This PC runs windows XP SP3 and has automatic updates.
After clicking on a supposed 'fix' popup the user has been unable to work with Internet Explorer 7.
If you run it without addons it works as long as you do not visit a website. When you do visit a site, IE7 crashes. Internet Options always crashes.

User has eset NOD32 version 4.x installed, found no virus.
Installed Malwarebytes anti-malware, found 2 small problems which did not seem related to the problem. Problem still persists.

dds log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by kant at 22:42:42 on 2012-02-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1791.1167 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\17.0.963.56\npchrome_frame.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NPSStartup]
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\kant\menust~1\progra~1\opstar~1\imvu.lnk - c:\documents and settings\kant\application data\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\kant\menu start\programma's\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3ACF2FF4-5048-4481-AFCD-11878A624080} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E66ADD1B-6161-44CB-9D54-7802EF5A799A} : DhcpNameServer = 192.168.1.254
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\17.0.963.56\npchrome_frame.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kant\application data\mozilla\firefox\profiles\4g5eu8jp.default\
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-8-16 238952]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-21 652360]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-8-16 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-21 20464]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2011-6-26 20480]
R3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-11-16 264576]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-5-21 277376]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2011-10-14 171264]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2009-7-30 11904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-5-27 38176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-8-16 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-8-16 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-8-16 121856]
.
=============== Created Last 30 ================
.
2012-02-21 21:32:30 -------- d-----w- c:\documents and settings\kant\application data\Malwarebytes
2012-02-21 21:32:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-21 21:32:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-21 21:32:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-21 21:30:46 -------- d-----w- c:\documents and settings\kant\local settings\application data\Mozilla
2012-02-21 21:23:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-02-21 21:23:00 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-21 20:54:40 -------- d--h--r- c:\documents and settings\kant\Onlangs geopend
2012-02-20 16:05:23 1859712 ----a-w- c:\windows\system32\win32k(2)(2)(2)(2).sys
2012-02-20 12:04:48 -------- d-----w- c:\documents and settings\kant\PrivacIE
2012-02-20 12:03:33 -------- d-----w- c:\documents and settings\kant\IETldCache
2012-02-20 12:01:10 -------- d-----w- c:\windows\ie8updates
2012-02-20 11:58:33 -------- dc----w- c:\windows\ie8
2012-02-15 06:18:58 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 06:18:58 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-01-12 17:20:33 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-16 12:23:17 385024 ------w- c:\windows\system32\html.iec
2011-11-25 21:57:58 293888 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 22:43:18,03 ===============

--------------------------
Hello skizo,

Is this your own personal computer, or... :)

Best regards,
--------------------------

no, this is not my computer, it's a neighbours.

Hi,

Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.

Little update. Arrived at the computer, owner told me they had installed IE8 and that fixed the problem. :oops:

I checked the NOD32 log and found this:

27-2-2012 10:35:31 Scanner van opstartbestanden opstartsector actieve opstartsector van 0. fysieke schijf waarschijnlijk onbekend TSR.BOOT virus opschonen niet mogelijk
Translated: Probably unknown TSR.BOOT virus, clean-up not possible.


Below the scan results of aswMBR.

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-29 19:42:34
-----------------------------
19:42:34.156 OS Version: Windows 5.1.2600 Service Pack 3
19:42:34.156 Number of processors: 2 586 0x6B02
19:42:34.156 ComputerName: 9DCBF8F829AA491 UserName: kant
19:42:34.921 Initialize success
19:44:20.562 AVAST engine defs: 12022901
19:44:28.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
19:44:28.796 Disk 0 Vendor: SAMSUNG_HD322HJ 1AG01118 Size: 305245MB BusType: 3
19:44:28.828 Disk 0 MBR read successfully
19:44:28.828 Disk 0 MBR scan
19:44:28.843 Disk 0 Windows XP default MBR code
19:44:28.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
19:44:28.859 Disk 0 scanning sectors +625121280
19:44:28.921 Disk 0 scanning C:\WINDOWS\system32\drivers
19:44:44.437 Service scanning
19:44:57.671 Modules scanning
19:45:12.921 Disk 0 trace - called modules:
19:45:12.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:45:12.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2d1ab8]
19:45:12.953 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a3729e8]
19:45:12.953 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a2d2d98]
19:45:13.703 AVAST engine scan C:\WINDOWS
19:45:23.046 AVAST engine scan C:\WINDOWS\system32
19:47:59.859 AVAST engine scan C:\WINDOWS\system32\drivers
19:48:21.390 AVAST engine scan C:\Documents and Settings\kant
20:05:26.437 AVAST engine scan C:\Documents and Settings\All Users
20:05:54.171 Scan finished successfully
20:06:14.093 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
20:06:14.125 The log file has been saved successfully to "E:\aswMBR.txt"

Hi,

Does Nod32 find that item still?

Nope, it only found it that particular time.

Ok, sounds good :)

If there're no issues left I recommend to download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. It's also recommended to leave the program installed so you'll stay alarmed about vulnerable components in future too.

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.