vit35

Hope someone can help me. I have been having difficulty with pop ups. I continued to delete all from my settings but 5 or 6 continued to be allowed even after adjusting my settings on the blocker. I recently had a blue screen and my desktop picture was replaced with a message that said my computer was infected.

Defender showed the following problems
trojan downloader win 32 renos
trojan downloader win 32 fakeinit

HELP!!

DDS (Ver_09-07-30.01) - NTFSx86
Run by LMARROQU at 19:42:28.20 on Wed 08/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.441 [GMT -5:00]

FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {C6006F4C-6C52-4E30-B523-2A0EC8F8E1BE}
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {E1C0E6F4-4206-4A34-8264-A9E870042813}
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {9BB28EB7-00CD-4C18-96B0-A546F5F862B7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\GW279D.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\lmarroqu\Local Settings\Temporary Internet Files\Content.IE5\YUKRNNWX\dds[1].pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mWinlogon: Shell=Explorer.exe logon.exe
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\shared\lib.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\Pccntmon.exe" -HideWindow
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [winupdate.exe] c:\windows\system32\winupdate.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
uPolicies-explorer: DisallowCpl = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxp://tmoffdev/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxp://tmoffdev/officescan/console/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxp://tmoffdev/officescan/console/ClientInstall/setup.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxp://tmoffdev/officescan/console/html/AtxEnc.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxp://tmoffdev/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/html - {0d63ac17-8ee1-4ca9-8eae-9616fc639e95} - c:\windows\system32\xwreg32.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R2 ctad;Cisco Trust Agent;c:\program files\cisco systems\ciscotrustagent\ctad.exe [2004-6-28 553035]
R2 ctalogd;Cisco Trust Agent Event Logging Service;c:\program files\cisco systems\ciscotrustagent\ctalogd.exe [2004-6-28 90112]
R2 OfcPfwSvc;OfficeScanNT Personal Firewall;c:\program files\trend micro\officescan client\OfcPfwSvc.exe [2004-7-6 225360]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2005-2-18 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2005-2-18 36368]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-4-10 32640]
S0 ppl0b80;ppl0b80;\SystemRoot\\SystemRoot\System32\drivers\ppl0b80.sys --> \SystemRoot\\SystemRoot\System32\drivers\ppl0b80.sys [?]
S1 4f295d19.sys;4f295d19.sys;\??\c:\windows\system32\drivers\4f295d19.sys --> c:\windows\system32\drivers\4f295d19.sys [?]

=============== Created Last 30 ================

2009-08-12 19:01 831 a------- c:\windows\system32\critical_warning.html
2009-08-12 18:33 <DIR> --dsh--- c:\windows\system32\lowsec
2009-08-12 18:33 45,344 a------- c:\windows\system32\drivers\ppl0b80.sys
2009-08-12 18:33 49,664 a------- c:\windows\system32\winupdate.exe
2009-08-12 18:32 28,160 a------- c:\windows\system32\logon.exe
2009-07-31 20:58 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-31 20:58 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-20 22:29 24 a------- c:\windows\Pccntmon.INI
2009-07-18 14:27 <DIR> --d----- c:\program files\Shared

==================== Find3M ====================

2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-01 10:50 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-29 21:41 36,864 a------- c:\documents and settings\lmarroqu\atwbxdet.dll
2009-05-15 08:33 2,678 a------- c:\windows\java\packages\data\AC8C1JPB.DAT
2009-05-15 08:32 2,678 a------- c:\windows\java\packages\data\LZDVJDV3.DAT
2009-05-15 08:32 2,678 a------- c:\windows\java\packages\data\NL77JJTN.DAT
2009-05-15 08:32 2,678 a------- c:\windows\java\packages\data\UJDVBZ3T.DAT
2009-05-15 08:32 2,678 a------- c:\windows\java\packages\data\39RPR3B5.DAT

============= FINISH: 19:44:34.93 ===============

Having additional errors:
data execution prevention error
debug or close

iexplore.exe-Application error
the instruction at "0x0b880068" referenced memory at "0x0b880068". The memory could not be "written".

Attached Files

DDS.zip (57.1 KB, 2 views)

vit35

Hello...I haven't heard from anyone yet. I wanted to add more information.
Defender continues to say I have trojan win 32 fakeinit and renos even after being removed.

Trend Microsoft was able to clean or delete the following files after another scan for
Virus name:
Cryp_Zbot-2
TROJ_INJECT.ANY
HTMLSCRIP.AA

Hope this can assist you to help me solve this bug.

Appreciate any help you can give me!!

Lily

I have these sites that continue to show up on my pop up blocker settings that I think allow advertisements to pop up. I delete all and they continue to show up.

ads.arcade-hq.com
ads.quixsurf.com
ox.arcade-hq.com
www.arcadehq.com
www.arcade-hq.com

How can I permanently block them??