TechSpot

IE8 crashing sporadically... unable to replicate.

By ascot54
Jun 30, 2011
  1. Hi Gents...
    been a while since my last foray here..thats good news for me i guess.

    However, i'm getting a random crash within IE8 and i cant replicate it... it may happen with in 5mins or may not happen for 2hours or more and locks up my PC.

    I have all latest updates installed and have used MS Fixit tool that found a problem with Java Helper... ran the fix but still no luck !!

    have followed the guide as per instructions and here are my reports.

    grateful if you could take a look and see if i have a problem....?? Googled IE8 crashes and lots of people seem in same boat..knowing that you guys helped me before, thought i'd return here for expertise !!

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6985

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    30/06/2011 11:28:34
    mbam-log-2011-06-30 (11-28-34).txt

    Scan type: Quick scan
    Objects scanned: 153102
    Time elapsed: 9 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-30 11:35:41
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400BB-00JHA0 rev.05.01C05
    Running: qrm0rxbt.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
    AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 11:38:37 on 2011-06-30
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1504 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [ICQ] "c:\program files\icq7.2\ICQ.exe" silent loginmode=4
    mRun: [SiS Tray] c:\windows\system32\sistray.EXE
    mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
    mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
    mRun: [InCD] c:\program files\ahead\incd\InCD.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0E11F88F-B70D-4E1F-9370-29721DAD833C} : DhcpNameServer = 192.168.0.1
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 165264]
    R1 MpKslb46d71b8;MpKslb46d71b8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b83f5e66-b7c7-4812-bbb0-744f0a7dc583}\MpKslb46d71b8.sys [2011-6-30 28752]
    R1 MpKsle9ec4ade;MpKsle9ec4ade;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cae33cd6-8792-48a0-9cc8-8aacf3a1e5d5}\mpksle9ec4ade.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cae33cd6-8792-48a0-9cc8-8aacf3a1e5d5}\MpKsle9ec4ade.sys [?]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
    R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [2011-6-8 219072]
    R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [2011-6-8 5120]
    R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [2011-6-8 8704]
    S0 cerc6;cerc6; [x]
    S1 MpKsl01985bb1;MpKsl01985bb1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7dfd412e-bd0e-40f4-ba31-af27d43c47be}\mpksl01985bb1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7dfd412e-bd0e-40f4-ba31-af27d43c47be}\MpKsl01985bb1.sys [?]
    S1 MpKsl09159b8b;MpKsl09159b8b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\mpksl09159b8b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\MpKsl09159b8b.sys [?]
    S1 MpKsl13761896;MpKsl13761896;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91dc30ad-c8f3-4b73-9996-905648cea745}\mpksl13761896.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91dc30ad-c8f3-4b73-9996-905648cea745}\MpKsl13761896.sys [?]
    S1 MpKsl1ea4b516;MpKsl1ea4b516;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\mpksl1ea4b516.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\MpKsl1ea4b516.sys [?]
    S1 MpKsl1efd7585;MpKsl1efd7585;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47811461-a8f9-4f65-9390-1bc9adcde58f}\mpksl1efd7585.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47811461-a8f9-4f65-9390-1bc9adcde58f}\MpKsl1efd7585.sys [?]
    S1 MpKsl213c8f9f;MpKsl213c8f9f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\mpksl213c8f9f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\MpKsl213c8f9f.sys [?]
    S1 MpKsl2538a3ce;MpKsl2538a3ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cc7c580-2df9-44a3-8b37-836c2dcd18cb}\mpksl2538a3ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cc7c580-2df9-44a3-8b37-836c2dcd18cb}\MpKsl2538a3ce.sys [?]
    S1 MpKsl2f2222d9;MpKsl2f2222d9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d3b1758-01c1-4baa-a101-e7257ddb6d8f}\mpksl2f2222d9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d3b1758-01c1-4baa-a101-e7257ddb6d8f}\MpKsl2f2222d9.sys [?]
    S1 MpKsl377fd64f;MpKsl377fd64f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22eee4de-4e0e-44cd-b3b3-09536783d11c}\mpksl377fd64f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22eee4de-4e0e-44cd-b3b3-09536783d11c}\MpKsl377fd64f.sys [?]
    S1 MpKsl3f371606;MpKsl3f371606;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66497442-5220-4f6c-8129-ba22f721e6d5}\mpksl3f371606.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66497442-5220-4f6c-8129-ba22f721e6d5}\MpKsl3f371606.sys [?]
    S1 MpKsl42d09462;MpKsl42d09462;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b14acb97-078c-43f2-aa47-d52662a39452}\mpksl42d09462.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b14acb97-078c-43f2-aa47-d52662a39452}\MpKsl42d09462.sys [?]
    S1 MpKsl42e322b5;MpKsl42e322b5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62606f6-859d-4261-9b9b-6af7ac2378ea}\mpksl42e322b5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62606f6-859d-4261-9b9b-6af7ac2378ea}\MpKsl42e322b5.sys [?]
    S1 MpKsl46d0104f;MpKsl46d0104f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{28be90e5-d553-4578-a54f-0fcc31bca49d}\mpksl46d0104f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{28be90e5-d553-4578-a54f-0fcc31bca49d}\MpKsl46d0104f.sys [?]
    S1 MpKsl4c54f593;MpKsl4c54f593;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\mpksl4c54f593.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\MpKsl4c54f593.sys [?]
    S1 MpKsl5142046b;MpKsl5142046b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5064562-5241-44da-b201-43d739eebe1c}\mpksl5142046b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5064562-5241-44da-b201-43d739eebe1c}\MpKsl5142046b.sys [?]
    S1 MpKsl554a77d6;MpKsl554a77d6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\mpksl554a77d6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\MpKsl554a77d6.sys [?]
    S1 MpKsl619452ca;MpKsl619452ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9affd7d4-13af-4d2a-b9df-2af23d4b9c2e}\mpksl619452ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9affd7d4-13af-4d2a-b9df-2af23d4b9c2e}\MpKsl619452ca.sys [?]
    S1 MpKsl66243d4d;MpKsl66243d4d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\mpksl66243d4d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\MpKsl66243d4d.sys [?]
    S1 MpKsl778b1a79;MpKsl778b1a79;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\mpksl778b1a79.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\MpKsl778b1a79.sys [?]
    S1 MpKsl7d95315b;MpKsl7d95315b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{86d6c0b6-e82a-44e7-b7fd-f0c1629e6ffc}\mpksl7d95315b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{86d6c0b6-e82a-44e7-b7fd-f0c1629e6ffc}\MpKsl7d95315b.sys [?]
    S1 MpKsl8769d3e7;MpKsl8769d3e7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f2a3dbe5-91c1-424a-89c3-ca6adcbf98d6}\mpksl8769d3e7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f2a3dbe5-91c1-424a-89c3-ca6adcbf98d6}\MpKsl8769d3e7.sys [?]
    S1 MpKsl8ad7196a;MpKsl8ad7196a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8337061-f7d2-4cf0-a274-531e92950546}\mpksl8ad7196a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8337061-f7d2-4cf0-a274-531e92950546}\MpKsl8ad7196a.sys [?]
    S1 MpKsla44bb0e4;MpKsla44bb0e4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{943cbde8-3795-44bc-aa46-65a3c794028e}\mpksla44bb0e4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{943cbde8-3795-44bc-aa46-65a3c794028e}\MpKsla44bb0e4.sys [?]
    S1 MpKsla795d6fd;MpKsla795d6fd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e5a9309-7a63-47f9-a78e-0ba6942f71d3}\mpksla795d6fd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e5a9309-7a63-47f9-a78e-0ba6942f71d3}\MpKsla795d6fd.sys [?]
    S1 MpKslada0a9dd;MpKslada0a9dd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\mpkslada0a9dd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\MpKslada0a9dd.sys [?]
    S1 MpKslb66df2b4;MpKslb66df2b4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91dc30ad-c8f3-4b73-9996-905648cea745}\mpkslb66df2b4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91dc30ad-c8f3-4b73-9996-905648cea745}\MpKslb66df2b4.sys [?]
    S1 MpKslb88211c3;MpKslb88211c3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\mpkslb88211c3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\MpKslb88211c3.sys [?]
    S1 MpKslc899043c;MpKslc899043c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b4c78f35-81f8-4a8c-9b57-3f33391ebb05}\mpkslc899043c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b4c78f35-81f8-4a8c-9b57-3f33391ebb05}\MpKslc899043c.sys [?]
    S1 MpKslcbf435b5;MpKslcbf435b5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a59f7d5a-475b-4174-a230-ef23b9372bf5}\mpkslcbf435b5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a59f7d5a-475b-4174-a230-ef23b9372bf5}\MpKslcbf435b5.sys [?]
    S1 MpKslcc9e82ab;MpKslcc9e82ab;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8337061-f7d2-4cf0-a274-531e92950546}\mpkslcc9e82ab.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8337061-f7d2-4cf0-a274-531e92950546}\MpKslcc9e82ab.sys [?]
    S1 MpKsld05e613a;MpKsld05e613a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ba2e52e-fd9d-4992-a0a2-a63419d19023}\mpksld05e613a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ba2e52e-fd9d-4992-a0a2-a63419d19023}\MpKsld05e613a.sys [?]
    S1 MpKsld415caf7;MpKsld415caf7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\mpksld415caf7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\MpKsld415caf7.sys [?]
    S1 MpKsld8767dca;MpKsld8767dca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4d7eb011-1fe5-4dd4-b3e7-df306dcb7399}\mpksld8767dca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4d7eb011-1fe5-4dd4-b3e7-df306dcb7399}\MpKsld8767dca.sys [?]
    S1 MpKsldc5e4f0c;MpKsldc5e4f0c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc197af9-c7cd-4e65-9ee5-4411222102f4}\mpksldc5e4f0c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc197af9-c7cd-4e65-9ee5-4411222102f4}\MpKsldc5e4f0c.sys [?]
    S1 MpKsle74a2afa;MpKsle74a2afa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3bb9d9c-37d9-444e-b22e-23676caa1195}\mpksle74a2afa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3bb9d9c-37d9-444e-b22e-23676caa1195}\MpKsle74a2afa.sys [?]
    S1 MpKslfdc3eecb;MpKslfdc3eecb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{82546538-64d1-4775-8680-814a2210ac93}\mpkslfdc3eecb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{82546538-64d1-4775-8680-814a2210ac93}\MpKslfdc3eecb.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-13 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-13 136176]
    .
    =============== Created Last 30 ================
    .
    2011-06-30 10:36:26 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b83f5e66-b7c7-4812-bbb0-744f0a7dc583}\MpKslb46d71b8.sys
    2011-06-30 10:35:58 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b83f5e66-b7c7-4812-bbb0-744f0a7dc583}\mpengine.dll
    2011-06-30 10:16:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-30 10:16:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-30 10:16:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-30 10:16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-30 08:53:51 -------- d-----w- c:\documents and settings\administrator\application data\ElevatedDiagnostics
    2011-06-19 15:30:58 -------- dc-h--w- c:\windows\ie8
    2011-06-11 17:22:46 -------- d-----w- c:\program files\Hangar
    2011-06-11 17:22:32 -------- d-----w- c:\program files\Cycle
    2011-06-11 17:21:53 -------- d-----w- c:\windows\uninstall
    2011-06-11 11:29:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-08 11:47:27 8704 ----a-w- c:\windows\system32\drivers\chdrvr03.sys
    2011-06-08 11:47:27 86776 ----a-w- c:\windows\system32\CMCalBlk.dll
    2011-06-08 11:47:27 5120 ----a-w- c:\windows\system32\drivers\chdrvr02.sys
    2011-06-08 11:47:27 219072 ----a-w- c:\windows\system32\drivers\chdrvr01.sys
    2011-06-08 11:23:32 -------- d-----w- c:\program files\CH Products
    2011-06-08 10:36:04 -------- d-----w- c:\program files\SquawkBox
    2011-06-07 15:39:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-06-07 15:39:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-07 15:19:02 106496 ----a-w- c:\windows\system32\TwnLib20.dll
    2011-06-07 15:18:56 471040 ------w- c:\windows\system32\ImagXRA7.dll
    2011-06-07 15:18:55 476320 ------w- c:\windows\system32\ImagXpr7.dll
    2011-06-07 15:18:55 262144 ------w- c:\windows\system32\ImagXR7.dll
    2011-06-07 15:18:55 1568768 ------w- c:\windows\system32\ImagX7.dll
    2011-06-07 15:18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    2011-06-07 15:17:56 2973696 ------w- c:\windows\NuNinst.exe
    2011-06-07 15:17:52 99584 ------w- c:\windows\system32\drivers\InCDfs.sys
    2011-06-07 15:17:52 8704 ------w- c:\windows\system32\drivers\InCDrec.sys
    2011-06-07 15:17:52 29696 ------w- c:\windows\system32\drivers\InCDpass.sys
    2011-06-07 15:17:51 28672 ------w- c:\windows\system32\drivers\InCDrm.sys
    2011-06-07 15:17:50 -------- d-----w- c:\windows\InCD
    2011-06-07 15:17:16 10368 ------w- c:\windows\system32\drivers\pfc.sys
    2011-06-07 15:15:54 -------- d-----w- C:\MyWorks
    2011-06-07 15:15:36 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    2011-06-07 15:15:34 -------- d-----w- c:\program files\CyberLink DVD Solution
    2011-06-04 11:25:20 -------- d-----w- c:\documents and settings\administrator\local settings\application data\KodakGallery
    2011-06-04 11:20:41 -------- d-----w- c:\documents and settings\administrator\local settings\application data\ArcSoft
    2011-06-04 11:20:26 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft
    2011-06-04 11:17:30 -------- d-----w- c:\program files\common files\Kodak
    2011-06-04 11:16:25 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
    2011-06-04 11:16:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
    2011-06-04 11:16:25 465920 ------w- c:\windows\system32\imapi2fs.dll
    2011-06-04 11:16:24 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
    2011-06-04 11:16:24 317952 ------w- c:\windows\system32\imapi2.dll
    2011-06-04 11:16:19 -------- d-----w- c:\program files\Kodak
    2011-06-04 11:13:41 -------- d-----w- c:\documents and settings\all users\application data\Kodak
    .
    ==================== Find3M ====================
    .
    2011-06-11 17:23:04 819712 ----a-w- c:\program files\VATroute.exe
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2006-05-25 19:53:24 270336 ----a-w- c:\program files\NETXP.Controls.Bars.dll
    2006-05-25 19:53:22 471040 ----a-w- c:\program files\NETXP.Win32.dll
    2006-05-25 19:53:22 102400 ----a-w- c:\program files\NETXP.Library.dll
    .
    ============= FINISH: 11:39:17.59 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 13/11/2010 20:24:44
    System Uptime: 30/06/2011 11:06:54 (0 hours ago)
    .
    Motherboard: Acer | | E61ML
    Processor: Intel(R) Celeron(R) CPU 2.66GHz | Socket 478 | 2666/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 8.054 GiB free.
    D: is CDROM (CDFS)
    E: is FIXED (FAT32) - 5 GiB total, 1.169 GiB free.
    F: is FIXED (NTFS) - 32 GiB total, 3.6 GiB free.
    G: is FIXED (NTFS) - 149 GiB total, 145.591 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_2A02&SUBSYS_800A1799&REV_03\3&61AAA01&0&50
    Manufacturer:
    Name: Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_2A02&SUBSYS_800A1799&REV_03\3&61AAA01&0&50
    Service:
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_16EC&DEV_2F00&SUBSYS_010C16EC&REV_01\3&61AAA01&0&58
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_16EC&DEV_2F00&SUBSYS_010C16EC&REV_01\3&61AAA01&0&58
    Service:
    .
    ==== System Restore Points ===================
    .
    RP257: 07/06/2011 16:38:38 - Installed Java(TM) 6 Update 25
    RP258: 07/06/2011 20:29:51 - Removed Print Creations
    RP259: 08/06/2011 09:37:52 - Software Distribution Service 3.0
    RP260: 08/06/2011 12:48:10 - Unsigned driver install
    RP261: 08/06/2011 16:12:45 - Unsigned driver install
    RP262: 08/06/2011 20:58:34 - Unsigned driver install
    RP263: 09/06/2011 09:51:10 - Software Distribution Service 3.0
    RP264: 10/06/2011 09:46:23 - Software Distribution Service 3.0
    RP265: 11/06/2011 12:57:05 - Software Distribution Service 3.0
    RP266: 12/06/2011 14:06:09 - Software Distribution Service 3.0
    RP267: 13/06/2011 14:48:55 - System Checkpoint
    RP268: 14/06/2011 06:43:23 - Software Distribution Service 3.0
    RP269: 15/06/2011 06:43:12 - Software Distribution Service 3.0
    RP270: 16/06/2011 07:05:39 - System Checkpoint
    RP271: 16/06/2011 21:08:06 - Software Distribution Service 3.0
    RP272: 17/06/2011 03:00:15 - Software Distribution Service 3.0
    RP273: 18/06/2011 03:35:12 - System Checkpoint
    RP274: 18/06/2011 10:37:43 - Software Distribution Service 3.0
    RP275: 18/06/2011 12:18:23 - Installed Java(TM) 6 Update 26
    RP276: 19/06/2011 10:37:30 - Software Distribution Service 3.0
    RP277: 19/06/2011 16:31:21 - Installed Windows Internet Explorer 8.
    RP278: 19/06/2011 16:32:27 - Software Distribution Service 3.0
    RP279: 19/06/2011 20:56:32 - Software Distribution Service 3.0
    RP280: 20/06/2011 15:25:15 - Software Distribution Service 3.0
    RP281: 20/06/2011 15:34:41 - Software Distribution Service 3.0
    RP282: 22/06/2011 15:01:52 - Software Distribution Service 3.0
    RP283: 23/06/2011 15:09:24 - System Checkpoint
    RP284: 24/06/2011 15:39:49 - Software Distribution Service 3.0
    RP285: 25/06/2011 15:56:20 - Software Distribution Service 3.0
    RP286: 27/06/2011 11:22:44 - Software Distribution Service 3.0
    RP287: 28/06/2011 03:00:16 - Software Distribution Service 3.0
    RP288: 28/06/2011 18:49:37 - Software Distribution Service 3.0
    RP289: 29/06/2011 12:47:07 - Software Distribution Service 3.0
    RP290: 30/06/2011 09:44:42 - Software Distribution Service 3.0
    RP291: 30/06/2011 09:47:08 - Installed %1 %2.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    CCScore
    CH Control Manager Software
    DECAdry Print Software 150
    DVD Solution
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    ICQ7.5
    InCD
    Java Auto Updater
    Java(TM) 6 Update 26
    Kodak EasyShare software
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Flight Simulator 2004 A Century of Flight
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft Works
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Launcher
    Nero OEM
    netbrdg
    OfotoXMI
    PowerDVD
    PowerProducer
    Realtek AC'97 Audio
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SFR
    SHASTA
    SiS 661FX_760_741_M661FX_M760_M741
    skin0001
    SKINXSDK
    SquawkBox
    staticcr
    TomTom HOME 2.8.2.2264
    TomTom HOME Visual Studio Merge Modules
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VAT-Spy
    VATroute 0.0.1.021
    VPRINTOL
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    WIRELESS
    .
    ==== End Of File ===========================

