Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

regular IE crash

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

regular IE crash

Unread postby andrewgrizz » October 2nd, 2008, 6:17 am

Good day can someone please have a look at my logs, I have been encountering regular internet explorer failures.
I get failures in Both I.E. and firefox, I can not find a virus nor any spyware. I am worried that there may be something that my security can not detect, it is becoming annoying. Thankyou for your help.

StartupList report, 02/10/2008, 11:10:14
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16705)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\HostsMan\hm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Secunia\PSI (RC3)\psi.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\andrew adams\Start Menu\Programs\Startup]
Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PRISMSTA.EXE = "PRISMSTA.EXE" START
SynTPLpr = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SiS Tray = C:\WINDOWS\System32\sistray.EXE
SiS KHooker = C:\WINDOWS\System32\khooker.exe
SiSPower = Rundll32.exe SiSPower.dll,ModeAgent
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
UnlockerAssistant = "C:\Program Files\Unlocker\UnlockerAssistant.exe"
AudioDeck = C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
avast! = "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
KiweeHook = C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
tsnpstd3 = C:\WINDOWS\tsnpstd3.exe
snpstd3 = C:\WINDOWS\vsnpstd3.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PeerGuardian = C:\Program Files\PeerGuardian2\pg2.exe
HostsMan = "C:\Program Files\HostsMan\hm.exe" -s
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

IE7Pro - C:\Program Files\IEPro\iepro.dll - {00011268-E188-40DF-A514-835FCD78B1BF}
(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
(no name) - C:\Program Files\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job
GoogleUpdateTaskUser.job

--------------------------------------------------

Enumerating Download Program Files:

[CabBuilder]
CODEBASE = http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
OSD = C:\WINDOWS\Downloaded Program Files\OSDC5.OSD

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://www.pcpitstop.com/betapit/PCPitStop.CAB

[DeviceEnum Class]
InProcServer32 = C:\Program Files\Hp\Common\HPDeviceDetection.dll
CODEBASE = http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/microso ... 6987080359

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Program Files\WinRAR\RarExt.dll.0.tmp||C:\DOCUME~1\ANDREW~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat||C:\DOCUME~1\ANDREW~1\Cookies\index.dat||C:\DOCUME~1\ANDREW~1\LOCALS~1\History\History.IE5\desktop.ini||C:\DOCUME~1\ANDREW~1\LOCALS~1\History\History.IE5\index.dat||C:\DOCUME~1\ANDREW~1\LOCALS~1\History\History.IE5\MSHist012008100120081002\index.dat


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 7,928 bytes
Report generated in 0.062 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Logfile of HijackThis v1.99.1
Scan saved at 11:09:41, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\HostsMan\hm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Secunia\PSI (RC3)\psi.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [KiweeHook] C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.gm.tv
O15 - Trusted Zone: http://*.ionmx.com
O15 - Trusted Zone: http://www.jackpotjoy.com
O15 - Trusted Zone: www.mozillathunderbird.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6987080359
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am
Advertisement
Register to Remove

Re: regular IE crash

Unread postby John B. » October 9th, 2008, 1:07 pm

Hi! :hello2: and welcome to the Malware Removal forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

These rules are good for you to know:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.

These rules are to make my voluntary work more comfortable:
  • Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • Please reply to this thread. Do not start a new topic.
  • Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.

Finally, please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Open The Misc Tool Section button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic. Also post a fresh HijackThis log (not a Startup List like you did in your first post).

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: regular IE crash

Unread postby andrewgrizz » October 9th, 2008, 2:32 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
Ashampoo Burning Studio 6 FREE
Ashampoo WinOptimizer Platinum 3
avast! Antivirus
CCleaner (remove only)
Choice Guard
Contacts
Eusing Free Registry Cleaner
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HostsMan 3.2.68 Beta4
HP Driver Diagnostics
HP Image Zone Express
HP Update
HSP56 MR Drivers
IE7Pro
ieSpell
Java(TM) 6 Update 10
K-Lite Codec Pack 4.1.7 (Full)
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 1.0 SP3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Firefox (3.0.3)
Mozilla Thunderbird (2.0.0.17)
MSVCRT
MSXML 4.0 SP2 (KB936181)
NTREGOPT 1.1j
OpenOffice.org 3.0
PC Booster
PC Pitstop Optimize 1.0v
PeerGuardian 2.0
RadarSync
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Recuva (remove only)
Remove DivX Codec
Revo Uninstaller 1.75
Secunia PSI (RC3)
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Segoe UI
SiS 650
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Spybot - Search & Destroy
SpywareBlaster 4.1
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Unlocker 1.8.7
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
USB PC Camera Plus
VC 9.0 Runtime
VIA Platform Device Manager
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
ZoneAlarm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:21, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\HostsMan\hm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI (RC3)\psi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = win-dc-a-v904.net.virginmedia.net:80
R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA5005] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5391] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2335] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD248] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.gm.tv
O15 - Trusted Zone: http://*.ionmx.com
O15 - Trusted Zone: http://www.jackpotjoy.com
O15 - Trusted Zone: www.mozillathunderbird.com
O15 - Trusted Zone: http://survey.otxresearch.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6987080359
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9811 bytes
thankyou for your time.
andrew
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: regular IE crash

Unread postby John B. » October 9th, 2008, 3:39 pm

Hi Andrew,

In your log I noted a couple of strange things:

Let's clean up some things and run some more scans first.

Step 1: Upload malware for scanning
I'd like you to check a file for malware.
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.

Step 2: Remove HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Step 3: Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!

Step 4: Run Malwarebytes' Anti-Malware
As you have got it already installed, please run it.
  • Search for updates first. Older versions may have bugs.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Close the Notepad file.
  • The log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 5: Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Step 6: Post logs
Please post the following logs in a reply to this topic (use multiple posts if needed):
  • Answers to all my questions at the top of this post
  • Fresh HijackThis log
  • Full Virustotal/Jotti results
  • Malwarebytes' Anti-Malware log
  • RSIT logs

If you got this done before Saturday don't expect me to reply on Friday as I do not have any free time on Friday.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: regular IE crash

Unread postby andrewgrizz » October 10th, 2008, 9:33 am

trusted zone entries added by myself due to failure in accessing.
Different java maybe due to firefox plug-ins.
No proxy server by VM>

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan: Virus

Service
Service load:
0% 100%
File: SearchHelper.dll
Status:
OK
MD5: 3fa6f275202a57eb4564cd1f9441773c
Packers detected:
-
Scanner results
Scan taken on 10 Oct 2008 13:21:30 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Powered by
images/asquared.png images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/cpsecure.gif images/drweb.gif images/f-prot.png images/f-secure_logo.gif images/gdata.png images/ikarus.gif images/kaspersky.png images/nod32.gif images/norman.png images/panda.gif images/sophos.gif images/virusbuster.gif images/vba32.png
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by HotelScraper.com.
Statistics
Last file scanned at least one scanner reported something about: service.exe (MD5: 79e416d1f7096a72c0a0345c7ac04d50, size: 688128 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Crypt.TPM.Gen
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus Backdoor:W32/IRCBot.GQC
G DATA X
Ikarus X
Kaspersky Anti-Virus X
NOD32 Win32/IRCBot.AJT
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus Troj/Agent-HWH
VirusBuster X
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.



Frequently asked questions - Feedback - Privacy policy

Debian

Page generated by JTPL

© 2004-2008 Jotti <jotti@jotti.org>
Malwarebytes' Anti-Malware 1.28
Database version: 1248
Windows 5.1.2600 Service Pack 3

10/10/2008 14:17:03
mbam-log-2008-10-10 (14-17-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 82019
Time elapsed: 23 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logfile of random's system information tool 1.04 (written by random/random)
Run by andrew adams at 2008-10-10 14:29:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 28 GB (73%) free of 38 GB
Total RAM: 735 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:00, on 10/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\HostsMan\hm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI (RC3)\psi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\andrew adams\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\andrew adams.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = win-dc-a-v904.net.virginmedia.net:80
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA5005] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5391] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2335] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD248] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.gm.tv
O15 - Trusted Zone: http://*.ionmx.com
O15 - Trusted Zone: http://www.jackpotjoy.com
O15 - Trusted Zone: www.mozillathunderbird.com
O15 - Trusted Zone: http://survey.otxresearch.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6987080359
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9420 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-09-24 756840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-08-21 94736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-08-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-08-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-08-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PRISMSTA.EXE"=PRISMSTA.EXE START []
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-02-04 114688]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000]
"SiS Tray"=C:\WINDOWS\System32\sistray.EXE [2006-03-09 262144]
"SiS KHooker"=C:\WINDOWS\System32\khooker.exe [2002-09-24 290816]
"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2006-03-09 49152]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2006-11-02 528384]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2008-07-19 78008]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-03-30 262144]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
"PC Booster"=C:\Program Files\inKline Global\PC Booster\pcbooster.exe [2005-12-28 5967942]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA5005"=command /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingC5391"=cmd /c del C:\WINDOWS\SchedLgU.Txt []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-01-30 1432064]
"HostsMan"=C:\Program Files\HostsMan\hm.exe [2008-07-23 2866688]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB2335"=command /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingD248"=cmd /c del C:\WINDOWS\SchedLgU.Txt []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-08-07 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew adams^Start Menu^Programs^Startup^Secunia PSI (RC3).lnk]
C:\PROGRA~1\Secunia\PSI(RC~1\psi.exe [2008-06-16 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3
"NMIndexingService"=3

C:\Documents and Settings\andrew adams\Start Menu\Programs\Startup
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-10 13:37:11 ----D---- C:\rsit
2008-10-07 17:05:53 ----D---- C:\Documents and Settings\andrew adams\Application Data\Ashampoo
2008-10-07 17:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-10-07 17:00:07 ----D---- C:\Program Files\Ashampoo
2008-10-07 16:45:05 ----D---- C:\Program Files\inKline Global
2008-10-07 16:43:45 ----D---- C:\Program Files\PCB
2008-10-06 17:28:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-04 11:23:52 ----D---- C:\Program Files\Realtek AC97
2008-10-02 15:24:39 ----D---- C:\Program Files\Recuva
2008-10-02 13:40:22 ----D---- C:\Program Files\Trend Micro
2008-10-02 11:08:28 ----D---- C:\Program Files\HijackThis
2008-10-01 14:52:50 ----D---- C:\Program Files\OpenOffice.org 3
2008-09-27 15:35:41 ----A---- C:\WINDOWS\vsnpstd3.exe
2008-09-27 15:35:41 ----A---- C:\WINDOWS\tsnpstd3.exe
2008-09-27 15:35:40 ----A---- C:\WINDOWS\snpstd3.ini
2008-09-27 15:35:36 ----D---- C:\Program Files\Common Files\snpstd3
2008-09-27 15:35:36 ----A---- C:\WINDOWS\system32\vsnpstd3.dll
2008-09-27 15:35:36 ----A---- C:\WINDOWS\system32\rsnpstd3.dll
2008-09-27 15:35:36 ----A---- C:\WINDOWS\system32\csnpstd3.dll
2008-09-27 15:35:36 ----A---- C:\WINDOWS\csnpstd3.dll
2008-09-27 11:50:28 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-26 18:32:18 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-09-26 15:22:28 ----D---- C:\Program Files\Windows Live
2008-09-25 17:54:27 ----D---- C:\Program Files\delete
2008-09-25 17:54:12 ----D---- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
2008-09-25 17:53:02 ----D---- C:\Documents and Settings\andrew adams\Application Data\agi
2008-09-25 17:53:00 ----D---- C:\Documents and Settings\All Users\Application Data\agi
2008-09-25 17:50:56 ----A---- C:\WINDOWS\system32\pywintypes25.dll
2008-09-25 17:50:56 ----A---- C:\WINDOWS\system32\pythoncom25.dll
2008-09-25 17:50:56 ----A---- C:\WINDOWS\system32\python25.dll
2008-09-25 17:50:08 ----D---- C:\Program Files\AGI
2008-09-25 17:16:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-25 17:15:11 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-25 17:12:50 ----D---- C:\Program Files\Microsoft
2008-09-25 17:09:05 ----D---- C:\Program Files\Common Files\Windows Live
2008-09-25 16:51:02 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-25 16:38:13 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-25 16:38:12 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-25 16:37:57 ----A---- C:\WINDOWS\system32\mcinsctl.dll
2008-09-25 16:37:57 ----A---- C:\WINDOWS\system32\mcgdmgr.dll
2008-09-25 16:25:02 ----A---- C:\WINDOWS\gstutils.ini
2008-09-25 16:25:02 ----A---- C:\WINDOWS\gstbrows.ini
2008-09-25 16:24:50 ----N---- C:\WINDOWS\fntalias.ini
2008-09-25 16:24:50 ----A---- C:\WINDOWS\dwk3.ini
2008-09-25 16:24:49 ----N---- C:\WINDOWS\pantone.dll
2008-09-25 16:24:49 ----N---- C:\WINDOWS\gstfonts.ini
2008-09-25 16:24:33 ----D---- C:\WINDOWS\PANTONE
2008-09-25 16:23:29 ----D---- C:\GST
2008-09-25 13:29:18 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-24 20:49:54 ----N---- C:\WINDOWS\system32\difxapi.dll
2008-09-24 20:49:54 ----D---- C:\Program Files\VIA
2008-09-24 20:49:20 ----DC---- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-24 20:42:06 ----D---- C:\WINDOWS\Drivers
2008-09-24 19:44:38 ----D---- C:\Program Files\RadarSync
2008-09-24 18:22:21 ----D---- C:\WINDOWS\SxsCaPendDel
2008-09-24 16:59:07 ----D---- C:\Documents and Settings\andrew adams\Application Data\VCOM
2008-09-24 16:58:05 ----D---- C:\Program Files\VCOM
2008-09-23 16:34:03 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-09-23 16:34:03 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-23 16:34:02 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-09-23 16:34:02 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-23 16:34:01 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-09-23 16:34:01 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-09-23 15:40:27 ----D---- C:\Documents and Settings\andrew adams\Application Data\GlarySoft
2008-09-22 16:47:56 ----A---- C:\WINDOWS\system32\unrar.dll
2008-09-22 16:47:55 ----A---- C:\WINDOWS\avisplitter.ini
2008-09-22 16:47:51 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-09-22 16:47:50 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-09-22 16:47:50 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-09-22 16:47:49 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-09-22 16:47:49 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-09-22 16:47:46 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-22 16:47:46 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-09-22 16:47:42 ----D---- C:\Program Files\K-Lite Codec Pack
2008-09-22 11:34:13 ----A---- C:\WINDOWS\system32\ssubtmr6.dll
2008-09-21 16:45:04 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-20 14:12:04 ----D---- C:\Documents and Settings\andrew adams\Application Data\Ahead
2008-09-20 14:11:10 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-20 14:06:09 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-15 18:24:58 ----D---- C:\Program Files\Innovative Solutions
2008-09-14 19:49:27 ----A---- C:\WINDOWS\RtlRack.ini
2008-09-13 13:10:25 ----D---- C:\Documents and Settings\andrew adams\Application Data\Image Zone Express
2008-09-13 12:58:28 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-09-13 12:58:08 ----A---- C:\WINDOWS\amcap.exe
2008-09-13 12:57:30 ----D---- C:\Documents and Settings\andrew adams\Application Data\InstallShield
2008-09-12 20:19:58 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-12 15:36:51 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-09-12 15:30:24 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-12 15:27:47 ----D---- C:\Program Files\Microsoft.NET
2008-09-12 15:16:15 ----D---- C:\WINDOWS\SHELLNEW
2008-09-12 15:15:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-12 15:14:14 ----RHD---- C:\MSOCache
2008-09-12 14:48:29 ----D---- C:\Program Files\MagicDisc
2008-09-11 11:58:39 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-11 11:24:03 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-09-11 11:24:03 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-09-11 11:23:52 ----A---- C:\WINDOWS\system32\zpeng25.dll

