republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security Cleanup » [Spyware] HJT Log
Search Topic:
Uniqs:
510		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean Rules ·Site IMs ·VundoFix ·Zlob/Smitfraud ·MonaRonaDona
HJT log BSoD every 10min »
« HJT Log - Changes Windows Background automatically  
AuthorAll Replies

xxTRAGEDYxx

join:2008-03-14
Kannapolis, NC
·Windstream
·RoadRunner Cable

2 edits		[Spyware] HJT Log

TRLOG.TXT 99,975 byteshijackthis.log 10,846 bytes
Ok, I have a serious problem on my computer. As I type, my screen is VERY large, and black and white. Also, on my home screen; it's all blue and says I have spyware. The computer is running somewhat slow. My wife is freaking out.
I ran spybot. It detected a few things, and says it removed them. I then ran Ad-aware;it found no critical objects, only privacy, and I removed them. I ran the malicious software removal;and it removed something in regards to Win32. I did the online scan at eset;it found two things then asked me to purchase their software. One of the things it found said it could not clean but deleted it. the other it said it deleted. I know the rules say show a log, but I did not get that option. It only asked me to buy their software. I then tried to use a Trojan remover found on this site. It removed a couple;blue screen-joke, fake spyware ads. It prompted me to re-start the computer. I did so, and since then my screen is mostly black and white, and big as ever. I attached the log below.
I also ran Hi-jack this and attached the log below.. I apologize for not copying and pasting it but the letters and my screen are huge...
Please help...and thank you in advance..I appreciate all the help. Jason

edit: I have the "you have spyware malware on your comp on my home screen. And it's blue as well..
to forum · permalink · · 2008-07-09 14:11:01 · Reply to this


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
clubs:
·Comcast

Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery
 Ok let's get that opened up for you

Trojan Remover Ver 6.7.0.2534. (Just the end report)
**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 1:37:06 PM 09 Jul 2008
************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:22 PM, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\lphcnobj0eebr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080212
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »us.rd.yahoo.com/customize/ie/def···rch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »us.rd.yahoo.com/customize/ie/def···ahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080212
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [lphcnobj0eebr] C:\WINDOWS\system32\lphcnobj0eebr.exe
O4 - HKLM\..\Run: [SMrhcjobj0eebr] C:\Program Files\rhcjobj0eebr\rhcjobj0eebr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Spark] C:\Program Files\Spark\Spark.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - »www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - »photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - »lads.myspace.com/upload/MySpaceU···1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/OnlineScanner.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - »offers.e-centives.com/cif/downlo···xcab.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - »24.172.119.98/activex/AMC.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - »utilities.pcpitstop.com/optimize···top2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA2CB8EC-02A3-434C-9BBA-FE11DD93BA3E}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10844 bytes
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · · 2008-07-09 14:16:28 · Reply to this

xxTRAGEDYxx

join:2008-03-14
Kannapolis, NC
1 edit		reply to xxTRAGEDYxx
When scans are preformed, I see smitfraud, and i think trojans. I ran the smitfraud, but it did not help. My homescreen is still blue and says my computer is infected..I apologize if I wasn't supposed to post again.. I thought I might should update
to forum · permalink · · 2008-07-09 16:29:34 · Reply to this


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL

3 edits		reply to xxTRAGEDYxx
First Steps
:!: The following instructions are only for this Forum member. Please do not use these instructions on another computer system. You can seriously damage your system by following the instructions below without guided assistance. You assuredly will make a cleanup of your system more difficult.

Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here:


• Double-click FixPolicies.exe
• Click the "Install" button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies,
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
• A black box will briefly appear and then close.

2. Please download MalwareBytes Anti-malware (MBAM) from one of the following links:

Once downloaded, close all programs and Windows on your computer (including this one.)

Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.

When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.

MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.

On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.

When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results. Make sure all entries have a checkmark at their far left. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.

When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window. Remember where you saved the log file, as we will want to see it later.

2. Download -- but do not yet run -- ComboFix©

Download this file -- to your Desktop -- from any of these sources:

Right-click on the header of the Code box below, where on the right side it says: "Copy to clipboard":

Open a new Notepad session - (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

• Disconnect from the Internet.
• Disable your Antivirus. If the Antivirus software you use has any Script Blocking features, be certain to disable these as well.
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• A window will open with a warning. Accept any Disclaimers to start the fix.
Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown in this little picture:


When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
!• A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

4. Right click a blank area of your Desktop, and choose Properties.
Then click in succession: Desktop, Customize Desktop (a button choice), and finally Web (a tab choice).
Clear the top panel of any entries found.
Leave unchecked the chocie box: "Lock desktop items"
Click Apply. Then OK your way back to the Desktop.

5. Run HijackThis again, and save the log file.

Submit to the Forum:
• The MBAM log results;
• The contents of C:\Combofix.txt;
• The new HijackThis log.

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

to forum · permalink · · 2008-07-09 17:09:40 · Reply to this

xxTRAGEDYxx

join:2008-03-14
Kannapolis, NC
·Windstream
·RoadRunner Cable

4 edits		reply to xxTRAGEDYxx
ok, I followed the directions. hereare the logs as requested
MBAM:

File::
C:\WINDOWS\system32\blphcnobj0eebr.scr
C:\WINDOWS\system32\phcnobj0eebr.bmp
C:\WINDOWS\system32\pphcnobj0eebr.exe
C:\WINDOWS\system32\lphcnobj0eebr.exe
C:\WINDOWS\system32\blphcnobj0eebr.scr
C:\WINDOWS\system32\pphcnobj0eebr.exe
C:\WINDOWS\system32\lphcnobj0eebr.exe

Registry::
[HKEY_CURRENT_USER\ControlPanel\International]
"sTimeFormat"="h:mm:ss tt"
[HKEY_CURRENT_USER\Control Panel\Colors]
"Background"="0 78 152"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"WallpaperStyle"="0"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"TileWallpaper"="0"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=" "
[HKEY_CURRENT_USER\Control Panel\Desktop]
"OriginalWallpaper"=""
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ConvertedWallpaper"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmona"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srservice]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sr]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"SCRNSAVE.EXE"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"Wallpaper"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"Wallpaper"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

C:\Combofix

File::
C:\WINDOWS\system32\blphcnobj0eebr.scr
C:\WINDOWS\system32\phcnobj0eebr.bmp
C:\WINDOWS\system32\pphcnobj0eebr.exe
C:\WINDOWS\system32\lphcnobj0eebr.exe
C:\WINDOWS\system32\blphcnobj0eebr.scr
C:\WINDOWS\system32\pphcnobj0eebr.exe
C:\WINDOWS\system32\lphcnobj0eebr.exe

Registry::
[HKEY_CURRENT_USER\ControlPanel\International]
"sTimeFormat"="h:mm:ss tt"
[HKEY_CURRENT_USER\Control Panel\Colors]
"Background"="0 78 152"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"WallpaperStyle"="0"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"TileWallpaper"="0"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=" "
[HKEY_CURRENT_USER\Control Panel\Desktop]
"OriginalWallpaper"=""
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ConvertedWallpaper"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmona"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srservice]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sr]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"SCRNSAVE.EXE"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"Wallpaper"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"Wallpaper"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

KILLALL::

File::
C:\WINDOWS\system32\blphcnobj0eebr.scr
C:\WINDOWS\system32\phcnobj0eebr.bmp
C:\WINDOWS\system32\pphcnobj0eebr.exe
C:\WINDOWS\system32\lphcnobj0eebr.exe
C:\WINDOWS\system32\blphcnobj0eebr.scr
C:\WINDOWS\system32\pphcnobj0eebr.exe
C:\WINDOWS\system32\lphcnobj0eebr.exe

Registry::
[HKEY_CURRENT_USER\ControlPanel\International]
"sTimeFormat"="h:mm:ss tt"
[HKEY_CURRENT_USER\Control Panel\Colors]
"Background"="0 78 152"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"WallpaperStyle"="0"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"TileWallpaper"="0"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=" "
[HKEY_CURRENT_USER\Control Panel\Desktop]
"OriginalWallpaper"=""
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ConvertedWallpaper"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmona"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srservice]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sr]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"SCRNSAVE.EXE"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"Wallpaper"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"Wallpaper"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

to forum · permalink · · 2008-07-09 19:51:35 · Reply to this


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:		reply to xxTRAGEDYxx
1. You did not provide an MBAM log.

2. You submitted the contents of CFScript.txt, and not Combofix.txt as requested.
to forum · permalink · · 2008-07-10 09:12:09 · Reply to this

xxTRAGEDYxx

join:2008-03-14
Kannapolis, NC
·Windstream
·RoadRunner Cable

reply to xxTRAGEDYxx
I apologize.

MBAM:
Malwarebytes' Anti-Malware 1.20
Database version: 935
Windows 5.1.2600 Service Pack 2

6:54:01 PM 7/9/2008
mbam-log-7-9-2008 (18-54-01).txt

Scan type: Quick Scan
Objects scanned: 59742
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 6
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 19
Files Infected: 33

Memory Processes Infected:
C:\WINDOWS\system32\pphcnobj0eebr.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Program Files\rhcjobj0eebr\rhcjobj0eebr.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcnobj0eebr.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\rhcjobj0eebr\rhcjobj0eebrSkin.Dll (Rogue.AntivirusXP2008) -> Unloaded module successfully.
C:\Program Files\rhcjobj0eebr\MFC71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhcjobj0eebr\MFC71ENU.DLL (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhcjobj0eebr\msvcp71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\Program Files\rhcjobj0eebr\msvcr71.dll (Rogue.Multiple) -> Unloaded module successfully.
C:\WINDOWS\system32\blphcnobj0eebr.scr (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcjobj0eebr (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcnobj0eebr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\rhcjobj0eebr (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\rhcjobj0eebr\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\rhcjobj0eebr\rhcjobj0eebrSkin.Dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcnobj0eebr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcnobj0eebr.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\rhcjobj0eebr\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjobj0eebr\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjobj0eebr\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjobj0eebr\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjobj0eebr\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjobj0eebr\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjobj0eebr\rhcjobj0eebr.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjobj0eebr\rhcjobj0eebr.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcjobj0eebr\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcnobj0eebr.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcnobj0eebr.scr.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcnobj0eebr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcnobj0eebr.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HFNC User\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Combo Fix it:
ComboFix 08-07-09.2 - HFNC User 2008-07-09 20:34:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.663 [GMT -4:00]
Running from: C:\Documents and Settings\HFNC User\Desktop\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\oeminfo.ini

----- BITS: Possible infected sites -----

hxxp://download
.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-09 20:34 . 2008-07-09 20:34 d-------- C:\327882R2FWJFW
2008-07-09 18:43 . 2008-07-09 18:43 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 18:43 . 2008-07-09 18:43 d-------- C:\Documents and Settings\HFNC User\Application Data\Malwarebytes
2008-07-09 18:43 . 2008-07-09 18:43 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 18:43 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 18:43 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 16:08 . 2008-07-09 18:14 4,600 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-09 15:23 . 2008-07-09 15:40 d-------- C:\Program Files\RegCure
2008-07-09 13:33 . 2008-07-09 16:16 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-09 13:30 . 2008-07-09 19:53 d-------- C:\Documents and Settings\HFNC User\Application Data\Simply Super Software
2008-07-09 13:30 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-09 13:30 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-07-09 13:30 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-09 13:30 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-09 13:30 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-09 12:57 . 2008-07-09 12:58 d-------- C:\Program Files\EsetOnlineScanner
2008-07-09 11:44 . 2008-07-09 11:44 d-------- C:\Program Files\Windows Defender
2008-07-07 16:22 . 2008-07-07 16:22 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-07 16:17 . 2008-07-07 16:18 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-03 05:18 . 2008-07-03 05:18 d-------- C:\Documents and Settings\HFNC User\Application Data\Blackberry Desktop
2008-07-02 09:17 . 2008-07-07 15:53 d-------- C:\Program Files\Conduit
2008-07-02 09:17 . 2008-07-07 15:53 d-------- C:\Program Files\Adlen
2008-06-28 01:10 . 2008-06-28 01:41 d-------- C:\Documents and Settings\HFNC User\Shared
2008-06-28 01:10 . 2008-06-28 01:55 d-------- C:\Documents and Settings\HFNC User\Incomplete
2008-06-28 01:10 . 2008-06-28 01:15 d-------- C:\Documents and Settings\HFNC User\Application Data\FrostWire
2008-06-28 01:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-21 15:17 . 2008-06-22 22:46 d-------- C:\Documents and Settings\HFNC User\Application Data\Research In Motion
2008-06-21 14:49 . 2008-06-21 14:49 d-------- C:\Program Files\Windows Installer Clean Up
2008-06-21 14:48 . 2008-06-21 14:48 d-------- C:\Program Files\MSECACHE
2008-06-18 21:34 . 2008-06-18 21:34 d-------- C:\Program Files\Rove
2008-06-18 15:00 . 2008-06-18 15:00 d-------- C:\Documents and Settings\HFNC User\Application Data\Canon
2008-06-17 22:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-17 22:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-17 22:17 . 2008-06-17 22:17 d-------- C:\Program Files\Common Files\NewSoft
2008-06-17 22:17 . 1997-10-14 05:19 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll
2008-06-17 22:17 . 2005-06-01 00:28 9,606 --a------ C:\WINDOWS\system32\NEWSOFT
2008-06-17 22:17 . 2008-06-17 22:17 264 --a------ C:\WINDOWS\setup.iss
2008-06-17 22:16 . 2008-06-17 22:16 d-------- C:\WINDOWS\system32\Color
2008-06-17 22:16 . 2008-06-17 22:16 d-------- C:\Program Files\NewSoft
2008-06-17 22:16 . 2008-06-17 22:16 d-------- C:\Program Files\Common Files\PDFView
2008-06-17 22:15 . 2008-06-17 22:15 d-------- C:\Program Files\ScanSoft
2008-06-17 22:15 . 2008-06-17 22:15 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-06-17 22:15 . 2008-06-17 22:15 d-------- C:\Documents and Settings\HFNC User\Application Data\ScanSoft
2008-06-17 22:15 . 2008-06-17 22:15 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-06-17 22:15 . 2008-06-17 22:15 412 --a------ C:\WINDOWS\MAXLINK.INI
2008-06-17 22:14 . 2008-06-17 22:14 d-------- C:\Program Files\Common Files\CANON
2008-06-17 22:12 . 2008-06-17 22:12 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-06-17 22:12 . 2008-06-17 22:12 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-06-17 22:12 . 2007-03-23 12:30 1,400,832 --a------ C:\WINDOWS\system32\CNC310C.DLL
2008-06-17 22:12 . 2007-04-16 01:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8Z.DLL
2008-06-17 22:12 . 2007-03-19 06:39 200,704 --a------ C:\WINDOWS\system32\CNC310L.DLL
2008-06-17 22:12 . 2007-03-15 10:12 188,416 --a------ C:\WINDOWS\system32\CNC310O.DLL
2008-06-17 22:12 . 2007-03-23 12:29 98,304 --a------ C:\WINDOWS\system32\CNC310I.DLL
2008-06-17 22:11 . 2008-06-17 22:11 d--h----- C:\Program Files\CanonBJ
2008-06-17 22:11 . 2008-06-17 22:22 d-------- C:\Program Files\Canon
2008-06-17 22:11 . 2007-04-25 15:09 151,552 --a------ C:\WINDOWS\system32\CNCF2Ld.DLL
2008-06-17 22:11 . 2007-04-25 15:02 106,496 --a------ C:\WINDOWS\system32\CNCFMSd.EXE
2008-06-17 22:11 . 2007-04-25 15:06 3,584 --a------ C:\WINDOWS\system32\CNCFLdUS.DLL
2008-06-17 22:11 . 2007-04-25 15:06 3,072 --a------ C:\WINDOWS\system32\CNCFLdJP.DLL
2008-06-16 01:19 . 2008-06-16 01:20 d-------- C:\Program Files\JL_Cmder
2008-06-16 01:14 . 2008-06-16 01:19 d-------- C:\Program Files\UltimateZip 2.7
2008-06-12 22:19 . 2008-06-12 22:19 d-------- C:\Documents and Settings\HFNC User\Application Data\HotSync
2008-06-12 09:35 . 2008-06-28 21:38 d-------- C:\Program Files\Common Files\Research In Motion
2008-06-11 15:02 . 2008-06-22 22:43 d-------- C:\Program Files\Research In Motion
2008-06-11 03:19 . 2008-06-11 03:21 d-------- C:\Documents and Settings\Jason\Application Data\Roxio
2008-06-11 03:14 . 2008-06-11 03:14 d-------- C:\Documents and Settings\Jason\Application Data\Research In Motion
2008-06-11 03:05 . 2008-06-11 03:16 d-------- C:\Documents and Settings\Jason\Application Data\Blackberry Desktop
2008-06-11 02:55 . 2008-06-11 02:55 d-------- C:\Documents and Settings\Jason\Application Data\HotSync
2008-06-11 02:55 . 2008-06-11 02:55 d-------- C:\Documents and Settings\Jason\Application Data\.clamwin
2008-06-11 02:54 . 2008-06-11 02:55 d-------- C:\Documents and Settings\Jason\Application Data\InstallShield
2008-06-11 02:54 . 2008-06-11 02:54 d-------- C:\Documents and Settings\Jason

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 23:55 --------- d-----w C:\Program Files\Spark
2008-07-09 21:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-09 19:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-09 15:35 --------- d-----w C:\Documents and Settings\HFNC User\Application Data\Yahoo!
2008-07-09 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-07 20:17 --------- d-----w C:\Program Files\Yahoo!
2008-07-02 15:13 --------- d-----w C:\Program Files\Google
2008-06-28 05:09 --------- d-----w C:\Program Files\Java
2008-06-25 21:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-21 13:34 --------- d-----w C:\Program Files\Roxio
2008-06-21 13:34 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-06-21 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-18 02:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 02:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-13 02:19 --------- d-----w C:\Program Files\Palm
2008-06-13 01:13 20,264 ----a-w C:\Documents and Settings\HFNC User\Application Data\GDIPFONTCACHEV1.DAT
2008-06-11 04:07 --------- d-----w C:\Documents and Settings\HFNC User\Application Data\LimeWire
2008-06-08 02:38 --------- d-----w C:\Documents and Settings\HFNC User\Application Data\Roxio
2008-06-08 02:35 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-06-06 00:57 --------- d-----w C:\Documents and Settings\HFNC User\Application Data\InstallShield
2008-06-02 20:23 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-25 21:25 --------- d-----w C:\Program Files\Coupons
2008-05-16 17:13 --------- d-----w C:\Program Files\Common Files\Intuit
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-09 19:11 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-21 17:33 8466432]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 21:03 178712]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-09-11 20:58 1015808]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 11:00 1116920]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 09:03 17920]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-01-21 00:08 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 21:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 21:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-09 19:11:12 124400]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2007-06-20 16:30]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 17:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-09 23:57:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-07-09 23:54:39 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-09 19:23:39 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Spark - C:\Program Files\Spark\Spark.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-07-09 20:36:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-09 20:37:17
ComboFix-quarantined-files.txt 2008-07-10 00:37:01

Pre-Run: 67,976,732,672 bytes free
Post-Run: 68,479,987,712 bytes free

187 --- E O F --- 2008-06-01 15:00:57

Hijack This Log #2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:47, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080212
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - »www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - »photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - »lads.myspace.com/upload/MySpaceU···1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/OnlineScanner.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - »offers.e-centives.com/cif/downlo···xcab.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - »24.172.119.98/activex/AMC.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - »utilities.pcpitstop.com/optimize···top2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA2CB8EC-02A3-434C-9BBA-FE11DD93BA3E}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9726 bytes
to forum · permalink · · 2008-07-10 09:22:27 · Reply to this


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL

reply to xxTRAGEDYxx
Please go to the Sun Web site and update your version of Java JRE to the current version. (This will be the Fifth download choice on that page.): »java.sun.com/javase/downloads/index.jsp

Open Acrobat if you have the Full Version installed Click Help and run the Upgrade applet found there. If no update is offered: Use the Preferences, Internet submenu of Acrobat and uncheck to integrate with your Browser. Close Acrobat.
Whether you had the Full Version of Acrobat or not, download and install Adobe Reader 9 and use this as the integrated PDF Reader insider your browser: »www.adobe.com/products/acrobat/r···ep2.html

Clean-up & Prevention:

• Right click "My Computer", Properties, and then click the System Restore tab. Checkmark the box at the top to stop System Restore on all drives. Click the "Apply" button. Agree to the deletion of old Restore Points. Then uncheck the box at the top and again click the "Apply" button. Finally, click the "OK" button. This will create a new Restore Point reflecting your clean system state.

• Click Start, then click Run.
Enter into the command box that opens: combofix /u and then click OK.
(If we have renamed this file, please use the current name for the program in this instruction.)


• Please download OTMoveIt2 by OldTimer to your Desktop (only):


• Please double-click OTMoveIt.exe to run it.
• Click on the green CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
• After the list has been download you'll be asked if you want to Begin cleanup process? Select "Yes".
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.

• Run ATF Cleaner , and checkmark "Empty Recycle Bin", click "Empty Selected" and exit the program. You can delete or keep this utility as you wish.

• Use Control Panel, Add or Remove Programs, and Uninstall any entry related to an On-Line scanner we may have used.
If you find any files or folders created during this cleanup operation remaining, please feel free to delete them.

• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.

• If I asked you to Disable something like TeaTimer or another malware blocker, please go ahead an re-enable them if you wish.

Download and Install Windows Defender by Microsoft (free):

Suggestion: Download and install Comodo BOClean (free):

Suggestion: Download, install, and keep updated Spyware Blaster (free):

• Refer to my first set of instructions above, and reconfigure Hidden Files and Folders to your choosing.

Best wishes.
Bill Castner

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

to forum · permalink · · 2008-07-10 09:35:10 · Reply to this

xxTRAGEDYxx

join:2008-03-14
Kannapolis, NC
·Windstream
·RoadRunner Cable

1 edit		reply to xxTRAGEDYxx
Thank you so very much for all your help!! I can't convey how much it is appreciated. I do have one question though. In my haste to get this fixed, and before I posted here, I downloaded "Reg-Cure". Well, I tried to un-install it, but when I do, it says it found 600 problems and if I uninstall they will not be fixed anymore. What should I do? Once again, Thank you for all of your help.

edit: also, what virus protection do you recommend?
to forum · permalink · · 2008-07-10 10:22:42 · Reply to this


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL

reply to xxTRAGEDYxx
It would not matter to me if RegCure found 6 million issues. I would uninstall it.

Please read: Should You Use a Registry Cleaner in Windows XP?
»aumha.net/viewtopic.php?t=28099

Please install an antivirus program. If cost is an issue, the following are two good freeware choices:

Avira Antivirus Classic (free):
»www.free-av.com/
(Or better yet, follow this excellent Guide to its installation and use: »www.techsupportforum.com/content···/64.html )

AVAST! (free):
»www.avast.com/eng/avast_4_home.html

:!: Install only one.
Manually update the definition file for the antivirus you choose as your first step.
Scan once in Safe Mode.
Scan once in Normal Mode.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

to forum · permalink · · 2008-07-10 10:56:06 · Reply to this

xxTRAGEDYxx

join:2008-03-14
Kannapolis, NC
·Windstream
·RoadRunner Cable

 ok, thank you for the suggestion. I just want to make sure when I uninstall the Reg-cure, my computer is not going to go back to the way it was before. Once again, Thank You for all your help... You are a life saver..and I do mean life saver because my wife was ready to kill me..LOL..
to forum · permalink · · 2008-07-10 16:12:29 · Reply to this
-
Forums » Up and Running » Security » Security CleanupHJT log BSoD every 10min »
« HJT Log - Changes Windows Background automatically  

Wednesday, 09-Dec 23:45:18 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [200] Sprint Sued For Distracted Driving Death
· [109] AT&T Launching New 24 Mbps U-Verse Tier
· [82] 3G Network Test Says AT&T Is Tops
· [72] Mediacom Unveils 105 Mbps Pricing
· [66] Sprint Poised For A Turnaround?
· [64] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [60] AT&T Hints At Usage-Based iPhone Data Pricing
· [51] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [44] Microwaving Your Innards Is Not 'Extreme'
Most people now reading
· Hot Girl falls face first down stairs [56k Lookout (Broadband Heavy)]
· ICC strats [World of Warcraft]
· Adobe Flash Player version 10.0.42.34 [Security]
· HOA Headaches [General Questions]
· Windows 7 boot manager editing questions [Microsoft Help]
· Cross Server Dungeon Experience [World of Warcraft]
· ICC Strats??? [World of Warcraft]
· Need some electrical advice - one circuit on two fuses? [Home Repair & Improvement]
· RG Firmware update to VDSL2 this morning [AT&T U-verse]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]