Kavo Trojan on my External HD

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

Kavo Trojan on my External HD

Options

MoogleMC View Member Profile	Sep 24 2008, 12:12 AM Post #1
Authentic Member Group: Authentic Member Posts: 32 Joined: 31-March 08 Member No.: 78,036 Operating System: Windows XP Media Home Center Edition (Came installed on Laptop)	Hi I thought I had resolved getting rid of this kavo or tavo trojan, but it seems to keep popping up from my external HD. On my laptop (my main and only computer), I can get rid of the kavo trojan with Malwarebytes Anti-Malware but I can't get rid of it on my external HD. When I hook up my external HD to my laptop and I access any drive, I get the following error message: "c9.com - Application Error The instruction at "0x10011e9f" referenced at memory "0x0123aacb". The memory could not be "read". Click on Ok to terminate the program." Then on my laptop I see that I've been infected with the kavo trojan. I've run Malwarebytes on my external HD but it never catches anything, Malwarebytes seems to only be catching anything on my internal HD in my laptop. Here is my HijackThis Log with my external HD attached (but with no trojan on my laptop HD itself): Logfile of HijackThis v1.99.1 Scan saved at 11:11:24 PM, on 9/23/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Google\Update\GoogleUpdate.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\niSvcLoc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.mysee.com/plugin/booter.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c8e30a4462cc42) (gupdate1c8e30a4462cc42) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

LDTate View Member Profile	Oct 2 2008, 04:26 PM Post #2
Forum God Group: Root Admin Posts: 39,205 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Download & run this file http://www.techsupportforum.com/sectools/s...Disinfector.exe Be sure to insert any flash drives/ external hard drive or USB devices that you use.

MoogleMC View Member Profile	Oct 4 2008, 11:15 AM Post #3
Authentic Member Group: Authentic Member Posts: 32 Joined: 31-March 08 Member No.: 78,036 Operating System: Windows XP Media Home Center Edition (Came installed on Laptop)	Hi LDTate I ran the flash disinfector with my external HD plugged in. It said it was done.

LDTate View Member Profile	Oct 4 2008, 07:48 PM Post #4
Forum God Group: Root Admin Posts: 39,205 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Lets make sure nothing is hiding on your local drive: Download ComboFix from Here or Here to your Desktop. In the event you already have Combofix, this is a new version that I need you to download. It must be saved directly to your desktop. Make sure you are disconnected from the net 1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Remember to re enable the protection again afterwards before connecting to the net 2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix. IF you have not already done so Combofix will disconnect your machine from the Internet when it starts. If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections. 3. Now double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze. Give it atleast 20-30 minutes to finish if needed.

MoogleMC View Member Profile	Oct 8 2008, 11:50 PM Post #5
Authentic Member Group: Authentic Member Posts: 32 Joined: 31-March 08 Member No.: 78,036 Operating System: Windows XP Media Home Center Edition (Came installed on Laptop)	Hi LDTate Just wanted to let you know, I have been busy with some things but I am still planning on running combofix. I should be able to run it by tomorrow and let you know the results. By the way, did you want me to run it with the external HD attached or just to run combofix on my local hd?

MoogleMC View Member Profile	Oct 9 2008, 12:57 PM Post #6
Authentic Member Group: Authentic Member Posts: 32 Joined: 31-March 08 Member No.: 78,036 Operating System: Windows XP Media Home Center Edition (Came installed on Laptop)	Here is the combofix log: ComboFix 08-10-08.05 - Michael Chan 2008-10-09 11:37:33.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.570 [GMT -7:00] Running from: C:\Documents and Settings\Michael Chan\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\n.dll C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\ozbcfvk.dll C:\f.bat C:\v3pif.bat D:\Autorun.inf D:\f.bat . ((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 ))))))))))))))))))))))))))))))) . 2008-09-23 23:09 . 2008-09-23 23:10 <DIR> d-------- C:\Program Files\ERUNT 2008-09-20 20:56 . 2008-09-20 20:56 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-09-20 20:56 . 2008-09-20 20:56 <DIR> d-------- C:\WINDOWS\system32\en 2008-09-20 20:56 . 2008-09-20 20:56 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-20 20:56 . 2008-09-20 20:56 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-20 20:52 . 2008-09-20 20:52 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-19 22:33 . 2008-04-13 17:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll 2008-09-19 22:33 . 2008-04-13 17:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-09-19 22:31 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-09-19 22:30 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-09-09 19:44 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-27 22:36 --------- d-----w C:\Program Files\Java 2008-09-27 17:53 --------- d-----w C:\Program Files\Opera 2008-09-24 09:13 --------- d-----w C:\Program Files\mIRC 2008-09-22 23:33 44,992 ----a-w C:\Documents and Settings\Michael Chan\Application Data\GDIPFONTCACHEV1.DAT 2008-09-21 20:43 --------- d-----w C:\Program Files\Google 2008-09-21 05:21 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd6845.sys 2008-09-18 05:33 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\foobar2000 2008-09-17 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall 2008-09-12 03:24 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-10 07:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-09-07 02:59 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\uTorrent 2008-08-23 17:58 --------- d-----w C:\Program Files\Warcraft III 2008-08-11 12:54 --------- d-----w C:\Program Files\activePDF 2008-07-12 03:02 60,744 ----a-w C:\Documents and Settings\Michael Chan\g2mdlhlpx.exe 2006-09-14 06:18 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 118784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182] "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.EXE" [2002-04-05 886272] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 77824] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-06 113664] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-07 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] --a------ 2005-10-05 01:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-09-29 12:01 67584 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2006-09-07 19:18 189952 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2005-12-13 00:44 98304 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Executables\\utorrent.exe"= "C:\\Program Files\\National Instruments\\LabVIEW 7.1\\LabVIEW.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Warcraft III\\War3.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Warcraft III\\Warcraft III.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2005-06-10 7140] S2 gupdate1c8e30a4462cc42;Google Update Service (gupdate1c8e30a4462cc42);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 133104] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7855f0c0-0727-11dd-83bd-0016cffd5e04}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-10-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 11:22] 2008-10-04 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MICHAEL-Michael Chan).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 18:18] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Michael Chan\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.steepandcheap.com/ FF -: plugin - C:\Documents and Settings\Michael Chan\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPil86.dll FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll FF -: plugin - C:\Program Files\Opera\program\plugins\nppl3260.dll FF -: plugin - C:\Program Files\Opera\program\plugins\nprpjplug.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 11:44:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\McAfee.com\Agent\Mcdetect.exe C:\PROGRA~1\McAfee.com\VSO\McShield.exe C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\WINDOWS\system32\niSvcLoc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe . ************************************************************************ . Completion time: 2008-10-09 11:52:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-09 18:52:30 ComboFix2.txt 2008-04-27 23:47:53 Pre-Run: 28,449,390,592 bytes free Post-Run: 28,512,571,392 bytes free 200 --- E O F --- 2008-09-21 15:32:49 And here is my HijackThis Log Logfile of HijackThis v1.99.1 Scan saved at 11:54:31 AM, on 10/9/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Google\Update\GoogleUpdate.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\niSvcLoc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.mysee.com/plugin/booter.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c8e30a4462cc42) (gupdate1c8e30a4462cc42) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe I'm still worried about the external HD. I remember last time I used the flash disinfector, it didn't seem to clean up my external HD. I want to test the external HD, but not until you've seen this report. This report does not include the external HD attached.

LDTate View Member Profile	Oct 9 2008, 03:28 PM Post #7
Forum God Group: Root Admin Posts: 39,205 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Everything looks good

MoogleMC View Member Profile	Oct 14 2008, 12:47 AM Post #8
Authentic Member Group: Authentic Member Posts: 32 Joined: 31-March 08 Member No.: 78,036 Operating System: Windows XP Media Home Center Edition (Came installed on Laptop)	LDTate, is the flash disinfector supposed to work on external HDs as well? or only flash drives?

LDTate View Member Profile	Oct 14 2008, 02:12 PM Post #9
Forum God Group: Root Admin Posts: 39,205 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	QUOTE (MoogleMC @ Oct 14 2008, 01:47 AM) LDTate, is the flash disinfector supposed to work on external HDs as well? or only flash drives? It will remove the autorun Then I'd scan the external with your anti-virus.

MoogleMC View Member Profile	Oct 15 2008, 08:40 PM Post #10
Authentic Member Group: Authentic Member Posts: 32 Joined: 31-March 08 Member No.: 78,036 Operating System: Windows XP Media Home Center Edition (Came installed on Laptop)	Ok I see. Yeah I wondered why when I plugged the external HD in I would not get infected right away. However as soon as I access the external HD from my computer, the trojan will activate again. I've tried using Malwarebytes to find the trojan but it never seems to be able to find it on the external HD, even with the flash disinfector. Should I scan it with my McAfee?

LDTate View Member Profile	Oct 16 2008, 05:32 AM Post #11
Forum God Group: Root Admin Posts: 39,205 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	QUOTE (MoogleMC @ Oct 15 2008, 09:40 PM) Ok I see. Yeah I wondered why when I plugged the external HD in I would not get infected right away. However as soon as I access the external HD from my computer, the trojan will activate again. I've tried using Malwarebytes to find the trojan but it never seems to be able to find it on the external HD, even with the flash disinfector. Should I scan it with my McAfee? Yes.