[Resolved] Harddrive malfunction

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

2 Pages

1 2 >

[Resolved] Harddrive malfunction, My Harddrive opens in a new window everytime I click it

Options

patch View Member Profile	Mar 12 2008, 10:17 AM Post #1
New Member Group: Authentic Member Posts: 15 Joined: 12-March 08 Member No.: 77,552 Operating System: Windows XP Service Pack 2	My harddrive starts opening in a new window everytime I click it. And it's weird because in my "folder options", I constantly pick the "open each folder in the same window option". Another thing is that I had to uninstall my YM because I can't even log in while using it; it closes on its own when I start to login. Lastly, it's also weird because when I right-click my harddrive, there is no "autorun" available in the options... that's why I wonder why it is still opening in a new window. Can someone help me on this problem? I really want my notebook virus-free again. Thanks!

ken545 View Member Profile	Mar 18 2008, 11:57 AM Post #2
SuperHelper Group: Malware Expert Posts: 7,063 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP3/ Vista Home Premium SP1	Hello patch Welcome to the Whatthetech Malware Removal Forum kavo.exe <-- is a password stealing trojan, do you do any online banking and such, you may want to go onto a known clean computer and change all your passwords. Can't help you without looking at a Hijackthis log, do this please. Download Trendmicros Hijackthis to your desktop. Double click it to install Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe Open HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is Unchecked Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread. DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

patch View Member Profile	Mar 19 2008, 04:35 AM Post #3
New Member Group: Authentic Member Posts: 15 Joined: 12-March 08 Member No.: 77,552 Operating System: Windows XP Service Pack 2	thank you so much for replying! here is the logfile.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:29:01 PM, on 3/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\atwtusb.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\XLR8\PxUi.exe C:\WINDOWS\system32\WTMKM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\GetRight\getright.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dlsu.edu.ph:80 R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll O1 - Hosts: 127.0.0.22 mcafee.net O1 - Hosts: 127.0.0.22 www.mcafee.net O1 - Hosts: 127.0.0.22 mcafee.org O1 - Hosts: 127.0.0.22 www.mcafee.org O1 - Hosts: 127.0.0.22 mcafeesecurity.com O1 - Hosts: 127.0.0.22 www.mcafeesecurity.com O1 - Hosts: 127.0.0.22 mcafeesecurity.net O1 - Hosts: 127.0.0.22 www.mcafeesecurity.net O1 - Hosts: 127.0.0.22 mcafeesecurity.org O1 - Hosts: 127.0.0.22 www.mcafeesecurity.org O1 - Hosts: 127.0.0.22 mcafeeb2b.com O1 - Hosts: 127.0.0.22 www.mcafeeb2b.com O1 - Hosts: 127.0.0.22 mcafeeb2b.net O1 - Hosts: 127.0.0.22 www.mcafeeb2b.net O1 - Hosts: 127.0.0.22 mcafeeb2b.org O1 - Hosts: 127.0.0.22 www.mcafeeb2b.org O1 - Hosts: 127.0.0.22 nai.net O1 - Hosts: 127.0.0.22 www.nai.net O1 - Hosts: 127.0.0.22 nai.org O1 - Hosts: 127.0.0.22 www.nai.org O1 - Hosts: 127.0.0.22 vil.nai.net O1 - Hosts: 127.0.0.22 www.vil.nai.net O1 - Hosts: 127.0.0.22 vil.nai.org O1 - Hosts: 127.0.0.22 www.vil.nai.org O1 - Hosts: 127.0.0.22 grisoft.net O1 - Hosts: 127.0.0.22 www.grisoft.net O1 - Hosts: 127.0.0.22 grisoft.org O1 - Hosts: 127.0.0.22 www.grisoft.org O1 - Hosts: 127.0.0.22 kaspersky-labs.net O1 - Hosts: 127.0.0.22 www.kaspersky-labs.net O1 - Hosts: 127.0.0.22 kaspersky-labs.org O1 - Hosts: 127.0.0.22 www.kaspersky-labs.org O1 - Hosts: 127.0.0.22 kaspersky.net O1 - Hosts: 127.0.0.22 www.kaspersky.net O1 - Hosts: 127.0.0.22 kaspersky.org O1 - Hosts: 127.0.0.22 www.kaspersky.org O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.net O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.net O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.org O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.org O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.net O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.net O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.org O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.org O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.net O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.net O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.org O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.org O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.net O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.net O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.org O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.org O1 - Hosts: 127.0.0.22 download.mcafee.net O1 - Hosts: 127.0.0.22 www.download.mcafee.net O1 - Hosts: 127.0.0.22 download.mcafee.org O1 - Hosts: 127.0.0.22 www.download.mcafee.org O1 - Hosts: 127.0.0.22 norton.com O1 - Hosts: 127.0.0.22 www.norton.com O1 - Hosts: 127.0.0.22 norton.net O1 - Hosts: 127.0.0.22 www.norton.net O1 - Hosts: 127.0.0.22 norton.org O1 - Hosts: 127.0.0.22 www.norton.org O1 - Hosts: 127.0.0.22 symantec.net O1 - Hosts: 127.0.0.22 www.symantec.net O1 - Hosts: 127.0.0.22 symantec.org O1 - Hosts: 127.0.0.22 www.symantec.org O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.net O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.net O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.org O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.org O1 - Hosts: 127.0.0.22 liveupdate.symantec.net O1 - Hosts: 127.0.0.22 www.liveupdate.symantec.net O1 - Hosts: 127.0.0.22 liveupdate.symantec.org O1 - Hosts: 127.0.0.22 www.liveupdate.symantec.org O1 - Hosts: 127.0.0.22 update.symantec.net O1 - Hosts: 127.0.0.22 www.update.symantec.net O1 - Hosts: 127.0.0.22 update.symantec.org O1 - Hosts: 127.0.0.22 www.update.symantec.org O1 - Hosts: 127.0.0.22 securityresponse.symantec.net O1 - Hosts: 127.0.0.22 www.securityresponse.symantec.net O1 - Hosts: 127.0.0.22 securityresponse.symantec.org O1 - Hosts: 127.0.0.22 www.securityresponse.symantec.org O1 - Hosts: 127.0.0.22 sarc.com O1 - Hosts: 127.0.0.22 www.sarc.com O1 - Hosts: 127.0.0.22 sarc.net O1 - Hosts: 127.0.0.22 www.sarc.net O1 - Hosts: 127.0.0.22 sarc.org O1 - Hosts: 127.0.0.22 www.sarc.org O1 - Hosts: 127.0.0.22 vaksin.com O1 - Hosts: 127.0.0.22 www.vaksin.com O1 - Hosts: 127.0.0.22 vaksin.net O1 - Hosts: 127.0.0.22 www.vaksin.net O1 - Hosts: 127.0.0.22 vaksin.org O1 - Hosts: 127.0.0.22 www.vaksin.org O1 - Hosts: 127.0.0.22 forum.vaksin.com O1 - Hosts: 127.0.0.22 www.forum.vaksin.com O1 - Hosts: 127.0.0.22 forum.vaksin.net O1 - Hosts: 127.0.0.22 www.forum.vaksin.net O1 - Hosts: 127.0.0.22 forum.vaksin.org O1 - Hosts: 127.0.0.22 www.forum.vaksin.org O1 - Hosts: 127.0.0.22 norman.com O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\XLR8\PxUi.exe" /Automation O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{E6C06C61-2863-4F04-9787-F924F7707534}: NameServer = 192.168.9.206 192.168.9.203 O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe -- End of file - 17361 bytes

patch View Member Profile	Mar 19 2008, 04:49 AM Post #4
New Member Group: Authentic Member Posts: 15 Joined: 12-March 08 Member No.: 77,552 Operating System: Windows XP Service Pack 2	extra post with the same message deleted This post has been edited by patch: Mar 19 2008, 10:03 AM

patch View Member Profile	Mar 19 2008, 04:52 AM Post #5
New Member Group: Authentic Member Posts: 15 Joined: 12-March 08 Member No.: 77,552 Operating System: Windows XP Service Pack 2	extra post with the same message deleted This post has been edited by patch: Mar 19 2008, 10:02 AM

ken545 View Member Profile	Mar 19 2008, 05:20 AM Post #6
SuperHelper Group: Malware Expert Posts: 7,063 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP3/ Vista Home Premium SP1	Hello Patch, Lets do a few things. Look at your Hijackthis log at all the 01 settings, did you or your school set those?? Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked. O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe Please download OTMoveIt by OldTimer. Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): QUOTE C:\WINDOWS\system32\kavo.exe Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply. Close OTMoveIt If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <------------------- Do this When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire report in your next reply along with a Hijackthis log. Post the OTMoveIt log , the Malwarebytes log and a New HJT log and let me know about those 01 settings

patch View Member Profile	Mar 19 2008, 09:58 AM Post #7
New Member Group: Authentic Member Posts: 15 Joined: 12-March 08 Member No.: 77,552 Operating System: Windows XP Service Pack 2	I only finished doing the hijackthis instructions. I didn't continue doing the others because I think it goes in a step-by-step process... When I opened the OTMoveIT.exe, these started to pop out of my desktop: "16bit MS-DOS Subsystem C:\DOCUME~1\User\Desktop\OTMoveIt.exe The NTVDM CPU has encountered an illegal instruction. CS:054c IP:0116 OP:63 6f 64 69 6e Choose 'Close' to terminate the application" Then it has an option for Close or Ignore, I click Ignore again and then, the same message appears again and then finally, the message changes to: "C:\DOCUME~1\User\Desktop\OTMoveIt.exe config.nt. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the application. Then it has an option again for Close or Ignore, upon clicking Ignore, nothing happens. and then I've to start opening OTMoveIt.exe again and the same process follows. Regarding the O1 settings: I think my school came up with those because the only files I know here are the ones by Norton (Symantec) and Kaspersky. When I bought this laptop, Norton's already installed. On Kaspersky however, I just tried downloading it before because I tried to solve my own computer dilemma. I thought by just downloading it, KAVO would be removed. Thank you so much for helping me. Please Inform me on the next step. Thanks!

ken545 View Member Profile	Mar 19 2008, 10:26 AM Post #8
SuperHelper Group: Malware Expert Posts: 7,063 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP3/ Vista Home Premium SP1	Patch, Remove that entry with HJT and then run the Avenger. After the Avenger run Malwarebytes. 1. Please download The Avenger by Swandog46 to your Desktop. Click on Avenger.zip to open the file Extract avenger.exe to your desktop 2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C): CODE Files to Delete: C:\WINDOWS\system32\kavo.exe Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. 3. Now, start The Avenger program by clicking on its icon on your desktop. Under "Script file to execute" choose "Input Script Manually". Now click on the Magnifying Glass icon which will open a new window titled "View/edit script" Paste the text copied to clipboard into this window by pressing (Ctrl+V). Click Done Now click on the Green Light to begin execution of the script Answer "Yes" twice when prompted. 4. The Avenger will automatically do the following: It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.) On reboot, it will briefly open a black command window on your desktop, this is normal. After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. 5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply Post the Avenger log , the Malwarebytes log and a new HJT log

patch View Member Profile	Mar 19 2008, 11:35 AM Post #9
New Member Group: Authentic Member Posts: 15 Joined: 12-March 08 Member No.: 77,552 Operating System: Windows XP Service Pack 2	Ii really dont know how to remove the previous HJT log because I dont see any button with a "delete post" or a "remove post" message on it. Anyway, here are the logs.. The Avenger Log: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\system32\kavo.exe" deleted successfully. Completed script processing. *************** Finished! Terminate. The Malwarebytes Log Malwarebytes' Anti-Malware 1.08 Database version: 506 Scan type: Quick Scan Objects scanned: 40416 Time elapsed: 10 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The NEW HJT Log** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:34:01 AM, on 3/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\atwtusb.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\XLR8\PxUi.exe C:\WINDOWS\system32\WTMKM.exe C:\Program Files\iPod\bin\iPodService.exe C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\GetRight\getright.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dlsu.edu.ph:80 R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll O1 - Hosts: 127.0.0.22 mcafee.net O1 - Hosts: 127.0.0.22 www.mcafee.net O1 - Hosts: 127.0.0.22 mcafee.org O1 - Hosts: 127.0.0.22 www.mcafee.org O1 - Hosts: 127.0.0.22 mcafeesecurity.com O1 - Hosts: 127.0.0.22 www.mcafeesecurity.com O1 - Hosts: 127.0.0.22 mcafeesecurity.net O1 - Hosts: 127.0.0.22 www.mcafeesecurity.net O1 - Hosts: 127.0.0.22 mcafeesecurity.org O1 - Hosts: 127.0.0.22 www.mcafeesecurity.org O1 - Hosts: 127.0.0.22 mcafeeb2b.com O1 - Hosts: 127.0.0.22 www.mcafeeb2b.com O1 - Hosts: 127.0.0.22 mcafeeb2b.net O1 - Hosts: 127.0.0.22 www.mcafeeb2b.net O1 - Hosts: 127.0.0.22 mcafeeb2b.org O1 - Hosts: 127.0.0.22 www.mcafeeb2b.org O1 - Hosts: 127.0.0.22 nai.net O1 - Hosts: 127.0.0.22 www.nai.net O1 - Hosts: 127.0.0.22 nai.org O1 - Hosts: 127.0.0.22 www.nai.org O1 - Hosts: 127.0.0.22 vil.nai.net O1 - Hosts: 127.0.0.22 www.vil.nai.net O1 - Hosts: 127.0.0.22 vil.nai.org O1 - Hosts: 127.0.0.22 www.vil.nai.org O1 - Hosts: 127.0.0.22 grisoft.net O1 - Hosts: 127.0.0.22 www.grisoft.net O1 - Hosts: 127.0.0.22 grisoft.org O1 - Hosts: 127.0.0.22 www.grisoft.org O1 - Hosts: 127.0.0.22 kaspersky-labs.net O1 - Hosts: 127.0.0.22 www.kaspersky-labs.net O1 - Hosts: 127.0.0.22 kaspersky-labs.org O1 - Hosts: 127.0.0.22 www.kaspersky-labs.org O1 - Hosts: 127.0.0.22 kaspersky.net O1 - Hosts: 127.0.0.22 www.kaspersky.net O1 - Hosts: 127.0.0.22 kaspersky.org O1 - Hosts: 127.0.0.22 www.kaspersky.org O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.net O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.net O1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.org O1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.org O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.net O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.net O1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.org O1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.org O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.net O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.net O1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.org O1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.org O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.net O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.net O1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.org O1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.org O1 - Hosts: 127.0.0.22 download.mcafee.net O1 - Hosts: 127.0.0.22 www.download.mcafee.net O1 - Hosts: 127.0.0.22 download.mcafee.org O1 - Hosts: 127.0.0.22 www.download.mcafee.org O1 - Hosts: 127.0.0.22 norton.com O1 - Hosts: 127.0.0.22 www.norton.com O1 - Hosts: 127.0.0.22 norton.net O1 - Hosts: 127.0.0.22 www.norton.net O1 - Hosts: 127.0.0.22 norton.org O1 - Hosts: 127.0.0.22 www.norton.org O1 - Hosts: 127.0.0.22 symantec.net O1 - Hosts: 127.0.0.22 www.symantec.net O1 - Hosts: 127.0.0.22 symantec.org O1 - Hosts: 127.0.0.22 www.symantec.org O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.net O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.net O1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.org O1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.org O1 - Hosts: 127.0.0.22 liveupdate.symantec.net O1 - Hosts: 127.0.0.22 www.liveupdate.symantec.net O1 - Hosts: 127.0.0.22 liveupdate.symantec.org O1 - Hosts: 127.0.0.22 www.liveupdate.symantec.org O1 - Hosts: 127.0.0.22 update.symantec.net O1 - Hosts: 127.0.0.22 www.update.symantec.net O1 - Hosts: 127.0.0.22 update.symantec.org O1 - Hosts: 127.0.0.22 www.update.symantec.org O1 - Hosts: 127.0.0.22 securityresponse.symantec.net O1 - Hosts: 127.0.0.22 www.securityresponse.symantec.net O1 - Hosts: 127.0.0.22 securityresponse.symantec.org O1 - Hosts: 127.0.0.22 www.securityresponse.symantec.org O1 - Hosts: 127.0.0.22 sarc.com O1 - Hosts: 127.0.0.22 www.sarc.com O1 - Hosts: 127.0.0.22 sarc.net O1 - Hosts: 127.0.0.22 www.sarc.net O1 - Hosts: 127.0.0.22 sarc.org O1 - Hosts: 127.0.0.22 www.sarc.org O1 - Hosts: 127.0.0.22 vaksin.com O1 - Hosts: 127.0.0.22 www.vaksin.com O1 - Hosts: 127.0.0.22 vaksin.net O1 - Hosts: 127.0.0.22 www.vaksin.net O1 - Hosts: 127.0.0.22 vaksin.org O1 - Hosts: 127.0.0.22 www.vaksin.org O1 - Hosts: 127.0.0.22 forum.vaksin.com O1 - Hosts: 127.0.0.22 www.forum.vaksin.com O1 - Hosts: 127.0.0.22 forum.vaksin.net O1 - Hosts: 127.0.0.22 www.forum.vaksin.net O1 - Hosts: 127.0.0.22 forum.vaksin.org O1 - Hosts: 127.0.0.22 www.forum.vaksin.org O1 - Hosts: 127.0.0.22 norman.com O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\XLR8\PxUi.exe" /Automation O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{E6C06C61-2863-4F04-9787-F924F7707534}: NameServer = 192.168.9.206 192.168.9.203 O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe -- End of file - 17088 bytes Again, thank you so much!

ken545 View Member Profile	Mar 19 2008, 11:57 AM Post #10
SuperHelper Group: Malware Expert Posts: 7,063 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP3/ Vista Home Premium SP1	Not to worry about that entry, its gone You have Two Anti Virus Programs running and this is not recommended as they will consume a huge amount of system resources and sometimes conflict with one another, its your call but you need to uninstall one via the Add remove Programs in the Control Panel. Eset Norton AntiVirus One has to go. Download CCleaner from here to clean temp files from your computer. Double click on the file to start the installation of the program. Select your language and click OK, then next. Read the license agreement and click I Agree. Click next to use the default install location. Click Install then finish to complete installation. Double click the CCleaner shortcut on the desktop to start the program. On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit). If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla. Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours." Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program. Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. After CCleaner has completed its process, click Exit. *NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner! The rest of your log looks fine How is your system running now???

patch View Member Profile	Mar 19 2008, 09:55 PM Post #11
New Member Group: Authentic Member Posts: 15 Joined: 12-March 08 Member No.: 77,552 Operating System: Windows XP Service Pack 2	I removed the ESET Antivirus Program. And I used the CCleaner as well already. But, when I tried opening my harddrive again in the My Computer Panel. Everything came back.. with... fufb6tq3.cmd and zz.exe popping out. Plus, kavo.exe was restored again.. So I followed your previous instructions (again) and the logs came out the same. Now, I'm not trying to open my harddrive in my computer, I just use Windows Explorer to open it instead to avoid the restoration of those viruses. Is my computer safe already with such preventive measures or Do I have to delete some things still? Thank you for continuously responding.

ken545 View Member Profile	Mar 20 2008, 03:03 AM Post #12
SuperHelper Group: Malware Expert Posts: 7,063 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP3/ Vista Home Premium SP1	Post a new HJT log so I can see whats going on

patch

Mar 20 2008, 06:44 AM

Post