======List of files/folders modified in the last 1 months======

2008-10-10 14:29:52 ----D---- C:\Program Files\PeerGuardian2
2008-10-10 13:39:19 ----D---- C:\WINDOWS\Internet Logs
2008-10-10 13:38:07 ----D---- C:\WINDOWS\Temp
2008-10-10 13:37:27 ----D---- C:\WINDOWS\Prefetch
2008-10-10 13:02:26 ----D---- C:\Program Files\Mozilla Firefox
2008-10-10 12:40:20 ----D---- C:\Program Files\Mozilla Thunderbird
2008-10-09 16:18:20 ----D---- C:\WINDOWS\network diagnostic
2008-10-09 15:42:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-09 15:39:50 ----A---- C:\WINDOWS\wininit.ini
2008-10-09 14:06:14 ----D---- C:\Documents and Settings\andrew adams\Application Data\uTorrent
2008-10-09 14:02:00 ----D---- C:\WINDOWS
2008-10-09 13:47:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-09 13:47:10 ----D---- C:\Program Files\SpywareBlaster
2008-10-08 16:36:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-07 17:03:04 ----D---- C:\WINDOWS\system32\config
2008-10-07 17:03:03 ----D---- C:\WINDOWS\system32
2008-10-07 17:03:03 ----D---- C:\WINDOWS\Help
2008-10-07 17:03:02 ----D---- C:\Program Files\Internet Explorer
2008-10-07 17:03:01 ----D---- C:\WINDOWS\twain_32
2008-10-07 17:00:07 ----RD---- C:\Program Files
2008-10-07 16:45:04 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-07 16:08:38 ----SHD---- C:\WINDOWS\Installer
2008-10-07 16:07:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-07 16:05:24 ----SHD---- C:\Config.Msi
2008-10-06 17:38:44 ----SHD---- C:\RECYCLER
2008-10-06 13:27:42 ----D---- C:\WINDOWS\security
2008-10-06 13:24:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-06 13:21:33 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-06 13:21:21 ----D---- C:\WINDOWS\system32\wbem
2008-10-04 11:27:16 ----D---- C:\Program Files\WinRAR
2008-10-04 11:27:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-04 11:24:56 ----D---- C:\WINDOWS\system32\drivers
2008-10-04 11:24:07 ----D---- C:\WINDOWS\inf
2008-10-04 11:24:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-02 16:45:14 ----D---- C:\Program Files\PCPitstop
2008-10-02 16:44:14 ----D---- C:\WINDOWS\WinSxS
2008-10-01 14:53:25 ----D---- C:\WINDOWS\Fonts
2008-09-27 15:44:25 ----AC---- C:\WINDOWS\win.ini
2008-09-27 15:37:46 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-27 15:35:36 ----D---- C:\Program Files\Common Files
2008-09-27 11:50:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-26 18:32:28 ----D---- C:\WINDOWS\system32\spool
2008-09-26 16:02:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-26 15:14:20 ----D---- C:\Program Files\IEPro
2008-09-26 13:41:51 ----RSD---- C:\WINDOWS\assembly
2008-09-26 11:01:17 ----D---- C:\WINDOWS\system
2008-09-25 18:31:26 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-25 17:17:31 ----SD---- C:\Documents and Settings\andrew adams\Application Data\Microsoft
2008-09-25 17:15:59 ----D---- C:\WINDOWS\system32\DirectX
2008-09-25 17:13:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-25 16:14:36 ----C---- C:\WINDOWS\control.ini
2008-09-24 21:49:04 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-24 20:49:37 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-24 17:14:47 ----D---- C:\Temp
2008-09-24 16:59:45 ----HD---- C:\_Backup
2008-09-23 15:28:17 ----RASH---- C:\boot.ini
2008-09-23 13:52:11 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-22 00:19:41 ----AC---- C:\WINDOWS\system.ini
2008-09-21 23:30:15 ----D---- C:\Program Files\Common Files\System
2008-09-20 14:09:42 ----D---- C:\Program Files\Common Files\Ahead
2008-09-17 18:24:50 ----AC---- C:\WINDOWS\system32\VGAunistlog.ini
2008-09-13 11:03:13 ----D---- C:\Documents and Settings
2008-09-11 11:58:34 ----D---- C:\Documents and Settings\andrew adams\Application Data\Adobe
2008-09-11 11:58:34 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-11 11:26:45 ----D---- C:\WINDOWS\system32\ZoneLabs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2006-03-09 12160]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 MTC0001_RMC;Remove Control Device; C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 13912]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service; C:\WINDOWS\System32\Drivers\ousbehci.sys [2005-07-15 45696]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support; C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\System32\DRIVERS\ptserial.sys [2002-03-09 132252]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2006-03-09 245248]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-04-13 10246144]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2007-12-06 220032]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S1 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\drivers\wanatw.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-17 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MTC0001_MPB;MPB device driver; C:\WINDOWS\System32\ntMPB.sys [2001-11-28 5072]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PRISM_A00;PRISM 802.11g Driver; C:\WINDOWS\System32\DRIVERS\PRISMA00.sys [2003-08-27 364320]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-11 32256]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-10-09 203648]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-08-07 147456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]

-----------------EOF-----------------
Thanks. Look forward to hearing from you after weekend. Cheers.
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: regular IE crash

Unread postby John B. » October 11th, 2008, 9:36 am

Hi Andrew,

trusted zone entries added by myself due to failure in accessing.

Not sure if this is wise. There is probably a good reason why they are blocked. As you are running HostsMan that could be the one blocking it. I cannot force you to remove them from the list, but just take a look at the users reviews here, for example:
http://www.siteadvisor.com/sites/jackpotjoy.com

Different java maybe due to firefox plug-ins.

Could be, I will not be touching it.

No proxy server by VM

Hmm, that is strange:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = win-dc-a-v904.net.virginmedia.net:80
As long as you are now able to browse the internet this should be fine..

There are two folder of which I want a little more information and I hope ComboFix can give us some more information on the dll you uploaded.

Step 1: Download and Run DirLook
Please download DirLook by jpshortstuff from one of the following mirrors:
Link 1
Link 2
Link 3
  • Double-click DirLook.exe to run it.
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    Code: Select all
    C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
    C:\WINDOWS\Drivers

  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please close it for now, as the log can also be found at C:\DirLook.txt.

Note: Scanning may take long for large folders.

Step 2: Download and Run ComboFix
Before you download the newest version of ComboFix please make sure there's no older version of ComboFix on your desktop! If there is one, please delete it.

Download Combofix from any of the links below, and save it to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: It is important that it is saved directly to your desktop!

Now close any open browsers. Also close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to do that for your programs see this webpage:
http://www.bleepingcomputer.com/forums/topic114351.html
For Avast there is an additional step. Tick this option in the options:
Image
Before disabling your security program disconnect from the internet as you can get infected very easily with your security disabled.

Double click on combofix.exe & follow the prompts. Do not mouseclick combofix's window while it's running. That may cause it to stall.

When finished, it will produce a report for you. This report will also be saved in C:\ComboFix.txt

Note: Remember reconnect and re-enable your anti virus and anti malware programs.

Step 3: Post logs
Please post the following logs in a reply to this topic:
  • Fresh HijackThis log
  • DirLook log
  • ComboFix log

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: regular IE crash

Unread postby andrewgrizz » October 11th, 2008, 11:44 am

Thanks for your help. As requested I have done all the scans. I did find a proxy server, which I removed. Cleared safe list.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:53, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6987080359
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8417 bytes

DirLook.exe v2.0 by jpshortstuff
Log created at 16:09 on 11/10/2008
==================================
Contents of "C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}"

---FOLDERS---

(none found)

---FILES---

(none found)

==================================
Contents of "C:\WINDOWS\Drivers"

---FOLDERS---

ousb2 (Created on 24/09/2008 at 19:42) d-----

---FILES---

(none found)

==================================
=EOF=
ComboFix 08-10-10.09 - andrew adams 2008-10-11 16:16:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.348 [GMT 1:00]
Running from: C:\Documents and Settings\andrew adams\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.

2008-10-10 14:58 . 2008-10-10 15:08 <DIR> d-------- C:\Program Files\Smart PC
2008-10-10 13:37 . 2008-10-10 13:38 <DIR> d-------- C:\rsit
2008-10-07 17:05 . 2008-10-07 17:05 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\Ashampoo
2008-10-07 17:05 . 2008-10-07 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-10-07 17:00 . 2008-10-07 17:05 <DIR> d-------- C:\Program Files\Ashampoo
2008-10-07 16:45 . 2008-10-07 16:45 <DIR> d-------- C:\Program Files\inKline Global
2008-10-07 16:43 . 2008-10-07 16:43 <DIR> d-------- C:\Program Files\PCB
2008-10-04 11:23 . 2008-10-04 11:23 <DIR> d-------- C:\Program Files\Realtek AC97
2008-10-02 15:24 . 2008-10-02 15:24 <DIR> d-------- C:\Program Files\Recuva
2008-10-02 13:40 . 2008-10-02 13:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-01 14:52 . 2008-10-01 14:52 <DIR> d-------- C:\Program Files\OpenOffice.org 3
2008-09-27 15:35 . 2008-09-27 15:35 <DIR> d-------- C:\Program Files\Common Files\snpstd3
2008-09-27 15:35 . 2007-04-13 19:24 10,246,144 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys
2008-09-27 15:35 . 2006-09-18 14:12 843,776 --a------ C:\WINDOWS\vsnpstd3.exe
2008-09-27 15:35 . 2007-03-30 17:44 262,144 --a------ C:\WINDOWS\tsnpstd3.exe
2008-09-27 15:35 . 2007-03-21 15:23 172,032 --a------ C:\WINDOWS\system32\rsnpstd3.dll
2008-09-27 15:35 . 2007-03-30 15:09 61,440 --a------ C:\WINDOWS\system32\vsnpstd3.dll
2008-09-27 15:35 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnpstd3.dll
2008-09-27 15:35 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\csnpstd3.dll
2008-09-27 15:35 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snpstd3.ini
2008-09-27 15:35 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snpstd3.src
2008-09-27 11:50 . 2008-09-27 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-26 18:32 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-26 15:22 . 2008-09-26 15:25 <DIR> d-------- C:\Program Files\Windows Live
2008-09-25 17:54 . 2008-10-02 17:13 <DIR> d-------- C:\Program Files\delete
2008-09-25 17:54 . 2008-09-25 17:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\agi
2008-09-25 17:54 . 2008-09-26 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
2008-09-25 17:53 . 2008-09-25 17:55 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\agi
2008-09-25 17:53 . 2008-09-25 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\agi
2008-09-25 17:50 . 2008-09-25 17:50 <DIR> d-------- C:\Program Files\AGI
2008-09-25 17:50 . 2008-09-25 17:50 2,117,632 --a------ C:\WINDOWS\system32\python25.dll
2008-09-25 17:50 . 2008-09-16 17:26 1,332,197 --a------ C:\WINDOWS\system32\pythondll.zip
2008-09-25 17:50 . 2008-09-25 17:50 339,968 --a------ C:\WINDOWS\system32\pythoncom25.dll
2008-09-25 17:50 . 2008-09-25 17:50 114,688 --a------ C:\WINDOWS\system32\pywintypes25.dll
2008-09-25 17:16 . 2008-09-26 13:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-25 17:15 . 2008-09-25 17:15 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-25 17:12 . 2008-09-25 17:12 <DIR> d-------- C:\Program Files\Microsoft
2008-09-25 17:09 . 2008-09-25 17:09 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-25 16:51 . 2008-09-25 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-25 16:38 . 2008-09-25 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-25 16:38 . 2008-09-25 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-25 16:37 . 2005-10-18 10:08 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-09-25 16:37 . 2005-05-24 18:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-09-25 16:25 . 2008-09-25 16:25 372 --a------ C:\WINDOWS\gstutils.ini
2008-09-25 16:25 . 2008-09-25 16:25 83 --a------ C:\WINDOWS\gstbrows.ini
2008-09-25 16:23 . 2008-09-25 16:25 <DIR> d-------- C:\GST
2008-09-24 20:49 . 2008-09-24 20:51 <DIR> d-------- C:\Program Files\VIA
2008-09-24 20:49 . 2008-09-24 20:49 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-24 20:49 . 2005-04-13 16:54 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-09-24 20:42 . 2008-09-24 20:42 <DIR> d-------- C:\WINDOWS\Drivers
2008-09-24 20:42 . 2005-07-15 15:02 56,960 --a--c--- C:\WINDOWS\system32\drivers\ousb2hub.sys
2008-09-24 20:42 . 2005-07-15 15:02 45,696 --a--c--- C:\WINDOWS\system32\drivers\ousbehci.sys
2008-09-24 20:41 . 2006-10-09 12:58 203,648 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-09-24 19:44 . 2008-09-24 19:44 <DIR> d-------- C:\Program Files\RadarSync
2008-09-24 18:22 . 2008-09-24 18:40 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-24 16:59 . 2008-09-24 16:59 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\VCOM
2008-09-24 16:58 . 2008-09-24 16:58 <DIR> d-------- C:\Program Files\VCOM
2008-09-23 16:34 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-09-23 16:34 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-23 16:34 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-09-23 16:34 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-09-23 16:34 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-09-23 16:34 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-23 15:40 . 2008-09-23 15:40 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\GlarySoft
2008-09-22 16:47 . 2008-09-22 16:47 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-22 11:34 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\system32\ssubtmr6.dll
2008-09-22 11:34 . 2007-08-31 18:36 36,864 --a------ C:\WINDOWS\system32\trayicon_handler.ocx
2008-09-21 16:45 . 2008-09-26 11:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-20 14:12 . 2008-09-21 18:28 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\Ahead
2008-09-20 14:11 . 2008-09-20 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-20 14:06 . 2008-10-02 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-15 18:24 . 2008-09-24 18:26 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-09-14 19:49 . 2008-09-14 19:49 169 --a------ C:\WINDOWS\RtlRack.ini
2008-09-13 13:10 . 2008-09-27 13:36 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\Image Zone Express
2008-09-13 12:59 . 2008-04-13 19:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-13 12:59 . 2008-04-13 19:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-13 12:58 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe
2008-09-13 12:58 . 2008-04-14 01:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-09-13 12:58 . 2008-04-14 01:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-09-13 12:57 . 2008-09-13 12:57 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\InstallShield
2008-09-13 11:04 . 2008-09-13 11:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-13 11:03 . 2008-09-04 19:47 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-13 11:03 . 2004-03-05 04:19 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-09-13 11:03 . 2008-09-13 11:03 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-12 20:19 . 2008-09-12 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-12 15:36 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-12 15:27 . 2008-09-21 21:01 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-12 15:16 . 2008-09-21 21:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-12 15:15 . 2008-09-21 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-12 15:14 . 2008-09-12 15:14 <DIR> dr-h----- C:\MSOCache
2008-09-12 14:48 . 2008-09-12 14:50 <DIR> d-------- C:\Program Files\MagicDisc
2008-09-12 14:48 . 2008-07-28 17:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-09-11 11:58 . 2008-09-11 11:58 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-11 11:23 . 2008-08-21 20:41 1,221,008 --a------ C:\WINDOWS\system32\zpeng25.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 15:11 --------- d-----w C:\Program Files\PeerGuardian2
2008-10-11 14:57 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-10 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-10 14:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-10 14:13 --------- d-----w C:\Program Files\SpywareBlaster
2008-10-09 13:06 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\uTorrent
2008-10-09 10:31 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-10-08 15:36 58,368 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-10-07 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-07 15:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-04 10:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-02 15:45 --------- d-----w C:\Program Files\PCPitstop
2008-09-26 14:14 --------- d-----w C:\Program Files\IEPro
2008-09-24 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-24 19:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-24 09:40 4,122,368 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-09-20 13:09 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-10 11:28 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 13:32 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-09 13:32 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\SUPERAntiSpyware.com
2008-09-09 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-08 13:05 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\OpenOffice.org
2008-09-06 18:08 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\Talkback
2008-09-06 16:11 --------- d-----w C:\Program Files\Intel Desktop Board
2008-09-05 13:15 --------- d-----w C:\Program Files\HP
2008-09-05 12:33 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\Thunderbird
2008-08-28 13:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-18 13:50 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\OpenOffice.org3
2008-08-09 13:15 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-08-08 17:46 319,488 -c--a-w C:\WINDOWS\HideWin.exe
2008-08-07 17:47 410,976 -c--a-w C:\WINDOWS\system32\deploytk.dll
2008-08-05 16:55 265,720 -c--a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-29 14:42 528,384 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 15:51 16,804,864 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-15 12:47 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-07-11 08:55 712,704 ------w C:\WINDOWS\system32\windowscodecs.dll
2008-07-11 08:55 347,648 ------w C:\WINDOWS\system32\windowscodecsext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"HostsMan"="C:\Program Files\HostsMan\hm.exe" [2008-07-23 2866688]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-02-04 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2006-03-09 262144]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2002-09-24 290816]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-07-19 78008]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-30 262144]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 843776]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [2005-12-28 5967942]
"PRISMSTA.EXE"="PRISMSTA.EXE" [2003-08-04 C:\WINDOWS\system32\PRISMSTA.exe]
"SiSPower"="SiSPower.dll" [2006-03-09 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC5391"="del" [X]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^andrew adams^Start Menu^Programs^Startup^Secunia PSI (RC3).lnk]
backup=C:\WINDOWS\pss\Secunia PSI (RC3).lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-08-07 18:49 136600 C:\Program Files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"NMIndexingService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HTpatch"=C:\WINDOWS\htpatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-08-07 147456]
R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 13912]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2005-07-15 45696]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
S3 MTC0001_MPB;MPB device driver;C:\WINDOWS\system32\ntMPB.sys [2001-11-28 5072]
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2003-08-27 364320]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]

*Newly Created Service* - ASPNET_STATE
*Newly Created Service* - DOT3SVC
*Newly Created Service* - EAPHOST
*Newly Created Service* - HTTPFILTER
*Newly Created Service* - OSE
*Newly Created Service* - PGFILTER
*Newly Created Service* - PROCEXP90
*Newly Created Service* - RASAUTO
.
Contents of the 'Scheduled Tasks' folder

2008-10-11 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []

2008-10-11 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\andrew adams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\andrew adams\Application Data\Mozilla\Firefox\Profiles\o46tqpai.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.virginmedia.co.uk
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 16:22:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-11 16:24:56
ComboFix-quarantined-files.txt 2008-10-11 15:24:45

Pre-Run: 29,102,583,808 bytes free
Post-Run: 29,120,954,368 bytes free

275 --- E O F --- 2008-09-13 09:27:27
CHEERS
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: regular IE crash

Unread postby John B. » October 12th, 2008, 7:52 am

Hi,

There are a couple of suspicious things I found, so I would like to have some more information about that. We will also install the Recovery Console which is always handy to have on board and check for logs in Event Viewer.

Step 1: Show your hidden files
To enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon (or click Start, then select My Computer)
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.

Step 2: Check for existance of files
Please check which of the following files are present on your computer using Explorer:
C:\Windows\SYSTEM32\DRIVERS\ASPNET_STATE.SYS
C:\Windows\SYSTEM32\DRIVERS\DOT3SVC.SYS
C:\Windows\SYSTEM32\DRIVERS\EAPHOST.SYS
C:\Windows\SYSTEM32\DRIVERS\HTTPFILTER.SYS
C:\Windows\SYSTEM32\DRIVERS\OSE.SYS

Make a note of which files are present, because we will have to use them in the next step.

Step 3: Upload malware for scanning
  • Go to VirusTotal or Jotti's
  • Copy/Paste the first file on the list of which files from the last step are present on your computer into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.

Step 4: Run DirLook
  • Double-click DirLook.exe to run it.
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    Code: Select all
    C:\Program Files\delete

  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please close it for now, as the log can also be found at C:\DirLook.txt.

Note: Scanning may take long for large folders.

Step 5: Install Recovery Console
Before you download the newest version of ComboFix please make sure there's no older version of ComboFix on your desktop! If there is one, please delete it.

Download Combofix from any of the links below, and save it to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: It is important that it is saved directly to your desktop!

Now go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System (select Windows XP Service Pack 2 when you are running Service Pack 3).

Image

Download the file & save it as it's originally named on your desktop next to ComboFix.exe.

Image

Now close any open browsers. Also close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to do that for your programs see this webpage:
http://www.bleepingcomputer.com/forums/topic114351.html
For Avast there is an additional step. Tick this option in the options:
Image
Before disabling your security program disconnect from the internet as you can get infected very easily with your security disabled.

  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click Yes to run the full ComboFix scan. Do not mouseclick combofix's window while it's running. That may cause it to stall.

    Image
  • When finished, it will produce a report for you. This report will also be saved in C:\ComboFix.txt

Note: Remember reconnect and re-enable your anti virus and anti malware programs.

Step 6: Check Event Viewer logs
By viewing the Event Viewer logs we could maybe find out what is wrong.
  • Go to Start
  • Click on Run
  • In the box, type eventvwr
  • Look at the System and Application log files and note about four (if so many are present) that are made at the time IE crashes.
  • We need to know the Event ID and Source.

Step 7: Post logs
Please post the following logs as a reply to this topic (use multiple posts if needed):
  • Tell me if you are still experiencing IE crashes
  • Virustotal/Jotti results
  • DirLook results
  • ComboFix log
  • Event Viewer logs

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: regular IE crash

Unread postby andrewgrizz » October 12th, 2008, 11:22 am

thanks for the help. I searched for the files you listed, came back nil. virus total upload failure, the file uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file. event viewer multiple results, system log error Dcom 10005, service control manager 7034, also multiple warnings, all errors for over a month were listed. Application errors 1000/1001, MsInstaller 11713, also multiple warnings. listed errors from over a month.
ComboFix 08-10-11.04 - andrew adams 2008-10-12 16:02:10.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.400 [GMT 1:00]
Running from: C:\Documents and Settings\andrew adams\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

2008-10-10 14:58 . 2008-10-11 20:22 <DIR> d-------- C:\Program Files\Smart PC
2008-10-10 13:37 . 2008-10-10 13:38 <DIR> d-------- C:\rsit
2008-10-07 17:05 . 2008-10-07 17:05 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\Ashampoo
2008-10-07 17:05 . 2008-10-07 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-10-07 17:00 . 2008-10-07 17:05 <DIR> d-------- C:\Program Files\Ashampoo
2008-10-07 16:45 . 2008-10-07 16:45 <DIR> d-------- C:\Program Files\inKline Global
2008-10-07 16:43 . 2008-10-07 16:43 <DIR> d-------- C:\Program Files\PCB
2008-10-04 11:23 . 2008-10-04 11:23 <DIR> d-------- C:\Program Files\Realtek AC97
2008-10-02 15:24 . 2008-10-02 15:24 <DIR> d-------- C:\Program Files\Recuva
2008-10-02 13:40 . 2008-10-02 13:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-01 14:52 . 2008-10-11 18:09 <DIR> d-------- C:\Program Files\OpenOffice.org 3
2008-09-27 15:35 . 2008-09-27 15:35 <DIR> d-------- C:\Program Files\Common Files\snpstd3
2008-09-27 15:35 . 2007-04-13 19:24 10,246,144 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys
2008-09-27 15:35 . 2006-09-18 14:12 843,776 --a------ C:\WINDOWS\vsnpstd3.exe
2008-09-27 15:35 . 2007-03-30 17:44 262,144 --a------ C:\WINDOWS\tsnpstd3.exe
2008-09-27 15:35 . 2007-03-21 15:23 172,032 --a------ C:\WINDOWS\system32\rsnpstd3.dll
2008-09-27 15:35 . 2007-03-30 15:09 61,440 --a------ C:\WINDOWS\system32\vsnpstd3.dll
2008-09-27 15:35 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnpstd3.dll
2008-09-27 15:35 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\csnpstd3.dll
2008-09-27 15:35 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snpstd3.ini
2008-09-27 15:35 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snpstd3.src
2008-09-27 11:50 . 2008-09-27 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-26 18:32 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-26 15:22 . 2008-09-26 15:25 <DIR> d-------- C:\Program Files\Windows Live
2008-09-25 17:54 . 2008-09-25 17:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\agi
2008-09-25 17:54 . 2008-09-26 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
2008-09-25 17:53 . 2008-09-25 17:55 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\agi
2008-09-25 17:53 . 2008-09-25 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\agi
2008-09-25 17:50 . 2008-09-25 17:50 <DIR> d-------- C:\Program Files\AGI
2008-09-25 17:50 . 2008-09-25 17:50 2,117,632 --a------ C:\WINDOWS\system32\python25.dll
2008-09-25 17:50 . 2008-09-16 17:26 1,332,197 --a------ C:\WINDOWS\system32\pythondll.zip
2008-09-25 17:50 . 2008-09-25 17:50 339,968 --a------ C:\WINDOWS\system32\pythoncom25.dll
2008-09-25 17:50 . 2008-09-25 17:50 114,688 --a------ C:\WINDOWS\system32\pywintypes25.dll
2008-09-25 17:16 . 2008-09-26 13:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-25 17:15 . 2008-09-25 17:15 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-25 17:12 . 2008-09-25 17:12 <DIR> d-------- C:\Program Files\Microsoft
2008-09-25 17:09 . 2008-09-25 17:09 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-25 16:51 . 2008-09-25 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-25 16:38 . 2008-09-25 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-25 16:38 . 2008-09-25 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-25 16:37 . 2005-10-18 10:08 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-09-25 16:37 . 2005-05-24 18:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-09-25 16:25 . 2008-09-25 16:25 372 --a------ C:\WINDOWS\gstutils.ini
2008-09-25 16:25 . 2008-09-25 16:25 83 --a------ C:\WINDOWS\gstbrows.ini
2008-09-25 16:23 . 2008-09-25 16:25 <DIR> d-------- C:\GST
2008-09-24 20:49 . 2008-09-24 20:51 <DIR> d-------- C:\Program Files\VIA
2008-09-24 20:49 . 2008-09-24 20:49 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-24 20:49 . 2005-04-13 16:54 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-09-24 20:42 . 2008-09-24 20:42 <DIR> d-------- C:\WINDOWS\Drivers
2008-09-24 20:42 . 2005-07-15 15:02 56,960 --a--c--- C:\WINDOWS\system32\drivers\ousb2hub.sys
2008-09-24 20:42 . 2005-07-15 15:02 45,696 --a--c--- C:\WINDOWS\system32\drivers\ousbehci.sys
2008-09-24 20:41 . 2006-10-09 12:58 203,648 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-09-24 19:44 . 2008-09-24 19:44 <DIR> d-------- C:\Program Files\RadarSync
2008-09-24 18:22 . 2008-09-24 18:40 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-24 16:59 . 2008-09-24 16:59 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\VCOM
2008-09-24 16:58 . 2008-09-24 16:58 <DIR> d-------- C:\Program Files\VCOM
2008-09-23 16:34 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-09-23 16:34 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-23 16:34 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-09-23 16:34 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-09-23 16:34 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-09-23 16:34 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-23 15:40 . 2008-09-23 15:40 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\GlarySoft
2008-09-22 16:47 . 2008-09-22 16:47 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-22 11:34 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\system32\ssubtmr6.dll
2008-09-22 11:34 . 2007-08-31 18:36 36,864 --a------ C:\WINDOWS\system32\trayicon_handler.ocx
2008-09-21 16:45 . 2008-09-26 11:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-20 14:12 . 2008-09-21 18:28 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\Ahead
2008-09-20 14:11 . 2008-09-20 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-20 14:06 . 2008-10-02 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-15 18:24 . 2008-09-24 18:26 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-09-14 19:49 . 2008-09-14 19:49 169 --a------ C:\WINDOWS\RtlRack.ini
2008-09-13 13:10 . 2008-09-27 13:36 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\Image Zone Express
2008-09-13 12:59 . 2008-04-13 19:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-13 12:59 . 2008-04-13 19:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-13 12:58 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe
2008-09-13 12:58 . 2008-04-14 01:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-09-13 12:58 . 2008-04-14 01:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-09-13 12:57 . 2008-09-13 12:57 <DIR> d-------- C:\Documents and Settings\andrew adams\Application Data\InstallShield
2008-09-13 11:04 . 2008-09-13 11:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-13 11:03 . 2008-09-04 19:47 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-13 11:03 . 2004-03-05 04:19 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-09-13 11:03 . 2008-09-13 11:03 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-12 20:19 . 2008-09-12 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-12 15:36 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-12 15:27 . 2008-09-21 21:01 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-12 15:16 . 2008-09-21 21:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-12 15:15 . 2008-09-21 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-12 15:14 . 2008-09-12 15:14 <DIR> dr-h----- C:\MSOCache
2008-09-12 14:48 . 2008-09-12 14:50 <DIR> d-------- C:\Program Files\MagicDisc
2008-09-12 14:48 . 2008-07-28 17:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 13:45 --------- d-----w C:\Program Files\PeerGuardian2
2008-10-12 12:43 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-11 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-11 15:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 15:52 --------- d-----w C:\Program Files\SpywareBlaster
2008-10-11 15:49 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\uTorrent
2008-10-07 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-07 15:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-04 10:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-02 15:45 --------- d-----w C:\Program Files\PCPitstop
2008-09-26 14:14 --------- d-----w C:\Program Files\IEPro
2008-09-24 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-24 19:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-24 09:40 4,122,368 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-09-20 13:09 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-11 10:58 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-09-10 11:28 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 13:32 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-09 13:32 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\SUPERAntiSpyware.com
2008-09-09 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-08 13:05 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\OpenOffice.org
2008-09-06 18:08 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\Talkback
2008-09-06 16:11 --------- d-----w C:\Program Files\Intel Desktop Board
2008-09-05 13:15 --------- d-----w C:\Program Files\HP
2008-09-05 12:33 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\Thunderbird
2008-08-28 13:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-21 19:41 1,221,008 ----a-w C:\WINDOWS\system32\zpeng25.dll
2008-08-18 13:50 --------- d-----w C:\Documents and Settings\andrew adams\Application Data\OpenOffice.org3
2008-08-09 13:15 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-08-08 17:46 319,488 -c--a-w C:\WINDOWS\HideWin.exe
2008-08-07 17:47 410,976 -c--a-w C:\WINDOWS\system32\deploytk.dll
2008-08-05 16:55 265,720 -c--a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-29 14:42 528,384 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 15:51 16,804,864 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-15 12:47 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-11_16.23.44.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-04 10:27:19 379,240 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-11 19:31:02 382,424 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-11 19:33:04 16,384 ------w C:\WINDOWS\Temp\Perflib_Perfdata_440.dat
+ 2008-10-12 13:05:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat
+ 2008-10-12 13:05:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"HostsMan"="C:\Program Files\HostsMan\hm.exe" [2008-07-23 2866688]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-02-04 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2006-03-09 262144]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2002-09-24 290816]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-07-19 78008]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-30 262144]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 843776]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [2005-12-28 5967942]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-08-07 136600]
"PRISMSTA.EXE"="PRISMSTA.EXE" [2003-08-04 C:\WINDOWS\system32\PRISMSTA.exe]
"SiSPower"="SiSPower.dll" [2006-03-09 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^andrew adams^Start Menu^Programs^Startup^Secunia PSI (RC3).lnk]
backup=C:\WINDOWS\pss\Secunia PSI (RC3).lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-01-22 11:13 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"NMIndexingService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HTpatch"=C:\WINDOWS\htpatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-08-07 147456]
R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 13912]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2005-07-15 45696]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
S3 MTC0001_MPB;MPB device driver;C:\WINDOWS\system32\ntMPB.sys [2001-11-28 5072]
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2003-08-27 364320]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
.
Contents of the 'Scheduled Tasks' folder

