IE closes instantly when I explore the folder

[Guest]

My IE 6.0sp2 closes instantly when I explore the folder.
Below is the debug file generated.
Can anyone analysis it for me. Thank you very much!
Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini103005-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055b420
Debug session time: Sun Oct 30 17:30:25.218 2005 (GMT-5)
System Uptime: 0 days 0:03:01.812
Loading Kernel Symbols
.................................................................................................................................
Loading unloaded module list
...........
Loading User Symbols
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {c0000005, ba9ac8d4, f8985be8, f89858e4}

Unable to load image Klpf.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for Klpf.sys
*** ERROR: Module load completed but symbols could not be loaded for Klpf.sys
Probably caused by : HTTP.sys ( HTTP!UlInitializeConnectionTimerInfo+22 )

Followup: MachineOwner
---------

kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: ba9ac8d4, The address that the exception occurred at
Arg3: f8985be8, Exception Record Address
Arg4: f89858e4, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

FAULTING_IP:
HTTP!UlInitializeConnectionTimerInfo+22
ba9ac8d4 f3ab rep stosd

EXCEPTION_RECORD: f8985be8 -- (.exr fffffffff8985be8)
..exr fffffffff8985be8
ExceptionAddress: ba9ac8d4 (HTTP!UlInitializeConnectionTimerInfo+0x00000022)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 000000ec
Attempt to write to address 000000ec

CONTEXT: f89858e4 -- (.cxr fffffffff89858e4)
..cxr fffffffff89858e4
eax=ffffffff ebx=000000ec ecx=00000006 edx=85ae376c esi=000000d8 edi=000000ec
eip=ba9ac8d4 esp=f8985cb0 ebp=f8985cc4 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210286
HTTP!UlInitializeConnectionTimerInfo+0x22:
ba9ac8d4 f3ab rep stosd es:000000ec=????????
..cxr
Resetting default scope

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

WRITE_ADDRESS: 000000ec

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from ba9a377b to ba9ac8d4

STACK_TEXT:
f8985cc4 ba9a377b 000000d8 f8985cf4 ba9b173a
HTTP!UlInitializeConnectionTimerInfo+0x22
f8985cd0 ba9b173a 8169cee0 00000000 00000000 HTTP!UlConnectionComplete+0x3f
f8985cf4 804e4d38 00000000 00000000 00679c00 HTTP!UlpRestartAccept+0xba
f8985d24 f87d9fcf 8147e1f9 00000000 821d9300 nt!IopfCompleteRequest+0xa2
WARNING: Stack unwind information not available. Following frames may be
wrong.
f8985d3c f87d7fa1 81679a68 00000001 00000000 Klpf+0x3fcf
f8985d74 804e526b 8147e018 00000000 823b98b8 Klpf+0x1fa1
f8985dac 8057ce15 814f0b60 00000000 00000000 nt!ExpWorkerThread+0x100
f8985ddc 804fb4da 804e5196 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


FOLLOWUP_IP:
HTTP!UlInitializeConnectionTimerInfo+22
ba9ac8d4 f3ab rep stosd

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: HTTP!UlInitializeConnectionTimerInfo+22

MODULE_NAME: HTTP

IMAGE_NAME: HTTP.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41672744

STACK_COMMAND: .cxr fffffffff89858e4 ; kb

FAILURE_BUCKET_ID: 0x7E_HTTP!UlInitializeConnectionTimerInfo+22

BUCKET_ID: 0x7E_HTTP!UlInitializeConnectionTimerInfo+22

Followup: MachineOwner
---------

eax=ffffffff ebx=000000ec ecx=00000006 edx=85ae376c esi=000000d8 edi=000000ec
eip=ba9ac8d4 esp=f8985cb0 ebp=f8985cc4 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210286
HTTP!UlInitializeConnectionTimerInfo+0x22:
ba9ac8d4 f3ab rep stosd es:000000ec=????????
ChildEBP RetAddr Args to Child
f8985cc4 ba9a377b 000000d8 f8985cf4 ba9b173a
HTTP!UlInitializeConnectionTimerInfo+0x22 (FPO: [Non-Fpo])
f8985cd0 ba9b173a 8169cee0 00000000 00000000 HTTP!UlConnectionComplete+0x3f
(FPO: [Non-Fpo])
f8985cf4 804e4d38 00000000 00000000 00679c00 HTTP!UlpRestartAccept+0xba
(FPO: [Non-Fpo])
f8985d24 f87d9fcf 8147e1f9 00000000 821d9300 nt!IopfCompleteRequest+0xa2
(FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be
wrong.
f8985d3c f87d7fa1 81679a68 00000001 00000000 Klpf+0x3fcf
f8985d74 804e526b 8147e018 00000000 823b98b8 Klpf+0x1fa1
f8985dac 8057ce15 814f0b60 00000000 00000000 nt!ExpWorkerThread+0x100 (FPO:
[Non-Fpo])
f8985ddc 804fb4da 804e5196 00000001 00000000 nt!PspSystemThreadStartup+0x34
(FPO: [Non-Fpo])
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
start end module name
804d8000 806ebf80 nt ntoskrnl.exe Tue Mar 01 19:59:37 2005 (42250FF9)
806ec000 8070c380 hal halaacpi.dll Wed Aug 04 01:59:05 2004 (41107B29)
ba99b000 ba9db100 HTTP HTTP.sys Fri Oct 08 19:48:20 2004 (41672744)
babbc000 bac0d300 srv srv.sys Mon May 09 20:17:49 2005 (427FFDAD)
bac5e000 bac8a400 mrxdav mrxdav.sys Wed Aug 04 02:00:49 2004 (41107B91)
bad5b000 bad66900 Defrag32 Defrag32.SYS Thu Apr 29 14:14:52 2004 (4091461C)
bf800000 bf9c0380 win32k win32k.sys Tue Mar 01 20:06:42 2005 (422511A2)
bf9c1000 bf9d2580 dxg dxg.sys Wed Aug 04 02:00:51 2004 (41107B93)
bf9d3000 bfa39000 ati2dvag ati2dvag.dll Wed Mar 03 12:31:42 2004 (4046167E)
bfa39000 bfb89b20 ati3duag ati3duag.dll Wed Mar 03 12:28:47 2004 (404615CF)
bfb8a000 bfc188a0 ativvaxx ativvaxx.dll Wed Mar 03 12:20:56 2004 (404613F8)
eb807000 eb827f00 ipnat ipnat.sys Wed Sep 29 18:28:36 2004 (415B3714)
eb828000 eb852a00 rdbss rdbss.sys Wed Oct 27 21:13:57 2004 (418047D5)
eb853000 eb874d00 afd afd.sys Wed Aug 04 02:14:13 2004 (41107EB5)
eb875000 eb89cc00 netbt netbt.sys Wed Aug 04 02:14:36 2004 (41107ECC)
eb89d000 eb8f4d80 tcpip tcpip.sys Wed May 25 15:04:00 2005 (4294CC20)
eb8f5000 eb907400 ipsec ipsec.sys Wed Aug 04 02:14:27 2004 (41107EC3)
f7948000 f7a10680 nvmcp nvmcp.sys Thu Dec 05 15:18:05 2002 (3DEFB47D)
f7a11000 f7a4c000 nvapu nvapu.sys Thu Dec 05 15:18:06 2002 (3DEFB47E)
f7a4c000 f7a63800 SCSIPORT SCSIPORT.SYS Wed Aug 04 01:59:39 2004 (41107B4B)
f7a64000 f7a74f40 fvdscsi fvdscsi.sys Tue Sep 07 01:38:35 2004 (413D495B)
f7aa9000 f7aab900 Dxapi Dxapi.sys Fri Aug 17 16:53:19 2001 (3B7D843F)
f7ac1000 f7ac3f80 mouhid mouhid.sys Fri Aug 17 16:47:57 2001 (3B7D82FD)
f7ac5000 f7af8200 update update.sys Wed Aug 04 01:58:32 2004 (41107B08)
f7b99000 f7bc9100 rdpdr rdpdr.sys Wed Aug 04 02:01:10 2004 (41107BA6)
f7bdc000 f7c07000 klif klif.sys Thu Aug 04 11:19:10 2005 (42F231EE)
f7c07000 f7c17e00 psched psched.sys Wed Aug 04 02:04:16 2004 (41107C60)
f7c18000 f7c2e680 ndiswan ndiswan.sys Wed Aug 04 02:14:30 2004 (41107EC6)
f7c2f000 f7c52980 portcls portcls.sys Wed Aug 04 02:15:47 2004 (41107F13)
f7c53000 f7c66580 parport parport.sys Wed Aug 04 01:59:04 2004 (41107B28)
f7c67000 f7c7a780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 02:07:04 2004 (41107D08)
f7c7b000 f7d3d000 ati2mtag ati2mtag.sys Wed Mar 03 12:31:19 2004 (40461667)
f7d3d000 f7d5f680 ks ks.sys Wed Aug 04 02:15:20 2004 (41107EF8)
f7d60000 f7d73c00 NVENET NVENET.sys Mon Sep 23 14:51:57 2002 (3D8F62CD)
f7d74000 f7d96e80 USBPORT USBPORT.SYS Wed Aug 04 02:08:34 2004 (41107D62)
f7d97000 f7d99280 rasacd rasacd.sys Fri Aug 17 16:55:39 2001 (3B7D84CB)
f7e62000 f7e76400 wdmaud wdmaud.sys Wed Aug 04 02:15:03 2004 (41107EE7)
f7ec3000 f7ed1d80 sysaudio sysaudio.sys Wed Aug 04 02:15:54 2004 (41107F1A)
f80a7000 f80aa280 ndisuio ndisuio.sys Wed Aug 04 02:03:10 2004 (41107C1E)
f81b3000 f81ca480 dump_atapi dump_atapi.sys Wed Aug 04 01:59:41 2004
(41107B4D)
f81cb000 f81e1180 usbVM31b usbVM31b.sys Mon Mar 22 03:22:25 2004 (405EA241)
f8296000 f8304400 mrxsmb mrxsmb.sys Tue Jan 18 23:26:50 2005 (41EDE18A)
f8309000 f830b6a0 fcdabus fcdabus.sys Tue Aug 05 06:36:42 2003 (3F2F88BA)
f830d000 f8310c80 mssmbios mssmbios.sys Wed Aug 04 02:07:47 2004 (41107D33)
f8325000 f8327580 ndistapi ndistapi.sys Fri Aug 17 16:55:29 2001 (3B7D84C1)
f836e000 f8388580 Mup Mup.sys Wed Aug 04 02:15:20 2004 (41107EF8)
f8389000 f83b5a80 NDIS NDIS.sys Wed Aug 04 02:14:27 2004 (41107EC3)
f83b6000 f8442480 Ntfs Ntfs.sys Wed Aug 04 02:15:06 2004 (41107EEA)
f8443000 f8459780 KSecDD KSecDD.sys Wed Aug 04 01:59:45 2004 (41107B51)
f845a000 f8478780 fltmgr fltmgr.sys Wed Aug 04 02:01:17 2004 (41107BAD)
f8479000 f8490480 atapi atapi.sys Wed Aug 04 01:59:41 2004 (41107B4D)
f8491000 f84b6100 dmio dmio.sys Wed Aug 04 02:07:13 2004 (41107D11)
f84b7000 f84d5880 ftdisk ftdisk.sys Fri Aug 17 16:52:41 2001 (3B7D8419)
f84d6000 f84e6280 pci pci.sys Wed Aug 04 02:07:45 2004 (41107D31)
f84e7000 f8514500 ACPI ACPI.sys Wed Aug 04 02:07:35 2004 (41107D27)
f8536000 f853ec00 isapnp isapnp.sys Fri Aug 17 16:58:01 2001 (3B7D8559)
f8546000 f8550500 MountMgr MountMgr.sys Wed Aug 04 01:58:29 2004 (41107B05)
f8556000 f8561f80 VolSnap VolSnap.sys Wed Aug 04 02:00:14 2004 (41107B6E)
f8566000 f856ee00 disk disk.sys Wed Aug 04 01:59:53 2004 (41107B59)
f8576000 f8582200 CLASSPNP CLASSPNP.SYS Wed Aug 04 02:14:26 2004 (41107EC2)
f8586000 f8591900 Defrag32b Defrag32b.sys Thu Apr 29 14:14:52 2004
(4091461C)
f85b6000 f85bece0 fsRamDsk fsRamDsk.sys Thu Sep 09 03:54:56 2004 (41400C50)
f85c6000 f85d2880 rasl2tp rasl2tp.sys Wed Aug 04 02:14:21 2004 (41107EBD)
f85d6000 f85e0200 raspppoe raspppoe.sys Wed Aug 04 02:05:06 2004 (41107C92)
f85e6000 f85f1d00 raspptp raspptp.sys Wed Aug 04 02:14:26 2004 (41107EC2)
f85f6000 f85fe900 msgpc msgpc.sys Wed Aug 04 02:04:11 2004 (41107C5B)
f8606000 f860ff00 termdd termdd.sys Wed Aug 04 01:58:52 2004 (41107B1C)
f8616000 f8624100 usbhub usbhub.sys Wed Aug 04 02:08:40 2004 (41107D68)
f8626000 f862f480 NDProxy NDProxy.SYS Fri Aug 17 16:55:30 2001 (3B7D84C2)
f8636000 f8645380 nvarm nvarm.sys Thu Dec 05 15:08:44 2002 (3DEFB24C)
f8686000 f868e700 netbios netbios.sys Wed Aug 04 02:03:19 2004 (41107C27)
f8696000 f869e880 Fips Fips.SYS Fri Aug 17 21:31:49 2001 (3B7DC585)
f86a6000 f86ae700 wanarp wanarp.sys Wed Aug 04 02:04:57 2004 (41107C89)
f86c6000 f86d1e00 STREAM STREAM.SYS Wed Aug 04 02:07:58 2004 (41107D3E)
f86d6000 f86ded80 HIDCLASS HIDCLASS.SYS Wed Aug 04 02:08:18 2004 (41107D52)
f86e6000 f86f5900 Cdfs Cdfs.SYS Wed Aug 04 02:14:09 2004 (41107EB1)
f8746000 f874fd00 amdk7 amdk7.sys Wed Aug 04 01:59:19 2004 (41107B37)
f8756000 f8760380 imapi imapi.sys Wed Aug 04 02:00:12 2004 (41107B6C)
f8766000 f8772180 cdrom cdrom.sys Wed Aug 04 01:59:52 2004 (41107B58)
f8776000 f8783600 redbook redbook.sys Wed Aug 04 01:59:34 2004 (41107B46)
f8786000 f8794a00 serial serial.sys Wed Aug 04 02:15:51 2004 (41107F17)
f8796000 f87a1a00 i8042prt i8042prt.sys Wed Aug 04 02:14:36 2004 (41107ECC)
f87a6000 f87b4b80 drmk drmk.sys Wed Aug 04 02:07:54 2004 (41107D3A)
f87b6000 f87bc200 PCIIDEX PCIIDEX.SYS Wed Aug 04 01:59:40 2004 (41107B4C)
f87be000 f87c2900 PartMgr PartMgr.sys Fri Aug 17 21:32:23 2001 (3B7DC5A7)
f87c6000 f87cabc0 PxHelp20 PxHelp20.sys Tue Oct 28 13:25:49 2003 (3F9EB4AD)
f87ce000 f87d5c20 Klpid Klpid.sys Thu Aug 04 11:19:33 2005 (42F23205)
f87d6000 f87dc1e0 Klpf Klpf.sys Thu Aug 04 11:19:22 2005 (42F231FA)
f87de000 f87e2880 TDI TDI.SYS Wed Aug 04 02:07:47 2004 (41107D33)
f88a6000 f88aa280 usbohci usbohci.sys Wed Aug 04 02:08:34 2004 (41107D62)
f88ae000 f88b4800 usbehci usbehci.sys Wed Aug 04 02:08:34 2004 (41107D62)
f88b6000 f88bd000 GEARAspiWDM GEARAspiWDM.sys Tue Mar 01 23:05:17 2005
(42253B7D)
f88be000 f88bf000 fdc fdc.sys unavailable (00000000)
f88c6000 f88cbb00 kbdclass kbdclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
f88ce000 f88d2580 ptilink ptilink.sys Fri Aug 17 16:49:53 2001 (3B7D8371)
f88d6000 f88da080 raspti raspti.sys Fri Aug 17 16:55:32 2001 (3B7D84C4)
f88de000 f88e3500 mouclass mouclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
f88fe000 f8903200 vga vga.sys Wed Aug 04 02:07:06 2004 (41107D0A)
f8906000 f890aa80 Msfs Msfs.SYS Wed Aug 04 02:00:37 2004 (41107B85)
f890e000 f8915880 Npfs Npfs.SYS Wed Aug 04 02:00:38 2004 (41107B86)
f891e000 f8924180 HIDPARSE HIDPARSE.SYS Wed Aug 04 02:08:15 2004 (41107D4F)
f892e000 f8932500 watchdog watchdog.sys Wed Aug 04 02:07:32 2004 (41107D24)
f8946000 f8949000 BOOTVID BOOTVID.dll Fri Aug 17 16:49:09 2001 (3B7D8345)
f894a000 f894d500 nv_agp nv_agp.sys Fri Sep 06 15:37:05 2002 (3D7903E1)
f894e000 f8950280 kl1 kl1.sys Thu Aug 04 09:41:01 2005 (42F21AED)
f89ea000 f89ecaa0 klmc klmc.sys Thu Aug 04 09:40:46 2005 (42F21ADE)
f8a12000 f8a14580 hidusb hidusb.sys Fri Aug 17 17:02:16 2001 (3B7D8658)
f8a1a000 f8a1d300 nvax nvax.sys Thu Dec 05 15:18:04 2002 (3DEFB47C)
f8a22000 f8a25c80 serenum serenum.sys Wed Aug 04 01:59:06 2004 (41107B2A)
f8a26000 f8a28980 gameenum gameenum.sys Wed Aug 04 02:08:20 2004 (41107D54)
f8a2a000 f8a2cf80 fsvga fsvga.sys Fri Aug 17 16:57:21 2001 (3B7D8531)
f8a36000 f8a37b80 kdcom kdcom.dll Fri Aug 17 16:49:10 2001 (3B7D8346)
f8a38000 f8a39100 WMILIB WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
f8a3a000 f8a3b700 dmload dmload.sys Fri Aug 17 16:58:15 2001 (3B7D8567)
f8a5c000 f8a5d100 swenum swenum.sys Wed Aug 04 01:58:41 2004 (41107B11)
f8a5e000 f8a5f280 USBD USBD.SYS Fri Aug 17 17:02:58 2001 (3B7D8682)
f8a60000 f8a61f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 16:49:37 2001 (3B7D8361)
f8a62000 f8a63080 Beep Beep.SYS Fri Aug 17 16:47:33 2001 (3B7D82E5)
f8a64000 f8a65080 mnmdd mnmdd.SYS Fri Aug 17 16:57:28 2001 (3B7D8538)
f8a66000 f8a67080 RDPCDD RDPCDD.sys Fri Aug 17 16:46:56 2001 (3B7D82C0)
f8a68000 f8a69100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 17:07:23 2001
(3B7D878B)
f8a9e000 f8a9fa80 ParVdm ParVdm.SYS Fri Aug 17 16:49:49 2001 (3B7D836D)
f8afe000 f8afed00 pciide pciide.sys Fri Aug 17 16:51:49 2001 (3B7D83E5)
f8b5f000 f8b5fb80 msmpu401 msmpu401.sys Fri Aug 17 16:59:59 2001 (3B7D85CF)
f8b60000 f8b60c00 audstub audstub.sys Fri Aug 17 16:59:40 2001 (3B7D85BC)
f8b7d000 f8b7dda0 aslm75 aslm75.sys Tue Apr 22 21:15:58 1997 (335D62CE)
f8be8000 f8be8b80 Null Null.SYS Fri Aug 17 16:47:39 2001 (3B7D82EB)
f8c5f000 f8c5fd00 dxgthk dxgthk.sys Fri Aug 17 16:53:12 2001 (3B7D8438)

Unloaded modules:
ba3c7000 ba3f1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bae4b000 bae75000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8bc8000 f8bc9000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
baf3d000 baf60000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f86b6000 f86c3000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7fab000 f7fb9000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8ada000 f8adc000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f88f6000 f88fb000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f7d9b000 f7d9e000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f88ee000 f88f3000 Flpydisk.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

[PA Bear]

What folder?

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Security, Shell/User)

My IE 6.0sp2 closes instantly when I explore the folder.
Below is the debug file generated.
Can anyone analysis it for me. Thank you very much!

<snip>

 

[Guest]

The folder is ramdom. Any folder may have problems.
I have check HijackThis seems everything is ok.

HijackThis log V1.97.7
Scan saved at 23:15:27, on 2005-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\SSREADER36\ssreader.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\download\hijackthis1.97_qoo\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] d:\Program
Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program
Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [eMuleAutoStart] d:\Program Files\eMule\eMule.exe -AutoStart
O4 - Startup: intlname.ols
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: UpdateLog.GDZ
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: &eBay Search - res://C:\Program
Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 导出当å‰é¡µåˆ°è¶…星阅览器(&A) - d:\Program
Files\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - d:\Program
Files\SSREADER36\ss_select.htm
O8 - Extra context menu item: 用比特精çµä¸‹è½½(&B) - D:\Program
Files\BitSpirit\bsurl.htm
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class)
-
http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1114273833859
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1114271580843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122432781984
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


“PA Bearâ€ç¼–写：

 

[PA Bear]

1. You're running a very outdated version of HijackThis. You can download
v1.99.1 here: http://aumha.net/downloads/hijackthis.exe

2. All browser, messenger, media player, mail client, Office, etc.,
windows/applications should be closed before scanning with HijackThis.


3. Repost:

4. > C:\WINDOWS\system32\conime.exe

One of your Bad Guys. See
http://www.liutilities.com/products/wintaskspro/processlibrary/conime/