IE crashes , ad pop up.

[Dell4600]

Hey guys/gals,

Recently my internet explorer would freeze, then I get this ad that saying
"This problem was caused by NOD32 Antivirus System, which was created by Eset." I guess they want me to buy their products, but Ive already had PC-Cillin,

I ran the DDS and was able to get the logs however, I could not obtain one for the gmer, it crashes then I get the blue screen? then it restarts.

Thanks




DDS (Version 1.0) - NTFSx86
Run by Tiem at 18:47:29.04 on Fri 12/05/2008
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3325.2674 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WSqmCons.exe
c:\program files\google\googletoolbar2user.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tiem\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
BHO: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Aim6]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-9 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-9 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-4-4 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-9 566872]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-4-4 280392]

=============== Created Last 30 ================

2008-11-26 16:39 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-26 08:02 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-26 08:02 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-26 08:02 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-26 08:02 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-26 08:02 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-25 19:23 <DIR> --d----- c:\programdata\HPSSUPPLY
2008-11-25 19:14 <DIR> --d----- c:\programdata\HP Product Assistant
2008-11-25 18:54 139,759 a------- c:\windows\hpoins15.dat
2008-11-19 22:30 250 a------- c:\windows\gmer.ini
2008-11-19 00:32 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-11-19 00:32 83,456 a------- c:\windows\system32\wudriver.dll
2008-11-19 00:31 162,064 a------- c:\windows\system32\wuwebv.dll
2008-11-19 00:31 31,232 a------- c:\windows\system32\wuapp.exe
2008-11-15 18:02 <DIR> --d----- c:\programdata\acccore
2008-11-15 18:02 <DIR> --d----- c:\progra~2\acccore
2008-11-15 18:01 <DIR> --d----- c:\programdata\AOL Downloads
2008-11-12 07:37 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-12 07:37 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-11-12 07:37 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-11-11 19:47 <DIR> --d----- c:\program files\AIM6

==================== Find3M ====================

2008-12-04 23:27 <DIR> --d----- c:\program files\Full Tilt Poker
2008-12-03 01:42 <DIR> --d----- c:\program files\WinAce
2008-11-29 05:08 <DIR> --d----- c:\program files\SpywareBlaster
2008-11-25 19:23 <DIR> --d----- c:\program files\HP
2008-11-15 21:27 <DIR> --d----- c:\progra~2\Viewpoint
2008-11-11 19:48 <DIR> --d----- c:\program files\common files\AOL
2008-11-05 04:48 <DIR> --d----- c:\program files\DivX
2008-11-05 04:48 <DIR> --d----- c:\program files\common files\PX Storage Engine
2008-11-02 15:19 <DIR> --d----- c:\program files\Lavasoft
2008-11-02 15:18 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 684,032 a------- c:\windows\system32\DivX.dll
2008-10-17 16:47 <DIR> --d----- c:\program files\Windows Live Toolbar
2008-10-01 22:49 827,392 a------- c:\windows\system32\wininet.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-25 03:03 524,288 a------- c:\windows\system32\DivXsm.exe
2008-09-25 03:03 196,608 a------- c:\windows\system32\dtu100.dll
2008-09-25 03:03 81,920 a------- c:\windows\system32\dpl100.dll
2008-09-25 03:03 53,248 a------- c:\windows\system32\dpuGUI10.dll
2008-09-25 03:03 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-09-25 03:03 344,064 a------- c:\windows\system32\dpus11.dll
2008-09-25 03:03 57,344 a------- c:\windows\system32\dpv11.dll
2008-09-25 03:03 294,912 a------- c:\windows\system32\dpu11.dll
2008-09-25 03:03 294,912 a------- c:\windows\system32\dpu10.dll
2008-09-25 03:03 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-20 01:50 <DIR> --d----- c:\users\tiem\appdata\roaming\MP3Rocket
2008-09-19 16:57 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-09-19 16:55 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-19 16:55 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-19 16:54 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-09-18 00:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 00:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-17 23:56 125,952 a------- c:\windows\system32\wersvc.dll
2008-09-17 23:56 147,456 a------- c:\windows\system32\Faultrep.dll
2008-09-17 21:16 2,032,640 a------- c:\windows\system32\win32k.sys
2008-04-28 16:26 <DIR> --d----- c:\progra~2\WEBREG
2008-04-04 07:54 <DIR> --d----- c:\progra~2\Uninstall
2008-04-04 07:44 <DIR> --d----- c:\progra~2\Trend Micro
2008-04-04 07:36 <DIR> --d----- c:\progra~2\Creative Labs
2008-07-25 22:54 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-07-25 22:54 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-07-25 22:54 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-04-04 15:19 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:48:13.73 ===============

[Dell4600]

Tried to run the gmer, does the same thing, crashes and restarts, this is frustating. I-Explorer freezes and restarts. Help

[sUBs]

I dont see anything in the DDS log. Perhaps GMER would have told us better had you been able to run it.


Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.

[Dell4600]

Hey Subs,
thanks for the reply man. Heres the log:


ComboFix 08-12-07.01 - Tiem 2008-12-08 15:21:33.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2387 [GMT -5:00]
Running from: c:\users\Tiem\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Tiem\Documents\My Documents.url
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-11-26 16:42 . 2008-11-26 16:42 <DIR> d-------- c:\windows\Sun
2008-11-26 16:39 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll
2008-11-26 08:02 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 08:02 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 08:02 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 08:02 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 08:02 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 19:23 . 2008-11-25 19:23 <DIR> d-------- c:\users\All Users\HPSSUPPLY
2008-11-25 19:23 . 2008-11-25 19:23 <DIR> d-------- c:\programdata\HPSSUPPLY
2008-11-25 19:22 . 2008-11-25 19:22 <DIR> d-------- c:\users\Tiem\AppData\Roaming\HPAppData
2008-11-25 19:14 . 2008-11-25 19:14 <DIR> d-------- c:\users\All Users\HP Product Assistant
2008-11-25 19:14 . 2008-11-25 19:14 <DIR> d-------- c:\programdata\HP Product Assistant
2008-11-25 19:12 . 2008-11-25 19:12 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-25 18:54 . 2008-11-25 19:32 139,759 --a------ c:\windows\hpoins15.dat
2008-11-19 22:30 . 2008-12-07 18:46 250 --a------ c:\windows\gmer.ini
2008-11-19 00:32 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 00:32 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 00:32 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 00:32 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 00:32 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 00:32 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 00:32 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 00:31 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 00:31 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 18:02 . 2008-11-15 18:02 <DIR> d-------- c:\users\All Users\acccore
2008-11-15 18:02 . 2008-11-15 18:02 <DIR> d-------- c:\programdata\acccore
2008-11-15 18:01 . 2008-11-15 18:01 <DIR> d-------- c:\users\All Users\AOL Downloads
2008-11-15 18:01 . 2008-11-15 18:01 <DIR> d-------- c:\programdata\AOL Downloads
2008-11-12 07:37 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 07:37 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 07:37 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 19:48 . 2008-11-11 19:48 <DIR> d-------- c:\users\Tiem\AppData\Roaming\acccore
2008-11-11 19:47 . 2008-11-15 18:02 <DIR> d-------- c:\program files\AIM6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 00:31 274 ----a-w c:\users\Tiem\AppData\Roaming\wklnhst.dat
2008-12-06 00:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 00:20 --------- d-----w c:\program files\Full Tilt Poker
2008-12-03 06:42 --------- d-----w c:\program files\WinAce
2008-12-02 21:45 --------- d-----w c:\program files\Java
2008-11-29 10:08 --------- d---a-w c:\programdata\TEMP
2008-11-29 10:08 --------- d-----w c:\program files\SpywareBlaster
2008-11-28 00:04 --------- d-----w c:\programdata\Roxio
2008-11-26 00:23 --------- d-----w c:\program files\HP
2008-11-26 00:14 --------- d-----w c:\programdata\HP
2008-11-16 02:27 --------- d-----w c:\programdata\Viewpoint
2008-11-12 00:48 --------- d-----w c:\program files\Common Files\AOL
2008-11-05 09:48 --------- d-----w c:\program files\DivX
2008-11-05 09:48 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-11-02 20:20 --------- d-----w c:\programdata\Lavasoft
2008-11-02 20:19 --------- d-----w c:\program files\Lavasoft
2008-11-02 20:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-02 20:04 --------- d-----w c:\users\Tiem\AppData\Roaming\Lavasoft
2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\System32\DivX.dll
2008-10-21 17:59 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 21:47 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-15 03:47 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-04-28 22:24 262,144 ----a-w c:\programdata\ntuser.dat
2008-04-14 03:01 174 --sha-w c:\program files\desktop.ini
2008-07-26 03:54 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-26 03:54 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-26 03:54 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-04 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0A003C55-FC9C-4189-9BAE-3B592DEA5869}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0D6F5CB4-8646-427A-BE3F-7F476E66B775}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F87BBB58-B6DC-45B7-AFE9-374EF851809A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BED1F704-4C35-49A2-AAE0-AC64129EBE79}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{648F6823-F7C6-49A1-89D5-472DB392E847}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E09042F6-DFAE-4912-896A-96643C6B1950}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8C468A76-1C0C-4F48-886F-507C9E68C6CF}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{5BF00476-3124-42EC-A249-6EF52D21543B}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{963C1371-C8B3-462B-A80C-E302324781EE}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"{794BAF90-BBFD-4A60-AE8C-4C1227F6FD59}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{78DEDE56-7047-4C29-A09E-BCE5469B4065}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1156BED3-A7C1-457D-A34F-F45CB6964FD7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F6B4A640-1D06-4877-A0A6-CFCACF501B1F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{90CCCA69-7ACE-4DE4-A208-99B985F62576}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E0F58DCE-2C27-49E3-85C4-ABF034F4F07B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{FC1639A5-A23D-4203-A212-FCA2696FB11D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{04F3F79D-FA33-47D4-A6B9-1E6EEB15B44A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A8816EE8-D232-455A-A71A-A756390340A8}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F334616D-43EA-4A17-8F4E-EAFA2DB11463}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9BB7A464-7EAB-46D3-9908-24D59AE1F577}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{82807630-95FB-4D82-990F-C4B2A28B12AE}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{70D85469-2E97-4227-8243-AF45B2C0739C}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{BFAAAFE9-8A61-4D85-A4AA-6D7053B0EEFA}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A8E9A60D-4E12-4060-A7F5-82DF35CEDC94}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{5318B06F-A81D-4D51-BC0B-6C822E0D0293}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{D6B6ED31-6833-49CE-A024-AF69C47CF839}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{0E6E8899-5B97-4395-AAF5-3DDB1E06A1F4}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{685F0F02-D91E-4DDD-BF21-01698DE0F1A6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{4BA11872-2F7F-43A0-9483-B465C3C12F3F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8B5C73FA-B53C-48F1-9E0D-0632E7F2807A}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{CF51009B-52BE-4676-BB4B-E05757903177}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{DE3D12C4-BAD8-47BA-9CFB-17507811A0F3}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{6F058186-9E34-46AE-A991-DD65C36D2575}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-04-04 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2008-04-04 280392]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-11-09 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-11-09 923216]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-11-09 566872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-Aim6 - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 15:23:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-08 15:24:41
ComboFix-quarantined-files.txt 2008-12-08 20:24:39

Pre-Run: 355,573,075,968 bytes free
Post-Run: 355,865,264,128 bytes free

196 --- E O F --- 2008-12-05 11:40:16

[sUBs]

The files that got removed appears to be from a past infection. Log still looks reasonably clean. Let's do a perfunctory scan

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

[sUBs]

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.