derekfurman
asked on
Virus? causing DEP alerts then a explorer crash/rese
I am getting a occasional DEP alerts then a explorer crash/reset can someone take a look here and let me know if they see anything out of order. I do not see it.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:58 AM, on 3/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng .exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\Program Files\Bonjour\mDNSResponde r.exe
C:\Program Files\Broadcom\MgmtAgent\B rcmMgmtAge nt.exe
C:\Program Files\LogMeIn\x86\LMIGuard ianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint. exe
C:\Program Files\LogMeIn\x86\LogMeIn. exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Motorola\MotoHelper\ MotoHelper Service.ex e
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Motorola\MotoHelper\ MotoHelper Agent.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUP ERAntiSpyw are.exe
C:\WINDOWS\System32\svchos t.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica tion\chrom e.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica tion\chrom e.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica tion\chrom e.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica tion\chrom e.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica tion\chrom e.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica tion\chrom e.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica tion\chrom e.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica tion\chrom e.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica tion\chrom e.exe
C:\Documents and Settings\WOW\My Documents\Downloads\window s-kb890830 -v3.16 (1).exe
i:\2289cf45da7a14c59a687b\ mrtstub.ex e
C:\WINDOWS\system32\MRT.ex e
C:\Program Files\Trend Micro\HiJackThis\HiJackThi s.exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program
Files\Java\jre6\bin\jp2ssv .dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E ABFE594F69 C} - C:\Program
Files\Java\jre6\lib\deploy \jqs\ie\jq s_plugin.d ll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2 B52B6139FC 7} - C:\Program Files\Adobe\/Adobe
Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP ERAntiSpyw are.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\ GPhotos.sc r/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppend.h tml
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien t.dll/Acro IECapture. html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppend.h tml
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien t.dll/Acro IECaptureS elLinks.ht ml
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program
Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppendSe lLinks.htm l
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien t.dll/Acro IECapture. html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppend.h tml
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien t.dll/Acro IECapture. html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3 \Office12\ EXCEL.EXE/ 3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-E E169C2DA79 F} - C:\Program
Files\Skype\Toolbars\Inter net Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-E E169C2DA79 F}
- C:\Program Files\Skype\Toolbars\Inter net Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D 32B190E9B0 7} - C:\Program
Files\Skype\Toolbars\Inter net Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} -
C:\PROGRA~1\MICROS~3\Offic e12\REFIEB AR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243900979140
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254602946000
O16 - DPF: {8100D56A-5661-482C-BEE8-A FECE305D96 8} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F 8C8BE74846 3} (MSN Games – Hearts) -
http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-1 12A68D7E10 A} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A4110378-789B-455F-AE86-3 A1BFC40285 3} (ZPA_SHVL Object) -
http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2 2031317559 2} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-2 7E3E7AB25F 8} -
http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-A C9BF37916A 7} (get_atlcom Class) -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B 5AE0DC75AC 9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1 830C7DD7F5 D} -
C:\PROGRA~1\COMMON~1\Skype \SKYPE4~1. DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS WINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-0 0A0C90312E 1} -
C:\WINDOWS\system32\browse ui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3 078302C203 0} -
C:\WINDOWS\system32\browse ui.dll
O22 - SharedTaskScheduler: ExphyllaW32 - {0074BAD5-04AC-49A8-9314-1 D8B356B62F F} - (no file)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common
Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueC S3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde r.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program
Files\Broadcom\MgmtAgent\B rcmMgmtAge nt.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common
Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ ice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program
Files\Google\Update\Google Update.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterServi ce.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: Imapi Helper - Unknown owner - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
(file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuard ianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program
Files\LogMeIn\x86\RaMaint. exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn. exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program
Files\Motorola\MotoHelper\ MotoHelper Service.ex e
--
End of file - 9858 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:58 AM, on 3/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\Ati2ev
C:\Program Files\Bonjour\mDNSResponde
C:\Program Files\Broadcom\MgmtAgent\B
C:\Program Files\LogMeIn\x86\LMIGuard
C:\Program Files\LogMeIn\x86\RaMaint.
C:\Program Files\LogMeIn\x86\LogMeIn.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Motorola\MotoHelper\
C:\WINDOWS\system32\svchos
C:\Program Files\Motorola\MotoHelper\
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUP
C:\WINDOWS\System32\svchos
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica
C:\WINDOWS\explorer.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\WOW\Local Settings\Application Data\Google\Chrome\Applica
C:\Documents and Settings\WOW\My Documents\Downloads\window
i:\2289cf45da7a14c59a687b\
C:\WINDOWS\system32\MRT.ex
C:\Program Files\Trend Micro\HiJackThis\HiJackThi
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
Files\Java\jre6\bin\jp2ssv
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E
Files\Java\jre6\lib\deploy
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2
Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program
Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-E
Files\Skype\Toolbars\Inter
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-E
- C:\Program Files\Skype\Toolbars\Inter
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D
Files\Skype\Toolbars\Inter
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
C:\PROGRA~1\MICROS~3\Offic
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-F
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243900979140
O16 - DPF: {6E32070A-766D-4EE6-879C-D
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254602946000
O16 - DPF: {8100D56A-5661-482C-BEE8-A
http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F
http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-1
http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A4110378-789B-455F-AE86-3
http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-2
http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-A
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B
https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1
C:\PROGRA~1\COMMON~1\Skype
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-0
C:\WINDOWS\system32\browse
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3
C:\WINDOWS\system32\browse
O22 - SharedTaskScheduler: ExphyllaW32 - {0074BAD5-04AC-49A8-9314-1
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common
Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueC
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program
Files\Broadcom\MgmtAgent\B
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common
Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program
Files\Google\Update\Google
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterServi
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver
O23 - Service: Imapi Helper - Unknown owner - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
(file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuard
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program
Files\LogMeIn\x86\RaMaint.
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program
Files\Motorola\MotoHelper\
--
End of file - 9858 bytes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I recommend putting this one into the Windows XP zone so that more developers will see it.
ASKER
I already did the mbam (nada) trendmicro rootkit buster, Sophos rootkit then went rough start up and memory resident. I think its clean just needed a second opinion
Thanks optoma
Thanks optoma
Cool. Did the other scan find anything? If It's still crashing let us know as it shouldn't be :)
ASKER
I will thanks
ASKER
and the other scans came up clean
Cool. If it happens again it maybe related to a 3rd party context menu application. You can use ShellExView to run through a trial and error and disable context menu items one at a time
http://www.nirsoft.net/utils/shexview.html
http://www.nirsoft.net/utils/shexview.html