I have been a careful user of the internet up to now. I follow the basic guidelines that I found in this forum. In the past year that I've had my pc, I never once had any issues or popup problems. Though, something happened about a week ago causing these issues.
I downloaded spyware doctor (direct from pc tools site) after reading several good reviews about a week ago. I figured it couldnt hurt to run one or two of the anti spyware/adware programs. I actually got windows defender first, but apparently, it's not as thorough. Anyway, the day I downloaded these was the day I began to have ad pop ups (ironically). A few days ago I even downloaded adaware 2007 to help, but I still get the pop ups.
Also, randomly my taskbar/toolbar at the bottom (where the start button, different windows open) will disappear along with all my desktop icons. I can get it back either by logging off and back on or rebooting (using windows task manager ctrl+alt+delete).
When I turn on my pc now, I get this error:
regsvr32
"LoadLibrary("C:\Documents and Settings\All Users\Application Data\sxclopgv.dll") failed - The specified module could not be found."
When I run windows defender scan it always brings up "win32/fotomoto" as a high threat. Even after it says it removes it, the same thing comes right back.
And finally the occasional ad pop up. So here are my logs:
Deckard's System Scanner v20071014.68
Run by One October Night on 2007-12-19 20:11:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
113: 2007-12-20 02:11:09 UTC - RP417 - Deckard's System Scanner Restore Point
112: 2007-12-19 19:42:14 UTC - RP416 - Installed Java(TM) 6 Update 3
111: 2007-12-19 19:38:01 UTC - RP415 - Removed J2SE Runtime Environment 5.0 Update 6
110: 2007-12-19 09:48:25 UTC - RP414 - Windows Defender Checkpoint
109: 2007-12-19 09:43:08 UTC - RP413 - Spyware Doctor: Cleaning Threats
-- First Restore Point --
1: 2007-12-10 03:13:21 UTC - RP305 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-19 20:12:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Documents and Settings\One October Night\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&...us&ibd=6061116
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?Link...us&ibd=6061116
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.google.com/ig/dell?hl=en&...us&ibd=6061116
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&...us&ibd=6061116
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - C:\Program Files\Gbouovui\clwufkji.dll
O2 - BHO: (no name) - {2AE4005E-689F-4FB9-8C3D-D2B8B58AC072} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {EDE47072-D286-46BA-AAC6-7485FC5D4BAC} - C:\WINDOWS\system32\jkkjh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [sxclopgv] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\sxclopgv.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: tuvvtur - C:\WINDOWS\system32\tuvvtur.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\system32\PAStiSvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
--
End of file - 8936 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-12-19 13:43:30 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
-- Files created between 2007-11-19 and 2007-12-19 -----------------------------
2007-12-19 17:00:48 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-19 17:00:48 0 d-------- C:\WINDOWS\LastGood
2007-12-19 13:42:16 0 d-------- C:\Program Files\Common Files\Java
2007-12-18 21:15:38 74304 --a------ C:\WINDOWS\system32\bojkdtnf.exe <Not Verified; ; DDC>
2007-12-17 21:22:13 80448 --a------ C:\WINDOWS\system32\xxuvdvnj.dll
2007-12-17 21:19:13 85568 --a------ C:\WINDOWS\system32\ubjxnaks.dll
2007-12-17 03:32:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-16 21:25:09 85568 --a------ C:\WINDOWS\system32\afnpbmel.dll
2007-12-16 21:22:10 80448 --a------ C:\WINDOWS\system32\evmcppwf.dll
2007-12-16 21:16:09 74304 --a------ C:\WINDOWS\system32\xlanvufr.exe <Not Verified; ; DDC>
2007-12-15 21:22:11 80448 --a------ C:\WINDOWS\system32\qikljcjm.dll
2007-12-15 21:16:09 74304 --a------ C:\WINDOWS\system32\ecrtbcvo.exe <Not Verified; ; DDC>
2007-12-14 03:05:44 0 d-------- C:\Program Files\Lavasoft
2007-12-14 03:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-13 21:16:37 74304 --a------ C:\WINDOWS\system32\cmnplghm.exe <Not Verified; ; DDC>
2007-12-12 21:20:19 80448 --a------ C:\WINDOWS\system32\oaenpsve.dll
2007-12-11 21:26:15 85568 --a------ C:\WINDOWS\system32\hwxoxlwc.dll
2007-12-11 21:23:15 80448 --a------ C:\WINDOWS\system32\equgingg.dll
2007-12-11 21:17:13 74304 --a------ C:\WINDOWS\system32\ibmkebfi.exe <Not Verified; ; DDC>
2007-12-09 21:13:11 579000 --ahs---- C:\WINDOWS\system32\hjkkj.ini2
2007-12-09 21:13:07 330848 --a------ C:\WINDOWS\system32\jkkjh.dll
2007-12-09 21:08:12 0 d-------- C:\Program Files\SecCenter
2007-12-09 21:08:10 38912 --a------ C:\WINDOWS\system32\urqpppq.dll
2007-12-09 21:08:10 0 d-------- C:\Program Files\Gbouovui
2007-12-09 21:08:09 1154709 --a------ C:\Install
2007-12-09 21:08:08 0 d-------- C:\Program Files\dgbixilq
2007-12-09 20:59:47 0 d-------- C:\Program Files\Spyware Doctor
2007-12-09 20:59:47 0 d-------- C:\Documents and Settings\One October Night\Application Data\PC Tools
2007-12-04 03:05:33 0 d-------- C:\Program Files\Windows Defender
-- Find3M Report ---------------------------------------------------------------
2007-12-19 17:53:54 0 d-------- C:\Program Files\WS_FTP
2007-12-19 13:42:39 0 d-------- C:\Program Files\Java
2007-12-19 13:42:16 0 d-------- C:\Program Files\Common Files
2007-12-19 02:28:17 0 d-------- C:\Program Files\Soulseek
2007-12-07 00:39:47 0 d-------- C:\Program Files\Winamp
2007-11-27 05:01:47 9216 --a------ C:\Documents and Settings\One October Night\Application Data\dvd.bmk
2007-10-29 01:01:16 0 d-------- C:\Program Files\Google
2007-10-29 00:40:43 0 d-------- C:\Program Files\AIM6
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CF46468-AC82-9EC5-5B79-008AA7762D88}]
12/09/2007 09:08 PM 106496 --a------ C:\Program Files\Gbouovui\clwufkji.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AE4005E-689F-4FB9-8C3D-D2B8B58AC072}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDE47072-D286-46BA-AAC6-7485FC5D4BAC}]
12/09/2007 09:13 PM 330848 --a------ C:\WINDOWS\system32\jkkjh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/16/2006 08:39 AM]
"CTHelper"="CTHELPER.EXE" [11/08/2005 05:30 AM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [03/01/2006 09:00 PM C:\WINDOWS\system32\CTXFIHLP.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/06/2006 07:15 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 03:12 AM]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [06/18/2003 01:00 AM]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [10/14/2005 11:01 AM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [11/04/2005 06:07 PM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 09:30 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 10:11 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"sxclopgv"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\sxclopgv.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 07:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Aim6"="" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [5/9/2005 11:47:22 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvtur]
tuvvtur.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
*Newly Created Service* - RKPAVPROC
-- End of Deckard's System Scanner: finished at 2007-12-19 20:13:07 ------------
This is from the online panda activescan:
Incident Status Location
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Gbouovui\clwufkji.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.adserver.easyad.info/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\One October Night\Cookies\one october
night@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\One October Night\Cookies\one october
night@adrevolver[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\One October Night\Cookies\one october
night@adserver.easyad[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\One October Night\Cookies\one october
night@apmebf[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\One October Night\Cookies\one october
night@apmebf[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\One October Night\Cookies\one october
night@apmebf[3].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\One October Night\Cookies\one october
night@atdmt[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\One October Night\Cookies\one october
night@findwhat[1].txt
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[ftpscrpt.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[ftpsched.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[ftpsync.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[fwsced.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[wsftpgui.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[wsftpurl.exe]
Adware:Adware/MalwareAlarm Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temp\win1A5.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temporary Internet Files\Content.IE5\05WPGVUD\hctp[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temporary Internet Files\Content.IE5\ETAZ4DYD\ptch[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temporary Internet Files\Content.IE5\QVSNMPYD\gamadril20071203[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temporary Internet Files\Content.IE5\QVSNMPYD\hctp[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temporary Internet Files\Content.IE5\QVSNMPYD\ptch[2]
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\ftpsched.exe
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\ftpscrpt.exe
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\ftpsync.exe
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\fwsced.exe
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\wsftpgui.exe
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\wsftpurl.exe
Virus:Trj/Pakes.CY Disinfected C:\RECYCLER\S-1-5-21-2735387251-3717444428-1818467673-1006\Dc61.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\afnpbmel.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bojkdtnf.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cmnplghm.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ecrtbcvo.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\equgingg.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\evmcppwf.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hwxoxlwc.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ibmkebfi.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\oaenpsve.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qikljcjm.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ubjxnaks.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\urqpppq.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xlanvufr.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xxuvdvnj.dll