Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
issues with fotomoto, taskbar, regsv32 issues with fotomoto, taskbar, regsv32
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 12-19-2007, 07:39 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 9
OS: xp, service pack 2


issues with fotomoto, taskbar, regsv32
I have been a careful user of the internet up to now. I follow the basic guidelines that I found in this forum. In the past year that I've had my pc, I never once had any issues or popup problems. Though, something happened about a week ago causing these issues.

I downloaded spyware doctor (direct from pc tools site) after reading several good reviews about a week ago. I figured it couldnt hurt to run one or two of the anti spyware/adware programs. I actually got windows defender first, but apparently, it's not as thorough. Anyway, the day I downloaded these was the day I began to have ad pop ups (ironically). A few days ago I even downloaded adaware 2007 to help, but I still get the pop ups.

Also, randomly my taskbar/toolbar at the bottom (where the start button, different windows open) will disappear along with all my desktop icons. I can get it back either by logging off and back on or rebooting (using windows task manager ctrl+alt+delete).

When I turn on my pc now, I get this error:

regsvr32
"LoadLibrary("C:\Documents and Settings\All Users\Application Data\sxclopgv.dll") failed - The specified module could not be found."

When I run windows defender scan it always brings up "win32/fotomoto" as a high threat. Even after it says it removes it, the same thing comes right back.

And finally the occasional ad pop up. So here are my logs:


Deckard's System Scanner v20071014.68
Run by One October Night on 2007-12-19 20:11:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
113: 2007-12-20 02:11:09 UTC - RP417 - Deckard's System Scanner Restore Point
112: 2007-12-19 19:42:14 UTC - RP416 - Installed Java(TM) 6 Update 3
111: 2007-12-19 19:38:01 UTC - RP415 - Removed J2SE Runtime Environment 5.0 Update 6
110: 2007-12-19 09:48:25 UTC - RP414 - Windows Defender Checkpoint
109: 2007-12-19 09:43:08 UTC - RP413 - Spyware Doctor: Cleaning Threats


-- First Restore Point --
1: 2007-12-10 03:13:21 UTC - RP305 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-19 20:12:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Documents and Settings\One October Night\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061116
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...us&ibd=6061116
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en&...us&ibd=6061116
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061116
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - C:\Program Files\Gbouovui\clwufkji.dll
O2 - BHO: (no name) - {2AE4005E-689F-4FB9-8C3D-D2B8B58AC072} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {EDE47072-D286-46BA-AAC6-7485FC5D4BAC} - C:\WINDOWS\system32\jkkjh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [sxclopgv] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\sxclopgv.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: tuvvtur - C:\WINDOWS\system32\tuvvtur.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\system32\PAStiSvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe


--
End of file - 8936 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-19 13:43:30 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-11-19 and 2007-12-19 -----------------------------

2007-12-19 17:00:48 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-19 17:00:48 0 d-------- C:\WINDOWS\LastGood
2007-12-19 13:42:16 0 d-------- C:\Program Files\Common Files\Java
2007-12-18 21:15:38 74304 --a------ C:\WINDOWS\system32\bojkdtnf.exe <Not Verified; ; DDC>
2007-12-17 21:22:13 80448 --a------ C:\WINDOWS\system32\xxuvdvnj.dll
2007-12-17 21:19:13 85568 --a------ C:\WINDOWS\system32\ubjxnaks.dll
2007-12-17 03:32:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-16 21:25:09 85568 --a------ C:\WINDOWS\system32\afnpbmel.dll
2007-12-16 21:22:10 80448 --a------ C:\WINDOWS\system32\evmcppwf.dll
2007-12-16 21:16:09 74304 --a------ C:\WINDOWS\system32\xlanvufr.exe <Not Verified; ; DDC>
2007-12-15 21:22:11 80448 --a------ C:\WINDOWS\system32\qikljcjm.dll
2007-12-15 21:16:09 74304 --a------ C:\WINDOWS\system32\ecrtbcvo.exe <Not Verified; ; DDC>
2007-12-14 03:05:44 0 d-------- C:\Program Files\Lavasoft
2007-12-14 03:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-13 21:16:37 74304 --a------ C:\WINDOWS\system32\cmnplghm.exe <Not Verified; ; DDC>
2007-12-12 21:20:19 80448 --a------ C:\WINDOWS\system32\oaenpsve.dll
2007-12-11 21:26:15 85568 --a------ C:\WINDOWS\system32\hwxoxlwc.dll
2007-12-11 21:23:15 80448 --a------ C:\WINDOWS\system32\equgingg.dll
2007-12-11 21:17:13 74304 --a------ C:\WINDOWS\system32\ibmkebfi.exe <Not Verified; ; DDC>
2007-12-09 21:13:11 579000 --ahs---- C:\WINDOWS\system32\hjkkj.ini2
2007-12-09 21:13:07 330848 --a------ C:\WINDOWS\system32\jkkjh.dll
2007-12-09 21:08:12 0 d-------- C:\Program Files\SecCenter
2007-12-09 21:08:10 38912 --a------ C:\WINDOWS\system32\urqpppq.dll
2007-12-09 21:08:10 0 d-------- C:\Program Files\Gbouovui
2007-12-09 21:08:09 1154709 --a------ C:\Install
2007-12-09 21:08:08 0 d-------- C:\Program Files\dgbixilq
2007-12-09 20:59:47 0 d-------- C:\Program Files\Spyware Doctor
2007-12-09 20:59:47 0 d-------- C:\Documents and Settings\One October Night\Application Data\PC Tools
2007-12-04 03:05:33 0 d-------- C:\Program Files\Windows Defender


-- Find3M Report ---------------------------------------------------------------

2007-12-19 17:53:54 0 d-------- C:\Program Files\WS_FTP
2007-12-19 13:42:39 0 d-------- C:\Program Files\Java
2007-12-19 13:42:16 0 d-------- C:\Program Files\Common Files
2007-12-19 02:28:17 0 d-------- C:\Program Files\Soulseek
2007-12-07 00:39:47 0 d-------- C:\Program Files\Winamp
2007-11-27 05:01:47 9216 --a------ C:\Documents and Settings\One October Night\Application Data\dvd.bmk
2007-10-29 01:01:16 0 d-------- C:\Program Files\Google
2007-10-29 00:40:43 0 d-------- C:\Program Files\AIM6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CF46468-AC82-9EC5-5B79-008AA7762D88}]
12/09/2007 09:08 PM 106496 --a------ C:\Program Files\Gbouovui\clwufkji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AE4005E-689F-4FB9-8C3D-D2B8B58AC072}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDE47072-D286-46BA-AAC6-7485FC5D4BAC}]
12/09/2007 09:13 PM 330848 --a------ C:\WINDOWS\system32\jkkjh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/16/2006 08:39 AM]
"CTHelper"="CTHELPER.EXE" [11/08/2005 05:30 AM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [03/01/2006 09:00 PM C:\WINDOWS\system32\CTXFIHLP.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/06/2006 07:15 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 03:12 AM]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [06/18/2003 01:00 AM]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [10/14/2005 11:01 AM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [11/04/2005 06:07 PM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 09:30 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 10:11 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"sxclopgv"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\sxclopgv.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 07:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [5/9/2005 11:47:22 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvtur]
tuvvtur.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjh.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2007-12-19 20:13:07 ------------





This is from the online panda activescan:



Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Gbouovui\clwufkji.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[.adserver.easyad.info/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\One October Night\Application Data\Mozilla\Firefox\Profiles\zpy1h6om.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\One October Night\Cookies\one october night@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\One October Night\Cookies\one october night@adrevolver[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\One October Night\Cookies\one october night@adserver.easyad[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\One October Night\Cookies\one october night@apmebf[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\One October Night\Cookies\one october night@apmebf[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\One October Night\Cookies\one october night@apmebf[3].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\One October Night\Cookies\one october night@atdmt[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\One October Night\Cookies\one october night@findwhat[1].txt
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[ftpscrpt.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[ftpsched.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[ftpsync.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[fwsced.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[wsftpgui.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\One October Night\Desktop\ipswitch.ws_ftp.professional.2007.0.0.0.cracked-tsrh.zip[wsftpurl.exe]
Adware:Adware/MalwareAlarm Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temp\win1A5.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temporary Internet Files\Content.IE5\05WPGVUD\hctp[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temporary Internet Files\Content.IE5\ETAZ4DYD\ptch[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temporary Internet Files\Content.IE5\QVSNMPYD\gamadril20071203[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temporary Internet Files\Content.IE5\QVSNMPYD\hctp[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\One October Night\Local Settings\Temporary Internet Files\Content.IE5\QVSNMPYD\ptch[2]
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\ftpsched.exe
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\ftpscrpt.exe
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\ftpsync.exe
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\fwsced.exe
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\wsftpgui.exe
Virus:Generic Malware Disinfected C:\Program Files\WS_FTP\wsftpurl.exe
Virus:Trj/Pakes.CY Disinfected C:\RECYCLER\S-1-5-21-2735387251-3717444428-1818467673-1006\Dc61.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\afnpbmel.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bojkdtnf.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cmnplghm.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ecrtbcvo.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\equgingg.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\evmcppwf.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hwxoxlwc.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ibmkebfi.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\oaenpsve.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qikljcjm.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ubjxnaks.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\urqpppq.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xlanvufr.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xxuvdvnj.dll
Attached Files
File Type: txt extra.txt (29.5 KB, 0 views)
nighserenity is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-22-2007, 10:12 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,754
OS: 2000 Pro; XP Pro; XP Home


Re: issues with fotomoto, taskbar, regsv32
Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet....pull the plug!
  3. Disable your AntiVirus and all AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  4. Go to -> Run -> paste in the following single line command & click OK

    "%userprofile%\desktop\combofix.exe" /killall



  5. Follow the prompts. Type "1" and press Enter to begin the scan.
  6. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  7. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  8. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
  9. Re-establish an internet connection.
  10. Please download HijackThis to your desktop

    Alternate link

    Double-click on the file you just downloaded.
    Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

    Upon install, HijackThis should open for you.

    Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

    1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
    2. If you don't get the intro screen, just hit Scan and then click on Save log.
    3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

    ---------------------------------------------------------------------------------------------

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 05:25 AM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 9
OS: xp, service pack 2


Re: issues with fotomoto, taskbar, regsv32
ComboFix 07-12-23.2 - One October Night 2007-12-23 6:09:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.501 [GMT -6:00]
Running from: C:\Documents and Settings\One October Night\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Gbouovui
C:\Program Files\Gbouovui\clwufkji.dll
C:\Program Files\SecCenter
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ackrsvgw.ini
C:\WINDOWS\system32\afnpbmel.dll
C:\WINDOWS\system32\arkhndhy.ini
C:\WINDOWS\system32\cqsmdgcf.ini
C:\WINDOWS\system32\cwlxoxwh.ini
C:\WINDOWS\system32\drmjvxfe.ini
C:\WINDOWS\system32\dxpojgom.dll
C:\WINDOWS\system32\efxvjmrd.dll
C:\WINDOWS\system32\equgingg.dll
C:\WINDOWS\system32\eucmxwxc.ini
C:\WINDOWS\system32\evmcppwf.dll
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hwxoxlwc.dll
C:\WINDOWS\system32\ioyibamw.dll
C:\WINDOWS\system32\jcrmdpkf.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\ksnltywc.ini
C:\WINDOWS\system32\lembpnfa.ini
C:\WINDOWS\system32\nntgytuv.ini
C:\WINDOWS\system32\oaenpsve.dll
C:\WINDOWS\system32\okghryoq.ini
C:\WINDOWS\system32\pasysnkb.ini
C:\WINDOWS\system32\qfflewan.dll
C:\WINDOWS\system32\qikljcjm.dll
C:\WINDOWS\system32\qoyrhgko.dll
C:\WINDOWS\system32\skanxjbu.ini
C:\WINDOWS\system32\tsxefpsk.exe
C:\WINDOWS\system32\ubjxnaks.dll
C:\WINDOWS\system32\urqpppq.dll
C:\WINDOWS\system32\vutygtnn.dll
C:\WINDOWS\system32\xlanvufr.exe
C:\WINDOWS\system32\xxuvdvnj.dll
C:\WINDOWS\system32\yhdnhkra.dll
C:\WINDOWS\system32\yvenqegv.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-22 20:09 . 2007-12-22 20:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-22 20:09 . 2007-12-22 20:09 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-19 20:10 . 2007-12-19 20:10 <DIR> d-------- C:\Deckard
2007-12-19 17:00 . 2007-12-19 17:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-19 17:00 . 2007-12-19 17:00 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-19 17:00 . 2007-12-19 17:00 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-19 17:00 . 2007-12-19 17:00 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-19 13:42 . 2007-12-19 13:42 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-19 13:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-17 03:32 . 2007-12-17 03:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-14 03:05 . 2007-12-14 03:05 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-14 03:05 . 2007-12-14 03:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-13 23:42 . 2007-12-13 23:42 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-09 21:08 . 2007-12-17 03:32 <DIR> d-------- C:\Program Files\dgbixilq
2007-12-09 21:08 . 2007-12-09 21:08 1,154,709 --a------ C:\Install
2007-12-09 20:59 . 2007-12-09 23:18 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-09 20:59 . 2007-12-09 20:59 <DIR> d-------- C:\Documents and Settings\One October Night\Application Data\PC Tools
2007-12-09 20:59 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-09 20:59 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-09 20:59 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-09 20:59 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-09 20:59 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-04 03:05 . 2007-12-19 17:53 <DIR> d-------- C:\Program Files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 23:53 --------- d-----w C:\Program Files\WS_FTP
2007-12-19 19:42 --------- d-----w C:\Program Files\Java
2007-12-19 08:28 --------- d-----w C:\Program Files\Soulseek
2007-12-07 06:39 --------- d-----w C:\Program Files\Winamp
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 07:01 --------- d-----w C:\Program Files\Google
2007-10-29 06:40 --------- d-----w C:\Program Files\AIM6
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"CTHelper"="CTHELPER.EXE" [2005-11-08 05:30 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-01 21:00 C:\WINDOWS\system32\CTXFIHLP.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 09:30]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2005-05-09 11:47:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvtur]
tuvvtur.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-14 23:40]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
S3 PAC207;Webcam Basic;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 09:46]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-23 07:51:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 06:14:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 6:17:04 - machine was rebooted
.
2007-12-22 00:03:08 --- E O F ---












Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:07 AM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...us&ibd=6061116
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061116
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: tuvvtur - tuvvtur.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7697 bytes
nighserenity is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 08:39 AM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,754
OS: 2000 Pro; XP Pro; XP Home


Re: issues with fotomoto, taskbar, regsv32
Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\bojkdtnf.exe
C:\WINDOWS\system32\cmnplghm.exe
C:\WINDOWS\system32\ecrtbcvo.exe
C:\WINDOWS\system32\ibmkebfi.exe

DirLook::
C:\Install
C:\Program Files\dgbixilq

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvtur]
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 12:47 PM   #5 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 9
OS: xp, service pack 2


Re: issues with fotomoto, taskbar, regsv32
ComboFix 07-12-23.2 - One October Night 2007-12-23 13:35:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.416 [GMT -6:00]
Running from: C:\Documents and Settings\One October Night\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\One October Night\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\bojkdtnf.exe
C:\WINDOWS\system32\cmnplghm.exe
C:\WINDOWS\system32\ecrtbcvo.exe
C:\WINDOWS\system32\ibmkebfi.exe
C:\WINDOWS\system32\mcrh.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-22 20:09 . 2007-12-22 20:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-22 20:09 . 2007-12-22 20:09 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-19 20:10 . 2007-12-19 20:10 <DIR> d-------- C:\Deckard
2007-12-19 17:00 . 2007-12-19 17:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-19 17:00 . 2007-12-19 17:00 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-19 17:00 . 2007-12-19 17:00 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-19 17:00 . 2007-12-19 17:00 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-19 13:42 . 2007-12-19 13:42 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-19 13:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-17 03:32 . 2007-12-17 03:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-14 03:05 . 2007-12-14 03:05 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-14 03:05 . 2007-12-14 03:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-09 21:08 . 2007-12-17 03:32 <DIR> d-------- C:\Program Files\dgbixilq
2007-12-09 21:08 . 2007-12-09 21:08 1,154,709 --a------ C:\Install
2007-12-09 20:59 . 2007-12-09 23:18 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-09 20:59 . 2007-12-09 20:59 <DIR> d-------- C:\Documents and Settings\One October Night\Application Data\PC Tools
2007-12-09 20:59 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-09 20:59 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-09 20:59 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-09 20:59 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-09 20:59 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-04 03:05 . 2007-12-19 17:53 <DIR> d-------- C:\Program Files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 12:21 --------- d-----w C:\Program Files\Trend Micro
2007-12-19 23:53 --------- d-----w C:\Program Files\WS_FTP
2007-12-19 19:42 --------- d-----w C:\Program Files\Java
2007-12-19 08:28 --------- d-----w C:\Program Files\Soulseek
2007-12-07 06:39 --------- d-----w C:\Program Files\Winamp
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 07:01 --------- d-----w C:\Program Files\Google
2007-10-29 06:40 --------- d-----w C:\Program Files\AIM6
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 05:57 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 05:57 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 05:57 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 05:57 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 05:57 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 05:57 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 05:57 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 05:57 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 05:57 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 05:57 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2005-04-06 17:55 456,384 ----a-w C:\WINDOWS\inf\WG311T\WG311T13.sys
2004-10-20 01:58 35,232 ----a-w C:\WINDOWS\inf\WG311T\ME_INST.EXE
2004-10-20 01:58 26,112 ----a-w C:\WINDOWS\inf\WG311T\install.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Install ----

C:\Install\

---- Directory of C:\Program Files\dgbixilq ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"CTHelper"="CTHELPER.EXE" [2005-11-08 05:30 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-01 21:00 C:\WINDOWS\system32\CTXFIHLP.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 09:30]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2005-05-09 11:47:22]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-14 23:40]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
S3 PAC207;Webcam Basic;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 09:46]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-23 12:16:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 13:38:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 13:39:45
C:\ComboFix2.txt ... 2007-12-23 06:17
.
2007-12-22 00:03:08 --- E O F ---












Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:01 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...us&ibd=6061116
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061116
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrv