Solved IE8 crashing sporadically... unable to replicate.

Status
Not open for further replies.
A

ascot54

Posts: 87   +0
Hi Gents...
been a while since my last foray here..thats good news for me i guess.

However, i'm getting a random crash within IE8 and i cant replicate it... it may happen with in 5mins or may not happen for 2hours or more and locks up my PC.

I have all latest updates installed and have used MS Fixit tool that found a problem with Java Helper... ran the fix but still no luck !!

have followed the guide as per instructions and here are my reports.

grateful if you could take a look and see if i have a problem....?? Googled IE8 crashes and lots of people seem in same boat..knowing that you guys helped me before, thought i'd return here for expertise !!

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6985

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/06/2011 11:28:34
mbam-log-2011-06-30 (11-28-34).txt

Scan type: Quick scan
Objects scanned: 153102
Time elapsed: 9 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-30 11:35:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400BB-00JHA0 rev.05.01C05
Running: qrm0rxbt.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 11:38:37 on 2011-06-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1504 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ICQ] "c:\program files\icq7.2\ICQ.exe" silent loginmode=4
mRun: [SiS Tray] c:\windows\system32\sistray.EXE
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0E11F88F-B70D-4E1F-9370-29721DAD833C} : DhcpNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 165264]
R1 MpKslb46d71b8;MpKslb46d71b8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b83f5e66-b7c7-4812-bbb0-744f0a7dc583}\MpKslb46d71b8.sys [2011-6-30 28752]
R1 MpKsle9ec4ade;MpKsle9ec4ade;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cae33cd6-8792-48a0-9cc8-8aacf3a1e5d5}\mpksle9ec4ade.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cae33cd6-8792-48a0-9cc8-8aacf3a1e5d5}\MpKsle9ec4ade.sys [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [2011-6-8 219072]
R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [2011-6-8 5120]
R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [2011-6-8 8704]
S0 cerc6;cerc6; [x]
S1 MpKsl01985bb1;MpKsl01985bb1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7dfd412e-bd0e-40f4-ba31-af27d43c47be}\mpksl01985bb1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7dfd412e-bd0e-40f4-ba31-af27d43c47be}\MpKsl01985bb1.sys [?]
S1 MpKsl09159b8b;MpKsl09159b8b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\mpksl09159b8b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\MpKsl09159b8b.sys [?]
S1 MpKsl13761896;MpKsl13761896;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91dc30ad-c8f3-4b73-9996-905648cea745}\mpksl13761896.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91dc30ad-c8f3-4b73-9996-905648cea745}\MpKsl13761896.sys [?]
S1 MpKsl1ea4b516;MpKsl1ea4b516;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\mpksl1ea4b516.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\MpKsl1ea4b516.sys [?]
S1 MpKsl1efd7585;MpKsl1efd7585;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47811461-a8f9-4f65-9390-1bc9adcde58f}\mpksl1efd7585.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47811461-a8f9-4f65-9390-1bc9adcde58f}\MpKsl1efd7585.sys [?]
S1 MpKsl213c8f9f;MpKsl213c8f9f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\mpksl213c8f9f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\MpKsl213c8f9f.sys [?]
S1 MpKsl2538a3ce;MpKsl2538a3ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cc7c580-2df9-44a3-8b37-836c2dcd18cb}\mpksl2538a3ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cc7c580-2df9-44a3-8b37-836c2dcd18cb}\MpKsl2538a3ce.sys [?]
S1 MpKsl2f2222d9;MpKsl2f2222d9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d3b1758-01c1-4baa-a101-e7257ddb6d8f}\mpksl2f2222d9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d3b1758-01c1-4baa-a101-e7257ddb6d8f}\MpKsl2f2222d9.sys [?]
S1 MpKsl377fd64f;MpKsl377fd64f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22eee4de-4e0e-44cd-b3b3-09536783d11c}\mpksl377fd64f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22eee4de-4e0e-44cd-b3b3-09536783d11c}\MpKsl377fd64f.sys [?]
S1 MpKsl3f371606;MpKsl3f371606;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66497442-5220-4f6c-8129-ba22f721e6d5}\mpksl3f371606.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66497442-5220-4f6c-8129-ba22f721e6d5}\MpKsl3f371606.sys [?]
S1 MpKsl42d09462;MpKsl42d09462;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b14acb97-078c-43f2-aa47-d52662a39452}\mpksl42d09462.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b14acb97-078c-43f2-aa47-d52662a39452}\MpKsl42d09462.sys [?]
S1 MpKsl42e322b5;MpKsl42e322b5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62606f6-859d-4261-9b9b-6af7ac2378ea}\mpksl42e322b5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62606f6-859d-4261-9b9b-6af7ac2378ea}\MpKsl42e322b5.sys [?]
S1 MpKsl46d0104f;MpKsl46d0104f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{28be90e5-d553-4578-a54f-0fcc31bca49d}\mpksl46d0104f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{28be90e5-d553-4578-a54f-0fcc31bca49d}\MpKsl46d0104f.sys [?]
S1 MpKsl4c54f593;MpKsl4c54f593;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\mpksl4c54f593.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\MpKsl4c54f593.sys [?]
S1 MpKsl5142046b;MpKsl5142046b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5064562-5241-44da-b201-43d739eebe1c}\mpksl5142046b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5064562-5241-44da-b201-43d739eebe1c}\MpKsl5142046b.sys [?]
S1 MpKsl554a77d6;MpKsl554a77d6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\mpksl554a77d6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\MpKsl554a77d6.sys [?]
S1 MpKsl619452ca;MpKsl619452ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9affd7d4-13af-4d2a-b9df-2af23d4b9c2e}\mpksl619452ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9affd7d4-13af-4d2a-b9df-2af23d4b9c2e}\MpKsl619452ca.sys [?]
S1 MpKsl66243d4d;MpKsl66243d4d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\mpksl66243d4d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d88104f9-1bce-4eba-b828-8e55af57d4be}\MpKsl66243d4d.sys [?]
S1 MpKsl778b1a79;MpKsl778b1a79;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\mpksl778b1a79.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\MpKsl778b1a79.sys [?]
S1 MpKsl7d95315b;MpKsl7d95315b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{86d6c0b6-e82a-44e7-b7fd-f0c1629e6ffc}\mpksl7d95315b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{86d6c0b6-e82a-44e7-b7fd-f0c1629e6ffc}\MpKsl7d95315b.sys [?]
S1 MpKsl8769d3e7;MpKsl8769d3e7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f2a3dbe5-91c1-424a-89c3-ca6adcbf98d6}\mpksl8769d3e7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f2a3dbe5-91c1-424a-89c3-ca6adcbf98d6}\MpKsl8769d3e7.sys [?]
S1 MpKsl8ad7196a;MpKsl8ad7196a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8337061-f7d2-4cf0-a274-531e92950546}\mpksl8ad7196a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8337061-f7d2-4cf0-a274-531e92950546}\MpKsl8ad7196a.sys [?]
S1 MpKsla44bb0e4;MpKsla44bb0e4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{943cbde8-3795-44bc-aa46-65a3c794028e}\mpksla44bb0e4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{943cbde8-3795-44bc-aa46-65a3c794028e}\MpKsla44bb0e4.sys [?]
S1 MpKsla795d6fd;MpKsla795d6fd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e5a9309-7a63-47f9-a78e-0ba6942f71d3}\mpksla795d6fd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e5a9309-7a63-47f9-a78e-0ba6942f71d3}\MpKsla795d6fd.sys [?]
S1 MpKslada0a9dd;MpKslada0a9dd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\mpkslada0a9dd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\MpKslada0a9dd.sys [?]
S1 MpKslb66df2b4;MpKslb66df2b4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91dc30ad-c8f3-4b73-9996-905648cea745}\mpkslb66df2b4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{91dc30ad-c8f3-4b73-9996-905648cea745}\MpKslb66df2b4.sys [?]
S1 MpKslb88211c3;MpKslb88211c3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\mpkslb88211c3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f5339516-4df0-403a-9dfd-bfc9bc0c66e2}\MpKslb88211c3.sys [?]
S1 MpKslc899043c;MpKslc899043c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b4c78f35-81f8-4a8c-9b57-3f33391ebb05}\mpkslc899043c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b4c78f35-81f8-4a8c-9b57-3f33391ebb05}\MpKslc899043c.sys [?]
S1 MpKslcbf435b5;MpKslcbf435b5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a59f7d5a-475b-4174-a230-ef23b9372bf5}\mpkslcbf435b5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a59f7d5a-475b-4174-a230-ef23b9372bf5}\MpKslcbf435b5.sys [?]
S1 MpKslcc9e82ab;MpKslcc9e82ab;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8337061-f7d2-4cf0-a274-531e92950546}\mpkslcc9e82ab.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8337061-f7d2-4cf0-a274-531e92950546}\MpKslcc9e82ab.sys [?]
S1 MpKsld05e613a;MpKsld05e613a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ba2e52e-fd9d-4992-a0a2-a63419d19023}\mpksld05e613a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ba2e52e-fd9d-4992-a0a2-a63419d19023}\MpKsld05e613a.sys [?]
S1 MpKsld415caf7;MpKsld415caf7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\mpksld415caf7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b22f86cf-b122-4726-8a31-fbc4874d5383}\MpKsld415caf7.sys [?]
S1 MpKsld8767dca;MpKsld8767dca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4d7eb011-1fe5-4dd4-b3e7-df306dcb7399}\mpksld8767dca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4d7eb011-1fe5-4dd4-b3e7-df306dcb7399}\MpKsld8767dca.sys [?]
S1 MpKsldc5e4f0c;MpKsldc5e4f0c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc197af9-c7cd-4e65-9ee5-4411222102f4}\mpksldc5e4f0c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc197af9-c7cd-4e65-9ee5-4411222102f4}\MpKsldc5e4f0c.sys [?]
S1 MpKsle74a2afa;MpKsle74a2afa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3bb9d9c-37d9-444e-b22e-23676caa1195}\mpksle74a2afa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3bb9d9c-37d9-444e-b22e-23676caa1195}\MpKsle74a2afa.sys [?]
S1 MpKslfdc3eecb;MpKslfdc3eecb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{82546538-64d1-4775-8680-814a2210ac93}\mpkslfdc3eecb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{82546538-64d1-4775-8680-814a2210ac93}\MpKslfdc3eecb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-13 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-13 136176]
.
=============== Created Last 30 ================
.
2011-06-30 10:36:26 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b83f5e66-b7c7-4812-bbb0-744f0a7dc583}\MpKslb46d71b8.sys
2011-06-30 10:35:58 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b83f5e66-b7c7-4812-bbb0-744f0a7dc583}\mpengine.dll
2011-06-30 10:16:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 10:16:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-30 10:16:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 10:16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-30 08:53:51 -------- d-----w- c:\documents and settings\administrator\application data\ElevatedDiagnostics
2011-06-19 15:30:58 -------- dc-h--w- c:\windows\ie8
2011-06-11 17:22:46 -------- d-----w- c:\program files\Hangar
2011-06-11 17:22:32 -------- d-----w- c:\program files\Cycle
2011-06-11 17:21:53 -------- d-----w- c:\windows\uninstall
2011-06-11 11:29:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-08 11:47:27 8704 ----a-w- c:\windows\system32\drivers\chdrvr03.sys
2011-06-08 11:47:27 86776 ----a-w- c:\windows\system32\CMCalBlk.dll
2011-06-08 11:47:27 5120 ----a-w- c:\windows\system32\drivers\chdrvr02.sys
2011-06-08 11:47:27 219072 ----a-w- c:\windows\system32\drivers\chdrvr01.sys
2011-06-08 11:23:32 -------- d-----w- c:\program files\CH Products
2011-06-08 10:36:04 -------- d-----w- c:\program files\SquawkBox
2011-06-07 15:39:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-07 15:39:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-07 15:19:02 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2011-06-07 15:18:56 471040 ------w- c:\windows\system32\ImagXRA7.dll
2011-06-07 15:18:55 476320 ------w- c:\windows\system32\ImagXpr7.dll
2011-06-07 15:18:55 262144 ------w- c:\windows\system32\ImagXR7.dll
2011-06-07 15:18:55 1568768 ------w- c:\windows\system32\ImagX7.dll
2011-06-07 15:18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2011-06-07 15:17:56 2973696 ------w- c:\windows\NuNinst.exe
2011-06-07 15:17:52 99584 ------w- c:\windows\system32\drivers\InCDfs.sys
2011-06-07 15:17:52 8704 ------w- c:\windows\system32\drivers\InCDrec.sys
2011-06-07 15:17:52 29696 ------w- c:\windows\system32\drivers\InCDpass.sys
2011-06-07 15:17:51 28672 ------w- c:\windows\system32\drivers\InCDrm.sys
2011-06-07 15:17:50 -------- d-----w- c:\windows\InCD
2011-06-07 15:17:16 10368 ------w- c:\windows\system32\drivers\pfc.sys
2011-06-07 15:15:54 -------- d-----w- C:\MyWorks
2011-06-07 15:15:36 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-06-07 15:15:34 -------- d-----w- c:\program files\CyberLink DVD Solution
2011-06-04 11:25:20 -------- d-----w- c:\documents and settings\administrator\local settings\application data\KodakGallery
2011-06-04 11:20:41 -------- d-----w- c:\documents and settings\administrator\local settings\application data\ArcSoft
2011-06-04 11:20:26 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft
2011-06-04 11:17:30 -------- d-----w- c:\program files\common files\Kodak
2011-06-04 11:16:25 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-06-04 11:16:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-06-04 11:16:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-06-04 11:16:24 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-06-04 11:16:24 317952 ------w- c:\windows\system32\imapi2.dll
2011-06-04 11:16:19 -------- d-----w- c:\program files\Kodak
2011-06-04 11:13:41 -------- d-----w- c:\documents and settings\all users\application data\Kodak
.
==================== Find3M ====================
.
2011-06-11 17:23:04 819712 ----a-w- c:\program files\VATroute.exe
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2006-05-25 19:53:24 270336 ----a-w- c:\program files\NETXP.Controls.Bars.dll
2006-05-25 19:53:22 471040 ----a-w- c:\program files\NETXP.Win32.dll
2006-05-25 19:53:22 102400 ----a-w- c:\program files\NETXP.Library.dll
.
============= FINISH: 11:39:17.59 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13/11/2010 20:24:44
System Uptime: 30/06/2011 11:06:54 (0 hours ago)
.
Motherboard: Acer | | E61ML
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Socket 478 | 2666/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 8.054 GiB free.
D: is CDROM (CDFS)
E: is FIXED (FAT32) - 5 GiB total, 1.169 GiB free.
F: is FIXED (NTFS) - 32 GiB total, 3.6 GiB free.
G: is FIXED (NTFS) - 149 GiB total, 145.591 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_2A02&SUBSYS_800A1799&REV_03\3&61AAA01&0&50
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_2A02&SUBSYS_800A1799&REV_03\3&61AAA01&0&50
Service:
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_16EC&DEV_2F00&SUBSYS_010C16EC&REV_01\3&61AAA01&0&58
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_16EC&DEV_2F00&SUBSYS_010C16EC&REV_01\3&61AAA01&0&58
Service:
.
==== System Restore Points ===================
.
RP257: 07/06/2011 16:38:38 - Installed Java(TM) 6 Update 25
RP258: 07/06/2011 20:29:51 - Removed Print Creations
RP259: 08/06/2011 09:37:52 - Software Distribution Service 3.0
RP260: 08/06/2011 12:48:10 - Unsigned driver install
RP261: 08/06/2011 16:12:45 - Unsigned driver install
RP262: 08/06/2011 20:58:34 - Unsigned driver install
RP263: 09/06/2011 09:51:10 - Software Distribution Service 3.0
RP264: 10/06/2011 09:46:23 - Software Distribution Service 3.0
RP265: 11/06/2011 12:57:05 - Software Distribution Service 3.0
RP266: 12/06/2011 14:06:09 - Software Distribution Service 3.0
RP267: 13/06/2011 14:48:55 - System Checkpoint
RP268: 14/06/2011 06:43:23 - Software Distribution Service 3.0
RP269: 15/06/2011 06:43:12 - Software Distribution Service 3.0
RP270: 16/06/2011 07:05:39 - System Checkpoint
RP271: 16/06/2011 21:08:06 - Software Distribution Service 3.0
RP272: 17/06/2011 03:00:15 - Software Distribution Service 3.0
RP273: 18/06/2011 03:35:12 - System Checkpoint
RP274: 18/06/2011 10:37:43 - Software Distribution Service 3.0
RP275: 18/06/2011 12:18:23 - Installed Java(TM) 6 Update 26
RP276: 19/06/2011 10:37:30 - Software Distribution Service 3.0
RP277: 19/06/2011 16:31:21 - Installed Windows Internet Explorer 8.
RP278: 19/06/2011 16:32:27 - Software Distribution Service 3.0
RP279: 19/06/2011 20:56:32 - Software Distribution Service 3.0
RP280: 20/06/2011 15:25:15 - Software Distribution Service 3.0
RP281: 20/06/2011 15:34:41 - Software Distribution Service 3.0
RP282: 22/06/2011 15:01:52 - Software Distribution Service 3.0
RP283: 23/06/2011 15:09:24 - System Checkpoint
RP284: 24/06/2011 15:39:49 - Software Distribution Service 3.0
RP285: 25/06/2011 15:56:20 - Software Distribution Service 3.0
RP286: 27/06/2011 11:22:44 - Software Distribution Service 3.0
RP287: 28/06/2011 03:00:16 - Software Distribution Service 3.0
RP288: 28/06/2011 18:49:37 - Software Distribution Service 3.0
RP289: 29/06/2011 12:47:07 - Software Distribution Service 3.0
RP290: 30/06/2011 09:44:42 - Software Distribution Service 3.0
RP291: 30/06/2011 09:47:08 - Installed %1 %2.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
CCScore
CH Control Manager Software
DECAdry Print Software 150
DVD Solution
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
ICQ7.5
InCD
Java Auto Updater
Java(TM) 6 Update 26
Kodak EasyShare software
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Launcher
Nero OEM
netbrdg
OfotoXMI
PowerDVD
PowerProducer
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SFR
SHASTA
SiS 661FX_760_741_M661FX_M760_M741
skin0001
SKINXSDK
SquawkBox
staticcr
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAT-Spy
VATroute 0.0.1.021
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
WIRELESS
.
==== End Of File ===========================