2008-10-12 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []

2008-10-12 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\andrew adams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\andrew adams\Application Data\Mozilla\Firefox\Profiles\o46tqpai.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.virginmedia.co.uk
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 16:08:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-12 16:10:14
ComboFix-quarantined-files.txt 2008-10-12 15:10:04
ComboFix2.txt 2008-10-12 13:55:31

Pre-Run: 28,574,310,400 bytes free
Post-Run: 28,555,587,584 bytes free

264 --- E O F --- 2008-09-13 09:27:27
Not seen IE crash due to using Firefox regularly for default browser. After disconnection from internet to run scans, then re connect, I get a message saying internet explorer can not find null.
Hope this helps.
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: regular IE crash

Unread postby John B. » October 12th, 2008, 12:43 pm

What are the DirLook results? Please try IE now and if it crashes go to the Event Log Viewer and see if any logs were made at the time IE crashed.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: regular IE crash

Unread postby andrewgrizz » October 13th, 2008, 6:59 am

DirLook.exe v2.0 by jpshortstuff
Log created at 11:48 on 13/10/2008
==================================
Contents of "C:\Program Files\delete"

Unable to find directory.

==================================
=EOF=

todays problem listed in event viewer is redbook, cat:none, event code 8. multiple ftdisk warnings.

Internet not crashing, not been using it, so will not know for sometime.

hope this helps. thanks again for your help.
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: regular IE crash

Unread postby John B. » October 13th, 2008, 7:50 am

Hi Andrew,

As you haven't had anymore IE crashed I think we can close this topic. This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Now that you are clean, I got some tips & tricks for you to keep your computer clean and secure. The first few (like removing dangerous tools and Windows Update) have to be done, the others are optional (beginning with Spybot S &D).

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:
  • Uninstall tools - The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files.
    • Go to Start
    • Click on Run
    • Type ComboFix /u (Note: This command is case sensitive.)
    After doing that with ComboFix, do this with OTMoveIt to remove the tools not removed by ComboFix.
    • Download OTCleanIt from http://download.bleepingcomputer.com/ol ... leanIt.exe to your desktop.
    • Click the OTCleanIt icon on your desktop.
    • Click the CleanUp button.
    • If you get any pop ups asking if it is OK let the program proceed.
    • At the end the program will ask to let it reboot the computer. Let it do so.
    You may delete any logs left on the desktop.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
    WinPatrol
    The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.

  • Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial here:
    WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

  • Bookmark general cleanup link - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly, check (so now bookmark) this link for tips & tricks:
    What to do if your Computer's running slowly

Follow this list and your potential for being infected again will reduce dramatically.

>> Here << you can see how you can help us.

May your God go with you..

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: regular IE crash

Unread postby andrewgrizz » October 13th, 2008, 3:18 pm

Thanks for reply. I was following your advice, I downloaded OTMoveIt, ran it to clean system as requested.

I then restarted my sytem when prompted, my computer failed to restart, i kept getting write errors during ComboFix, errors were for my F drive. Something to do with data write errors.

On start up my computer refused to let me get in, when i did eventually get in my desktop refused to work, and i could not run any scans. Unable to get into system restore, even safe mode failed to respond.

Due to these problems i am forced to use my system restore discs ( manufactures own). Tried to get computer to restore factory settings, this failed, tried 3 times.

I am now trying no format, which sends files to a seperate folder andf restores factory settings.

If this fails then my next attempt will be to use the quick format option, and restore.

If this fails, then that is the final straw, and i will have to contact tech guys for help, if they can not help me on the phone then I will use my last 6 months of my extended guarentee, to have it collected from my home and taken away for some repair work on it.

You can reply to this email, but I can not guarentee a response, until I know what is happening on computer and find out if it needs to be taken away for repair.

I am using a computer somewhere else, this computer does not have email access.

I am concerned about possibility of a virus beeing downloaded, when I downloaded the OTMoveIt programme, from the reccommended site. Until that time my computer was fine, as the results stated.

If no virus was downloaded, then OTMoveit, could have wiped something of my computer that was important.

If non of these was the cause, then it could be a hard drive failure, and it will need to be repaired. By manufacturer.

Until a cause is found, I will not know the original cause.

:(
Thanks.
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am

Re: regular IE crash

Unread postby John B. » October 14th, 2008, 3:36 am

Please don't reformat and reinstall. This sounds like a hardware problem and losing all your data would be a pity.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: regular IE crash

Unread postby andrewgrizz » October 14th, 2008, 7:19 am

I was forced to reinstall everything, because it looked like a virus had got into a file, during the running of moveit.

I did try a restore factory settings from my recovery disc, but that failed. I did get to desk top but i could not move on from there, my system refused to budge. funny thing is on first install, I ran defrag, which intern brought up the blue screen of death, I was unable to read what it was, it came and went in a flash. There was no access to system restore, so i was forced to do a reinstall again, moving files from system to a seperate folder called my old disk structure. I beleive a virus was hiding in that folder, because when I moved files back to desktop, security files, that caused the problems, I am up and running again, and doing reinstalls of my security software, which i have listed in my profile page of Cnet downloads. So far so good. I have never had a problem before, when using tools recommended by malware removal, that is why I think a well hidden virus or malware, was lurking and was disturbed by the ComboFix and then Moveit. I was not willing to take a chance on this problem. But if I was unable to repair my system, I would have called tech guys for help.

Thankyou for your help in attempt to fix, what started as a possible threat.
:thumbright:
andrewgrizz
Regular Member
 
Posts: 35
Joined: November 23rd, 2007, 11:35 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware