PC Review Forums Software Security, Spyware and Viruses Stop Error Blue screen from a device driver called dvdkernl.sys which is spyware!

Reply
 
Thread Tools Rate Thread
Old 18-12-2005, 05:54 PM   #1
cbochanski
Junior Member
 
Join Date: Dec 2005
Posts: 1
Trader Rating: (0)
Default Stop Error Blue screen from a device driver called dvdkernl.sys which is spyware!
I have a stop error that keeps occurring in windows 2000 pro on regular startup that refers to a device driver called dvdkernl.sys. I read in another post that this is a spyware, malware or hijack problem. Since I thought it was a corrupt system file I tried an upgrade install to no avail. I have copied my hijack this log for your review. I hope you can help me soon.


Logfile of HijackThis v1.99.1
Scan saved at 12:13:59 AM, on 3/4/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Documents and Settings\kathy\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prendie.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.2.1
F3 - REG:win.ini: run=C:\WINNT\inet20088\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [vwkebtyq] C:\WINNT\system32\vwkebtyq.exe
O4 - HKLM\..\Run: [System] C:\WINNT\system32\kernels32.exe
O4 - HKLM\..\Run: [Explorer32] C:\WINNT\system32\efsdfgxg.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\priva.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [vwkebtyq] C:\WINNT\system32\vwkebtyq.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\cmdel.exe
O4 - Global Startup: Boingo.lnk = C:\Program Files\Boingo\Boingo.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: dvd4free - C:\WINNT\SYSTEM32\dvd4free.dll
O20 - Winlogon Notify: st3 - C:\WINNT\q167020.dll (file missing)
O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINNT\system32\nhjhgbih.dll (file missing)
O21 - SSODL: IEFilter - {FD726717-28E5-4C73-B7F1-73E92A07D6AD} - IEFilter1.dll (file missing)
O21 - SSODL: 0HDD0G0E - {0DFF2717-15F0-4775-7368-3DF6034A53C5} - C:\WINNT\system32\Ckjgej32.dll (file missing)
O21 - SSODL: mtkle - {2838C05F-9AB4-4B6B-AE88-AE2D069B4204} - C:\WINNT\system32\rtvhc32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Boingo Monitor Service (BoingoMonitor) - Boingo Wireless, Inc. - C:\Program Files\Boingo\WENGINE\wmonitor.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

Thanks in advance for your help
cbochanski is offline   Reply With Quote
Old 18-12-2005, 06:58 PM   #2
Me__2001
Internet Junkie
 
Me__2001's Avatar
 
Join Date: Apr 2004
Location: Hertfordshire, UK
Posts: 4,103
Trader Rating: (2)
Default
i dont know what it is but run the following

Spybot Search and Destroy
CCleaner
Adaware SE
Spysweeper
MS antispyware

Edit: give this a try aswell

http://www.trendmicro.com/spyware-scan/
__________________
I'm out of bed and dressed, what more do you want?

I always take life with a grain of salt, ... a slice of lemon, ...and a shot of tequila

I used to have an open mind but my brains kept falling out

One more step to enlightenment ... but which way ?



Last edited by Me__2001 : 18-12-2005 at 07:02 PM.
Me__2001 is offline   Reply With Quote
Reply

Archive


Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off