...ge-problem-in-

windows-vista.html

http://petesbloggerama.blogspot.com/...d-working.html

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^

**********************************

I fixed it by doing this. You may want to right click on IE7 then open without addons to make sure that is the problem. I had to go through and

disable all of them and then renable them one at a time and reopen IE each time to narrow down which addon was the problem. Hope this helps.

Tools

Internet Options

Programs

Manage Add Ons

Disable Addons: Yahoo! Services and Yahoo IE service buttons


**********************************
http://support.microsoft.com/kb/935544

FIX: Windows Internet Explorer 7 may crash when you use it to visit a Web site

**********************************

I've had this problem and tried all of the hints above, but ultimately found the problem to reside with two items: Adobe/Macromedia flash player

and Java Sun Console. You need to search your computer for multiple installs, remove them all and reinstall. You can go add/remove programs to

remove the old versions of the Java Console, but you have to use Adobe's uninstaller to get rid of all your flash versions ... you may have to run the

Adobe uninstaller several times too (and maybe reboot too). A good way to determine if you have multiple version installed is to run

http://secunia.com/software_inspector/

download java from www.java.com

download flash player from www.adobe.com


**********************************
Remove omnipage or disable omnipage in startup (msconfig).

Ninad was correct...remove Omnipage.

**********************************
Data Execution Prevention
Disable DEP via the Command Prompt using the bcdedit. Unfortunately, I attempted to disable DEP through the VISTA Control Panel (Control

Panel - System Properties - Advanced - Performance Settings - Data Execution Prevention) options but it didn't work.

Be sure to run the command prompt as an Administrator and then at the command prompt enter:

bcdedit.exe/set nx AlwaysOff

Reboot your computer and try IE 7.0 again (hopefully you will be successful).

If you want to enable DEP again, you can go back into the command prompt and use the following command (although, personally I am not going

to ever enable DEP again!).
bcdedit.exe/set nx AlwaysOn


**********************************
IE Tab
http://www.pcworld.com/article/id,12...1/article.html


**********************************
IE View
https://addons.mozilla.org/en-US/fir...=firefox&id=35

A discussion of some problems associated with IE View
http://ieview.mozdev.org/faq.html

and of course, using the computer for targit practice.


RF123

[Cookiegal]

You're welcome. I wish I could be of more help.

I've moved the thread over to the Vista forum.

Hopefully Rog or others will be able to assist you.

[AcaCandy]

I'll have a look, but, can I get a reader's digest version so I don't have to scroll back through all the posts LAZY ME

[rainforest123]

Sure, Candy.

This is computer is running Vista, made by Microsoft.

It don't work write.

Passed MemTest86 x 8 hours & Fujitsu HDD diags.

Verizon Access Manager is installed, but Vista states said program is incompatible with Vista.

IE 7 reports that protected mode is off, but IE 7 options report that protected mode is enabled.



RF123