thought it was my graphics card giving up
till i did a google on the dr watson message
here's my HJT log
any help much appreciated
Logfile of HijackThis v1.99.1
Scan saved at 22:05:25, on 03/07/2005
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v6.00 SP1
(6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements
3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Sitecom\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\Program Files\Adobe\Photoshop Elements
3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Gmail
Notifier\G001-1.0.24.0\gnotify.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Java\jre1.5.0_03
\bin\jusched.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\iisvers.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program
Files\Creative\MediaSource\Detector\CTDet
ect.exe
C:\Program Files\WallMaster\wallmast.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware
Doctor\swdoctor.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_03
\bin\javaw.exe
C:\Program
Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla
Firefox\firefox.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and
Settings\neil\Desktop\security
etc\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://home.iol.ie
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.sallins.wan/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://home.iol.ie
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://home.iol.ie
R3 - URLSearchHook: (no name) - _
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -
(no file)
R3 - URLSearchHook: UB Class - {00000000
-15D9-4736-AB29-131578A45F2B} -
C:\WINDOWS\system32\wsrchc3.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: blank - {3CC12C40-47EB-4705-
8140-168ADC713E94} - blank (file missing)
O2 - BHO: SpywareGuard Download
Protection - {4A368E80-174F-4872-96B5-
0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36
-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-
1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
blank (file missing)
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FlashFXP Helper for Internet
Explorer - {E5A1691B-D188-4419-AD02-
90002030B8EE} - C:\PROGRA~1\FLASHF~1
\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-
11d4-9B18-009027A5CD4F} - blank (file
missing)
O4 - HKLM\..\Run: [Zone Labs Client]
C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-
a3ec-b109a192b4c2}] C:\Program
Files\Google\Gmail Notifier\G001-
1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program
Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [wnddrv]
C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run:
[TotalRecorderScheduler] "C:\Program
Files\HighCriteria\TotalRecorder\TotRecSc
hed.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe" -
osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03
\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService]
C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [REGSHAVE] C:\Program
Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task]
C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Picasa Media Detector]
C:\Program Files\Picasa2
\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works
Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LifeScape Media
Detector] C:\Program
Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iisvers]
C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program
Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\Run:
[BluetoothAuthenticationAgent]
rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgen
t
O4 - HKLM\..\Run: [bluestart]
c:\\rraut.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor]
"C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [NBJ] "C:\Program
Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Creative Detector]
C:\Program
Files\Creative\MediaSource\Detector\CTDet
ect.exe /R
O4 - Startup: Adobe Gamma.lnk =
C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Startup: SpywareGuard.lnk =
C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WallMaster Pro.lnk =
C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Adobe Gamma
Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office
OneNote 2003 Quick Launch.lnk =
C:\Program Files\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google
Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.
html
O8 - Extra context menu item: Ask Jeeves
Search -
java script:external.menuArguments.locatio
n.href="java script:AskBarcommand='cmd-
search-selection'"
O8 - Extra context menu item: Backward
Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklin
ks.html
O8 - Extra context menu item: Cached
Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.h
tml
O8 - Extra context menu item: Dictionary
Search -
java script:external.menuArguments.locatio
n.href="java script:AskBarcommand='cmd-
search-selection-word'"
O8 - Extra context menu item: E&xport to
Microsoft Excel - res://C:\PROGRA~1
\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To
&Bluetooth - C:\Program
Files\Sitecom\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar
Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar
.html
O8 - Extra context menu item: Translate
into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.h
tml
O9 - Extra button: (no name) - {08B0E5C0
-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_03
\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java
Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program
Files\Java\jre1.5.0_03
\bin\npjpi150_03.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-
18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-
26C3-4e1f-A54D-A2CD196348E9} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} -
C:\Program Files\Sitecom\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,
-4017 - {CCA281CA-C863-46ef-9331-
5C8D4460577F} - C:\Program
Files\Sitecom\Bluetooth
Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910
-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program
Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF:
START_PAGE_URL=http://www.eircom.net
O16 - DPF: {04E214E5-63AF-4236-83C6-
A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...cro.com/houseca
ll/xscan60.cab
O16 - DPF: {140F03AE-0588-11D4-BD45-
0050048A82BF} (eShare Web Collaboration
Class) -
https://chat.microso...rade.com/netage
nt/objects/emagic.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-
0050DA18DE71} (RdxIE Class) -
http://207.188.7.150...4d8f6d04ca35718
/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-
00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.../840/537/200406
1001/housecall.trendmicro.com/housecall/x
scan53.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-
EB0E5584767D} -
http://toolbar.googl...data/GoogleActi
vate.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-
6689520C7CD7} (DmiReader Class) -
http://support.euro....om/global/apps/
systemprofiler/PROFILER.CAB
O18 - Protocol: widimg - {EE7C2AFF-5742-
44FF-BD0E-E521B0D3C3BA} -
C:\WINDOWS\system32\btxppanel.dll
O18 - Filter: text/html - {DFAA31C8-A356
-4313-9D95-5EDAB46C5070} - (no file)
O23 - Service: Adobe LM Service - Adobe
Systems - C:\Program Files\Common
Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor
(AdobeActiveFileMonitor) - Unknown owner
- C:\Program Files\Adobe\Photoshop
Elements 3.0
\PhotoshopElementsFileAgent.exe
O23 - Service: Bluetooth Service
(btwdins) - Broadcom Corporation -
C:\Program Files\Sitecom\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM
Access - Creative Technology Ltd -
C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: LexBce Server (LexBceS) -
Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Photoshop Elements Device
Connect (PhotoshopElementsDeviceConnect)
- Unknown owner - C:\Program
Files\Adobe\Photoshop Elements 3.0
\PhotoshopElementsDeviceConnect.exe
O23 - Service: Sygate Personal Firewall
Pro (SmcService) - Sygate Technologies,
Inc. - C:\Program
Files\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet
Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe