Thread: IE crashes , ad pop up.
View Single Post
Old 12-08-2008, 01:31 PM   #4 (permalink)
Dell4600
Registered User
 
Dell4600's Avatar
 
Join Date: Nov 2004
Location: NY-Long Island
Posts: 30
OS: XP


Re: IE crashes , ad pop up.
Hey Subs,
thanks for the reply man. Heres the log:


ComboFix 08-12-07.01 - Tiem 2008-12-08 15:21:33.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2387 [GMT -5:00]
Running from: c:\users\Tiem\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Tiem\Documents\My Documents.url
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-11-26 16:42 . 2008-11-26 16:42 <DIR> d-------- c:\windows\Sun
2008-11-26 16:39 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll
2008-11-26 08:02 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 08:02 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 08:02 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 08:02 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 08:02 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 19:23 . 2008-11-25 19:23 <DIR> d-------- c:\users\All Users\HPSSUPPLY
2008-11-25 19:23 . 2008-11-25 19:23 <DIR> d-------- c:\programdata\HPSSUPPLY
2008-11-25 19:22 . 2008-11-25 19:22 <DIR> d-------- c:\users\Tiem\AppData\Roaming\HPAppData
2008-11-25 19:14 . 2008-11-25 19:14 <DIR> d-------- c:\users\All Users\HP Product Assistant
2008-11-25 19:14 . 2008-11-25 19:14 <DIR> d-------- c:\programdata\HP Product Assistant
2008-11-25 19:12 . 2008-11-25 19:12 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-25 18:54 . 2008-11-25 19:32 139,759 --a------ c:\windows\hpoins15.dat
2008-11-19 22:30 . 2008-12-07 18:46 250 --a------ c:\windows\gmer.ini
2008-11-19 00:32 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 00:32 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 00:32 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 00:32 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 00:32 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 00:32 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 00:32 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 00:31 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 00:31 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 18:02 . 2008-11-15 18:02 <DIR> d-------- c:\users\All Users\acccore
2008-11-15 18:02 . 2008-11-15 18:02 <DIR> d-------- c:\programdata\acccore
2008-11-15 18:01 . 2008-11-15 18:01 <DIR> d-------- c:\users\All Users\AOL Downloads
2008-11-15 18:01 . 2008-11-15 18:01 <DIR> d-------- c:\programdata\AOL Downloads
2008-11-12 07:37 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 07:37 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 07:37 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 19:48 . 2008-11-11 19:48 <DIR> d-------- c:\users\Tiem\AppData\Roaming\acccore
2008-11-11 19:47 . 2008-11-15 18:02 <DIR> d-------- c:\program files\AIM6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 00:31 274 ----a-w c:\users\Tiem\AppData\Roaming\wklnhst.dat
2008-12-06 00:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 00:20 --------- d-----w c:\program files\Full Tilt Poker
2008-12-03 06:42 --------- d-----w c:\program files\WinAce
2008-12-02 21:45 --------- d-----w c:\program files\Java
2008-11-29 10:08 --------- d---a-w c:\programdata\TEMP
2008-11-29 10:08 --------- d-----w c:\program files\SpywareBlaster
2008-11-28 00:04 --------- d-----w c:\programdata\Roxio
2008-11-26 00:23 --------- d-----w c:\program files\HP
2008-11-26 00:14 --------- d-----w c:\programdata\HP
2008-11-16 02:27 --------- d-----w c:\programdata\Viewpoint
2008-11-12 00:48 --------- d-----w c:\program files\Common Files\AOL
2008-11-05 09:48 --------- d-----w c:\program files\DivX
2008-11-05 09:48 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-11-02 20:20 --------- d-----w c:\programdata\Lavasoft
2008-11-02 20:19 --------- d-----w c:\program files\Lavasoft
2008-11-02 20:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-02 20:04 --------- d-----w c:\users\Tiem\AppData\Roaming\Lavasoft
2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\System32\DivX.dll
2008-10-21 17:59 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 21:47 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-15 03:47 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-04-28 22:24 262,144 ----a-w c:\programdata\ntuser.dat
2008-04-14 03:01 174 --sha-w c:\program files\desktop.ini
2008-07-26 03:54 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-26 03:54 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-26 03:54 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-04 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0A003C55-FC9C-4189-9BAE-3B592DEA5869}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0D6F5CB4-8646-427A-BE3F-7F476E66B775}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F87BBB58-B6DC-45B7-AFE9-374EF851809A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BED1F704-4C35-49A2-AAE0-AC64129EBE79}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{648F6823-F7C6-49A1-89D5-472DB392E847}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E09042F6-DFAE-4912-896A-96643C6B1950}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8C468A76-1C0C-4F48-886F-507C9E68C6CF}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{5BF00476-3124-42EC-A249-6EF52D21543B}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{963C1371-C8B3-462B-A80C-E302324781EE}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"{794BAF90-BBFD-4A60-AE8C-4C1227F6FD59}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{78DEDE56-7047-4C29-A09E-BCE5469B4065}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1156BED3-A7C1-457D-A34F-F45CB6964FD7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F6B4A640-1D06-4877-A0A6-CFCACF501B1F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{90CCCA69-7ACE-4DE4-A208-99B985F62576}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E0F58DCE-2C27-49E3-85C4-ABF034F4F07B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{FC1639A5-A23D-4203-A212-FCA2696FB11D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{04F3F79D-FA33-47D4-A6B9-1E6EEB15B44A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A8816EE8-D232-455A-A71A-A756390340A8}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F334616D-43EA-4A17-8F4E-EAFA2DB11463}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9BB7A464-7EAB-46D3-9908-24D59AE1F577}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{82807630-95FB-4D82-990F-C4B2A28B12AE}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{70D85469-2E97-4227-8243-AF45B2C0739C}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{BFAAAFE9-8A61-4D85-A4AA-6D7053B0EEFA}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A8E9A60D-4E12-4060-A7F5-82DF35CEDC94}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{5318B06F-A81D-4D51-BC0B-6C822E0D0293}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{D6B6ED31-6833-49CE-A024-AF69C47CF839}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{0E6E8899-5B97-4395-AAF5-3DDB1E06A1F4}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{685F0F02-D91E-4DDD-BF21-01698DE0F1A6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{4BA11872-2F7F-43A0-9483-B465C3C12F3F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8B5C73FA-B53C-48F1-9E0D-0632E7F2807A}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{CF51009B-52BE-4676-BB4B-E05757903177}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{DE3D12C4-BAD8-47BA-9CFB-17507811A0F3}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{6F058186-9E34-46AE-A991-DD65C36D2575}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-04-04 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2008-04-04 280392]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-11-09 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-11-09 923216]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-11-09 566872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-Aim6 - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 15:23:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-08 15:24:41
ComboFix-quarantined-files.txt 2008-12-08 20:24:39

Pre-Run: 355,573,075,968 bytes free
Post-Run: 355,865,264,128 bytes free

196 --- E O F --- 2008-12-05 11:40:16
Attached Files
File Type: txt log.txt (14.9 KB, 2 views)
Last edited by sUBs; 12-08-2008 at 01:43 PM.
Dell4600 is offline