Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google page differant and going to ad pages only


  • This topic is locked This topic is locked
15 replies to this topic

#1 pat777

pat777

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 31 January 2009 - 06:43 AM

Whenever I go to google search page it looks differant and the search results are all in a bigger font. When you click on a result the page doesnt display but anothr ad or ad search page appears. This can also bring up a pornographic ad page as well. This is slowing down my net connection and making it not display other pages correctly. I have tried the following:
Adaware .....nothing found, I have Mcafee virus protection but nothing was found, I also have Stopzilla protection but nothing was found during full scan. Can someone please assist?


DDS (Ver_09-01-19.01) - NTFSx86
Run by Pat at 11:25:40.60 on 31/01/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.345 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Access Runtime\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\khost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Free Internet Window Washer\Clearpch.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Pat.Patrick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.europeantour.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Packard Bell
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = file://c:\apps\ie\offline\uk.htm
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [kdx] c:\program files\kontiki\khost.exe -all
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft access runtime\office12\GrooveMonitor.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
dRunOnce: [IETI] c:\apps\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft access runtime\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: jucncy.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft access runtime\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2008-12-2 54656]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-2-23 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-2-23 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-2-23 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-2-23 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-2-23 40488]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-2-23 359248]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-2-23 144704]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-9-4 13352]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-2-23 33832]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-9-4 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-9-4 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-9-4 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-9-4 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-9-4 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-9-4 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-9-4 110120]

============== File Associations ===============

regfile=*** no open command defined ***

=============== Created Last 30 ================

2009-01-31 08:29 1,680 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-01-30 21:21 1,416 a------- c:\windows\system32\drivers\kgpcpy(60).cfg
2009-01-30 21:03 <DIR> --d----- c:\program files\viro
2009-01-30 20:24 45 a------- c:\windows\system32\RPVersion.ini
2009-01-30 20:24 743,621 a------- c:\windows\system32\RPUpdates.zip
2009-01-30 20:23 <DIR> --d----- c:\program files\RegistryPatrol3.0
2009-01-30 13:21 2,448 a------- c:\windows\system32\drivers\kgpcpy(52).cfg
2009-01-30 12:59 1,680 a------- c:\windows\system32\drivers\kgpcpy(53).cfg
2009-01-29 18:38 1,680 a------- c:\windows\system32\drivers\kgpcpy(54).cfg
2009-01-29 17:52 2,368 a------- c:\windows\system32\drivers\kgpcpy(55).cfg
2009-01-29 16:08 4,952 a------- c:\windows\system32\drivers\kgpcpy(56).cfg
2009-01-29 16:03 1,680 a------- c:\windows\system32\drivers\kgpcpy(57).cfg
2009-01-29 11:36 1,680 a------- c:\windows\system32\drivers\kgpcpy(58).cfg
2009-01-29 11:16 1,680 a------- c:\windows\system32\drivers\kgpcpy(59).cfg
2009-01-27 18:00 79,872 a------- c:\windows\system32\1a9d4785713e24269ad608483bfc550c.szcpf
2009-01-26 10:07 <DIR> --dsh--- c:\windows\system32\twain32
2009-01-26 10:07 94,208 a------- c:\windows\system32\iestat.exe
2009-01-25 12:29 1,680 a------- c:\windows\system32\drivers\kgpcpy(37).cfg
2009-01-25 11:14 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-25 08:58 3,520 a------- c:\windows\system32\drivers\kgpcpy(23).cfg
2009-01-24 11:07 1,680 a------- c:\windows\system32\drivers\kgpcpy(39).cfg
2009-01-24 11:07 1,680 a------- c:\windows\system32\drivers\kgpcpy(24).cfg
2009-01-24 08:54 1,680 a------- c:\windows\system32\drivers\kgpcpy(40).cfg
2009-01-24 08:54 1,680 a------- c:\windows\system32\drivers\kgpcpy(25).cfg
2009-01-23 23:17 1,680 a------- c:\windows\system32\drivers\kgpcpy(41).cfg
2009-01-23 23:17 1,680 a------- c:\windows\system32\drivers\kgpcpy(26).cfg
2009-01-23 22:48 1,680 a------- c:\windows\system32\drivers\kgpcpy(42).cfg
2009-01-23 22:48 1,680 a------- c:\windows\system32\drivers\kgpcpy(27).cfg
2009-01-23 22:43 <DIR> --d----- c:\program files\STOPzilla!
2009-01-23 22:06 244,024 a------- c:\windows\system32\MSFLXGRD.OCX
2009-01-23 22:06 <DIR> --d----- c:\program files\Zamaan's Software
2009-01-23 21:53 <DIR> --d----- c:\program files\Trend Micro
2009-01-22 20:57 1,680 a------- c:\windows\system32\drivers\kgpcpy(43).cfg
2009-01-22 20:57 1,680 a------- c:\windows\system32\drivers\kgpcpy(28).cfg
2009-01-22 20:53 1,680 a------- c:\windows\system32\drivers\kgpcpy(15).cfg
2009-01-22 20:50 1,680 a------- c:\windows\system32\drivers\kgpcpy(8).cfg
2009-01-22 17:36 2,088 a------- c:\windows\system32\drivers\kgpcpy(2).cfg
2009-01-21 17:31 4,584 a------- c:\windows\system32\drivers\kgpcpy(47).cfg
2009-01-21 17:31 4,584 a------- c:\windows\system32\drivers\kgpcpy(32).cfg
2009-01-21 17:31 4,584 a------- c:\windows\system32\drivers\kgpcpy(3).cfg
2009-01-21 17:31 4,584 a------- c:\windows\system32\drivers\kgpcpy(18).cfg
2009-01-21 17:31 4,584 a------- c:\windows\system32\drivers\kgpcpy(10).cfg
2009-01-21 15:09 1,680 a------- c:\windows\system32\drivers\kgpcpy(48).cfg
2009-01-21 15:09 1,680 a------- c:\windows\system32\drivers\kgpcpy(4).cfg
2009-01-21 15:09 1,680 a------- c:\windows\system32\drivers\kgpcpy(33).cfg
2009-01-21 15:09 1,680 a------- c:\windows\system32\drivers\kgpcpy(19).cfg
2009-01-21 15:09 1,680 a------- c:\windows\system32\drivers\kgpcpy(11).cfg
2009-01-21 14:43 1,680 a------- c:\windows\system32\drivers\kgpcpy(5).cfg
2009-01-21 14:43 1,680 a------- c:\windows\system32\drivers\kgpcpy(49).cfg
2009-01-21 14:43 1,680 a------- c:\windows\system32\drivers\kgpcpy(34).cfg
2009-01-21 14:43 1,680 a------- c:\windows\system32\drivers\kgpcpy(20).cfg
2009-01-21 14:43 1,680 a------- c:\windows\system32\drivers\kgpcpy(12).cfg
2009-01-21 09:16 1,680 a------- c:\windows\system32\drivers\kgpcpy(6).cfg
2009-01-21 09:16 1,680 a------- c:\windows\system32\drivers\kgpcpy(50).cfg
2009-01-21 09:16 1,680 a------- c:\windows\system32\drivers\kgpcpy(35).cfg
2009-01-21 09:16 1,680 a------- c:\windows\system32\drivers\kgpcpy(21).cfg
2009-01-21 09:16 1,680 a------- c:\windows\system32\drivers\kgpcpy(13).cfg
2009-01-20 19:15 1,680 a------- c:\windows\system32\drivers\kgpcpy(7).cfg
2009-01-20 19:15 1,680 a------- c:\windows\system32\drivers\kgpcpy(51).cfg
2009-01-20 19:15 1,680 a------- c:\windows\system32\drivers\kgpcpy(36).cfg
2009-01-20 19:15 1,680 a------- c:\windows\system32\drivers\kgpcpy(22).cfg
2009-01-20 19:15 1,680 a------- c:\windows\system32\drivers\kgpcpy(14).cfg
2009-01-20 18:18 3,520 a------- c:\windows\system32\drivers\kgpcpy(9).cfg
2009-01-20 18:18 3,520 a------- c:\windows\system32\drivers\kgpcpy(46).cfg
2009-01-20 18:18 3,520 a------- c:\windows\system32\drivers\kgpcpy(45).cfg
2009-01-20 18:18 3,520 a------- c:\windows\system32\drivers\kgpcpy(44).cfg
2009-01-20 18:18 3,520 a------- c:\windows\system32\drivers\kgpcpy(38).cfg
2009-01-20 18:18 3,520 a------- c:\windows\system32\drivers\kgpcpy(31).cfg
2009-01-20 18:18 3,520 a------- c:\windows\system32\drivers\kgpcpy(30).cfg
2009-01-20 18:18 3,520 a------- c:\windows\system32\drivers\kgpcpy(29).cfg
2009-01-20 18:18 3,520 a------- c:\windows\system32\drivers\kgpcpy(17).cfg
2009-01-20 18:18 3,520 a------- c:\windows\system32\drivers\kgpcpy(16).cfg
2009-01-20 17:49 <DIR> --d----- d:\docume~1\pat~1.pat\applic~1\IObit
2009-01-20 17:49 <DIR> --d----- c:\program files\IObit
2009-01-20 17:09 <DIR> --d----- c:\program files\Enigma Software Group
2009-01-20 16:59 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-20 14:50 <DIR> --d----- d:\docume~1\alluse~1\applic~1\SITEguard
2009-01-20 14:48 <DIR> --d----- c:\program files\common files\iS3
2009-01-20 14:48 <DIR> --d----- d:\docume~1\alluse~1\applic~1\STOPzilla!
2009-01-01 16:15 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-01 16:15 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-01 16:15 <DIR> --d----- c:\program files\iPod
2009-01-01 16:14 <DIR> --d----- d:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 16:14 <DIR> --d----- c:\program files\iTunes
2009-01-01 16:14 <DIR> --d----- c:\program files\Bonjour
2009-01-01 16:11 32,000 a------- c:\windows\system32\drivers\usbaapl.sys

==================== Find3M ====================

2009-01-25 17:35 61,298 a------- d:\docume~1\pat~1.pat\applic~1\wklnhst.dat
2008-12-17 17:26 17,408 a----r-- c:\windows\system32\SZIO5.dll
2008-12-17 17:25 282,624 a----r-- c:\windows\system32\SZBase5.dll
2008-12-17 17:24 540,672 a----r-- c:\windows\system32\SZComp5.dll
2008-12-15 13:51 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-02 15:20 54,656 a----r-- c:\windows\system32\drivers\SZKG.sys
2008-11-24 16:19 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2008-11-24 16:19 364,544 a----r-- c:\windows\system32\IS3DBA5.dll
2008-11-24 16:18 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2008-11-24 16:18 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2008-11-24 16:18 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2008-11-24 16:17 212,992 a----r-- c:\windows\system32\IS3Win325.dll
2008-11-24 16:17 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2008-11-24 16:17 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2008-11-24 16:14 708,608 a----r-- c:\windows\system32\IS3Base5.dll
2008-02-12 12:19 32 ac------ d:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 11:26:59.04 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 21/02/2007 09:37:58
System Uptime: 31/01/2009 08:27:16 (3 hours ago)

Motherboard: NEC COMPUTERS INTERNATIONAL | | GA-8I915PMD
Processor: Intel® Pentium® 4 CPU 3.06GHz | Socket 775 | 3058/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 30 GiB total, 14.345 GiB free.
D: is FIXED (NTFS) - 111 GiB total, 91.215 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\B2AF7B148500
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\B2AF7B148500
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Pat
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Pat
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP442: 17/12/2008 21:01:30 - System Checkpoint
RP443: 17/12/2008 21:01:30 - Software Distribution Service 3.0
RP444: 17/12/2008 21:01:30 - System Checkpoint
RP445: 17/12/2008 21:01:30 - System Checkpoint
RP446: 17/12/2008 21:01:30 - System Checkpoint
RP447: 17/12/2008 21:01:30 - System Checkpoint
RP448: 17/12/2008 21:01:30 - System Checkpoint
RP449: 17/12/2008 21:01:30 - System Checkpoint
RP450: 17/12/2008 21:01:30 - Software Distribution Service 3.0
RP451: 17/12/2008 21:01:30 - System Checkpoint
RP452: 17/12/2008 21:01:31 - System Checkpoint
RP453: 17/12/2008 21:01:31 - System Checkpoint
RP454: 17/12/2008 21:01:31 - System Checkpoint
RP455: 17/12/2008 21:01:31 - System Checkpoint
RP456: 17/12/2008 21:01:34 - System Checkpoint
RP457: 17/12/2008 21:01:34 - System Checkpoint
RP458: 17/12/2008 21:01:34 -
RP459: 17/12/2008 21:01:34 - System Checkpoint
RP460: 17/12/2008 21:01:34 - Software Distribution Service 3.0
RP461: 17/12/2008 21:01:34 - System Checkpoint
RP462: 17/12/2008 21:01:34 - System Checkpoint
RP463: 17/12/2008 21:01:35 - System Checkpoint
RP464: 17/12/2008 21:01:35 - System Checkpoint
RP465: 17/12/2008 21:01:35 - System Checkpoint
RP466: 17/12/2008 21:01:35 - Installed Motion Reality 3D Viewer
RP467: 17/12/2008 21:01:35 - Installed WD Anywhere Access Powered by MioNet.
RP468: 17/12/2008 21:01:35 - System Checkpoint
RP469: 17/12/2008 21:01:35 - System Checkpoint
RP470: 17/12/2008 21:01:37 - Removed WD Anywhere Access Powered by MioNet.
RP471: 17/12/2008 21:01:37 - System Checkpoint
RP472: 17/12/2008 21:01:37 - System Checkpoint
RP473: 17/12/2008 21:01:37 - System Checkpoint
RP474: 17/12/2008 21:01:37 - System Checkpoint
RP475: 17/12/2008 21:01:37 - System Checkpoint
RP476: 17/12/2008 21:01:37 - System Checkpoint
RP477: 17/12/2008 21:01:37 - Shockwave Player
RP478: 17/12/2008 21:01:37 - System Checkpoint
RP479: 17/12/2008 21:01:38 - System Checkpoint
RP480: 17/12/2008 21:01:38 - System Checkpoint
RP481: 17/12/2008 21:01:38 - System Checkpoint
RP482: 17/12/2008 21:01:38 - System Checkpoint
RP483: 17/12/2008 21:01:39 - Removed Sony Ericsson Media Manager 1.1b
RP484: 17/12/2008 21:01:40 - Installed Windows XP Wudf01005.
RP485: 17/12/2008 21:01:40 - Software Distribution Service 3.0
RP486: 17/12/2008 21:01:40 - System Checkpoint
RP487: 17/12/2008 21:01:40 - System Checkpoint
RP488: 17/12/2008 21:01:40 - System Checkpoint
RP489: 17/12/2008 21:01:40 - System Checkpoint
RP490: 17/12/2008 21:01:49 - Last known good configuration
RP491: 17/12/2008 21:25:49 - Installed Ad-Aware
RP492: 19/12/2008 12:22:59 - System Checkpoint
RP493: 20/12/2008 18:04:42 - System Checkpoint
RP494: 22/12/2008 20:04:42 - System Checkpoint
RP495: 24/12/2008 10:05:08 - System Checkpoint
RP496: 27/12/2008 19:39:34 - System Checkpoint
RP497: 29/12/2008 10:00:54 - System Checkpoint
RP498: 30/12/2008 20:08:34 - System Checkpoint
RP499: 01/01/2009 15:40:39 - System Checkpoint
RP500: 01/01/2009 16:14:53 - Installed iTunes
RP501: 02/01/2009 18:14:59 - System Checkpoint
RP502: 04/01/2009 17:52:11 - System Checkpoint
RP503: 06/01/2009 08:00:12 - System Checkpoint
RP504: 07/01/2009 12:13:36 - System Checkpoint
RP505: 08/01/2009 18:27:39 - System Checkpoint
RP506: 09/01/2009 19:27:38 - System Checkpoint
RP507: 10/01/2009 20:59:39 - System Checkpoint
RP508: 12/01/2009 09:08:57 - System Checkpoint
RP509: 13/01/2009 09:56:53 - System Checkpoint
RP510: 15/01/2009 18:26:13 - System Checkpoint
RP511: 16/01/2009 20:24:25 - System Checkpoint
RP512: 18/01/2009 15:35:29 - System Checkpoint
RP513: 21/01/2009 18:09:15 - System Checkpoint
RP514: 22/01/2009 18:39:23 - System Checkpoint
RP515: 22/01/2009 20:50:58 - Restore Operation
RP516: 22/01/2009 20:54:19 - Restore Operation
RP517: 22/01/2009 20:58:06 - Restore Operation
RP518: 23/01/2009 20:54:58 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP519: 25/01/2009 10:06:24 - System Checkpoint
RP520: 25/01/2009 12:30:53 - Restore Operation
RP521: 25/01/2009 12:34:03 - Restore Operation
RP522: 26/01/2009 18:59:45 - System Checkpoint
RP523: 28/01/2009 09:27:45 - System Checkpoint
RP524: 29/01/2009 16:51:31 - System Checkpoint
RP525: 30/01/2009 17:24:03 - System Checkpoint
RP526: 30/01/2009 21:18:58 - Restore Operation
RP527: 30/01/2009 21:26:58 - Restore Operation

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
AutoUpdate
BIONICLE Heroes Demo
Bonjour
CaddyConnect
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MP Navigator 3.0
Canon MP460
Canon MP460 User Registration
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
Canon Utilities File Viewer Utility 1.2
Canon Utilities ZoomBrowser EX
CIG
D-Fend Reloaded 0.5.0 (deinstall)
Diino 4.2.3.1
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Easy-WebPrint
File Viewer Utility 1.2
Free Internet Window Washer
FTDI USB Serial Converter Drivers
Golf Score Recorder CD
Google Earth
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iISystem Wiper 2.4.1
iTunes
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 7
Leadbetter Interactive
Lexmark Toolbar
Macromedia Shockwave Player
Mail.com Alert
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Access 2000 Runtime SR-1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Microsoft Xbox 360 Accessories 1.1
Motion Reality 3D Viewer
MP3 Rocket
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Navman NavDesk 2008
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
PC Connectivity Solution
PowerDVD
QuickTime
Realtek High Definition Audio Driver
SAMSUNG Mobile USB Modem 1.0 Software
Samsung PC Studio
ScanSoft OmniPage SE 4.0
Scoresaver
Scoresaver 2
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Skype™ 3.6
Sonic MyDVD
Sonic RecordNow!
Spelling Dictionaries Support For Adobe Reader 8
STOPzilla
Symantec Network Drivers Update
Tiger Woods Screen Saver
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Service
V1 Home 2.0
WebFldrs XP
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Zip Motion Block Video codec (Remove Only)
Zoom ADSL USB Modem

==== Event Viewer Messages From Past Week ========

25/01/2009 08:59:02, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
25/01/2009 08:59:02, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
25/01/2009 11:27:02, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
25/01/2009 11:27:04, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
29/01/2009 16:32:23, error: Print [6161] - The document http://en.wikipedia.org/wiki/Robert_Louis_Stevenson owned by Pat failed to print on printer Canon MP460 Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 3016468. Number of bytes printed: 1960172. Total number of pages in the document: 14. Number of pages printed: 0. Client machine: \\Patrick. Win32 error code returned by the print processor: 13 (0xd).
30/01/2009 21:29:48, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
31/01/2009 11:25:45, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.

==== End Of File ===========================



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:51, on 31/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Access Runtime\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\khost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Free Internet Window Washer\Clearpch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europeantour.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Access Runtime\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\khost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [waginoduzo] Rundll32.exe "C:\WINDOWS\system32\hobopuke.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] c:\apps\skype\phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] c:\apps\skype\phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Access Runtime\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: jucncy.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11812 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:52 PM

Posted 31 January 2009 - 09:21 AM

Hello pat777

Welcome to BleepingComputer :thumbup2:
========================
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 pat777

pat777
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 31 January 2009 - 11:25 AM

Thanks for your quick reply. Unfortunately I cant seem to turn off Mcafee. Also I downloaded combofix to the desktop but it does not run. When I doubleclick nothing happens. i also have problems logging in to your site and have to use a laptop instead. Any thoughts ?

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:52 PM

Posted 31 January 2009 - 11:43 AM

Ok please delete your version of Combofix.
Then see this link for disabling Mcafee:
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
====================
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 pat777

pat777
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 31 January 2009 - 12:22 PM

Thanks here are the two files you requested.

ComboFix 09-01-21.04 - Pat 2009-01-31 17:15:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.532 [GMT 0:00]
Running from: d:\documents and settings\Pat.Patrick\Desktop\Combo-fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.

2009-01-31 15:46 . 2009-01-31 15:46 <DIR> d-------- C:\Kontiki
2009-01-30 21:21 . 2007-02-21 16:30 <DIR> d-------- d:\documents and settings\Pat.Patrick.000\Application Data\You've Got Pictures Screensaver
2009-01-30 21:21 . 2005-11-08 11:38 <DIR> d-------- d:\documents and settings\Pat.Patrick.000\Application Data\Symantec
2009-01-30 21:21 . 2009-01-30 21:21 <DIR> d-------- d:\documents and settings\Pat.Patrick.000
2009-01-30 21:21 . 2009-01-30 21:21 <DIR> d--hs---- d:\documents and settings\NetworkService.NT AUTHORITY.003
2009-01-30 21:21 . 2009-01-30 21:21 <DIR> d--hs---- d:\documents and settings\LocalService.NT AUTHORITY.003
2009-01-30 21:21 . 2009-01-30 21:22 1,416 --a------ c:\windows\system32\drivers\kgpcpy(60).cfg
2009-01-30 21:03 . 2009-01-30 21:29 <DIR> d-------- c:\program files\viro
2009-01-30 20:24 . 2009-01-30 20:24 743,621 --a------ c:\windows\system32\RPUpdates.zip
2009-01-30 20:24 . 2009-01-30 20:26 45 --a------ c:\windows\system32\RPVersion.ini
2009-01-30 20:23 . 2009-01-30 20:47 <DIR> d-------- c:\program files\RegistryPatrol3.0
2009-01-30 13:21 . 2009-01-30 21:17 2,448 --a------ c:\windows\system32\drivers\kgpcpy(52).cfg
2009-01-30 12:59 . 2009-01-30 12:59 1,680 --a------ c:\windows\system32\drivers\kgpcpy(53).cfg
2009-01-29 18:38 . 2009-01-29 18:40 1,680 --a------ c:\windows\system32\drivers\kgpcpy(54).cfg
2009-01-29 17:52 . 2009-01-29 18:29 2,368 --a------ c:\windows\system32\drivers\kgpcpy(55).cfg
2009-01-29 16:08 . 2009-01-29 17:07 4,952 --a------ c:\windows\system32\drivers\kgpcpy(56).cfg
2009-01-29 16:03 . 2009-01-29 16:04 1,680 --a------ c:\windows\system32\drivers\kgpcpy(57).cfg
2009-01-29 11:36 . 2009-01-29 11:37 1,680 --a------ c:\windows\system32\drivers\kgpcpy(58).cfg
2009-01-29 11:16 . 2009-01-29 11:17 1,680 --a------ c:\windows\system32\drivers\kgpcpy(59).cfg
2009-01-27 18:00 . 2009-01-27 18:00 79,872 --a------ c:\windows\system32\1a9d4785713e24269ad608483bfc550c.szcpf
2009-01-26 10:07 . 2009-01-29 19:42 <DIR> d--hs---- c:\windows\system32\twain32
2009-01-26 10:07 . 2009-01-26 10:07 94,208 --a------ c:\windows\system32\iestat.exe
2009-01-25 12:29 . 2009-01-25 12:30 1,680 --a------ c:\windows\system32\drivers\kgpcpy(37).cfg
2009-01-25 11:14 . 2009-01-25 11:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-25 08:58 . 2009-01-25 10:21 3,520 --a------ c:\windows\system32\drivers\kgpcpy(23).cfg
2009-01-24 11:07 . 2009-01-24 11:08 1,680 --a------ c:\windows\system32\drivers\kgpcpy(39).cfg
2009-01-24 11:07 . 2009-01-24 11:08 1,680 --a------ c:\windows\system32\drivers\kgpcpy(24).cfg
2009-01-24 08:54 . 2009-01-24 08:54 1,680 --a------ c:\windows\system32\drivers\kgpcpy(40).cfg
2009-01-24 08:54 . 2009-01-24 08:54 1,680 --a------ c:\windows\system32\drivers\kgpcpy(25).cfg
2009-01-23 23:17 . 2009-01-23 23:17 1,680 --a------ c:\windows\system32\drivers\kgpcpy(41).cfg
2009-01-23 23:17 . 2009-01-23 23:17 1,680 --a------ c:\windows\system32\drivers\kgpcpy(26).cfg
2009-01-23 22:48 . 2009-01-23 22:49 1,680 --a------ c:\windows\system32\drivers\kgpcpy(42).cfg
2009-01-23 22:48 . 2009-01-23 22:49 1,680 --a------ c:\windows\system32\drivers\kgpcpy(27).cfg
2009-01-23 22:06 . 2009-01-23 22:06 <DIR> d-------- c:\program files\Zamaan's Software
2009-01-23 22:06 . 1998-06-24 13:00 244,024 --a------ c:\windows\system32\MSFLXGRD.OCX
2009-01-23 21:53 . 2009-01-23 21:53 <DIR> d-------- c:\program files\Trend Micro
2009-01-22 20:57 . 2009-01-22 20:58 1,680 --a------ c:\windows\system32\drivers\kgpcpy(43).cfg
2009-01-22 20:57 . 2009-01-22 20:58 1,680 --a------ c:\windows\system32\drivers\kgpcpy(28).cfg
2009-01-22 20:53 . 2009-01-22 20:54 1,680 --a------ c:\windows\system32\drivers\kgpcpy(15).cfg
2009-01-22 20:50 . 2009-01-22 20:51 1,680 --a------ c:\windows\system32\drivers\kgpcpy(8).cfg
2009-01-22 17:36 . 2009-01-22 20:22 2,088 --a------ c:\windows\system32\drivers\kgpcpy(2).cfg
2009-01-21 17:31 . 2009-01-21 18:22 4,584 --a------ c:\windows\system32\drivers\kgpcpy(47).cfg
2009-01-21 17:31 . 2009-01-21 18:22 4,584 --a------ c:\windows\system32\drivers\kgpcpy(32).cfg
2009-01-21 17:31 . 2009-01-21 18:22 4,584 --a------ c:\windows\system32\drivers\kgpcpy(3).cfg
2009-01-21 17:31 . 2009-01-21 18:22 4,584 --a------ c:\windows\system32\drivers\kgpcpy(18).cfg
2009-01-21 17:31 . 2009-01-21 18:22 4,584 --a------ c:\windows\system32\drivers\kgpcpy(10).cfg
2009-01-21 15:09 . 2009-01-21 15:10 1,680 --a------ c:\windows\system32\drivers\kgpcpy(48).cfg
2009-01-21 15:09 . 2009-01-21 15:10 1,680 --a------ c:\windows\system32\drivers\kgpcpy(4).cfg
2009-01-21 15:09 . 2009-01-21 15:10 1,680 --a------ c:\windows\system32\drivers\kgpcpy(33).cfg
2009-01-21 15:09 . 2009-01-21 15:10 1,680 --a------ c:\windows\system32\drivers\kgpcpy(19).cfg
2009-01-21 15:09 . 2009-01-21 15:10 1,680 --a------ c:\windows\system32\drivers\kgpcpy(11).cfg
2009-01-21 14:43 . 2009-01-21 14:44 1,680 --a------ c:\windows\system32\drivers\kgpcpy(5).cfg
2009-01-21 14:43 . 2009-01-21 14:44 1,680 --a------ c:\windows\system32\drivers\kgpcpy(49).cfg
2009-01-21 14:43 . 2009-01-21 14:44 1,680 --a------ c:\windows\system32\drivers\kgpcpy(34).cfg
2009-01-21 14:43 . 2009-01-21 14:44 1,680 --a------ c:\windows\system32\drivers\kgpcpy(20).cfg
2009-01-21 14:43 . 2009-01-21 14:44 1,680 --a------ c:\windows\system32\drivers\kgpcpy(12).cfg
2009-01-21 09:16 . 2009-01-21 09:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(6).cfg
2009-01-21 09:16 . 2009-01-21 09:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(50).cfg
2009-01-21 09:16 . 2009-01-21 09:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(35).cfg
2009-01-21 09:16 . 2009-01-21 09:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(21).cfg
2009-01-21 09:16 . 2009-01-21 09:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(13).cfg
2009-01-20 19:15 . 2009-01-20 19:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(7).cfg
2009-01-20 19:15 . 2009-01-20 19:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(51).cfg
2009-01-20 19:15 . 2009-01-20 19:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(36).cfg
2009-01-20 19:15 . 2009-01-20 19:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(22).cfg
2009-01-20 19:15 . 2009-01-20 19:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(14).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(9).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(46).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(45).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(44).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(38).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(31).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(30).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(29).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(17).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(16).cfg
2009-01-20 17:49 . 2009-01-20 17:49 <DIR> d-------- d:\documents and settings\Pat.Patrick\Application Data\IObit
2009-01-20 17:49 . 2009-01-20 17:49 <DIR> d-------- c:\program files\IObit
2009-01-20 17:09 . 2009-01-20 17:11 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-20 16:59 . 2009-01-25 11:22 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-20 14:50 . 2009-01-31 08:44 <DIR> d-------- d:\documents and settings\All Users\Application Data\SITEguard
2009-01-20 14:48 . 2009-01-31 12:50 <DIR> d-------- d:\documents and settings\All Users\Application Data\STOPzilla!
2009-01-20 14:48 . 2009-01-20 14:48 <DIR> d-------- c:\program files\Common Files\iS3
2009-01-01 16:15 . 2009-01-01 16:15 <DIR> d-------- c:\program files\iPod
2009-01-01 16:15 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-01 16:15 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-01 16:14 . 2009-01-01 16:15 <DIR> d-------- d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 16:14 . 2009-01-01 16:15 <DIR> d-------- c:\program files\iTunes
2009-01-01 16:14 . 2009-01-25 12:08 <DIR> d-------- c:\program files\Bonjour
2009-01-01 16:11 . 2009-01-01 16:11 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-01 16:11 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-18 09:12 . 2008-12-18 09:12 <DIR> d-------- d:\documents and settings\Pat.Patrick\Application Data\Malwarebytes
2008-12-18 09:12 . 2008-12-18 09:12 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 22:09 . 2008-12-17 22:09 <DIR> d-------- C:\VundoFix Backups
2008-12-17 21:25 . 2008-12-17 21:26 <DIR> d-------- d:\documents and settings\All Users\Application Data\Lavasoft
2008-12-17 21:24 . 2008-12-17 21:24 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-15 13:51 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-15 13:51 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
2008-12-15 13:51 . 2008-12-15 13:51 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-10 13:54 . 2008-12-10 13:59 <DIR> d-------- d:\documents and settings\Pat.Patrick\Application Data\PC Suite
2008-12-10 13:54 . 2008-12-15 13:43 <DIR> d-------- d:\documents and settings\Pat.Patrick\Application Data\Nokia
2008-12-10 13:54 . 2008-12-10 13:59 <DIR> d-------- d:\documents and settings\All Users\Application Data\PC Suite
2008-12-10 13:53 . 2008-12-10 13:53 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-10 13:53 . 2008-12-10 13:53 <DIR> d-------- c:\program files\DIFX
2008-12-10 13:53 . 2008-12-10 13:53 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-10 13:53 . 2008-12-10 13:53 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-10 13:53 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-10 13:53 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-12-10 13:53 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-10 13:53 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-10 13:53 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-10 13:53 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-10 13:52 . 2008-12-10 13:53 <DIR> d-------- c:\program files\Nokia
2008-12-10 13:52 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-12-10 13:47 . 2008-12-10 13:54 <DIR> d-------- d:\documents and settings\All Users\Application Data\Installations
2008-12-09 16:32 . 2008-12-09 16:32 1,584 --a------ c:\windows\TrustyFiles.INI
2008-12-09 16:22 . 2008-12-09 16:22 <DIR> d-------- d:\documents and settings\All Users\Application Data\171B5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 17:15 --------- d-----w d:\documents and settings\All Users\Application Data\Kontiki
2009-01-29 18:26 --------- d-----w c:\program files\IE5
2009-01-25 17:35 61,298 ----a-w d:\documents and settings\Pat.Patrick\Application Data\wklnhst.dat
2009-01-25 12:29 --------- d-----w c:\program files\Google
2009-01-16 14:11 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\FrostWire
2009-01-13 18:05 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Skype
2009-01-13 18:04 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\skypePM
2009-01-09 09:20 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Canon
2009-01-01 16:14 --------- d-----w c:\program files\QuickTime
2008-12-17 21:25 --------- d-----w c:\program files\Lavasoft
2008-12-12 17:12 --------- d-----w c:\program files\D-Fend Reloaded
2008-12-11 13:20 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 17:13 --------- d-----w c:\program files\Sony Ericsson
2008-12-09 17:12 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Sony
2008-12-09 17:12 --------- d-----w d:\documents and settings\All Users\Application Data\Sony Ericsson
2008-12-09 17:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 09:14 --------- d-----w d:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-16 01:00 666,112 ------w c:\windows\system32\dllcache\wininet.dll
2008-10-16 01:00 619,520 ------w c:\windows\system32\dllcache\urlmon.dll
2008-10-16 01:00 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 01:00 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-02-12 12:19 32 -c--a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2007-02-21 07:18 17,762 -c--a-w d:\documents and settings\Pat\Application Data\wklnhst.dat
2006-03-24 12:42 354 -c--a-w d:\documents and settings\Amanda\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\khost.exe" [2007-04-23 1032640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-08 180269]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"GrooveMonitor"="c:\program files\Microsoft Access Runtime\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jucncy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.mjpg"= mcmjpg32.dll
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--a--c--- 2005-06-08 16:55 57344 c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker]
--a--c--- 2003-07-02 10:13 40960 c:\apps\EmailChecker\ech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 14:00 208952 c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-08-02 16:35 7110656 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2005-08-02 16:35 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a--c--- 2005-05-11 13:48 127118 c:\apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 14:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 14:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-r---c--- 2000-10-16 08:37 32768 c:\windows\system32\rmctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-03-04 03:36 36975 c:\program files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a--c--- 2007-02-21 10:53 100056 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-11-08 18:41 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--a--c--- 2004-11-26 11:43 90112 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2005-05-03 18:43 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2005-08-02 16:35 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2005-06-29 13:25 14720000 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Access Runtime\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Access Runtime\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Access Runtime\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-09-04 13352]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-09-04 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-09-04 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-09-04 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-09-04 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-09-04 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-09-04 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-09-04 110120]
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-02-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-31 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-05-11 09:03]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKU-Default-RunOnce-IETI - c:\apps\skype\phone\IEPlugin\unins000.exe
MSConfigStartUp-EzPrint - c:\program files\Lexmark 3400 Series\ezprint.exe
MSConfigStartUp-FaxCenterServer - c:\program files\Lexmark Fax Solutions\fm3032.exe
MSConfigStartUp-IEpal - c:\program files\IEpal\IEpal.exe
MSConfigStartUp-lxcymon - c:\program files\Lexmark 3400 Series\lxcymon.exe
MSConfigStartUp-NAV CfgWiz - c:\program files\Common Files\Symantec Shared\CfgWiz.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.europeantour.com/
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 17:15:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys]
"imagepath"="\systemroot\system32\drivers\UACyqxwpuyf.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=expand:"\\systemroot\\system32\\drivers\\UACyqxwpuyf.sys"
"group"="file system"
.
Completion time: 2009-01-31 17:17:02
ComboFix-quarantined-files.txt 2009-01-31 17:16:59

Pre-Run: 15,341,817,856 bytes free
Post-Run: 15,332,229,120 bytes free

359 --- E O F --- 2008-12-11 13:20:06


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:33, on 31/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Access Runtime\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Kontiki\khost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Free Internet Window Washer\Clearpch.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europeantour.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Access Runtime\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\khost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [waginoduzo] Rundll32.exe "C:\WINDOWS\system32\hobopuke.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Access Runtime\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: jucncy.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10478 bytes

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:52 PM

Posted 31 January 2009 - 09:23 PM

HI please delete your version of Combofix and Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


Same as before You must rename it before saving it. Save it to your desktop.
Doeuble click Combo-Fix to run it follow all of the prompts.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 pat777

pat777
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 01 February 2009 - 05:17 AM

Hi,

Thanks. Have run combofix again and below is the log as requested.

ComboFix 09-01-31.01 - Pat 2009-02-01 10:10:58.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.671 [GMT 0:00]
Running from: d:\documents and settings\Pat.Patrick\Desktop\combo-fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACyqxwpuyf.sys
c:\windows\system32\UACbnmjhxdq.log
c:\windows\system32\UACbwruenjw.dll
c:\windows\system32\UACftyqxhop.dat
c:\windows\system32\UACmqbejpwt.dll
c:\windows\system32\UACpfqbxufl.dll
c:\windows\system32\UACtlewqtio.log
c:\windows\system32\UACucxnrvas.dll
c:\windows\system32\UACwmkdmtyl.log
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-01-31 22:37 . 2009-01-31 22:37 <DIR> d-------- c:\program files\Symantec
2009-01-31 15:46 . 2009-01-31 15:46 <DIR> d-------- C:\Kontiki
2009-01-30 21:21 . 2007-02-21 16:30 <DIR> d-------- d:\documents and settings\Pat.Patrick.000\Application Data\You've Got Pictures Screensaver
2009-01-30 21:21 . 2005-11-08 11:38 <DIR> d-------- d:\documents and settings\Pat.Patrick.000\Application Data\Symantec
2009-01-30 21:21 . 2009-01-30 21:21 <DIR> d-------- d:\documents and settings\Pat.Patrick.000
2009-01-30 21:21 . 2009-01-30 21:21 <DIR> d--hs---- d:\documents and settings\NetworkService.NT AUTHORITY.003
2009-01-30 21:21 . 2009-01-30 21:21 <DIR> d--hs---- d:\documents and settings\LocalService.NT AUTHORITY.003
2009-01-30 21:21 . 2009-01-30 21:22 1,416 --a------ c:\windows\system32\drivers\kgpcpy(60).cfg
2009-01-30 21:03 . 2009-01-30 21:29 <DIR> d-------- c:\program files\viro
2009-01-30 20:24 . 2009-01-30 20:24 743,621 --a------ c:\windows\system32\RPUpdates.zip
2009-01-30 20:24 . 2009-01-30 20:26 45 --a------ c:\windows\system32\RPVersion.ini
2009-01-30 20:23 . 2009-01-30 20:47 <DIR> d-------- c:\program files\RegistryPatrol3.0
2009-01-30 13:21 . 2009-01-30 21:17 2,448 --a------ c:\windows\system32\drivers\kgpcpy(52).cfg
2009-01-30 12:59 . 2009-01-30 12:59 1,680 --a------ c:\windows\system32\drivers\kgpcpy(53).cfg
2009-01-29 18:38 . 2009-01-29 18:40 1,680 --a------ c:\windows\system32\drivers\kgpcpy(54).cfg
2009-01-29 17:52 . 2009-01-29 18:29 2,368 --a------ c:\windows\system32\drivers\kgpcpy(55).cfg
2009-01-29 16:08 . 2009-01-29 17:07 4,952 --a------ c:\windows\system32\drivers\kgpcpy(56).cfg
2009-01-29 16:03 . 2009-01-29 16:04 1,680 --a------ c:\windows\system32\drivers\kgpcpy(57).cfg
2009-01-29 16:02 . 2009-01-29 16:02 5,566 --a------ c:\windows\system32\uacinit.dll
2009-01-29 11:36 . 2009-01-29 11:37 1,680 --a------ c:\windows\system32\drivers\kgpcpy(58).cfg
2009-01-29 11:16 . 2009-01-29 11:17 1,680 --a------ c:\windows\system32\drivers\kgpcpy(59).cfg
2009-01-27 18:00 . 2009-01-27 18:00 79,872 --a------ c:\windows\system32\1a9d4785713e24269ad608483bfc550c.szcpf
2009-01-26 10:07 . 2009-01-29 19:42 <DIR> d--hs---- c:\windows\system32\twain32
2009-01-26 10:07 . 2009-01-26 10:07 94,208 --a------ c:\windows\system32\iestat.exe
2009-01-25 12:29 . 2009-01-25 12:30 1,680 --a------ c:\windows\system32\drivers\kgpcpy(37).cfg
2009-01-25 11:14 . 2009-01-25 11:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-25 08:58 . 2009-01-25 10:21 3,520 --a------ c:\windows\system32\drivers\kgpcpy(23).cfg
2009-01-24 11:07 . 2009-01-24 11:08 1,680 --a------ c:\windows\system32\drivers\kgpcpy(39).cfg
2009-01-24 11:07 . 2009-01-24 11:08 1,680 --a------ c:\windows\system32\drivers\kgpcpy(24).cfg
2009-01-24 08:54 . 2009-01-24 08:54 1,680 --a------ c:\windows\system32\drivers\kgpcpy(40).cfg
2009-01-24 08:54 . 2009-01-24 08:54 1,680 --a------ c:\windows\system32\drivers\kgpcpy(25).cfg
2009-01-23 23:17 . 2009-01-23 23:17 1,680 --a------ c:\windows\system32\drivers\kgpcpy(41).cfg
2009-01-23 23:17 . 2009-01-23 23:17 1,680 --a------ c:\windows\system32\drivers\kgpcpy(26).cfg
2009-01-23 22:48 . 2009-01-23 22:49 1,680 --a------ c:\windows\system32\drivers\kgpcpy(42).cfg
2009-01-23 22:48 . 2009-01-23 22:49 1,680 --a------ c:\windows\system32\drivers\kgpcpy(27).cfg
2009-01-23 22:06 . 2009-01-23 22:06 <DIR> d-------- c:\program files\Zamaan's Software
2009-01-23 22:06 . 1998-06-24 13:00 244,024 --a------ c:\windows\system32\MSFLXGRD.OCX
2009-01-23 21:53 . 2009-01-23 21:53 <DIR> d-------- c:\program files\Trend Micro
2009-01-22 20:57 . 2009-01-22 20:58 1,680 --a------ c:\windows\system32\drivers\kgpcpy(43).cfg
2009-01-22 20:57 . 2009-01-22 20:58 1,680 --a------ c:\windows\system32\drivers\kgpcpy(28).cfg
2009-01-22 20:53 . 2009-01-22 20:54 1,680 --a------ c:\windows\system32\drivers\kgpcpy(15).cfg
2009-01-22 20:50 . 2009-01-22 20:51 1,680 --a------ c:\windows\system32\drivers\kgpcpy(8).cfg
2009-01-22 17:36 . 2009-01-22 20:22 2,088 --a------ c:\windows\system32\drivers\kgpcpy(2).cfg
2009-01-21 17:31 . 2009-01-21 18:22 4,584 --a------ c:\windows\system32\drivers\kgpcpy(47).cfg
2009-01-21 17:31 . 2009-01-21 18:22 4,584 --a------ c:\windows\system32\drivers\kgpcpy(32).cfg
2009-01-21 17:31 . 2009-01-21 18:22 4,584 --a------ c:\windows\system32\drivers\kgpcpy(3).cfg
2009-01-21 17:31 . 2009-01-21 18:22 4,584 --a------ c:\windows\system32\drivers\kgpcpy(18).cfg
2009-01-21 17:31 . 2009-01-21 18:22 4,584 --a------ c:\windows\system32\drivers\kgpcpy(10).cfg
2009-01-21 15:09 . 2009-01-21 15:10 1,680 --a------ c:\windows\system32\drivers\kgpcpy(48).cfg
2009-01-21 15:09 . 2009-01-21 15:10 1,680 --a------ c:\windows\system32\drivers\kgpcpy(4).cfg
2009-01-21 15:09 . 2009-01-21 15:10 1,680 --a------ c:\windows\system32\drivers\kgpcpy(33).cfg
2009-01-21 15:09 . 2009-01-21 15:10 1,680 --a------ c:\windows\system32\drivers\kgpcpy(19).cfg
2009-01-21 15:09 . 2009-01-21 15:10 1,680 --a------ c:\windows\system32\drivers\kgpcpy(11).cfg
2009-01-21 14:43 . 2009-01-21 14:44 1,680 --a------ c:\windows\system32\drivers\kgpcpy(5).cfg
2009-01-21 14:43 . 2009-01-21 14:44 1,680 --a------ c:\windows\system32\drivers\kgpcpy(49).cfg
2009-01-21 14:43 . 2009-01-21 14:44 1,680 --a------ c:\windows\system32\drivers\kgpcpy(34).cfg
2009-01-21 14:43 . 2009-01-21 14:44 1,680 --a------ c:\windows\system32\drivers\kgpcpy(20).cfg
2009-01-21 14:43 . 2009-01-21 14:44 1,680 --a------ c:\windows\system32\drivers\kgpcpy(12).cfg
2009-01-21 09:16 . 2009-01-21 09:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(6).cfg
2009-01-21 09:16 . 2009-01-21 09:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(50).cfg
2009-01-21 09:16 . 2009-01-21 09:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(35).cfg
2009-01-21 09:16 . 2009-01-21 09:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(21).cfg
2009-01-21 09:16 . 2009-01-21 09:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(13).cfg
2009-01-20 19:15 . 2009-01-20 19:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(7).cfg
2009-01-20 19:15 . 2009-01-20 19:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(51).cfg
2009-01-20 19:15 . 2009-01-20 19:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(36).cfg
2009-01-20 19:15 . 2009-01-20 19:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(22).cfg
2009-01-20 19:15 . 2009-01-20 19:16 1,680 --a------ c:\windows\system32\drivers\kgpcpy(14).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(9).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(46).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(45).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(44).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(38).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(31).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(30).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(29).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(17).cfg
2009-01-20 18:18 . 2009-01-20 18:49 3,520 --a------ c:\windows\system32\drivers\kgpcpy(16).cfg
2009-01-20 17:49 . 2009-01-20 17:49 <DIR> d-------- d:\documents and settings\Pat.Patrick\Application Data\IObit
2009-01-20 17:49 . 2009-01-20 17:49 <DIR> d-------- c:\program files\IObit
2009-01-20 17:09 . 2009-01-20 17:11 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-20 16:59 . 2009-01-25 11:22 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-20 14:50 . 2009-01-31 08:44 <DIR> d-------- d:\documents and settings\All Users\Application Data\SITEguard
2009-01-20 14:48 . 2009-01-31 12:50 <DIR> d-------- d:\documents and settings\All Users\Application Data\STOPzilla!
2009-01-20 14:48 . 2009-01-20 14:48 <DIR> d-------- c:\program files\Common Files\iS3
2009-01-01 16:15 . 2009-01-01 16:15 <DIR> d-------- c:\program files\iPod
2009-01-01 16:15 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-01 16:15 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-01 16:14 . 2009-01-01 16:15 <DIR> d-------- d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 16:14 . 2009-01-01 16:15 <DIR> d-------- c:\program files\iTunes
2009-01-01 16:14 . 2009-01-25 12:08 <DIR> d-------- c:\program files\Bonjour
2009-01-01 16:11 . 2009-01-01 16:11 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-01 16:11 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 10:12 --------- d-----w d:\documents and settings\All Users\Application Data\Kontiki
2009-01-31 22:37 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-31 21:53 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-29 18:26 --------- d-----w c:\program files\IE5
2009-01-25 17:35 61,298 ----a-w d:\documents and settings\Pat.Patrick\Application Data\wklnhst.dat
2009-01-25 12:29 --------- d-----w c:\program files\Google
2009-01-16 14:11 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\FrostWire
2009-01-13 18:05 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Skype
2009-01-13 18:04 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\skypePM
2009-01-09 09:20 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Canon
2009-01-01 16:14 --------- d-----w c:\program files\QuickTime
2008-12-18 09:12 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Malwarebytes
2008-12-18 09:12 --------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 21:26 --------- d-----w d:\documents and settings\All Users\Application Data\Lavasoft
2008-12-17 21:25 --------- d-----w c:\program files\Lavasoft
2008-12-17 21:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 13:51 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-15 13:43 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Nokia
2008-12-12 17:12 --------- d-----w c:\program files\D-Fend Reloaded
2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-10 13:59 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\PC Suite
2008-12-10 13:59 --------- d-----w d:\documents and settings\All Users\Application Data\PC Suite
2008-12-10 13:54 --------- d-----w d:\documents and settings\All Users\Application Data\Installations
2008-12-10 13:53 --------- d-----w c:\program files\PC Connectivity Solution
2008-12-10 13:53 --------- d-----w c:\program files\Nokia
2008-12-10 13:53 --------- d-----w c:\program files\DIFX
2008-12-10 13:53 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-10 13:53 --------- d-----w c:\program files\Common Files\Nokia
2008-12-09 17:13 --------- d-----w c:\program files\Sony Ericsson
2008-12-09 17:12 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Sony
2008-12-09 17:12 --------- d-----w d:\documents and settings\All Users\Application Data\Sony Ericsson
2008-12-09 17:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 16:22 --------- d-----w d:\documents and settings\All Users\Application Data\171B5
2008-02-12 12:19 32 -c--a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2007-02-21 07:18 17,762 -c--a-w d:\documents and settings\Pat\Application Data\wklnhst.dat
2006-03-24 12:42 354 -c--a-w d:\documents and settings\Amanda\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\khost.exe" [2007-04-23 1032640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-08 180269]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"GrooveMonitor"="c:\program files\Microsoft Access Runtime\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"RemoteControl"="c:\windows\system32\rmctrl.exe" [2000-10-16 32768]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"EmailChecker"="c:\apps\EmailChecker\ech.exe" [2003-07-02 40960]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 39792]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-10 738968]
DSLMON.lnk - c:\program files\Zoom Telephonics, Inc.\Zoom ADSL USB Modem\dslmon.exe [2007-02-21 929889]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jucncy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.mjpg"= mcmjpg32.dll
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Access Runtime\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Access Runtime\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Access Runtime\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-09-04 13352]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-09-04 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-09-04 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-09-04 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-09-04 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-09-04 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-09-04 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-09-04 110120]
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-02-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-01 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-05-11 09:03]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.europeantour.com/
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 10:13:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-01 10:15:19
ComboFix-quarantined-files.txt 2009-02-01 10:15:05

Pre-Run: 15,382,020,096 bytes free
Post-Run: 15,363,190,784 bytes free

294 --- E O F --- 2009-01-31 21:53:42

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:52 PM

Posted 01 February 2009 - 09:48 AM

1. Open notepad and copy/paste the text in the codebox below into it:



http://www.bleepingcomputer.com/forums/t/199460/google-page-differant-and-going-to-ad-pages-only/?p=1116403

Collect::
c:\windows\system32\drivers\kgpcpy(60).cfg
c:\windows\system32\drivers\kgpcpy(52).cfg
c:\windows\system32\drivers\kgpcpy(53).cfg
c:\windows\system32\drivers\kgpcpy(54).cfg
c:\windows\system32\drivers\kgpcpy(55).cfg
c:\windows\system32\drivers\kgpcpy(56).cfg
c:\windows\system32\drivers\kgpcpy(57).cfg
c:\windows\system32\drivers\kgpcpy(58).cfg
c:\windows\system32\drivers\kgpcpy(59).cfg
c:\windows\system32\1a9d4785713e24269ad608483bfc550c.szcpf
c:\windows\system32\iestat.exe
c:\windows\system32\drivers\kgpcpy(37).cfg
c:\windows\system32\drivers\kgpcpy(23).cfg
c:\windows\system32\drivers\kgpcpy(39).cfg
c:\windows\system32\drivers\kgpcpy(24).cfg
c:\windows\system32\drivers\kgpcpy(40).cfg
c:\windows\system32\drivers\kgpcpy(25).cfg
c:\windows\system32\drivers\kgpcpy(41).cfg
c:\windows\system32\drivers\kgpcpy(26).cfg
c:\windows\system32\drivers\kgpcpy(42).cfg
c:\windows\system32\drivers\kgpcpy(27).cfg
c:\windows\system32\drivers\kgpcpy(43).cfg
c:\windows\system32\drivers\kgpcpy(28).cfg
c:\windows\system32\drivers\kgpcpy(15).cfg
c:\windows\system32\drivers\kgpcpy(8).cfg
c:\windows\system32\drivers\kgpcpy(2).cfg
c:\windows\system32\drivers\kgpcpy(47).cfg
c:\windows\system32\drivers\kgpcpy(32).cfg
c:\windows\system32\drivers\kgpcpy(3).cfg
c:\windows\system32\drivers\kgpcpy(18).cfg
c:\windows\system32\drivers\kgpcpy(10).cfg
c:\windows\system32\drivers\kgpcpy(48).cfg
c:\windows\system32\drivers\kgpcpy(4).cfg
c:\windows\system32\drivers\kgpcpy(33).cfg
c:\windows\system32\drivers\kgpcpy(19).cfg
c:\windows\system32\drivers\kgpcpy(11).cfg
c:\windows\system32\drivers\kgpcpy(5).cfg
c:\windows\system32\drivers\kgpcpy(49).cfg
c:\windows\system32\drivers\kgpcpy(34).cfg
c:\windows\system32\drivers\kgpcpy(20).cfg
c:\windows\system32\drivers\kgpcpy(12).cfg
c:\windows\system32\drivers\kgpcpy(6).cfg
c:\windows\system32\drivers\kgpcpy(50).cfg
c:\windows\system32\drivers\kgpcpy(35).cfg
c:\windows\system32\drivers\kgpcpy(21).cfg
c:\windows\system32\drivers\kgpcpy(13).cfg
c:\windows\system32\drivers\kgpcpy(7).cfg
c:\windows\system32\drivers\kgpcpy(51).cfg
c:\windows\system32\drivers\kgpcpy(36).cfg
c:\windows\system32\drivers\kgpcpy(22).cfg
c:\windows\system32\drivers\kgpcpy(14).cfg
c:\windows\system32\drivers\kgpcpy(9).cfg
c:\windows\system32\drivers\kgpcpy(46).cfg
c:\windows\system32\drivers\kgpcpy(45).cfg
c:\windows\system32\drivers\kgpcpy(44).cfg
c:\windows\system32\drivers\kgpcpy(38).cfg
c:\windows\system32\drivers\kgpcpy(31).cfg
c:\windows\system32\drivers\kgpcpy(30).cfg
c:\windows\system32\drivers\kgpcpy(29).cfg
c:\windows\system32\drivers\kgpcpy(17).cfg
c:\windows\system32\drivers\kgpcpy(16).cfg

File::
c:\windows\system32\uacinit.dll
Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
===========
Note::
If Combofix fails to upload anything please do the following:
Go to Start > My Computer > C:\
Then Navigate to C:\Qoobox\Submit.zip

Click Here to upload the submit.zip please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 pat777

pat777
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 01 February 2009 - 10:34 AM

Thanx again, combofix said that the upload was successful so I guess thats ok?

Below is the last combo log as requested. Cheers


ComboFix 09-01-31.01 - Pat 2009-02-01 15:27:04.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.575 [GMT 0:00]
Running from: d:\documents and settings\Pat.Patrick\Desktop\combo-fix.exe
Command switches used :: d:\documents and settings\Pat.Patrick\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\uacinit.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\kgpcpy(10).cfg
c:\windows\system32\drivers\kgpcpy(11).cfg
c:\windows\system32\drivers\kgpcpy(12).cfg
c:\windows\system32\drivers\kgpcpy(13).cfg
c:\windows\system32\drivers\kgpcpy(14).cfg
c:\windows\system32\drivers\kgpcpy(15).cfg
c:\windows\system32\drivers\kgpcpy(16).cfg
c:\windows\system32\drivers\kgpcpy(17).cfg
c:\windows\system32\drivers\kgpcpy(18).cfg
c:\windows\system32\drivers\kgpcpy(19).cfg
c:\windows\system32\drivers\kgpcpy(2).cfg
c:\windows\system32\drivers\kgpcpy(20).cfg
c:\windows\system32\drivers\kgpcpy(21).cfg
c:\windows\system32\drivers\kgpcpy(22).cfg
c:\windows\system32\drivers\kgpcpy(23).cfg
c:\windows\system32\drivers\kgpcpy(24).cfg
c:\windows\system32\drivers\kgpcpy(25).cfg
c:\windows\system32\drivers\kgpcpy(26).cfg
c:\windows\system32\drivers\kgpcpy(27).cfg
c:\windows\system32\drivers\kgpcpy(28).cfg
c:\windows\system32\drivers\kgpcpy(29).cfg
c:\windows\system32\drivers\kgpcpy(3).cfg
c:\windows\system32\drivers\kgpcpy(30).cfg
c:\windows\system32\drivers\kgpcpy(31).cfg
c:\windows\system32\drivers\kgpcpy(32).cfg
c:\windows\system32\drivers\kgpcpy(33).cfg
c:\windows\system32\drivers\kgpcpy(34).cfg
c:\windows\system32\drivers\kgpcpy(35).cfg
c:\windows\system32\drivers\kgpcpy(36).cfg
c:\windows\system32\drivers\kgpcpy(37).cfg
c:\windows\system32\drivers\kgpcpy(38).cfg
c:\windows\system32\drivers\kgpcpy(39).cfg
c:\windows\system32\drivers\kgpcpy(4).cfg
c:\windows\system32\drivers\kgpcpy(40).cfg
c:\windows\system32\drivers\kgpcpy(41).cfg
c:\windows\system32\drivers\kgpcpy(42).cfg
c:\windows\system32\drivers\kgpcpy(43).cfg
c:\windows\system32\drivers\kgpcpy(44).cfg
c:\windows\system32\drivers\kgpcpy(45).cfg
c:\windows\system32\drivers\kgpcpy(46).cfg
c:\windows\system32\drivers\kgpcpy(47).cfg
c:\windows\system32\drivers\kgpcpy(48).cfg
c:\windows\system32\drivers\kgpcpy(49).cfg
c:\windows\system32\drivers\kgpcpy(5).cfg
c:\windows\system32\drivers\kgpcpy(50).cfg
c:\windows\system32\drivers\kgpcpy(51).cfg
c:\windows\system32\drivers\kgpcpy(52).cfg
c:\windows\system32\drivers\kgpcpy(53).cfg
c:\windows\system32\drivers\kgpcpy(54).cfg
c:\windows\system32\drivers\kgpcpy(55).cfg
c:\windows\system32\drivers\kgpcpy(56).cfg
c:\windows\system32\drivers\kgpcpy(57).cfg
c:\windows\system32\drivers\kgpcpy(58).cfg
c:\windows\system32\drivers\kgpcpy(59).cfg
c:\windows\system32\drivers\kgpcpy(6).cfg
c:\windows\system32\drivers\kgpcpy(60).cfg
c:\windows\system32\drivers\kgpcpy(7).cfg
c:\windows\system32\drivers\kgpcpy(8).cfg
c:\windows\system32\drivers\kgpcpy(9).cfg
c:\windows\system32\uacinit.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-01-31 22:37 . 2009-01-31 22:37 <DIR> d-------- c:\program files\Symantec
2009-01-31 15:46 . 2009-01-31 15:46 <DIR> d-------- C:\Kontiki
2009-01-30 21:21 . 2007-02-21 16:30 <DIR> d-------- d:\documents and settings\Pat.Patrick.000\Application Data\You've Got Pictures Screensaver
2009-01-30 21:21 . 2005-11-08 11:38 <DIR> d-------- d:\documents and settings\Pat.Patrick.000\Application Data\Symantec
2009-01-30 21:21 . 2009-01-30 21:21 <DIR> d-------- d:\documents and settings\Pat.Patrick.000
2009-01-30 21:21 . 2009-01-30 21:21 <DIR> d--hs---- d:\documents and settings\NetworkService.NT AUTHORITY.003
2009-01-30 21:21 . 2009-01-30 21:21 <DIR> d--hs---- d:\documents and settings\LocalService.NT AUTHORITY.003
2009-01-30 21:03 . 2009-01-30 21:29 <DIR> d-------- c:\program files\viro
2009-01-30 20:24 . 2009-01-30 20:24 743,621 --a------ c:\windows\system32\RPUpdates.zip
2009-01-30 20:24 . 2009-01-30 20:26 45 --a------ c:\windows\system32\RPVersion.ini
2009-01-30 20:23 . 2009-01-30 20:47 <DIR> d-------- c:\program files\RegistryPatrol3.0
2009-01-26 10:07 . 2009-01-29 19:42 <DIR> d--hs---- c:\windows\system32\twain32
2009-01-25 11:14 . 2009-01-25 11:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-23 22:06 . 2009-01-23 22:06 <DIR> d-------- c:\program files\Zamaan's Software
2009-01-23 22:06 . 1998-06-24 13:00 244,024 --a------ c:\windows\system32\MSFLXGRD.OCX
2009-01-23 21:53 . 2009-01-23 21:53 <DIR> d-------- c:\program files\Trend Micro
2009-01-20 17:49 . 2009-01-20 17:49 <DIR> d-------- d:\documents and settings\Pat.Patrick\Application Data\IObit
2009-01-20 17:49 . 2009-01-20 17:49 <DIR> d-------- c:\program files\IObit
2009-01-20 17:09 . 2009-01-20 17:11 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-20 16:59 . 2009-01-25 11:22 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-20 14:50 . 2009-01-31 08:44 <DIR> d-------- d:\documents and settings\All Users\Application Data\SITEguard
2009-01-20 14:48 . 2009-01-31 12:50 <DIR> d-------- d:\documents and settings\All Users\Application Data\STOPzilla!
2009-01-20 14:48 . 2009-01-20 14:48 <DIR> d-------- c:\program files\Common Files\iS3
2009-01-01 16:15 . 2009-01-01 16:15 <DIR> d-------- c:\program files\iPod
2009-01-01 16:15 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-01 16:15 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-01 16:14 . 2009-01-01 16:15 <DIR> d-------- d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 16:14 . 2009-01-01 16:15 <DIR> d-------- c:\program files\iTunes
2009-01-01 16:14 . 2009-01-25 12:08 <DIR> d-------- c:\program files\Bonjour
2009-01-01 16:11 . 2009-01-01 16:11 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-01 16:11 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 15:27 --------- d-----w d:\documents and settings\All Users\Application Data\Kontiki
2009-01-31 22:37 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-31 21:53 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-29 18:26 --------- d-----w c:\program files\IE5
2009-01-25 17:35 61,298 ----a-w d:\documents and settings\Pat.Patrick\Application Data\wklnhst.dat
2009-01-25 12:29 --------- d-----w c:\program files\Google
2009-01-16 14:11 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\FrostWire
2009-01-13 18:05 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Skype
2009-01-13 18:04 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\skypePM
2009-01-09 09:20 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Canon
2009-01-01 16:14 --------- d-----w c:\program files\QuickTime
2008-12-18 09:12 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Malwarebytes
2008-12-18 09:12 --------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 21:26 --------- d-----w d:\documents and settings\All Users\Application Data\Lavasoft
2008-12-17 21:25 --------- d-----w c:\program files\Lavasoft
2008-12-17 21:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 13:51 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-15 13:43 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Nokia
2008-12-12 17:12 --------- d-----w c:\program files\D-Fend Reloaded
2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-10 13:59 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\PC Suite
2008-12-10 13:59 --------- d-----w d:\documents and settings\All Users\Application Data\PC Suite
2008-12-10 13:54 --------- d-----w d:\documents and settings\All Users\Application Data\Installations
2008-12-10 13:53 --------- d-----w c:\program files\PC Connectivity Solution
2008-12-10 13:53 --------- d-----w c:\program files\Nokia
2008-12-10 13:53 --------- d-----w c:\program files\DIFX
2008-12-10 13:53 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-10 13:53 --------- d-----w c:\program files\Common Files\Nokia
2008-12-09 17:13 --------- d-----w c:\program files\Sony Ericsson
2008-12-09 17:12 --------- d-----w d:\documents and settings\Pat.Patrick\Application Data\Sony
2008-12-09 17:12 --------- d-----w d:\documents and settings\All Users\Application Data\Sony Ericsson
2008-12-09 17:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 16:22 --------- d-----w d:\documents and settings\All Users\Application Data\171B5
2008-02-12 12:19 32 -c--a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2007-02-21 07:18 17,762 -c--a-w d:\documents and settings\Pat\Application Data\wklnhst.dat
2006-03-24 12:42 354 -c--a-w d:\documents and settings\Amanda\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2009-02-01_10.14.09.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-01 09:07:11 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-01 13:31:31 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-01 09:07:11 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-01 13:31:31 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\khost.exe" [2007-04-23 1032640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-08 180269]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"GrooveMonitor"="c:\program files\Microsoft Access Runtime\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"RemoteControl"="c:\windows\system32\rmctrl.exe" [2000-10-16 32768]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"EmailChecker"="c:\apps\EmailChecker\ech.exe" [2003-07-02 40960]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 39792]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-10 738968]
DSLMON.lnk - c:\program files\Zoom Telephonics, Inc.\Zoom ADSL USB Modem\dslmon.exe [2007-02-21 929889]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jucncy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.mjpg"= mcmjpg32.dll
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Access Runtime\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Access Runtime\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Access Runtime\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-09-04 13352]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-09-04 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-09-04 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-09-04 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-09-04 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-09-04 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-09-04 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-09-04 110120]
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-02-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-01 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-05-11 09:03]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.europeantour.com/
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 15:28:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-01 15:30:40
ComboFix-quarantined-files.txt 2009-02-01 15:30:26
ComboFix2.txt 2009-02-01 10:15:21

Pre-Run: 15,350,661,120 bytes free
Post-Run: 15,331,139,584 bytes free

290 --- E O F --- 2009-01-31 21:53:42

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:52 PM

Posted 01 February 2009 - 10:42 AM

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===========================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 pat777

pat777
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 02 February 2009 - 05:03 PM

Hi,

Both done and logs as below, thanks again


Malwarebytes' Anti-Malware 1.33
Database version: 1717
Windows 5.1.2600 Service Pack 3

02/02/2009 21:22:39
mbam-log-2009-02-02 (21-22-39).txt

Scan type: Quick Scan
Objects scanned: 89906
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Monday, February 2, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 02, 2009 21:11:29
Records in database: 1738310


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 97845
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:11:38

No malware has been detected. The scan area is clean.
The selected area was scanned.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:52 PM

Posted 02 February 2009 - 05:56 PM

You are welcome how are things running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 pat777

pat777
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 03 February 2009 - 11:01 AM

Hi again,

Things are running really well, it seems every thing is ok and google back to normal. Why dont the ordinary scans such as adaware pick these things up ?


Cheers again

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:52 PM

Posted 04 February 2009 - 08:10 AM

Scanners cannot keep up with everything.
ADaware used to be good but I recommend Malwarebytes over any of those programs now.
==============
I see that you have Frostwire installed.
Having P2p programs such as these raise the possibility of getting infected again.
See here for information on P2P's.
I will leave it up to you if you want to remove it.
To remove it just simply uninstall it then delete this folder>C:\Program Files\Frostwire
===========================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbup2:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 pat777

pat777
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 05 February 2009 - 07:35 AM

Well, that all seems to be excellent and everything running really well, I am extremely grateful for all your help.
All the best..........Pat




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users