    thank you
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome back! I realize you'd rather not have to post in this forum, so I will try to make it as pleasant as possible!

    I am not aware of lots of people' having this problem. And there are many things that could cause- it doesn't have to be malware. It could be due to not enough RAM, bad memory chips or many other problems.

    I'd like you to do this to see if we can pin down any common cause: The next time there is a crash:
    1. Look at the computer clock and make a note of the time.
    2. Tell me exactly what you were doing when IE crashed.
    3. Tell me exactly what happened when it crashed>> did IE close? Did the screen freeze? Did you get any message at all?
    4. IF you did a reboot, did the same cycle continue>> work for a while, random crash, notable during gaming?
    5. How much RAM is installed?

    ==========================================
    Keeping in mind the time of the crash that you wrote down:

    Start> Run> type in eventvwr

    Do this on each the System and the Applications logs:
    [1]. Click to open the log>
    [2]. Look for the Error that happens at the time of the crash- if one>
    [3] .Double click on the Error to open.
    [4]. Click on Copy button, top right, below the down arrow >
    [5]. Paste here (Ctrl V)
    [6].NOTES
    • You can ignore Warnings and Information Events.
    • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
    • You don't need to include the lines of code in the box below the Description, if any.
    • Please do not copy the entire Event log.

    Errors are time coded. Check the computer clock on freeze.
    =============================================
    One thing that will cause intermittent crashes is if you have 'hidden files and folders' check to show, along with unhiding 'protected system files'. Check Folder Options in the Control Panel> View tab

    If you need more help with this, let me know.
     
  3. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    latest...

    Hi Bobbye,
    This was the most recent error that has a log in Applications.
    Todays crash is not listed.

    Event Type: Error
    Event Source: Application Error
    Event Category: None
    Event ID: 1000
    Date: 29/06/2011
    Time: 14:07:29
    User: N/A
    Computer: PAUL
    Description:
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19088, fault address 0x000ec5c5.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 69 65 78 ure iex
    0018: 70 6c 6f 72 65 2e 65 78 plore.ex
    0020: 65 20 38 2e 30 2e 36 30 e 8.0.60
    0028: 30 31 2e 31 38 37 30 32 01.18702
    0030: 20 69 6e 20 6d 73 68 74 in msht
    0038: 6d 6c 2e 64 6c 6c 20 38 ml.dll 8
    0040: 2e 30 2e 36 30 30 31 2e .0.6001.
    0048: 31 39 30 38 38 20 61 74 19088 at
    0050: 20 6f 66 66 73 65 74 20 offset
    0058: 30 30 30 65 63 35 63 35 000ec5c5
    0060: 0d 0a ..

    There are no other errors witihn eventvwr... eg: security / iexplorer /power shell..
    I have 2Mb of RAM , so i dont think that is the issue.. i have removed both RAm chips independently, to ensure they are both being read in their respective sockets and even swopped sockets in case of socket failure. All passed the test.

    I was in IE and attempted to open a 2nd tab within the window and then the PC froze !! i could not move the mouse and had to shut PC down using power button...
    This is the normal cycle, however, if i leave the PC to do updates, i find it also crashes then. So i dont think its just an IE problem now..??
    To date ihave expereinced no problems during gaming...my gaming is limited to online flying with MS FlightSim..and also using Vatspy/SquawkBox for chat whilst talking to Air Traffic Control.

    all hidden files and folders are hidden and not on display as well as system files...I dont have them on display because if others are "borrowing" my PC for school homework, i'd be worrried they delete something they shouldnt...!!
    If you need any other info, please advise....

    Thanks Bobbye,

    Best regards to you as always,

    Paul
     
  4. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    just found article in MS ref the fault... it refers to KB976325 relating to the smartscreen filter...mine is turned off, but also i dont have that KB installed..!! also noticed in add/remove that my IE8 was last used on 1/1/2011 !! yet i use it most days !!!! is that odd at all ???
    thank again...

    Paul
     
  5. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    Hi Bobbye,
    just had a freeze at 1520GMT....checked event vwr no log created but found this under information..
    Event Type: Information
    Event Source: gupdate
    Event Category: None
    Event ID: 0
    Date: 30/06/2011
    Time: 16:22:07
    User: N/A
    Computer: PAUL
    Description:
    The description for Event ID ( 0 ) in Source ( gupdate ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service stopped.

    worried as it says remote computer !!!! any ideas ??
    thanks
    Paul
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    ( gupdate ) is the Google Toolbar Update. If you use the toolbar, this comes with it. I killed the process numerous times and found it had put itself back on the Startup menu. My thought is that a toolbar doesn't have to update enough to allow it to check for updates, every day, numerous times each day.

    You can try doing this:
    Click on Start> Run> type in services.msc> double click on gupdate to open> Change the Startup type to Disabled> Stop the Service.

    Please note my comment to ignore 'Information' entries. You are only looking for Errors.
    Please also note my instructions that you do not need to include the codes below the error description.
    ==========================================
    Please see this Microsoft Site regarding the 'faulting module mshtml.dll."
    ==========================================
    If the update does not help, start IE with No Addons. Then put the addons back onto the system and check after each one. If you find a particular addons is causing a crash, remove it and don't use.
     
  7. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    done this...
    "Click on Start> Run> type in services.msc> double click on gupdate to open> Change the Startup type to Disabled> Stop the Service"
    i know you said im only looking for errors but my concern on the information was "remote computer" my mind went "trojan" !!
    i looked at the MS Site you suggest.. that says IE5.5 is that right...??
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Try this site: http://support.microsoft.com/kb/892052

    It hard to find the combination of mshtml,dll+IE8+Win XP. As you saw, this has been a problem since IE4 and 5. You would think they'd have it right by now!

    Of course Google is going to have to go to a remote computer to get the update! That doesn't mean someone is remotely getting into your system. Please search for "Remote computer" vs "Remote Access"
     
  9. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    Hi Bobbye,
    had 2 further freeze ups since yesterday and still there is no damn crash report to be found....really hacked off with MS now !!!
    my local PC shop suggested they would have a look and re-install the operating system....!!
    im not happy to do this because i have my PC loaded and set how i want with ref to my FlightSim etc...
    im now trying IE8 without add ons to see how this goes...!! as opposed to the normal IE8....!!

    any ideas where else in the system i could be looking to find the root cause ??
    as i say it's very random...!! earlier i was only on IE8 for a matter of mins before it froze !!!
    really annoying when you are trying to do admin tasks !!!

    Thanks again Buddy....

    Paul
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Paul, how much RAM do you have on the system?

    The next time the system freezes, take note of exactly what you're doing:
    What programs are currently active- are you working on or in a particular program or app- Which one are you using at the time of the crash? Look down on the Taskbar and make note of everything that is minimized, including the email.

    Is there any particular function you are using what the freeze happens?

    Because there are no corresponding Errors in the Event Viewer, the freeze is most likely directly related to what function or feature you are using at the time.

    And if worse come to worse, you can try to uninstall/reinstall IE8- again.
     
  11. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    Hi Bobbye, i have 2mb of RAM and done a service check on them eg: swopped memory over to different slots...no errors found...
    on taskbar is : MS Essentials, soundcard controls, InCD, Active Sync....
    none of the above actually in use...
    nothing minimised to taskbar only thing open was IE8 !! last crash happened when i clicked on the Tools button in IE8...
    I found a link ref IE7..it suggested to re-register several dll's using a batch file..

    link : http://www.brighthub.com/computing/windows-platform/articles/44296.aspx

    so far, no crashes....!!
    will keep you updated buddy if this seems to have "cured" the problem....
    Rgds

    Paul
     
  12. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    crashed again....

    Hi Bobbye,

    just had another crash...but this time in Google Chrome !!!!!

    decided to uninstall IE8 and see what happens... no overnight crashes !!
    but just using Google Chrome to surf and get a freeze up..!!

    however, here is the odd thing...
    thought i'd look at event viewer...found lots of error logs that wernt there when IE8 was installed...
    here is the last one

    Event Type: Error
    Event Source: MatSvc
    Event Category: None
    Event ID: 15
    Date: 02/07/2011
    Time: 11:06:38
    User: N/A
    Computer: PAUL
    Description:
    The scheduled MATS task encountered a failure when collecting configuration data. hr=0x803C0101
    .

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    even crashed whilst i was typing this up...
    surely there has to be something deeper as the root cause here ??? !!!

    any advice greatly appreciated !!

    rgds

    Paul
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The scheduled MATS task encountered a failure
    Related to Matsvc.exe Automated Troubleshooting Service from Microsoft Corporation

    The service belongs to the Microsoft Fixit program. If you installed this, uninstall it. Supposedly the MatSvc only runs when needed but Microsoft Fixit is still in beta and many people have reported issues with it.

    It appears that you have this scheduled to run. Frankly, I wouldn't let this on my system! http://support.microsoft.com/fixit/

    I don't know i this came with IE or if it was a Windows Updates. But do yourself a favor and remove it! You may have to chase down a Service:
    Click on Start> Run> type in services.msc> enter> Double click on the Service to open it> Stop the Service> Change the Startup type to Disable> Exit the Services.

    Also check the Scheduled Tasks and remove:
    Scheduled Tasks
    Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.
    Opening scheduled tasks to modify or delete them:
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    To change the settings for a task: right-click the Task> click Properties> do any of the following:
    1. To change the schedule for the task, click the Schedule tab.
    2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
    3. To delete a task> right-click the task> click Delete.
    4. To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.
     
  14. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    Ho Bobbye,
    i'm back....lol.....

    had my system in to store, over 3 days of bench testing and not one crash get it home and four crashes in as many hours... from within Google and witihn online gaming (x2)....!! the last 2 crashes were about an hour apart....
    im getting to the end of my tether now and shortly the pc will be taking its own flying lessons from the first floor !!! can you help ???
    best wishes always

    Paul
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Paul, you have done a great job of troubleshooting and I know your frustration level must be high. I went back to the first log and created a time line and I will give you that.

    First, I'd like you to open IE and disable all of the Addons. It may not actually be the browser but rather something that runs when the browser does. Then you put the addons back, one at a time, try the system after each. If you crash after putting one back on, take it off again and check the system.

    As helpful as the Event Viewer can be, unless there is a real error within the system itself or a particular app, it's not going to show a corresponding error.

    Second, as you found, some updates can cause problems. You first log was dated 6/30/2011, so you need to play detective and try to determine if the problem started after an update.

    Third, I don't know how long this was going on before you posted here, but here is a timeline of programs you installed in the period shortly before you got IE8:
    ===============================
    Using the KB sequence numbers, this looks to be the last Security Update for Windows XP (KB982665)> MS10-055: Vulnerability in Cinepak codec could allow remote code execution> dated in MS 6/20/2011

    And this was last plain Update for Windows XP (KB973815)> MS09-037: Description of the security update for Microsoft MSWebDVD ActiveX Control in Windows XP and Windows Server 2003: August 11, 2009

    It is interesting to note that the last Security Update was one day after you upgraded to IE8
    ===================================================
    I'd like you to run this. I can then have you check all processes that don't need to start on boot and run in the background:
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  16. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    Latest

    Hi Bobbye...

    Thanks once again for your help....!!

    Just to give you an update...

    i have uninstalled all IE !!!
    yesterday i dowloaded SAS, and ran it... detected 98 threats...dealt with them...

    Here is my log from HJT......

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:16:55, on 25/07/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 4531 bytes

    I found this entry too whilst loading HJT !!!

    goes by name of keyhook.txt !!

    any bearing on my "freeze" as it says destroy window....!!!

    Edit: Repeating entries of DestroyWindow & FreeDirectInput have been deleted by Bobbye


    Rgds Paul
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    1. Were all or most of these Tracking Cookies?
    2. You have gone back to IE6- correct?
    3. Regarding the entries you found:
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    Name: SiS Windows KeyHook
    File Name: keyhook.exe
    Status: U> means it is up to you whether or not you feel this program needs to run automatically.
    SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings
    From bleepingcomputer.com Startups:
    ================================================
    Unfortunately, I forgot to add my guidelines in my first post:
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.

    But I think the text I have put in bold quote is also included in the steps guidelines.
    =====================================
     
  18. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    Latest

    Hi Bob,

    fully understand the "small print"

    1: all tracking cookies
    2: uninstalled ie8 & 7 (only using Google Chrome to try to isolate issue)
    3: found keyhook by chance today when loading HJT to C: drive

    i have not done anything else yet to my pc awaiting your advice.... only thing is i have read up on keyhook and it says others have expereinced errors within Windows OS because of the way it operates...
    frustrating as i "fly" online and on Sat nite i was 4miles finals into London and pc froze on me, not only spoiling my enjoyment but those i regularly fly with....

    Just want a trouble free flight/pc !!!!!
    anything else in the HJT to get rid off ??

    grateful thanks as always !!!
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Wow! Every time I get sidetracked from my focus on malware removal, I lose track of the basics! I don't know how we've gone on this long without my having you run the following! Please run them, then I'll deal with the HJT log:

    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ===========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
  20. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    latest

    HI Bobbye,

    here is Combofix log report....
    i ran ESET online scanner

    no malware, no log produced !!!


    ComboFix 11-07-26.02 - Administrator 26/07/2011 15:02:50.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1553 [GMT 1:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_npf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-25 15:30 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E95D9768-0589-4DE4-A8EE-D83DE9FBEB3C}\mpengine.dll
    2011-07-25 11:14 . 2011-07-25 11:16 -------- d-----w- C:\HijackThis
    2011-07-24 12:22 . 2011-07-24 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-07-24 12:22 . 2011-07-24 12:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-07-24 12:22 . 2011-07-24 12:22 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-07-16 13:50 . 2011-07-16 13:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2011-07-10 11:37 . 2011-07-10 11:37 -------- d-----w- c:\windows\Performance
    2011-07-10 11:37 . 2011-07-10 11:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
    2011-07-07 12:44 . 2011-07-07 12:44 -------- d-----w- c:\program files\FreeTime
    2011-07-07 06:34 . 2011-07-07 06:34 -------- d-----w- C:\My Videos
    2011-07-07 06:34 . 2011-07-07 06:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\aHisoft
    2011-07-06 18:17 . 2011-07-06 18:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\DVDVideoSoft
    2011-07-06 17:58 . 2011-07-06 17:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Geckofx
    2011-07-06 17:57 . 2011-07-07 06:24 -------- d-----w- c:\program files\AviSynth 2.5
    2011-07-02 15:43 . 2011-07-02 15:43 -------- d-----w- c:\program files\CCleaner
    2011-07-01 14:44 . 2011-07-01 14:44 1248 ----a-w- C:\reregister.bat
    2011-07-01 10:49 . 2011-07-01 10:49 -------- d-----w- C:\symbols
    2011-06-30 10:16 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-30 10:16 . 2011-06-30 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-30 10:16 . 2011-07-22 09:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-30 10:16 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-30 08:53 . 2011-06-30 08:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-13 03:39 . 2010-11-24 01:15 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-06-13 21:09 . 2011-06-13 21:09 65328 ----a-w- c:\windows\apppatch\matsshim.dll
    2011-06-11 17:23 . 2007-02-25 15:28 819712 ----a-w- c:\program files\VATroute.exe
    2011-06-11 11:29 . 2011-06-11 11:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-04 03:52 . 2011-06-07 15:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-02 15:31 . 2010-11-13 20:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2006-05-25 19:53 . 2006-11-13 15:24 270336 ----a-w- c:\program files\NETXP.Controls.Bars.dll
    2006-05-25 19:53 . 2006-11-13 15:24 471040 ----a-w- c:\program files\NETXP.Win32.dll
    2006-05-25 19:53 . 2006-11-13 14:42 102400 ----a-w- c:\program files\NETXP.Library.dll
    2004-10-01 14:00 . 2011-06-07 15:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
    "SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
    "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2010-11-13 106496]
    "SoundMan"="SOUNDMAN.EXE" [2010-11-13 57344]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\ICQ7.5\\ICQ.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\SquawkBox\\squawkbox_fs.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/07/2011 22:55 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
    R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [08/06/2011 12:47 219072]
    R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [08/06/2011 12:47 5120]
    R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [08/06/2011 12:47 8704]
    S0 cerc6;cerc6; [x]
    S1 MpKsl01985bb1;MpKsl01985bb1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DFD412E-BD0E-40F4-BA31-AF27D43C47BE}\MpKsl01985bb1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DFD412E-BD0E-40F4-BA31-AF27D43C47BE}\MpKsl01985bb1.sys [?]
    S1 MpKsl09159b8b;MpKsl09159b8b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl09159b8b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl09159b8b.sys [?]
    S1 MpKsl13761896;MpKsl13761896;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKsl13761896.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKsl13761896.sys [?]
    S1 MpKsl1ea4b516;MpKsl1ea4b516;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKsl1ea4b516.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKsl1ea4b516.sys [?]
    S1 MpKsl1efd7585;MpKsl1efd7585;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47811461-A8F9-4F65-9390-1BC9ADCDE58F}\MpKsl1efd7585.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47811461-A8F9-4F65-9390-1BC9ADCDE58F}\MpKsl1efd7585.sys [?]
    S1 MpKsl204ffc1e;MpKsl204ffc1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKsl204ffc1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKsl204ffc1e.sys [?]
    S1 MpKsl213c8f9f;MpKsl213c8f9f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl213c8f9f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl213c8f9f.sys [?]
    S1 MpKsl2538a3ce;MpKsl2538a3ce;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CC7C580-2DF9-44A3-8B37-836C2DCD18CB}\MpKsl2538a3ce.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CC7C580-2DF9-44A3-8B37-836C2DCD18CB}\MpKsl2538a3ce.sys [?]
    S1 MpKsl2aadfac1;MpKsl2aadfac1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B309C6BE-4313-4EF0-8895-F9A25947BEB6}\MpKsl2aadfac1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B309C6BE-4313-4EF0-8895-F9A25947BEB6}\MpKsl2aadfac1.sys [?]
    S1 MpKsl2f2222d9;MpKsl2f2222d9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D3B1758-01C1-4BAA-A101-E7257DDB6D8F}\MpKsl2f2222d9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D3B1758-01C1-4BAA-A101-E7257DDB6D8F}\MpKsl2f2222d9.sys [?]
    S1 MpKsl377fd64f;MpKsl377fd64f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22EEE4DE-4E0E-44CD-B3B3-09536783D11C}\MpKsl377fd64f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22EEE4DE-4E0E-44CD-B3B3-09536783D11C}\MpKsl377fd64f.sys [?]
    S1 MpKsl3f371606;MpKsl3f371606;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66497442-5220-4F6C-8129-BA22F721E6D5}\MpKsl3f371606.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66497442-5220-4F6C-8129-BA22F721E6D5}\MpKsl3f371606.sys [?]
    S1 MpKsl42d09462;MpKsl42d09462;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B14ACB97-078C-43F2-AA47-D52662A39452}\MpKsl42d09462.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B14ACB97-078C-43F2-AA47-D52662A39452}\MpKsl42d09462.sys [?]
    S1 MpKsl42e322b5;MpKsl42e322b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62606F6-859D-4261-9B9B-6AF7AC2378EA}\MpKsl42e322b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62606F6-859D-4261-9B9B-6AF7AC2378EA}\MpKsl42e322b5.sys [?]
    S1 MpKsl46d0104f;MpKsl46d0104f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28BE90E5-D553-4578-A54F-0FCC31BCA49D}\MpKsl46d0104f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28BE90E5-D553-4578-A54F-0FCC31BCA49D}\MpKsl46d0104f.sys [?]
    S1 MpKsl4c54f593;MpKsl4c54f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl4c54f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl4c54f593.sys [?]
    S1 MpKsl5142046b;MpKsl5142046b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5064562-5241-44DA-B201-43D739EEBE1C}\MpKsl5142046b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5064562-5241-44DA-B201-43D739EEBE1C}\MpKsl5142046b.sys [?]
    S1 MpKsl544d795d;MpKsl544d795d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKsl544d795d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKsl544d795d.sys [?]
    S1 MpKsl554a77d6;MpKsl554a77d6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl554a77d6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl554a77d6.sys [?]
    S1 MpKsl619452ca;MpKsl619452ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFFD7D4-13AF-4D2A-B9DF-2AF23D4B9C2E}\MpKsl619452ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFFD7D4-13AF-4D2A-B9DF-2AF23D4B9C2E}\MpKsl619452ca.sys [?]
    S1 MpKsl66243d4d;MpKsl66243d4d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl66243d4d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl66243d4d.sys [?]
    S1 MpKsl778b1a79;MpKsl778b1a79;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl778b1a79.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl778b1a79.sys [?]
    S1 MpKsl7d95315b;MpKsl7d95315b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86D6C0B6-E82A-44E7-B7FD-F0C1629E6FFC}\MpKsl7d95315b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86D6C0B6-E82A-44E7-B7FD-F0C1629E6FFC}\MpKsl7d95315b.sys [?]
    S1 MpKsl8769d3e7;MpKsl8769d3e7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A3DBE5-91C1-424A-89C3-CA6ADCBF98D6}\MpKsl8769d3e7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A3DBE5-91C1-424A-89C3-CA6ADCBF98D6}\MpKsl8769d3e7.sys [?]
    S1 MpKsl8ad7196a;MpKsl8ad7196a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKsl8ad7196a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKsl8ad7196a.sys [?]
    S1 MpKsla44bb0e4;MpKsla44bb0e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{943CBDE8-3795-44BC-AA46-65A3C794028E}\MpKsla44bb0e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{943CBDE8-3795-44BC-AA46-65A3C794028E}\MpKsla44bb0e4.sys [?]
    S1 MpKsla795d6fd;MpKsla795d6fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E5A9309-7A63-47F9-A78E-0BA6942F71D3}\MpKsla795d6fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E5A9309-7A63-47F9-A78E-0BA6942F71D3}\MpKsla795d6fd.sys [?]
    S1 MpKslada0a9dd;MpKslada0a9dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslada0a9dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslada0a9dd.sys [?]
    S1 MpKslb2730592;MpKslb2730592;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{292D9B05-7100-46BC-9C23-CBE1249482B8}\MpKslb2730592.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{292D9B05-7100-46BC-9C23-CBE1249482B8}\MpKslb2730592.sys [?]
    S1 MpKslb66df2b4;MpKslb66df2b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKslb66df2b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKslb66df2b4.sys [?]
    S1 MpKslb88211c3;MpKslb88211c3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslb88211c3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslb88211c3.sys [?]
    S1 MpKslbb0dfcad;MpKslbb0dfcad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKslbb0dfcad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKslbb0dfcad.sys [?]
    S1 MpKslc899043c;MpKslc899043c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C78F35-81F8-4A8C-9B57-3F33391EBB05}\MpKslc899043c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C78F35-81F8-4A8C-9B57-3F33391EBB05}\MpKslc899043c.sys [?]
    S1 MpKslcbf435b5;MpKslcbf435b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A59F7D5A-475B-4174-A230-EF23B9372BF5}\MpKslcbf435b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A59F7D5A-475B-4174-A230-EF23B9372BF5}\MpKslcbf435b5.sys [?]
    S1 MpKslcc9e82ab;MpKslcc9e82ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKslcc9e82ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKslcc9e82ab.sys [?]
    S1 MpKslcfdcdf5c;MpKslcfdcdf5c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKslcfdcdf5c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKslcfdcdf5c.sys [?]
    S1 MpKsld05e613a;MpKsld05e613a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}\MpKsld05e613a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}\MpKsld05e613a.sys [?]
    S1 MpKsld415caf7;MpKsld415caf7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsld415caf7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsld415caf7.sys [?]
    S1 MpKsld8767dca;MpKsld8767dca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D7EB011-1FE5-4DD4-B3E7-DF306DCB7399}\MpKsld8767dca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D7EB011-1FE5-4DD4-B3E7-DF306DCB7399}\MpKsld8767dca.sys [?]
    S1 MpKsldc5e4f0c;MpKsldc5e4f0c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC197AF9-C7CD-4E65-9EE5-4411222102F4}\MpKsldc5e4f0c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC197AF9-C7CD-4E65-9EE5-4411222102F4}\MpKsldc5e4f0c.sys [?]
    S1 MpKsle11d8f23;MpKsle11d8f23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E95D9768-0589-4DE4-A8EE-D83DE9FBEB3C}\MpKsle11d8f23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E95D9768-0589-4DE4-A8EE-D83DE9FBEB3C}\MpKsle11d8f23.sys [?]
    S1 MpKsle74a2afa;MpKsle74a2afa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3BB9D9C-37D9-444E-B22E-23676CAA1195}\MpKsle74a2afa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3BB9D9C-37D9-444E-B22E-23676CAA1195}\MpKsle74a2afa.sys [?]
    S1 MpKsle9ec4ade;MpKsle9ec4ade;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CAE33CD6-8792-48A0-9CC8-8AACF3A1E5D5}\MpKsle9ec4ade.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CAE33CD6-8792-48A0-9CC8-8AACF3A1E5D5}\MpKsle9ec4ade.sys [?]
    S1 MpKslfdc3eecb;MpKslfdc3eecb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82546538-64D1-4775-8680-814A2210AC93}\MpKslfdc3eecb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82546538-64D1-4775-8680-814A2210AC93}\MpKslfdc3eecb.sys [?]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2011 13:33 136176]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2011 13:33 136176]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 12:32]
    .
    2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 12:32]
    .
    2011-07-26 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe
    AddRemove-Flight Simulator 9.0 - g:\program files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-26 15:09
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-854245398-1417001333-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,29,10,66,ae,89,da,42,9a,6f,65,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,29,10,66,ae,89,da,42,9a,6f,65,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,1f,a4,28,f2,87,d5,48,b8,a5,0a,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(520)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    - - - - - - - > 'explorer.exe'(1828)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\SOUNDMAN.EXE
    c:\progra~1\MI3AA1~1\rapimgr.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-26 15:13:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-26 14:13
    .
    Pre-Run: 7,157,592,064 bytes free
    Post-Run: 7,125,536,768 bytes free
    .
    - - End Of File - - E6D3B87EB1BDBA1DD1B3DAA99DEB7C97
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It looks like you tried to fix IE8 using instructions for the shutdown problem in IE7:

    2011-07-01 14:44 1248 ----a-w- C:\reregister.bat>: this called for registering files and saving them as reregister.bat>>

    What to Do When Windows Internet Explorer 7 Shuts Down Frequently
    http://www.brighthub.com/computing/windows-platform/articles/44296.aspxs
    ======================================
    I'm also curious about this directory: C:\symbols>> same date as the reregister. Is this a folder you set up for special symbols? I don't want to open and have symbols fill out all over!
    ========================================
    You were very video busy around 7/7/2011. You are kind of living on the edge! I use a site advisor and have a hard time finding sites marked safe to check some of the programs.
    =======================================
    Also in the video gathering, I found two different 'interpretation' of the same process:
    2011-07-07 06:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\aHisoft>

    1. "aHisoft is the ultimate solution for all kinds of video and audio conversion needs that enables you to forget about media format incompatibilities and simply enjoy your video or audio any time, any place, on any device."

    2. AHisoft Porntube Downloader> http://www.facebook.com/pages/AHisoft-Porntube-Downloader/170947102940040
    ===========================================
    You might also want to check these old entries- problem finding safe site again:
    2006-11-13 15:24 270336 ----a-w- c:\program files\NETXP.Controls.Bars.dll
    2006-05-25 19:53 . 2006-11-13 15:24 471040 ----a-w- c:\program files\NETXP.Win32.dll
    2006-05-25 19:53 . 2006-11-13 14:42 102400 ----a-w- c:\program files\NETXP.Library.dll
    ===========================================
    Do you have any idea what's going on in the following?
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
    ===========================================
    I've seen multiple update on system for this before, but wither you have the program configured incorrectly, or possibly not in a correct directory, because there are about 100=/- of these update entries:
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}

    From what I have read, a new update should replace an old update. Your is not and all those update are running.
    =============================================
    Can you clarify any of the above for me? It's not malware as such, but some of the programs or apps on the system seems to be questionable.
     
  22. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    Hi Bobbye,

    thanks for getting back to me:

    tried to fix IE8 as you found but seemed to tie meself in loops... hence why i came back here..
    ======================================
    " I'm also curious about this directory: C:\symbols"
    this contains the following folders:
    spgdr\retail\dll\ with the file mshtml.PDB 7,699 kb
    spqfe\retail\dll\ with the file mshtml.PDB 7,707kb

    ========================================
    not sure what was going on ref video on 7/7/2011
    =======================================
    I was trying to find a "free/trial" programme to copy my DVD's to my cell fone !!
    eventually settled on Format Factory

    No idea on the Porntube Downloader !!.
    ===========================================
    Not a clue im afraid mate on these entries !!

    2006-11-13 15:24 270336 ----a-w- c:\program files\NETXP.Controls.Bars.dll
    2006-05-25 19:53 . 2006-11-13 15:24 471040 ----a-w- c:\program files\NETXP.Win32.dll
    2006-05-25 19:53 . 2006-11-13 14:42 102400 ----a-w- c:\program files\NETXP.Library.dll
    ===========================================
    Again Sorry Bobbye, not a clue on this entry !!
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
    ===========================================
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}

    I tend to leave MSE do its own thing and not interfer with it when its doing updates...
    would i be better going back to Avast ??
    =============================================

    Just want to get my pc sorted and know you are the man to help...

    Thank you sincerely...

    Paul
     
  23. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    latest

    had another crash about 3hrs ago... whilst online on MSN page...
    nothing else open !!!

    aaaarrrrrgggggghhhhhh
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    As I told you, there are a lot of questionable entries. I asked you about some of them. The 'symbols' in the directory are stock symbols. Did you set them up? I think there is quite a bit running that you're not aware of and/or didn't intentionally install.

    I can do this- but I don't know if it will fix the problem because we aren't sure just what the problem is. I will write script for you to run through Combofix. It will include the entries I asked you about.
    ============================================
    1. Take all Kodak and Easy Share entries off of the Startup menu.
    2.Please download ATF Cleaner by Atribune
    Please download ATF Cleaner[/url ]by Atribune

    • [1] Double-click ATF-Cleaner.exe to run the program.
      [2] Under Main choose: Select All
      [3] Click the Empty Selected button.

      If you use Firefox browser
      [1] Click Firefox at the top and choose:Select All
      [2] Click the Empty Selected button.
      [3] NOTE: If you would like to keep your saved passwords, please click No at the prompt.

      If you use Opera browser
      [1] Click Opera at the top and choose: Select All
      [2]Click the Empty Selected button.
      [3]NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      Click Exit on the Main menu to close the program.

    =================================================
    3. Update and rescan with Malwarebytes. Leave new log. It's been a month since it scanned.
    =================================================
    4. Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\NETXP.Controls.Bars.dll
    c:\program files\NETXP.Win32.dll
    c:\program files\NETXP.Library.dll
    C:\reregister.bat
    DDS::
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
    uURLSearchHooks: H - No File
    Folder::
    c:\documents and settings\Administrator\Application Data\aHisoft>
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    RegLock::
    [HKEY_USERS\S-1-5-21-854245398-1417001333-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
    Driver::
    cerc6
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ========================================
    Give me a report on the system after a couple of days.
    If you crash, let me know exactly what you are doing at the time.
     
  25. ascot54

    ascot54 TS Rookie Topic Starter Posts: 87

    update

    Hi Bobbye,

    have done as you requested apart from the kodak/easy share at start up...
    i could not find them in my start up menu at all !!!

    i ran the atf prog

    updated and ran Malwarebytes (log attached)

    dropped that script into and ran ComboFix (allowed it to update) then i got a freeze up at completed stage 7 !!!
    manual turned off power to pc and rebooted...

    then re-ran ComboFix with the script in it !! (log attached)


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7328

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    31/07/2011 11:08:56
    mbam-log-2011-07-31 (11-08-56).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 178942
    Time elapsed: 31 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ComboFix 11-07-31.02 - Administrator 31/07/2011 11:36:02.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1623 [GMT 1:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    FILE ::
    "c:\program files\NETXP.Controls.Bars.dll"
    "c:\program files\NETXP.Library.dll"
    "c:\program files\NETXP.Win32.dll"
    "C:\reregister.bat"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\NETXP.Controls.Bars.dll
    c:\program files\NETXP.Library.dll
    c:\program files\NETXP.Win32.dll
    C:\reregister.bat
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_cerc6
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-30 15:41 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{897F9C54-D5CA-4DA0-9400-1B8EA7733516}\mpengine.dll
    2011-07-26 14:17 . 2011-07-26 14:17 -------- d-----w- c:\program files\ESET
    2011-07-25 11:14 . 2011-07-25 11:16 -------- d-----w- C:\HijackThis
    2011-07-24 12:22 . 2011-07-24 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-07-24 12:22 . 2011-07-24 12:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-07-24 12:22 . 2011-07-30 00:58 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-07-16 13:50 . 2011-07-16 13:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2011-07-10 11:37 . 2011-07-10 11:37 -------- d-----w- c:\windows\Performance
    2011-07-10 11:37 . 2011-07-10 11:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
    2011-07-07 12:44 . 2011-07-07 12:44 -------- d-----w- c:\program files\FreeTime
    2011-07-07 06:34 . 2011-07-07 06:34 -------- d-----w- C:\My Videos
    2011-07-07 06:34 . 2011-07-07 06:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\aHisoft
    2011-07-06 18:17 . 2011-07-06 18:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\DVDVideoSoft
    2011-07-06 17:58 . 2011-07-06 17:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Geckofx
    2011-07-06 17:57 . 2011-07-07 06:24 -------- d-----w- c:\program files\AviSynth 2.5
    2011-07-02 15:43 . 2011-07-02 15:43 -------- d-----w- c:\program files\CCleaner
    2011-07-01 10:49 . 2011-07-01 10:49 -------- d-----w- C:\symbols
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-13 03:39 . 2010-11-24 01:15 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-07-06 18:52 . 2011-06-30 10:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 18:52 . 2011-06-30 10:16 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-13 21:09 . 2011-06-13 21:09 65328 ----a-w- c:\windows\apppatch\matsshim.dll
    2011-06-11 17:23 . 2007-02-25 15:28 819712 ----a-w- c:\program files\VATroute.exe
    2011-06-11 11:29 . 2011-06-11 11:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-04 03:52 . 2011-06-07 15:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-02 15:31 . 2010-11-13 20:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2004-10-01 14:00 . 2011-06-07 15:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-07-26_14.10.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-07-30 20:53 . 2011-07-30 20:53 22016 c:\windows\Installer\1121e55.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-30 2424192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
    "SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
    "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2010-11-13 106496]
    "SoundMan"="SOUNDMAN.EXE" [2010-11-13 57344]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\ICQ7.5\\ICQ.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\SquawkBox\\squawkbox_fs.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/07/2011 22:55 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
    R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [08/06/2011 12:47 219072]
    R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [08/06/2011 12:47 5120]
    R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [08/06/2011 12:47 8704]
    S1 MpKsl01985bb1;MpKsl01985bb1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DFD412E-BD0E-40F4-BA31-AF27D43C47BE}\MpKsl01985bb1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DFD412E-BD0E-40F4-BA31-AF27D43C47BE}\MpKsl01985bb1.sys [?]
    S1 MpKsl09159b8b;MpKsl09159b8b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl09159b8b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl09159b8b.sys [?]
    S1 MpKsl13761896;MpKsl13761896;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKsl13761896.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKsl13761896.sys [?]
    S1 MpKsl1dc26ba7;MpKsl1dc26ba7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{897F9C54-D5CA-4DA0-9400-1B8EA7733516}\MpKsl1dc26ba7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{897F9C54-D5CA-4DA0-9400-1B8EA7733516}\MpKsl1dc26ba7.sys [?]
    S1 MpKsl1ea4b516;MpKsl1ea4b516;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKsl1ea4b516.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKsl1ea4b516.sys [?]
    S1 MpKsl1efd7585;MpKsl1efd7585;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47811461-A8F9-4F65-9390-1BC9ADCDE58F}\MpKsl1efd7585.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47811461-A8F9-4F65-9390-1BC9ADCDE58F}\MpKsl1efd7585.sys [?]
    S1 MpKsl204ffc1e;MpKsl204ffc1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKsl204ffc1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKsl204ffc1e.sys [?]
    S1 MpKsl213c8f9f;MpKsl213c8f9f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl213c8f9f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl213c8f9f.sys [?]
    S1 MpKsl2538a3ce;MpKsl2538a3ce;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CC7C580-2DF9-44A3-8B37-836C2DCD18CB}\MpKsl2538a3ce.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CC7C580-2DF9-44A3-8B37-836C2DCD18CB}\MpKsl2538a3ce.sys [?]
    S1 MpKsl2aadfac1;MpKsl2aadfac1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B309C6BE-4313-4EF0-8895-F9A25947BEB6}\MpKsl2aadfac1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B309C6BE-4313-4EF0-8895-F9A25947BEB6}\MpKsl2aadfac1.sys [?]
    S1 MpKsl2f2222d9;MpKsl2f2222d9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D3B1758-01C1-4BAA-A101-E7257DDB6D8F}\MpKsl2f2222d9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D3B1758-01C1-4BAA-A101-E7257DDB6D8F}\MpKsl2f2222d9.sys [?]
    S1 MpKsl377fd64f;MpKsl377fd64f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22EEE4DE-4E0E-44CD-B3B3-09536783D11C}\MpKsl377fd64f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22EEE4DE-4E0E-44CD-B3B3-09536783D11C}\MpKsl377fd64f.sys [?]
    S1 MpKsl3f371606;MpKsl3f371606;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66497442-5220-4F6C-8129-BA22F721E6D5}\MpKsl3f371606.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66497442-5220-4F6C-8129-BA22F721E6D5}\MpKsl3f371606.sys [?]
    S1 MpKsl42d09462;MpKsl42d09462;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B14ACB97-078C-43F2-AA47-D52662A39452}\MpKsl42d09462.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B14ACB97-078C-43F2-AA47-D52662A39452}\MpKsl42d09462.sys [?]
    S1 MpKsl42e322b5;MpKsl42e322b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62606F6-859D-4261-9B9B-6AF7AC2378EA}\MpKsl42e322b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62606F6-859D-4261-9B9B-6AF7AC2378EA}\MpKsl42e322b5.sys [?]
    S1 MpKsl46d0104f;MpKsl46d0104f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28BE90E5-D553-4578-A54F-0FCC31BCA49D}\MpKsl46d0104f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28BE90E5-D553-4578-A54F-0FCC31BCA49D}\MpKsl46d0104f.sys [?]
    S1 MpKsl4c54f593;MpKsl4c54f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl4c54f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl4c54f593.sys [?]
    S1 MpKsl5142046b;MpKsl5142046b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5064562-5241-44DA-B201-43D739EEBE1C}\MpKsl5142046b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5064562-5241-44DA-B201-43D739EEBE1C}\MpKsl5142046b.sys [?]
    S1 MpKsl544d795d;MpKsl544d795d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKsl544d795d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKsl544d795d.sys [?]
    S1 MpKsl554a77d6;MpKsl554a77d6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl554a77d6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl554a77d6.sys [?]
    S1 MpKsl619452ca;MpKsl619452ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFFD7D4-13AF-4D2A-B9DF-2AF23D4B9C2E}\MpKsl619452ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFFD7D4-13AF-4D2A-B9DF-2AF23D4B9C2E}\MpKsl619452ca.sys [?]
    S1 MpKsl631888f7;MpKsl631888f7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{897F9C54-D5CA-4DA0-9400-1B8EA7733516}\MpKsl631888f7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{897F9C54-D5CA-4DA0-9400-1B8EA7733516}\MpKsl631888f7.sys [?]
    S1 MpKsl66243d4d;MpKsl66243d4d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl66243d4d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl66243d4d.sys [?]
    S1 MpKsl778b1a79;MpKsl778b1a79;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl778b1a79.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl778b1a79.sys [?]
    S1 MpKsl7d95315b;MpKsl7d95315b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86D6C0B6-E82A-44E7-B7FD-F0C1629E6FFC}\MpKsl7d95315b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86D6C0B6-E82A-44E7-B7FD-F0C1629E6FFC}\MpKsl7d95315b.sys [?]
    S1 MpKsl8769d3e7;MpKsl8769d3e7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A3DBE5-91C1-424A-89C3-CA6ADCBF98D6}\MpKsl8769d3e7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A3DBE5-91C1-424A-89C3-CA6ADCBF98D6}\MpKsl8769d3e7.sys [?]
    S1 MpKsl8ad7196a;MpKsl8ad7196a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKsl8ad7196a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKsl8ad7196a.sys [?]
    S1 MpKsla44bb0e4;MpKsla44bb0e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{943CBDE8-3795-44BC-AA46-65A3C794028E}\MpKsla44bb0e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{943CBDE8-3795-44BC-AA46-65A3C794028E}\MpKsla44bb0e4.sys [?]
    S1 MpKsla795d6fd;MpKsla795d6fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E5A9309-7A63-47F9-A78E-0BA6942F71D3}\MpKsla795d6fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E5A9309-7A63-47F9-A78E-0BA6942F71D3}\MpKsla795d6fd.sys [?]
    S1 MpKslada0a9dd;MpKslada0a9dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslada0a9dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslada0a9dd.sys [?]
    S1 MpKslb2730592;MpKslb2730592;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{292D9B05-7100-46BC-9C23-CBE1249482B8}\MpKslb2730592.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{292D9B05-7100-46BC-9C23-CBE1249482B8}\MpKslb2730592.sys [?]
    S1 MpKslb66df2b4;MpKslb66df2b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKslb66df2b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKslb66df2b4.sys [?]
    S1 MpKslb88211c3;MpKslb88211c3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslb88211c3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslb88211c3.sys [?]
    S1 MpKslbb0dfcad;MpKslbb0dfcad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKslbb0dfcad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKslbb0dfcad.sys [?]
    S1 MpKslc899043c;MpKslc899043c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C78F35-81F8-4A8C-9B57-3F33391EBB05}\MpKslc899043c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C78F35-81F8-4A8C-9B57-3F33391EBB05}\MpKslc899043c.sys [?]
    S1 MpKslcbf435b5;MpKslcbf435b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A59F7D5A-475B-4174-A230-EF23B9372BF5}\MpKslcbf435b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A59F7D5A-475B-4174-A230-EF23B9372BF5}\MpKslcbf435b5.sys [?]
    S1 MpKslcc9e82ab;MpKslcc9e82ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKslcc9e82ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKslcc9e82ab.sys [?]
    S1 MpKslcfdcdf5c;MpKslcfdcdf5c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKslcfdcdf5c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKslcfdcdf5c.sys [?]
    S1 MpKsld05e613a;MpKsld05e613a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}\MpKsld05e613a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}\MpKsld05e613a.sys [?]
    S1 MpKsld415caf7;MpKsld415caf7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsld415caf7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsld415caf7.sys [?]
    S1 MpKsld8767dca;MpKsld8767dca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D7EB011-1FE5-4DD4-B3E7-DF306DCB7399}\MpKsld8767dca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D7EB011-1FE5-4DD4-B3E7-DF306DCB7399}\MpKsld8767dca.sys [?]
    S1 MpKsldc5e4f0c;MpKsldc5e4f0c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC197AF9-C7CD-4E65-9EE5-4411222102F4}\MpKsldc5e4f0c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC197AF9-C7CD-4E65-9EE5-4411222102F4}\MpKsldc5e4f0c.sys [?]
    S1 MpKsle11d8f23;MpKsle11d8f23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E95D9768-0589-4DE4-A8EE-D83DE9FBEB3C}\MpKsle11d8f23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E95D9768-0589-4DE4-A8EE-D83DE9FBEB3C}\MpKsle11d8f23.sys [?]
    S1 MpKsle74a2afa;MpKsle74a2afa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3BB9D9C-37D9-444E-B22E-23676CAA1195}\MpKsle74a2afa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3BB9D9C-37D9-444E-B22E-23676CAA1195}\MpKsle74a2afa.sys [?]
    S1 MpKsle9ec4ade;MpKsle9ec4ade;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CAE33CD6-8792-48A0-9CC8-8AACF3A1E5D5}\MpKsle9ec4ade.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CAE33CD6-8792-48A0-9CC8-8AACF3A1E5D5}\MpKsle9ec4ade.sys [?]
    S1 MpKslfdc3eecb;MpKslfdc3eecb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82546538-64D1-4775-8680-814A2210AC93}\MpKslfdc3eecb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82546538-64D1-4775-8680-814A2210AC93}\MpKslfdc3eecb.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2011 13:33 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2011 13:33 136176]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 12:32]
    .
    2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 12:32]
    .
    2011-07-31 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
    TCP: DhcpNameServer = 192.168.0.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-31 11:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(524)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    - - - - - - - > 'explorer.exe'(3056)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\SOUNDMAN.EXE
    c:\progra~1\MI3AA1~1\rapimgr.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-31 11:47:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-31 10:47
    ComboFix2.txt 2011-07-26 14:13
    .
    Pre-Run: 6,893,686,784 bytes free
    Post-Run: 6,880,223,232 bytes free
    .
    - - End Of File - - 46170A3D130CC1385B08CE95BEEE1E6A

    Regards

    Paul
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...