thank you
 
Welcome back! I realize you'd rather not have to post in this forum, so I will try to make it as pleasant as possible!

i'm getting a random crash within IE8
Click to expand...

I am not aware of lots of people' having this problem. And there are many things that could cause- it doesn't have to be malware. It could be due to not enough RAM, bad memory chips or many other problems.

I'd like you to do this to see if we can pin down any common cause: The next time there is a crash:
1. Look at the computer clock and make a note of the time.
2. Tell me exactly what you were doing when IE crashed.
3. Tell me exactly what happened when it crashed>> did IE close? Did the screen freeze? Did you get any message at all?
4. IF you did a reboot, did the same cycle continue>> work for a while, random crash, notable during gaming?
5. How much RAM is installed?

==========================================
Keeping in mind the time of the crash that you wrote down:

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error that happens at the time of the crash- if one>
[3] .Double click on the Error to open.
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES
  • You can ignore Warnings and Information Events.
  • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
  • You don't need to include the lines of code in the box below the Description, if any.
  • Please do not copy the entire Event log.

Errors are time coded. Check the computer clock on freeze.
=============================================
One thing that will cause intermittent crashes is if you have 'hidden files and folders' check to show, along with unhiding 'protected system files'. Check Folder Options in the Control Panel> View tab

If you need more help with this, let me know.
 
latest...

Hi Bobbye,
This was the most recent error that has a log in Applications.
Todays crash is not listed.

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 29/06/2011
Time: 14:07:29
User: N/A
Computer: PAUL
Description:
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19088, fault address 0x000ec5c5.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 38 2e 30 2e 36 30 e 8.0.60
0028: 30 31 2e 31 38 37 30 32 01.18702
0030: 20 69 6e 20 6d 73 68 74 in msht
0038: 6d 6c 2e 64 6c 6c 20 38 ml.dll 8
0040: 2e 30 2e 36 30 30 31 2e .0.6001.
0048: 31 39 30 38 38 20 61 74 19088 at
0050: 20 6f 66 66 73 65 74 20 offset
0058: 30 30 30 65 63 35 63 35 000ec5c5
0060: 0d 0a ..

There are no other errors witihn eventvwr... eg: security / iexplorer /power shell..
I have 2Mb of RAM , so i dont think that is the issue.. i have removed both RAm chips independently, to ensure they are both being read in their respective sockets and even swopped sockets in case of socket failure. All passed the test.

I was in IE and attempted to open a 2nd tab within the window and then the PC froze !! i could not move the mouse and had to shut PC down using power button...
This is the normal cycle, however, if i leave the PC to do updates, i find it also crashes then. So i dont think its just an IE problem now..??
To date ihave expereinced no problems during gaming...my gaming is limited to online flying with MS FlightSim..and also using Vatspy/SquawkBox for chat whilst talking to Air Traffic Control.

all hidden files and folders are hidden and not on display as well as system files...I dont have them on display because if others are "borrowing" my PC for school homework, i'd be worrried they delete something they shouldnt...!!
If you need any other info, please advise....

Thanks Bobbye,

Best regards to you as always,

Paul
 
just found article in MS ref the fault... it refers to KB976325 relating to the smartscreen filter...mine is turned off, but also i dont have that KB installed..!! also noticed in add/remove that my IE8 was last used on 1/1/2011 !! yet i use it most days !!!! is that odd at all ???
thank again...

Paul
 
Hi Bobbye,
just had a freeze at 1520GMT....checked event vwr no log created but found this under information..
Event Type: Information
Event Source: gupdate
Event Category: None
Event ID: 0
Date: 30/06/2011
Time: 16:22:07
User: N/A
Computer: PAUL
Description:
The description for Event ID ( 0 ) in Source ( gupdate ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service stopped.

worried as it says remote computer !!!! any ideas ??
thanks
Paul
 
( gupdate ) is the Google Toolbar Update. If you use the toolbar, this comes with it. I killed the process numerous times and found it had put itself back on the Startup menu. My thought is that a toolbar doesn't have to update enough to allow it to check for updates, every day, numerous times each day.

You can try doing this:
Click on Start> Run> type in services.msc> double click on gupdate to open> Change the Startup type to Disabled> Stop the Service.

Please note my comment to ignore 'Information' entries. You are only looking for Errors.
Please also note my instructions that you do not need to include the codes below the error description.
==========================================
Please see this Microsoft Site regarding the 'faulting module mshtml.dll."
==========================================
If the update does not help, start IE with No Addons. Then put the addons back onto the system and check after each one. If you find a particular addons is causing a crash, remove it and don't use.
 
done this...
"Click on Start> Run> type in services.msc> double click on gupdate to open> Change the Startup type to Disabled> Stop the Service"
i know you said im only looking for errors but my concern on the information was "remote computer" my mind went "trojan" !!
i looked at the MS Site you suggest.. that says IE5.5 is that right...??
 
Try this site: http://support.microsoft.com/kb/892052

It hard to find the combination of mshtml,dll+IE8+Win XP. As you saw, this has been a problem since IE4 and 5. You would think they'd have it right by now!

