Strange blue screen Possible malware or worms?

hello I have a IBM Thincentre 8085-E4U model and Im running windows HOME on this PC unit.

Well I am now… As you see I had to swap hard drives because I had a bad issue with the Win32:vitro Virus.

I neutralized that issue but my hard drive was failing so I just swamped hard drives… and what I noticed is that in the older hard drive… I was getting blue screens allot every time i started windows live messenger on my Old hard drive which had Home then upgraded to PRO so i was running XP sp2 Pro. The build on my msggenger is 8.1.0178.00
aka 8.1

Now I thought it might have been a bad malware issue or worm issue that might have infected Messenger…

Well now… for some odd reason… this is a completely new hard drive mind you. and I used this new Hard drive which is the main backup of the original Hitatchi Hard drive that game with this IBM PC… ive hardly ever used it and its been in the freshest state ever… It has avast and is fully protected etc.

Now Get this. I pre-boot scanned the old hard drive that was having bad sectors and that virus issue… So it wouldnt get into my PC… all viruses and such have been contained in the safe box… urr… the vault…

Now I run 81 same version. Windows Live messenger on here… and You know whats odd?

Im getting blue screens and one of them say …

IBMFilter.sys… Is mentioned… and it mentioned that too on my old hard drive that was failing… which had Pro on it…

I Don’t know what in the world could be causing it but it seems to happen when I start Windows Live messenger and im browsing fire fox… and then it happens… IBMfilter.sys… I keep thinking if it has something to do with one of the IBM components… … I thought it might have been IBM messege center… or something…

But other then that… here is my scan from Hijackthis.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[b]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:13 PM, on 8/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.aspx?sid=10&Bucket=0x24_Ntfs!NtfsPerformHotFix%2B458&State=1&ID=ed8cef27-e3b8-42f9-b5ec-5bdd7d11b674&LCID=1033&OS=5.1.2600.2.00010300.2.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\ucstartup.exe
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM..\Run: [UpdateManager] “c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM..\Run: [Acronis Scheduler2 Service] “C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe”
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra ‘Tools’ menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe


End of file - 6279 bytes
[/b]

I’m sorry I had to make a second post to include the rest of the report

[u][b] Startuplist by Hijackthis.:

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,


Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
UC_Start = C:\Program Files\IBM\Updater\ucstartup.exe
UC_SMB =
(Default) =
ibmmessages = C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
UpdateManager = “c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
IBMPRC = C:\IBMTOOLS\UTILS\ibmprc.exe
Mouse Suite 98 Daemon = ICO.EXE
Hot Key Kbd Daemon = SKDAEMON.EXE
DiscWizardMonitor.exe = C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
AcronisTimounterMonitor = C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
Acronis Scheduler2 Service = “C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe”
nwiz = C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Monitor = C:\WINDOWS\PixArt\PAC207\Monitor.exe


Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ibmmessages = C:\Program Files\IBM\Messages By IBM\ibmmessages.exe


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=INI section not found
SCRNSAVE.EXE=INI section not found
drivers=INI section not found

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=Registry value not found

Policies Shell key:

HKCU..\Policies: Shell=Registry key not found
HKLM..\Policies: Shell=Registry value not found


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}


Enumerating Task Scheduler jobs:

SmartDefrag.job


Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll


[/b][/u]
-=-=-=–=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-

I don’t know what is causing this blue screen… could it be a possible malware or worm somewere that Avast can’t detect… ? I don’t have any other scanners. I also use Spywareblaster.exe

From Javacool.com

Ive never had any trouble with their software nore avast…

Go to Add/Remove Programs and un-install vulnerable Adobe Acrobat 6.0.
If you want to read pdf documents then get Foxit Reader but becareful not to install its toolbar that is ask.com

WinXP SP3 has been available for over a year so you should go to Tools then Windows Update in Internet Explorer and install all updates as it provides performance enhancements and several Critical updates.

Go to Control panel then Automatic updates then enable at least Notify me but do not download updates.

User Profile Hive Cleanup Service
Brief Description
A service to help with slow log off and unreconciled profile problems.
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

Install IE8 as it is faster and safer than IE6:
Stay Safer Online
http://www.microsoft.com/windows/internet-explorer/features/safer.aspx
Accelerators
http://www.microsoft.com/windows/internet-explorer/features/faster.aspx

Run Secunia Online Software Inspector to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

Hey! meaby you already reinstall windows, but if not you could try MBAB and SAS a shot first.

http://www.filehippo.com/download_malwarebytes_anti_malware/
http://www.filehippo.com/download_superantispyware/

if thoose should not be able to run you can give an rescue cd a shot read, download, burn to cd and boot with it from the infected cd.
you should burn the cd from an clean computer if you have and second.

http://www.freedrweb.com/livecd
http://www.free-av.com/en/products/12/avira_antivir_rescue_system.html
http://www.techmixer.com/bitdefender-rescue-cd-with-auto-update-virus-definition-features/

there are some few more in that catogory but this is the ones that can update its datebase throw the rescue cd, not sure about avira there but bitdefender and dr web cure it have this funktion anyway.

good luck

you know thats funny I just Got WM bytes…

But is it really safe… ? and this other one… Super… ive never heard of that one… whats the website for that one?

but yeah im able to run Mar btyes and what not.

ever since I had Avast clean out those Vitro viruses… fro Virut… i havent had any other problems… Yet… But ill give it a scan here in a little but…

I did uninstall that old Acrobat LOL Shit… acrobat. is not even an existing word anymore… its like old from the copany then became adobe.

its not adobe reader…

Thanks for the help guys… ive been very busy trying to deal with the PC but mostly busy dealing with a friend Dying IRL… I know its not relavent to the convo but thats why I havent been replying fast enough…

Thanks for not locking the forum too… I also have another question but its for the Microsoft Windows Live Messenger…

I need to find out were I can post a question about Strange msgs comming from other users on my list… that display a link when they are not even really online…

its weird… like their account has something in it. either the PC… and its opening another port that makes it look like it comes online and posts me this link which I NEVER CLICK.

or if its because the client is hacked and its opening some invisable backdoor… that sends these msgs to all contacts on the page…

People are soo easily snatched by this… its like… wow… you see this all over the news… online and stuff. you think “MAYBE ITS A VIRUS IVE HEARD OF THIS BEFORE?!”

So yes Can I post it here… or someone of the admins or mods please direct me were to put my other question thanks.