Strange win.ini entry

[altheman]

i was having bsods on my laptop, and was poking around to see what could be causing it. i thought it might be kerio firewall, 'cos the latest version didnt work well and kept crashing, i installed an earlier verion, but uninstalled it again to see if that the problem.

i was looking at msconfig, and i noticed a strange entry for win.ini. i've posted a screenie: http://img221.imageshack.us/my.php?image=winini7rc.png. i also googled it, havnt found nothing. is this a normal entry 'cos it looks VERY suspicious??

btw, this is a laptop, with a brand new windows reinstall, and my programs and work.

 

[howard_hopkinso]

I agree it does look a little suspicious.

Go HERE and follow the instructions.

Then post a HJT log.

Regards Howard

 

[altheman]

btw, the bsod happens VERY occasionally, after the loading screen, before the login screen, and doesnt reference any file. i first thought it might be the custom bootskin and login skin i was using (without patching windows, by using stardock products). i restored the defaults, and it still happens.

i'll do what you said and get back to you. cheers m8.

 

[Nodsu]

That entry visible here doesn't do anything - it's just a gibberish variable. Even if there is some malware making use of it, the malware itself is loaded somewhere else.

Look in the win.ini file with notepad and see if you can spot something more.

Do test your RAM and hard drive.

 

[altheman]

ive done memtest, hd diagnostics, but i cant open the back of my laptop without invalidating my warranty, so i cant clean the ram.
also does anyone know any diagnostic tools for ati graphics cards, i wanna check that as well, just to rule it out.

also, my system.ini has a similar entry: screenshot

also my hijack this log is attached.

edit: also did a rootkit revealer search. came up empty.
do you think i should delete the entries and see what happens??

 

[Tedster]

is you laptop running hot? Somelaps brands are notorious for overheating.

 

[howard_hopkinso]

Your HJT log is clean.

Go HERE and follow the instructions.

if that doesn`t help. Zip 5 or 6 of your latest minidumps together and attach them here.

Regards Howard

 

[Nodsu]

.ini files are just plaintext configuration. You can create arbitrary name=value pairs in there and nothing will happen - if there is no program to read that variable, then it is just never read.

One can make Windows load all kinds of stuff using these ini files, but it has to be done using specific syntax that Windows recognises. If you are really suspicious, open these files using Notepad and post their contents here.

 

[altheman]

@tedster: yeah it does run quite hot, but i've never had problems with it bsoding 'cos of the heat. i can play farcry and gta:sa for more then an hour, it doesnt give any error messages or crashes. the only thing i notice when it runs hot is the fan noise. and anyway, if it was the heat, i should get a bsod after quite a while, not about 20s into loading when the cpu is cool. my laptop also uses cool 'n' quiet, so the cpu frequency only gets pushed to the full when needed. after booting, the cpu runs at 250 to 800mhz.

@howard_hopkinso: i already did that (from your earlier post). also, the bsod doesnt reference any file and doesnt generate a minidump, but my settings are on to do so. the bsod happens once in a while, so i cant figure it out. i deleted the entries, and havent had any eror messages or anything. ill try to keep you updated. this is a clean install of windows, so there are no minidumps at the moment.

my suspision is on kerio firewall. the most recent version used to give bsod's if i clicked "permit" more then 3 time in a row, so i switched down to an earlier version. ive uninstalled that now, and if any bsods don't happen for about a week, ill reinstall it and see if problems start happening.

@nodsu: the entries in the ini files show up in msconfig, there are no hidden entries. ive compared my laptop and desktop pc win.ini and system.ini files, they are the same, except for some entries on my desktop pc related to some programs installed.

 

[altheman]

the system.ini entry is definatly caused by kerio firewall, although it doesnt get removed after a uninstall of kerio. i installed and uninstalled twice to make sure it was kerio. i emailed sunbelt asking them about this, but i havent recieved a reply yet. does anybody else use kerio, and if so do they have the same entries??