Of course Google is going to have to go to a remote computer to get the update! That doesn't mean someone is remotely getting into your system. Please search for "Remote computer" vs "Remote Access"
 
Hi Bobbye,
had 2 further freeze ups since yesterday and still there is no damn crash report to be found....really hacked off with MS now !!!
my local PC shop suggested they would have a look and re-install the operating system....!!
im not happy to do this because i have my PC loaded and set how i want with ref to my FlightSim etc...
im now trying IE8 without add ons to see how this goes...!! as opposed to the normal IE8....!!

any ideas where else in the system i could be looking to find the root cause ??
as i say it's very random...!! earlier i was only on IE8 for a matter of mins before it froze !!!
really annoying when you are trying to do admin tasks !!!

Thanks again Buddy....

Paul
 
Paul, how much RAM do you have on the system?

The next time the system freezes, take note of exactly what you're doing:
What programs are currently active- are you working on or in a particular program or app- Which one are you using at the time of the crash? Look down on the Taskbar and make note of everything that is minimized, including the email.

Is there any particular function you are using what the freeze happens?

Because there are no corresponding Errors in the Event Viewer, the freeze is most likely directly related to what function or feature you are using at the time.

And if worse come to worse, you can try to uninstall/reinstall IE8- again.
 
Hi Bobbye, i have 2mb of RAM and done a service check on them eg: swopped memory over to different slots...no errors found...
on taskbar is : MS Essentials, soundcard controls, InCD, Active Sync....
none of the above actually in use...
nothing minimised to taskbar only thing open was IE8 !! last crash happened when i clicked on the Tools button in IE8...
I found a link ref IE7..it suggested to re-register several dll's using a batch file..

link : http://www.brighthub.com/computing/windows-platform/articles/44296.aspx

so far, no crashes....!!
will keep you updated buddy if this seems to have "cured" the problem....
Rgds

Paul
 
crashed again....

Hi Bobbye,

just had another crash...but this time in Google Chrome !!!!!

decided to uninstall IE8 and see what happens... no overnight crashes !!
but just using Google Chrome to surf and get a freeze up..!!

however, here is the odd thing...
thought i'd look at event viewer...found lots of error logs that wernt there when IE8 was installed...
here is the last one

Event Type: Error
Event Source: MatSvc
Event Category: None
Event ID: 15
Date: 02/07/2011
Time: 11:06:38
User: N/A
Computer: PAUL
Description:
The scheduled MATS task encountered a failure when collecting configuration data. hr=0x803C0101
.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

even crashed whilst i was typing this up...
surely there has to be something deeper as the root cause here ??? !!!

any advice greatly appreciated !!

rgds

Paul
 
The scheduled MATS task encountered a failure
Related to Matsvc.exe Automated Troubleshooting Service from Microsoft Corporation

The service belongs to the Microsoft Fixit program. If you installed this, uninstall it. Supposedly the MatSvc only runs when needed but Microsoft Fixit is still in beta and many people have reported issues with it.

It appears that you have this scheduled to run. Frankly, I wouldn't let this on my system! http://support.microsoft.com/fixit/

I don't know i this came with IE or if it was a Windows Updates. But do yourself a favor and remove it! You may have to chase down a Service:
Click on Start> Run> type in services.msc> enter> Double click on the Service to open it> Stop the Service> Change the Startup type to Disable> Exit the Services.

Also check the Scheduled Tasks and remove:
Scheduled Tasks
Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.
Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
To change the settings for a task: right-click the Task> click Properties> do any of the following:
  1. To change the schedule for the task, click the Schedule tab.
  2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
  3. To delete a task> right-click the task> click Delete.
  4. To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.
 
Ho Bobbye,
i'm back....lol.....

had my system in to store, over 3 days of bench testing and not one crash get it home and four crashes in as many hours... from within Google and witihn online gaming (x2)....!! the last 2 crashes were about an hour apart....
im getting to the end of my tether now and shortly the pc will be taking its own flying lessons from the first floor !!! can you help ???
best wishes always

Paul
 
Paul, you have done a great job of troubleshooting and I know your frustration level must be high. I went back to the first log and created a time line and I will give you that.

First, I'd like you to open IE and disable all of the Addons. It may not actually be the browser but rather something that runs when the browser does. Then you put the addons back, one at a time, try the system after each. If you crash after putting one back on, take it off again and check the system.

As helpful as the Event Viewer can be, unless there is a real error within the system itself or a particular app, it's not going to show a corresponding error.

Second, as you found, some updates can cause problems. You first log was dated 6/30/2011, so you need to play detective and try to determine if the problem started after an update.

Third, I don't know how long this was going on before you posted here, but here is a timeline of programs you installed in the period shortly before you got IE8:
2011-06-19 15:30:58
c:\windows\ie8

2011-06-11 17:22:46
c:\program files\Hangar
c:\program files\Cycle
c:\windows\uninstall
c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-08 11:23:32
c:\program files\CH Products> Gameport and USB controllers and trackballs
c:\program files\SquawkBox

2011-06-07 15:18:55
pegasus(Accusoft) imaging imagxpress 7> 'giveaway of the day. Current version is v9
c:\program files\Uninstall_CDS.exe> uninstalling Cyberlink's Power2Go program.
c:\program files\CyberLink DVD Solution
Click to expand...
===============================
Using the KB sequence numbers, this looks to be the last Security Update for Windows XP (KB982665)> MS10-055: Vulnerability in Cinepak codec could allow remote code execution> dated in MS 6/20/2011

And this was last plain Update for Windows XP (KB973815)> MS09-037: Description of the security update for Microsoft MSWebDVD ActiveX Control in Windows XP and Windows Server 2003: August 11, 2009

It is interesting to note that the last Security Update was one day after you upgraded to IE8
===================================================
I'd like you to run this. I can then have you check all processes that don't need to start on boot and run in the background:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
Latest

Hi Bobbye...

Thanks once again for your help....!!

Just to give you an update...

i have uninstalled all IE !!!
yesterday i dowloaded SAS, and ran it... detected 98 threats...dealt with them...

Here is my log from HJT......

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:55, on 25/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 4531 bytes

I found this entry too whilst loading HJT !!!

goes by name of keyhook.txt !!

any bearing on my "freeze" as it says destroy window....!!!

Edit: Repeating entries of DestroyWindow & FreeDirectInput have been deleted by Bobbye


Rgds Paul
 
yesterday i dowloaded SAS, and ran it... detected 98 threats...dealt with them...
Click to expand...
1. Were all or most of these Tracking Cookies?
2. You have gone back to IE6- correct?
3. Regarding the entries you found:
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

Name: SiS Windows KeyHook
File Name: keyhook.exe
Status: U> means it is up to you whether or not you feel this program needs to run automatically.
SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings
From bleepingcomputer.com Startups:
This is a valid program, but it is up to you whether or not you want it to run on startup.
Name: SiS Windows KeyHook
Filename: keyhook.exe
Command: C:\WINDOWS\system32\keyhook.exe
Description: SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings
File Location: C:\WINDOWS\system32\keyhook.exe
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
HijackThis Category: O4 Entry
Click to expand...
================================================
Unfortunately, I forgot to add my guidelines in my first post:
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
    Click to expand...
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.

But I think the text I have put in bold quote is also included in the steps guidelines.
=====================================
 
Latest

Hi Bob,

fully understand the "small print"

1: all tracking cookies
2: uninstalled ie8 & 7 (only using Google Chrome to try to isolate issue)
3: found keyhook by chance today when loading HJT to C: drive

i have not done anything else yet to my pc awaiting your advice.... only thing is i have read up on keyhook and it says others have expereinced errors within Windows OS because of the way it operates...
frustrating as i "fly" online and on Sat nite i was 4miles finals into London and pc froze on me, not only spoiling my enjoyment but those i regularly fly with....

Just want a trouble free flight/pc !!!!!
anything else in the HJT to get rid off ??

grateful thanks as always !!!
 
Wow! Every time I get sidetracked from my focus on malware removal, I lose track of the basics! I don't know how we've gone on this long without my having you run the following! Please run them, then I'll deal with the HJT log:

Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
===========================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
latest

HI Bobbye,

here is Combofix log report....
i ran ESET online scanner

no malware, no log produced !!!


ComboFix 11-07-26.02 - Administrator 26/07/2011 15:02:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1553 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-25 15:30 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E95D9768-0589-4DE4-A8EE-D83DE9FBEB3C}\mpengine.dll
2011-07-25 11:14 . 2011-07-25 11:16 -------- d-----w- C:\HijackThis
2011-07-24 12:22 . 2011-07-24 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-24 12:22 . 2011-07-24 12:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-07-24 12:22 . 2011-07-24 12:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-16 13:50 . 2011-07-16 13:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-07-10 11:37 . 2011-07-10 11:37 -------- d-----w- c:\windows\Performance
2011-07-10 11:37 . 2011-07-10 11:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
2011-07-07 12:44 . 2011-07-07 12:44 -------- d-----w- c:\program files\FreeTime
2011-07-07 06:34 . 2011-07-07 06:34 -------- d-----w- C:\My Videos
2011-07-07 06:34 . 2011-07-07 06:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\aHisoft
2011-07-06 18:17 . 2011-07-06 18:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\DVDVideoSoft
2011-07-06 17:58 . 2011-07-06 17:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Geckofx
2011-07-06 17:57 . 2011-07-07 06:24 -------- d-----w- c:\program files\AviSynth 2.5
2011-07-02 15:43 . 2011-07-02 15:43 -------- d-----w- c:\program files\CCleaner
2011-07-01 14:44 . 2011-07-01 14:44 1248 ----a-w- C:\reregister.bat
2011-07-01 10:49 . 2011-07-01 10:49 -------- d-----w- C:\symbols
2011-06-30 10:16 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 10:16 . 2011-06-30 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-30 10:16 . 2011-07-22 09:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-30 10:16 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 08:53 . 2011-06-30 08:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2010-11-24 01:15 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-13 21:09 . 2011-06-13 21:09 65328 ----a-w- c:\windows\apppatch\matsshim.dll
2011-06-11 17:23 . 2007-02-25 15:28 819712 ----a-w- c:\program files\VATroute.exe
2011-06-11 11:29 . 2011-06-11 11:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 03:52 . 2011-06-07 15:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 15:31 . 2010-11-13 20:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-05-25 19:53 . 2006-11-13 15:24 270336 ----a-w- c:\program files\NETXP.Controls.Bars.dll
2006-05-25 19:53 . 2006-11-13 15:24 471040 ----a-w- c:\program files\NETXP.Win32.dll
2006-05-25 19:53 . 2006-11-13 14:42 102400 ----a-w- c:\program files\NETXP.Library.dll
2004-10-01 14:00 . 2011-06-07 15:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2010-11-13 106496]
"SoundMan"="SOUNDMAN.EXE" [2010-11-13 57344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\SquawkBox\\squawkbox_fs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/07/2011 22:55 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [08/06/2011 12:47 219072]
R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [08/06/2011 12:47 5120]
R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [08/06/2011 12:47 8704]
S0 cerc6;cerc6; [x]
S1 MpKsl01985bb1;MpKsl01985bb1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DFD412E-BD0E-40F4-BA31-AF27D43C47BE}\MpKsl01985bb1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DFD412E-BD0E-40F4-BA31-AF27D43C47BE}\MpKsl01985bb1.sys [?]
S1 MpKsl09159b8b;MpKsl09159b8b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl09159b8b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl09159b8b.sys [?]
S1 MpKsl13761896;MpKsl13761896;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKsl13761896.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKsl13761896.sys [?]
S1 MpKsl1ea4b516;MpKsl1ea4b516;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKsl1ea4b516.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKsl1ea4b516.sys [?]
S1 MpKsl1efd7585;MpKsl1efd7585;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47811461-A8F9-4F65-9390-1BC9ADCDE58F}\MpKsl1efd7585.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47811461-A8F9-4F65-9390-1BC9ADCDE58F}\MpKsl1efd7585.sys [?]
S1 MpKsl204ffc1e;MpKsl204ffc1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKsl204ffc1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKsl204ffc1e.sys [?]
S1 MpKsl213c8f9f;MpKsl213c8f9f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl213c8f9f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl213c8f9f.sys [?]
S1 MpKsl2538a3ce;MpKsl2538a3ce;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CC7C580-2DF9-44A3-8B37-836C2DCD18CB}\MpKsl2538a3ce.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CC7C580-2DF9-44A3-8B37-836C2DCD18CB}\MpKsl2538a3ce.sys [?]
S1 MpKsl2aadfac1;MpKsl2aadfac1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B309C6BE-4313-4EF0-8895-F9A25947BEB6}\MpKsl2aadfac1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B309C6BE-4313-4EF0-8895-F9A25947BEB6}\MpKsl2aadfac1.sys [?]
S1 MpKsl2f2222d9;MpKsl2f2222d9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D3B1758-01C1-4BAA-A101-E7257DDB6D8F}\MpKsl2f2222d9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D3B1758-01C1-4BAA-A101-E7257DDB6D8F}\MpKsl2f2222d9.sys [?]
S1 MpKsl377fd64f;MpKsl377fd64f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22EEE4DE-4E0E-44CD-B3B3-09536783D11C}\MpKsl377fd64f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22EEE4DE-4E0E-44CD-B3B3-09536783D11C}\MpKsl377fd64f.sys [?]
S1 MpKsl3f371606;MpKsl3f371606;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66497442-5220-4F6C-8129-BA22F721E6D5}\MpKsl3f371606.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66497442-5220-4F6C-8129-BA22F721E6D5}\MpKsl3f371606.sys [?]
S1 MpKsl42d09462;MpKsl42d09462;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B14ACB97-078C-43F2-AA47-D52662A39452}\MpKsl42d09462.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B14ACB97-078C-43F2-AA47-D52662A39452}\MpKsl42d09462.sys [?]
S1 MpKsl42e322b5;MpKsl42e322b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62606F6-859D-4261-9B9B-6AF7AC2378EA}\MpKsl42e322b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62606F6-859D-4261-9B9B-6AF7AC2378EA}\MpKsl42e322b5.sys [?]
S1 MpKsl46d0104f;MpKsl46d0104f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28BE90E5-D553-4578-A54F-0FCC31BCA49D}\MpKsl46d0104f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28BE90E5-D553-4578-A54F-0FCC31BCA49D}\MpKsl46d0104f.sys [?]
S1 MpKsl4c54f593;MpKsl4c54f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl4c54f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl4c54f593.sys [?]
S1 MpKsl5142046b;MpKsl5142046b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5064562-5241-44DA-B201-43D739EEBE1C}\MpKsl5142046b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5064562-5241-44DA-B201-43D739EEBE1C}\MpKsl5142046b.sys [?]
S1 MpKsl544d795d;MpKsl544d795d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKsl544d795d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKsl544d795d.sys [?]
S1 MpKsl554a77d6;MpKsl554a77d6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl554a77d6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl554a77d6.sys [?]
S1 MpKsl619452ca;MpKsl619452ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFFD7D4-13AF-4D2A-B9DF-2AF23D4B9C2E}\MpKsl619452ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFFD7D4-13AF-4D2A-B9DF-2AF23D4B9C2E}\MpKsl619452ca.sys [?]
S1 MpKsl66243d4d;MpKsl66243d4d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl66243d4d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl66243d4d.sys [?]
S1 MpKsl778b1a79;MpKsl778b1a79;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl778b1a79.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl778b1a79.sys [?]
S1 MpKsl7d95315b;MpKsl7d95315b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86D6C0B6-E82A-44E7-B7FD-F0C1629E6FFC}\MpKsl7d95315b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86D6C0B6-E82A-44E7-B7FD-F0C1629E6FFC}\MpKsl7d95315b.sys [?]
S1 MpKsl8769d3e7;MpKsl8769d3e7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A3DBE5-91C1-424A-89C3-CA6ADCBF98D6}\MpKsl8769d3e7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A3DBE5-91C1-424A-89C3-CA6ADCBF98D6}\MpKsl8769d3e7.sys [?]
S1 MpKsl8ad7196a;MpKsl8ad7196a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKsl8ad7196a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKsl8ad7196a.sys [?]
S1 MpKsla44bb0e4;MpKsla44bb0e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{943CBDE8-3795-44BC-AA46-65A3C794028E}\MpKsla44bb0e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{943CBDE8-3795-44BC-AA46-65A3C794028E}\MpKsla44bb0e4.sys [?]
S1 MpKsla795d6fd;MpKsla795d6fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E5A9309-7A63-47F9-A78E-0BA6942F71D3}\MpKsla795d6fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E5A9309-7A63-47F9-A78E-0BA6942F71D3}\MpKsla795d6fd.sys [?]
S1 MpKslada0a9dd;MpKslada0a9dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslada0a9dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslada0a9dd.sys [?]
S1 MpKslb2730592;MpKslb2730592;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{292D9B05-7100-46BC-9C23-CBE1249482B8}\MpKslb2730592.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{292D9B05-7100-46BC-9C23-CBE1249482B8}\MpKslb2730592.sys [?]
S1 MpKslb66df2b4;MpKslb66df2b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKslb66df2b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKslb66df2b4.sys [?]
S1 MpKslb88211c3;MpKslb88211c3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslb88211c3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslb88211c3.sys [?]
S1 MpKslbb0dfcad;MpKslbb0dfcad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKslbb0dfcad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKslbb0dfcad.sys [?]
S1 MpKslc899043c;MpKslc899043c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C78F35-81F8-4A8C-9B57-3F33391EBB05}\MpKslc899043c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C78F35-81F8-4A8C-9B57-3F33391EBB05}\MpKslc899043c.sys [?]
S1 MpKslcbf435b5;MpKslcbf435b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A59F7D5A-475B-4174-A230-EF23B9372BF5}\MpKslcbf435b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A59F7D5A-475B-4174-A230-EF23B9372BF5}\MpKslcbf435b5.sys [?]
S1 MpKslcc9e82ab;MpKslcc9e82ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKslcc9e82ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKslcc9e82ab.sys [?]
S1 MpKslcfdcdf5c;MpKslcfdcdf5c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKslcfdcdf5c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKslcfdcdf5c.sys [?]
S1 MpKsld05e613a;MpKsld05e613a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}\MpKsld05e613a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}\MpKsld05e613a.sys [?]
S1 MpKsld415caf7;MpKsld415caf7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsld415caf7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsld415caf7.sys [?]
S1 MpKsld8767dca;MpKsld8767dca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D7EB011-1FE5-4DD4-B3E7-DF306DCB7399}\MpKsld8767dca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D7EB011-1FE5-4DD4-B3E7-DF306DCB7399}\MpKsld8767dca.sys [?]
S1 MpKsldc5e4f0c;MpKsldc5e4f0c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC197AF9-C7CD-4E65-9EE5-4411222102F4}\MpKsldc5e4f0c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC197AF9-C7CD-4E65-9EE5-4411222102F4}\MpKsldc5e4f0c.sys [?]
S1 MpKsle11d8f23;MpKsle11d8f23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E95D9768-0589-4DE4-A8EE-D83DE9FBEB3C}\MpKsle11d8f23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E95D9768-0589-4DE4-A8EE-D83DE9FBEB3C}\MpKsle11d8f23.sys [?]
S1 MpKsle74a2afa;MpKsle74a2afa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3BB9D9C-37D9-444E-B22E-23676CAA1195}\MpKsle74a2afa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3BB9D9C-37D9-444E-B22E-23676CAA1195}\MpKsle74a2afa.sys [?]
S1 MpKsle9ec4ade;MpKsle9ec4ade;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CAE33CD6-8792-48A0-9CC8-8AACF3A1E5D5}\MpKsle9ec4ade.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CAE33CD6-8792-48A0-9CC8-8AACF3A1E5D5}\MpKsle9ec4ade.sys [?]
S1 MpKslfdc3eecb;MpKslfdc3eecb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82546538-64D1-4775-8680-814A2210AC93}\MpKslfdc3eecb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82546538-64D1-4775-8680-814A2210AC93}\MpKslfdc3eecb.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2011 13:33 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2011 13:33 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 12:32]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 12:32]
.
2011-07-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe
AddRemove-Flight Simulator 9.0 - g:\program files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 15:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1417001333-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,29,10,66,ae,89,da,42,9a,6f,65,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,29,10,66,ae,89,da,42,9a,6f,65,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,1f,a4,28,f2,87,d5,48,b8,a5,0a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(1828)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\SOUNDMAN.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2011-07-26 15:13:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-26 14:13
.
Pre-Run: 7,157,592,064 bytes free
Post-Run: 7,125,536,768 bytes free
.
- - End Of File - - E6D3B87EB1BDBA1DD1B3DAA99DEB7C97
 
It looks like you tried to fix IE8 using instructions for the shutdown problem in IE7:

2011-07-01 14:44 1248 ----a-w- C:\reregister.bat>: this called for registering files and saving them as reregister.bat>>

What to Do When Windows Internet Explorer 7 Shuts Down Frequently
http://www.brighthub.com/computing/windows-platform/articles/44296.aspxs
======================================
I'm also curious about this directory: C:\symbols>> same date as the reregister. Is this a folder you set up for special symbols? I don't want to open and have symbols fill out all over!
========================================
You were very video busy around 7/7/2011. You are kind of living on the edge! I use a site advisor and have a hard time finding sites marked safe to check some of the programs.
=======================================
Also in the video gathering, I found two different 'interpretation' of the same process:
2011-07-07 06:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\aHisoft>

1. "aHisoft is the ultimate solution for all kinds of video and audio conversion needs that enables you to forget about media format incompatibilities and simply enjoy your video or audio any time, any place, on any device."

2. AHisoft Porntube Downloader> http://www.facebook.com/pages/AHisoft-Porntube-Downloader/170947102940040
===========================================
You might also want to check these old entries- problem finding safe site again:
2006-11-13 15:24 270336 ----a-w- c:\program files\NETXP.Controls.Bars.dll
2006-05-25 19:53 . 2006-11-13 15:24 471040 ----a-w- c:\program files\NETXP.Win32.dll
2006-05-25 19:53 . 2006-11-13 14:42 102400 ----a-w- c:\program files\NETXP.Library.dll
===========================================
Do you have any idea what's going on in the following?
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
===========================================
I've seen multiple update on system for this before, but wither you have the program configured incorrectly, or possibly not in a correct directory, because there are about 100=/- of these update entries:
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}

From what I have read, a new update should replace an old update. Your is not and all those update are running.
=============================================
Can you clarify any of the above for me? It's not malware as such, but some of the programs or apps on the system seems to be questionable.
 
Hi Bobbye,

thanks for getting back to me:

tried to fix IE8 as you found but seemed to tie meself in loops... hence why i came back here..
======================================
" I'm also curious about this directory: C:\symbols"
this contains the following folders:
spgdr\retail\dll\ with the file mshtml.PDB 7,699 kb
spqfe\retail\dll\ with the file mshtml.PDB 7,707kb

========================================
not sure what was going on ref video on 7/7/2011
=======================================
I was trying to find a "free/trial" programme to copy my DVD's to my cell fone !!
eventually settled on Format Factory

No idea on the Porntube Downloader !!.
===========================================
Not a clue im afraid mate on these entries !!

2006-11-13 15:24 270336 ----a-w- c:\program files\NETXP.Controls.Bars.dll
2006-05-25 19:53 . 2006-11-13 15:24 471040 ----a-w- c:\program files\NETXP.Win32.dll
2006-05-25 19:53 . 2006-11-13 14:42 102400 ----a-w- c:\program files\NETXP.Library.dll
===========================================
Again Sorry Bobbye, not a clue on this entry !!
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
===========================================
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}

I tend to leave MSE do its own thing and not interfer with it when its doing updates...
would i be better going back to Avast ??
=============================================

Just want to get my pc sorted and know you are the man to help...

Thank you sincerely...

Paul
 
latest

had another crash about 3hrs ago... whilst online on MSN page...
nothing else open !!!

aaaarrrrrgggggghhhhhh
 
As I told you, there are a lot of questionable entries. I asked you about some of them. The 'symbols' in the directory are stock symbols. Did you set them up? I think there is quite a bit running that you're not aware of and/or didn't intentionally install.

I can do this- but I don't know if it will fix the problem because we aren't sure just what the problem is. I will write script for you to run through Combofix. It will include the entries I asked you about.
============================================
1. Take all Kodak and Easy Share entries off of the Startup menu.
2.Please download ATF Cleaner by Atribune
Please download ATF Cleaner[/url ]by Atribune

  • [1] Double-click ATF-Cleaner.exe to run the program.
    [2] Under Main choose: Select All
    [3] Click the Empty Selected button.

    If you use Firefox browser
    [1] Click Firefox at the top and choose:Select All
    [2] Click the Empty Selected button.
    [3] NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    [1] Click Opera at the top and choose: Select All
    [2]Click the Empty Selected button.
    [3]NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

=================================================
3. Update and rescan with Malwarebytes. Leave new log. It's been a month since it scanned.
=================================================
4. Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\program files\NETXP.Controls.Bars.dll
c:\program files\NETXP.Win32.dll
c:\program files\NETXP.Library.dll
C:\reregister.bat
DDS::
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
uURLSearchHooks: H - No File
Folder::
c:\documents and settings\Administrator\Application Data\aHisoft>
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
RegLock::
[HKEY_USERS\S-1-5-21-854245398-1417001333-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
Driver::
cerc6
Save this as CFScript.txt, in the same location as ComboFix.exe


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
========================================
Give me a report on the system after a couple of days.
If you crash, let me know exactly what you are doing at the time.
 
update

Hi Bobbye,

have done as you requested apart from the kodak/easy share at start up...
i could not find them in my start up menu at all !!!

i ran the atf prog

updated and ran Malwarebytes (log attached)

dropped that script into and ran ComboFix (allowed it to update) then i got a freeze up at completed stage 7 !!!
manual turned off power to pc and rebooted...

then re-ran ComboFix with the script in it !! (log attached)


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7328

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

31/07/2011 11:08:56
mbam-log-2011-07-31 (11-08-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 178942
Time elapsed: 31 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 11-07-31.02 - Administrator 31/07/2011 11:36:02.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1623 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\program files\NETXP.Controls.Bars.dll"
"c:\program files\NETXP.Library.dll"
"c:\program files\NETXP.Win32.dll"
"C:\reregister.bat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\NETXP.Controls.Bars.dll
c:\program files\NETXP.Library.dll
c:\program files\NETXP.Win32.dll
C:\reregister.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cerc6
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-30 15:41 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{897F9C54-D5CA-4DA0-9400-1B8EA7733516}\mpengine.dll
2011-07-26 14:17 . 2011-07-26 14:17 -------- d-----w- c:\program files\ESET
2011-07-25 11:14 . 2011-07-25 11:16 -------- d-----w- C:\HijackThis
2011-07-24 12:22 . 2011-07-24 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-24 12:22 . 2011-07-24 12:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-07-24 12:22 . 2011-07-30 00:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-16 13:50 . 2011-07-16 13:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-07-10 11:37 . 2011-07-10 11:37 -------- d-----w- c:\windows\Performance
2011-07-10 11:37 . 2011-07-10 11:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
2011-07-07 12:44 . 2011-07-07 12:44 -------- d-----w- c:\program files\FreeTime
2011-07-07 06:34 . 2011-07-07 06:34 -------- d-----w- C:\My Videos
2011-07-07 06:34 . 2011-07-07 06:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\aHisoft
2011-07-06 18:17 . 2011-07-06 18:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\DVDVideoSoft
2011-07-06 17:58 . 2011-07-06 17:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Geckofx
2011-07-06 17:57 . 2011-07-07 06:24 -------- d-----w- c:\program files\AviSynth 2.5
2011-07-02 15:43 . 2011-07-02 15:43 -------- d-----w- c:\program files\CCleaner
2011-07-01 10:49 . 2011-07-01 10:49 -------- d-----w- C:\symbols
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2010-11-24 01:15 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-06 18:52 . 2011-06-30 10:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-06-30 10:16 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 21:09 . 2011-06-13 21:09 65328 ----a-w- c:\windows\apppatch\matsshim.dll
2011-06-11 17:23 . 2007-02-25 15:28 819712 ----a-w- c:\program files\VATroute.exe
2011-06-11 11:29 . 2011-06-11 11:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 03:52 . 2011-06-07 15:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 15:31 . 2010-11-13 20:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2004-10-01 14:00 . 2011-06-07 15:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_14.10.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-30 20:53 . 2011-07-30 20:53 22016 c:\windows\Installer\1121e55.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-30 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2010-11-13 106496]
"SoundMan"="SOUNDMAN.EXE" [2010-11-13 57344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\SquawkBox\\squawkbox_fs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/07/2011 22:55 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [08/06/2011 12:47 219072]
R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [08/06/2011 12:47 5120]
R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [08/06/2011 12:47 8704]
S1 MpKsl01985bb1;MpKsl01985bb1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DFD412E-BD0E-40F4-BA31-AF27D43C47BE}\MpKsl01985bb1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DFD412E-BD0E-40F4-BA31-AF27D43C47BE}\MpKsl01985bb1.sys [?]
S1 MpKsl09159b8b;MpKsl09159b8b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl09159b8b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl09159b8b.sys [?]
S1 MpKsl13761896;MpKsl13761896;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKsl13761896.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKsl13761896.sys [?]
S1 MpKsl1dc26ba7;MpKsl1dc26ba7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{897F9C54-D5CA-4DA0-9400-1B8EA7733516}\MpKsl1dc26ba7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{897F9C54-D5CA-4DA0-9400-1B8EA7733516}\MpKsl1dc26ba7.sys [?]
S1 MpKsl1ea4b516;MpKsl1ea4b516;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKsl1ea4b516.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKsl1ea4b516.sys [?]
S1 MpKsl1efd7585;MpKsl1efd7585;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47811461-A8F9-4F65-9390-1BC9ADCDE58F}\MpKsl1efd7585.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47811461-A8F9-4F65-9390-1BC9ADCDE58F}\MpKsl1efd7585.sys [?]
S1 MpKsl204ffc1e;MpKsl204ffc1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKsl204ffc1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKsl204ffc1e.sys [?]
S1 MpKsl213c8f9f;MpKsl213c8f9f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl213c8f9f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl213c8f9f.sys [?]
S1 MpKsl2538a3ce;MpKsl2538a3ce;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CC7C580-2DF9-44A3-8B37-836C2DCD18CB}\MpKsl2538a3ce.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CC7C580-2DF9-44A3-8B37-836C2DCD18CB}\MpKsl2538a3ce.sys [?]
S1 MpKsl2aadfac1;MpKsl2aadfac1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B309C6BE-4313-4EF0-8895-F9A25947BEB6}\MpKsl2aadfac1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B309C6BE-4313-4EF0-8895-F9A25947BEB6}\MpKsl2aadfac1.sys [?]
S1 MpKsl2f2222d9;MpKsl2f2222d9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D3B1758-01C1-4BAA-A101-E7257DDB6D8F}\MpKsl2f2222d9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D3B1758-01C1-4BAA-A101-E7257DDB6D8F}\MpKsl2f2222d9.sys [?]
S1 MpKsl377fd64f;MpKsl377fd64f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22EEE4DE-4E0E-44CD-B3B3-09536783D11C}\MpKsl377fd64f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22EEE4DE-4E0E-44CD-B3B3-09536783D11C}\MpKsl377fd64f.sys [?]
S1 MpKsl3f371606;MpKsl3f371606;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66497442-5220-4F6C-8129-BA22F721E6D5}\MpKsl3f371606.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66497442-5220-4F6C-8129-BA22F721E6D5}\MpKsl3f371606.sys [?]
S1 MpKsl42d09462;MpKsl42d09462;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B14ACB97-078C-43F2-AA47-D52662A39452}\MpKsl42d09462.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B14ACB97-078C-43F2-AA47-D52662A39452}\MpKsl42d09462.sys [?]
S1 MpKsl42e322b5;MpKsl42e322b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62606F6-859D-4261-9B9B-6AF7AC2378EA}\MpKsl42e322b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62606F6-859D-4261-9B9B-6AF7AC2378EA}\MpKsl42e322b5.sys [?]
S1 MpKsl46d0104f;MpKsl46d0104f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28BE90E5-D553-4578-A54F-0FCC31BCA49D}\MpKsl46d0104f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28BE90E5-D553-4578-A54F-0FCC31BCA49D}\MpKsl46d0104f.sys [?]
S1 MpKsl4c54f593;MpKsl4c54f593;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl4c54f593.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl4c54f593.sys [?]
S1 MpKsl5142046b;MpKsl5142046b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5064562-5241-44DA-B201-43D739EEBE1C}\MpKsl5142046b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5064562-5241-44DA-B201-43D739EEBE1C}\MpKsl5142046b.sys [?]
S1 MpKsl544d795d;MpKsl544d795d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKsl544d795d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKsl544d795d.sys [?]
S1 MpKsl554a77d6;MpKsl554a77d6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl554a77d6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl554a77d6.sys [?]
S1 MpKsl619452ca;MpKsl619452ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFFD7D4-13AF-4D2A-B9DF-2AF23D4B9C2E}\MpKsl619452ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFFD7D4-13AF-4D2A-B9DF-2AF23D4B9C2E}\MpKsl619452ca.sys [?]
S1 MpKsl631888f7;MpKsl631888f7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{897F9C54-D5CA-4DA0-9400-1B8EA7733516}\MpKsl631888f7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{897F9C54-D5CA-4DA0-9400-1B8EA7733516}\MpKsl631888f7.sys [?]
S1 MpKsl66243d4d;MpKsl66243d4d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl66243d4d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D88104F9-1BCE-4EBA-B828-8E55AF57D4BE}\MpKsl66243d4d.sys [?]
S1 MpKsl778b1a79;MpKsl778b1a79;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl778b1a79.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsl778b1a79.sys [?]
S1 MpKsl7d95315b;MpKsl7d95315b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86D6C0B6-E82A-44E7-B7FD-F0C1629E6FFC}\MpKsl7d95315b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86D6C0B6-E82A-44E7-B7FD-F0C1629E6FFC}\MpKsl7d95315b.sys [?]
S1 MpKsl8769d3e7;MpKsl8769d3e7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A3DBE5-91C1-424A-89C3-CA6ADCBF98D6}\MpKsl8769d3e7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A3DBE5-91C1-424A-89C3-CA6ADCBF98D6}\MpKsl8769d3e7.sys [?]
S1 MpKsl8ad7196a;MpKsl8ad7196a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKsl8ad7196a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKsl8ad7196a.sys [?]
S1 MpKsla44bb0e4;MpKsla44bb0e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{943CBDE8-3795-44BC-AA46-65A3C794028E}\MpKsla44bb0e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{943CBDE8-3795-44BC-AA46-65A3C794028E}\MpKsla44bb0e4.sys [?]
S1 MpKsla795d6fd;MpKsla795d6fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E5A9309-7A63-47F9-A78E-0BA6942F71D3}\MpKsla795d6fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E5A9309-7A63-47F9-A78E-0BA6942F71D3}\MpKsla795d6fd.sys [?]
S1 MpKslada0a9dd;MpKslada0a9dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslada0a9dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslada0a9dd.sys [?]
S1 MpKslb2730592;MpKslb2730592;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{292D9B05-7100-46BC-9C23-CBE1249482B8}\MpKslb2730592.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{292D9B05-7100-46BC-9C23-CBE1249482B8}\MpKslb2730592.sys [?]
S1 MpKslb66df2b4;MpKslb66df2b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKslb66df2b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91DC30AD-C8F3-4B73-9996-905648CEA745}\MpKslb66df2b4.sys [?]
S1 MpKslb88211c3;MpKslb88211c3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslb88211c3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5339516-4DF0-403A-9DFD-BFC9BC0C66E2}\MpKslb88211c3.sys [?]
S1 MpKslbb0dfcad;MpKslbb0dfcad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKslbb0dfcad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{123E4D4C-1386-4EC1-AAFE-C77485E32872}\MpKslbb0dfcad.sys [?]
S1 MpKslc899043c;MpKslc899043c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C78F35-81F8-4A8C-9B57-3F33391EBB05}\MpKslc899043c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4C78F35-81F8-4A8C-9B57-3F33391EBB05}\MpKslc899043c.sys [?]
S1 MpKslcbf435b5;MpKslcbf435b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A59F7D5A-475B-4174-A230-EF23B9372BF5}\MpKslcbf435b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A59F7D5A-475B-4174-A230-EF23B9372BF5}\MpKslcbf435b5.sys [?]
S1 MpKslcc9e82ab;MpKslcc9e82ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKslcc9e82ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8337061-F7D2-4CF0-A274-531E92950546}\MpKslcc9e82ab.sys [?]
S1 MpKslcfdcdf5c;MpKslcfdcdf5c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKslcfdcdf5c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4124DA1E-446A-4652-9DA3-6643CA9BBBB9}\MpKslcfdcdf5c.sys [?]
S1 MpKsld05e613a;MpKsld05e613a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}\MpKsld05e613a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BA2E52E-FD9D-4992-A0A2-A63419D19023}\MpKsld05e613a.sys [?]
S1 MpKsld415caf7;MpKsld415caf7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsld415caf7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B22F86CF-B122-4726-8A31-FBC4874D5383}\MpKsld415caf7.sys [?]
S1 MpKsld8767dca;MpKsld8767dca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D7EB011-1FE5-4DD4-B3E7-DF306DCB7399}\MpKsld8767dca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D7EB011-1FE5-4DD4-B3E7-DF306DCB7399}\MpKsld8767dca.sys [?]
S1 MpKsldc5e4f0c;MpKsldc5e4f0c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC197AF9-C7CD-4E65-9EE5-4411222102F4}\MpKsldc5e4f0c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC197AF9-C7CD-4E65-9EE5-4411222102F4}\MpKsldc5e4f0c.sys [?]
S1 MpKsle11d8f23;MpKsle11d8f23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E95D9768-0589-4DE4-A8EE-D83DE9FBEB3C}\MpKsle11d8f23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E95D9768-0589-4DE4-A8EE-D83DE9FBEB3C}\MpKsle11d8f23.sys [?]
S1 MpKsle74a2afa;MpKsle74a2afa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3BB9D9C-37D9-444E-B22E-23676CAA1195}\MpKsle74a2afa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3BB9D9C-37D9-444E-B22E-23676CAA1195}\MpKsle74a2afa.sys [?]
S1 MpKsle9ec4ade;MpKsle9ec4ade;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CAE33CD6-8792-48A0-9CC8-8AACF3A1E5D5}\MpKsle9ec4ade.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CAE33CD6-8792-48A0-9CC8-8AACF3A1E5D5}\MpKsle9ec4ade.sys [?]
S1 MpKslfdc3eecb;MpKslfdc3eecb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82546538-64D1-4775-8680-814A2210AC93}\MpKslfdc3eecb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82546538-64D1-4775-8680-814A2210AC93}\MpKslfdc3eecb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2011 13:33 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2011 13:33 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 12:32]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 12:32]
.
2011-07-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3056)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2011-07-31 11:47:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-31 10:47
ComboFix2.txt 2011-07-26 14:13
.
Pre-Run: 6,893,686,784 bytes free
Post-Run: 6,880,223,232 bytes free
.
- - End Of File - - 46170A3D130CC1385B08CE95BEEE1E6A

Regards

Paul
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
776
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back