1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infected with Bloodhound.Packed.Jmp/ kavo.exe: ran ComboFix already

Discussion in 'Virus & Other Malware Removal' started by jinx405, Apr 16, 2008.

Thread Status:
Not open for further replies.
  1. jinx405

    jinx405 Thread Starter

    Joined:
    Apr 14, 2008
    Messages:
    1
    Hi there,

    As per above, I have been infected by this virus/trojan where my hidden files cant be unhidden and if i double click on C:/, windows asks me "what program do i want to use to open it with?".

    I have already searched this forums and have come accross a few similiar cases, namely:

    http://forums.techguy.org/malware-removal-hijackthis-logs/701876-hjt-log-ready-only-need.html
    http://forums.techguy.org/malware-r...700376-solved-kxvo-exe-application-error.html

    I followed the latter as a guide, and i ran ComboFix as instructed WITHOUT adding a .txt to kill any files. The problem is somewhat fixed but my PC still runs a little slow, and I dont think the trojan has been removed yet. Here is my first (and only) Combofix run log which I ran on Monday:
    (Below the ComboFix log is my HijackThis log, which i ran after ComboFix, today)

    thanks in advance! Please let me know if you need additional information!


    ComboFix 08-04-13.3 - julian 2008-04-14 19:38:56.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.443 [GMT 10:00]
    Running from: C:\Documents and Settings\julian\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    C:\WINDOWS\system32\_000005_.tmp.dll
    C:\WINDOWS\system32\_000007_.tmp.dll
    C:\WINDOWS\system32\_000008_.tmp.dll
    C:\WINDOWS\system32\tavo0.dll
    C:\WINDOWS\system32\tavo1.dll
    D:\Autorun.inf
    K:\Autorun.inf
    L:\Autorun.inf
    M:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
    .

    2008-04-13 16:42 . 2008-04-13 16:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-13 16:42 . 2008-04-13 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-13 16:16 . 2008-04-13 16:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-13 16:16 . 2008-04-13 16:16 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-13 11:38 . 2008-04-13 11:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-04-13 11:24 . 2008-04-13 21:23 <DIR> d-------- C:\Documents and Settings\julian\Application Data\AVG7
    2008-04-13 11:24 . 2008-04-13 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-13 11:24 . 2008-04-13 11:24 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
    2008-04-11 14:09 . 2008-04-11 14:16 <DIR> d-------- C:\Documents and Settings\julian\Application Data\U3
    2008-04-11 11:57 . 2008-04-11 11:57 <DIR> d-------- C:\Program Files\FLV Player
    2008-04-11 08:50 . 2008-04-11 08:50 <DIR> d-------- C:\Program Files\PC Connectivity Solution
    2008-04-11 08:50 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
    2008-04-11 08:32 . 2008-04-13 16:38 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
    2008-04-01 17:43 . 2008-03-26 18:27 18,457,248 --a------ C:\ZEN_PCFW_L22_1_21_01.exe
    2008-04-01 17:40 . 2008-04-01 18:11 <DIR> d-------- C:\Documents and Settings\julian\Application Data\Creative
    2008-04-01 17:38 . 2008-04-01 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
    2008-04-01 17:34 . 2008-04-01 17:35 <DIR> d--h----- C:\Program Files\Creative Installation Information
    2008-04-01 17:34 . 2008-04-01 17:34 <DIR> d-------- C:\Program Files\Common Files\Creative
    2008-04-01 17:34 . 1999-12-13 09:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
    2008-04-01 17:34 . 1999-11-18 09:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
    2008-03-31 18:22 . 2008-04-01 17:34 <DIR> d-------- C:\Program Files\Creative
    2008-03-27 00:04 . 2008-03-27 00:04 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
    2008-03-15 08:00 . 2008-03-15 08:01 <DIR> d-------- C:\Documents and Settings\julian\Application Data\Cakewalk
    2008-03-15 07:52 . 2006-11-30 14:49 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
    2008-03-15 07:52 . 2004-04-13 13:48 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
    2008-03-15 07:50 . 2008-03-15 07:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk
    2008-03-14 20:35 . 2007-07-19 17:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
    2008-03-14 20:35 . 2007-05-16 15:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
    2008-03-14 20:35 . 2007-07-19 17:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
    2008-03-14 20:35 . 2007-05-16 15:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
    2008-03-14 20:35 . 2007-07-19 17:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
    2008-03-14 20:35 . 2007-05-16 15:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
    2008-03-14 20:35 . 2007-04-04 17:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2008-03-14 18:53 . 2008-03-14 19:02 485 --a------ C:\WINDOWS\BADMOJO.INI
    2008-03-14 17:39 . 2008-04-13 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-13 09:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-13 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-13 01:14 --------- d-----w C:\Documents and Settings\julian\Application Data\Azureus
    2008-04-10 22:54 --------- d-----w C:\Program Files\Common Files\PCSuite
    2008-04-10 22:54 --------- d-----w C:\Program Files\Common Files\Nokia
    2008-04-10 22:48 --------- d-----w C:\Program Files\Nokia
    2008-04-10 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-04-01 08:07 --------- d-----w C:\Documents and Settings\julian\Application Data\Nokia
    2008-04-01 07:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-26 13:30 --------- d-----w C:\Documents and Settings\julian\Application Data\NSeries
    2008-03-26 12:15 --------- d-----w C:\Program Files\Java
    2008-03-23 23:56 --------- d-----w C:\Program Files\Winamp
    2008-03-12 11:35 --------- d-----w C:\Program Files\Real Alternative
    2008-03-07 10:56 --------- d-----w C:\Program Files\Azureus
    2008-03-07 07:44 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-02-29 23:22 --------- d-----w C:\Program Files\DigiTech
    2008-02-17 06:01 --------- d-----w C:\Program Files\Barak's SignME
    2007-07-14 11:25 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-10-05 06:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-05 06:06 1135968]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-05 06:06 1135968]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2004-01-09 02:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 19:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
    "nwiz"="nwiz.exe" [2007-12-05 00:41 1626112 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-13 11:24 219136]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2003-01-29 13:58 40960]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\upnpdrv]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk
    backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk
    backup=C:\WINDOWS\pss\MagicTune 3.6.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
    backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
    backup=C:\WINDOWS\pss\Nokia Nseries PC Suite.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^julian^Start Menu^Programs^Startup^Last.fm Helper.lnk]
    path=C:\Documents and Settings\julian\Start Menu\Programs\Startup\Last.fm Helper.lnk
    backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^julian^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
    path=C:\Documents and Settings\julian\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^julian^Start Menu^Programs^Startup^systemID.pif]
    path=C:\Documents and Settings\julian\Start Menu\Programs\Startup\systemID.pif
    backup=C:\WINDOWS\pss\systemID.pifStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\24access]
    C:\Program Files\Mobile Media Center\24access.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    --a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    --a------ 2008-04-13 11:24 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
    --a------ 2008-04-13 11:24 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigPondCable]
    --a------ 2003-09-29 13:07 245760 C:\Program Files\Telstra\Cable Login\bpcable.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
    --------- 2007-11-06 11:08 397312 C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-04 17:56 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
    --------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPoXUSDM]
    --------- 2003-09-29 14:57 1077248 C:\Program Files\EPOX\USDM\USDM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
    C:\WINDOWS\system32\kavo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-03-29 09:49 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-12-05 00:41 8523776 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
    --a------ 2006-06-06 08:54 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-12-05 00:41 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
    --a------ 2004-06-03 19:51 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-08-05 15:48 155648 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    H:\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 03:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    --a------ 2005-10-24 16:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "ServiceLayer"=3 (0x3)
    "sdCoreService"=3 (0x3)
    "sdAuxService"=3 (0x3)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NVSvc"=2 (0x2)
    "nTuneService"=2 (0x2)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "Creative Service for CDROM Access"=2 (0x2)
    "bpcService"=3 (0x3)
    "AVGFwSrv"=2 (0x2)
    "Avg7UpdSvc"=2 (0x2)
    "Avg7Alrt"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "aawservice"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Valve\\Condition Zero\\czero.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "D:\\FEAR\\FEAR.exe"=
    "C:\\Program Files\\Last.fm\\LastFM.exe"=
    "D:\\Nintendo EMU\\NESTCL95.EXE"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
    "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
    "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
    "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "12426:TCP"= 12426:TCP:BitComet 12426 TCP
    "12426:UDP"= 12426:UDP:BitComet 12426 UDP

    S3 CEUSBAUD;DigiTech USB MIDI Driver;C:\WINDOWS\system32\Drivers\CEUSBAUD.sys [2003-11-02 06:19]
    S3 kwwalpgr;kwwalpgr;C:\DOCUME~1\julian\LOCALS~1\Temp\kwwalpgr.sys []
    S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
    S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-30 00:56]
    S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
    S4 bpcService;BigPond Broadband Cable Login;"C:\Program Files\Telstra\Cable Login\bpcService.exe" [2003-09-29 13:07]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd3f4c4-ec1c-11dc-aa2f-0011954bee93}]
    \Shell\AutoRun\command - G:\i.bat
    \Shell\explore\Command - G:\i.bat
    \Shell\open\Command - G:\i.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{938ef8b4-076a-11dd-aa41-0011954bee93}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f79eb66e-10c9-11db-a947-0011954bee93}]
    \Shell\AutoRun\command - I:\TNT.EXE

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-14 19:40:20
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-04-14 19:41:29
    ComboFix-quarantined-files.txt 2008-04-14 09:41:13

    Pre-Run: 4,135,755,776 bytes free
    Post-Run: 4,119,560,192 bytes free


    -----------------------------------------------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:10:51 PM, on 4/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Nokia Pc Phone: Text & Call - {71aa81cb-b31e-476b-b4f0-4b5c6689a2a3} - C:\Program Files\Nokia\Nokia PC Phone\Iexplorer_ext\startIE.js (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120655499343
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1EC4041B-C3E4-46D6-BF50-38D8F3800911}: NameServer = 203.0.178.191
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1EC4041B-C3E4-46D6-BF50-38D8F3800911}: NameServer = 203.0.178.191
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

    --
    End of file - 8066 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/704258

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice