Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with 'ufp 007 spy'


  • This topic is locked This topic is locked
12 replies to this topic

#1 SRacer2000

SRacer2000

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 10 March 2009 - 07:32 PM

SpySweeper shows my system as infected with 'ufp 007 spy' but won't remove it. Help me out here, Please.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Gage Brumbaugh at 16:59:20.53 on Tue 03/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.792 [GMT -7:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\User Profile Hive Cleanup\uphclean.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Norton SystemWorks\NswUiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hack-It\HackIt.exe
C:\Program Files\Shove-it\Shove-it.exe
C:\Program Files\Sizer\sizer.exe
C:\Program Files\TrayMenu\TrayMenu.exe
C:\Program Files\Volume OSD\osd_vol.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
E:\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.0.0.125\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\soundmax\SMax4PNP.exe"
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AGRSMMSG] "AGRSMMSG.exe"
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [eabconfg.cpl] "c:\program files\hpq\quick launch buttons\EabServr.exe" /Start
mRun: [NSWosCheck] "c:\program files\norton systemworks\osCheck.exe"
mRun: [NswUiTray] "c:\program files\norton systemworks\NswUiTray.exe"
mRun: [BIH] "c:\windows\system32\rundll32.exe" bih.dll,InitGauge
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\gagebr~1\startm~1\programs\startup\hack-i~1.lnk - c:\program files\hack-it\HackIt.exe
StartupFolder: c:\docume~1\gagebr~1\startm~1\programs\startup\shove-it.lnk - c:\program files\shove-it\Shove-it.exe
StartupFolder: c:\docume~1\gagebr~1\startm~1\programs\startup\sizer.lnk - c:\program files\sizer\sizer.exe
StartupFolder: c:\docume~1\gagebr~1\startm~1\programs\startup\trayme~1.lnk - c:\program files\traymenu\TrayMenu.exe
StartupFolder: c:\docume~1\gagebr~1\startm~1\programs\startup\volume~1.lnk - c:\program files\volume osd\osd_vol.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235969624046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {C7765066-E071-40E9-A859-793AEE4DE251} = 24.116.2.34,24.116.0.202
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gagebr~1\applic~1\mozilla\firefox\profiles\lfjylx0a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2009-3-1 5632]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-13 29808]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1000000.07d\SymEFA.sys [2009-3-1 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1000000.07d\BHDrvx86.sys [2009-3-1 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1000000.07d\ccHPx86.sys [2009-3-1 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090308.002\IDSxpx86.sys [2009-3-9 276344]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-3 10384]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.0.0.125\ccSvcHst.exe [2009-3-1 115560]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2008-9-25 95600]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-2-13 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-3-3 1180976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-2 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090309.025\NAVENG.SYS [2009-3-9 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090309.025\NAVEX15.SYS [2009-3-9 876144]

=============== Created Last 30 ================

2009-03-08 16:11 <DIR> --d----- c:\program files\Microangelo Toolset 6
2009-03-08 16:10 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-08 16:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-08 16:03 <DIR> --d----- c:\program files\Search and Replace
2009-03-08 16:02 <DIR> --d----- c:\program files\TrashReg
2009-03-08 16:01 <DIR> --d----- c:\program files\RegCOPA
2009-03-08 16:01 <DIR> --d----- c:\program files\common files\InterVations
2009-03-08 16:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\InterVations
2009-03-08 15:59 92,544 a------- c:\windows\system32\drivers\mcdbus.sys
2009-03-08 15:59 <DIR> --d----- c:\program files\MagicDisc
2009-03-08 15:59 <DIR> --d----- c:\program files\FreshDiagnose
2009-03-08 15:56 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2009-03-08 15:55 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-08 15:55 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 15:55 <DIR> --d----- c:\program files\iPod
2009-03-08 15:55 <DIR> --d----- c:\program files\iTunes
2009-03-08 15:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-08 15:55 <DIR> --d----- c:\program files\Bonjour
2009-03-08 15:50 <DIR> --d----- c:\program files\eMule Plus
2009-03-08 15:48 <DIR> --d----- c:\program files\Skype
2009-03-08 15:46 <DIR> --d----- c:\program files\RapGet
2009-03-07 22:32 <DIR> --d--r-- c:\temp\Start Menu
2009-03-07 22:24 <DIR> --d----- c:\program files\FTP Explorer
2009-03-05 19:03 <DIR> --d----- c:\program files\Classic Menu for Office
2009-03-05 18:01 <DIR> --d----- c:\program files\MSECache
2009-03-05 17:18 32,592 a------- c:\windows\system32\msonpmon.dll
2009-03-05 17:01 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-03-05 17:00 <DIR> --d----- c:\windows\SHELLNEW
2009-03-04 21:03 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-04 20:03 <DIR> --dsh--- C:\Diskeeper
2009-03-03 21:29 <DIR> --d----- c:\windows\Easy CD-DA Extractor 11.5.3
2009-03-03 21:29 <DIR> --d----- c:\program files\Easy CD-DA Extractor 11
2009-03-03 21:23 10,384 a------- c:\windows\system32\drivers\LBeepKE.sys
2009-03-03 21:22 301,656 a------- c:\windows\system32\BtCoreIf.dll
2009-03-03 21:21 170,512 a------- c:\windows\system32\kemutb.dll
2009-03-03 21:21 117,264 a------- c:\windows\system32\KemWnd.dll
2009-03-03 21:21 84,496 a------- c:\windows\system32\KemXML.dll
2009-03-03 21:21 145,936 a------- c:\windows\system32\KemUtil.dll
2009-03-03 19:30 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-03 18:52 <DIR> --d----- c:\program files\MSSOAP
2009-03-03 18:51 1,553,784 a------- c:\windows\WRSetup.dll
2009-03-03 18:51 <DIR> --d----- c:\program files\Webroot
2009-03-03 18:51 <DIR> --d----- c:\docume~1\gagebr~1\applic~1\Webroot
2009-03-03 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-03-03 18:51 164 a------- c:\windows\install.dat
2009-03-03 18:42 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-03-03 18:41 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-03-03 18:41 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-03-03 18:41 38,400 a------- c:\windows\system32\hpz3l4sa.dll
2009-03-03 18:41 132 a------- c:\windows\system32\AddPort.ini
2009-03-03 18:39 804 a------- c:\windows\hpntwksetup.ini
2009-03-03 18:37 <DIR> --d----- c:\windows\carrier
2009-03-03 18:37 <DIR> --d----- c:\program files\HP
2009-03-03 18:37 140,527 a------- c:\windows\hpwins05.dat
2009-03-03 18:36 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-03-03 18:34 <DIR> --d----- c:\program files\ID3-TagIT 3
2009-03-03 18:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ID3-TagIT 3
2009-03-03 18:33 1,101,824 a------- c:\windows\hpzshl01.exe
2009-03-03 18:33 1,101,824 a------- c:\windows\hpzmsi01.exe
2009-03-03 18:33 876,544 a------- c:\windows\system32\hpwwiax1.dll
2009-03-03 18:33 835,072 a------- c:\windows\system32\hpwtiop1.dll
2009-03-03 18:33 286,720 a------- c:\windows\system32\HPZc3212.dll
2009-03-03 18:33 258,122 a------- c:\windows\system32\hpovst09.dll
2009-03-03 18:33 77,824 a------- c:\windows\system32\hpzids01.dll
2009-03-03 18:33 36,864 a------- c:\windows\system32\hpw7x00co.dll
2009-03-03 18:33 12,400 a------- c:\windows\hpwscr05.dat
2009-03-03 18:33 3,953 a------- c:\windows\hpwmdl05.dat
2009-03-03 18:31 <DIR> --d----- C:\Temp
2009-03-03 18:26 <DIR> --d----- c:\program files\Volume OSD
2009-03-03 18:09 6,480 a------- c:\windows\movexe.exe
2009-03-03 18:08 <DIR> --d----- c:\program files\Shove-it
2009-03-03 18:06 <DIR> --d----- c:\program files\Hack-It
2009-03-03 18:04 14,848 a------- c:\windows\system32\3dcc.cpl
2009-03-03 18:04 <DIR> --d----- c:\program files\3D Color Changer 4
2009-03-03 18:02 <DIR> --d----- c:\program files\Sizer
2009-03-03 18:02 <DIR> --d----- c:\program files\TrayMenu
2009-03-02 21:55 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-02 21:55 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-02 21:55 <DIR> --d----- c:\windows\system32\Adobe
2009-03-02 21:54 <DIR> --d----- c:\program files\Accessories
2009-03-02 21:53 <DIR> --d----- c:\program files\MozBackup
2009-03-02 21:53 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-02 20:30 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-02 20:30 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-01 22:39 <DIR> --d----- c:\docume~1\gagebr~1\applic~1\X-Setup Pro
2009-03-01 22:39 <DIR> --d----- c:\program files\X-Setup Pro
2009-03-01 22:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\X-Setup Pro
2009-03-01 22:24 <DIR> --d----- c:\program files\Lavasoft
2009-03-01 22:24 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-01 22:18 <DIR> --d----- c:\program files\common files\Diskeeper Corporation
2009-03-01 22:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Diskeeper Corporation
2009-03-01 22:18 <DIR> --d----- c:\program files\Diskeeper Corporation
2009-03-01 22:15 <DIR> --d----- c:\program files\common files\EZB Systems
2009-03-01 22:15 <DIR> --d----- c:\program files\UltraISO
2009-03-01 22:13 167,936 a------- c:\windows\system32\SendToToys.cpl
2009-03-01 22:13 90,112 a------- c:\windows\SendToClip.exe
2009-03-01 22:13 <DIR> --d----- c:\program files\Send To Toys
2009-03-01 22:12 <DIR> --d----- c:\program files\SyncBackSE
2009-03-01 22:10 666 a------- c:\windows\unins000.dat
2009-03-01 22:09 <DIR> --d----- c:\program files\Unlocker
2009-03-01 22:07 <DIR> --d----- c:\program files\User Profile Hive Cleanup
2009-03-01 22:06 <DIR> --d----- c:\program files\Microsoft Color Control Panel Applet for Windows XP
2009-03-01 22:06 <DIR> --d----- c:\windows\Downloaded Installations
2009-03-01 21:58 208,896 a------- c:\windows\system32\bih.dll
2009-03-01 21:58 <DIR> --d----- c:\program files\BatteryInfo
2009-03-01 21:55 266,360 a------- c:\windows\system32\TweakUI.exe
2009-03-01 21:55 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-03-01 21:45 <DIR> --d----- C:\I386
2009-03-01 21:20 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-01 21:19 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-01 21:19 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-01 21:19 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-01 21:19 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-01 21:19 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-01 21:19 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-01 21:19 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-01 21:15 873,374 a------- c:\windows\system32\oem18.inf
2009-03-01 21:15 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-03-01 21:14 <DIR> --d----- c:\windows\system32\LogFiles
2009-03-01 21:12 <DIR> --d----- c:\windows\system32\URTTemp
2009-03-01 21:12 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-03-01 21:12 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-01 21:12 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-03-01 21:12 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-03-01 21:12 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-03-01 21:12 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-03-01 21:12 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-03-01 21:12 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-01 21:12 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-03-01 20:45 <DIR> --d----- c:\program files\PerformanceTest
2009-03-01 20:45 <DIR> --d----- c:\program files\Smith Micro
2009-03-01 20:41 35,888 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-03-01 20:41 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-03-01 20:41 <DIR> --d----- c:\program files\Norton AntiVirus
2009-03-01 20:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-03-01 20:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-03-01 20:40 <DIR> --d----- c:\program files\NortonInstaller
2009-03-01 20:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-03-01 20:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonSystemWorks
2009-03-01 20:37 <DIR> --d----- c:\program files\Norton SystemWorks
2009-03-01 20:37 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-01 20:37 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-01 20:37 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-01 20:37 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-01 20:37 <DIR> --d----- c:\program files\Symantec
2009-03-01 20:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-03-01 20:37 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-03-01 20:17 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-01 20:16 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-01 20:16 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-01 20:16 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-01 20:16 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-01 20:14 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-01 20:14 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-01 20:08 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-01 20:08 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-01 20:07 <DIR> --dsh--- c:\documents and settings\gage brumbaugh\UserData
2009-03-01 19:59 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-01 19:54 <DIR> --d----- c:\windows\tiinst
2009-03-01 19:53 70,656 a------- c:\windows\system32\drivers\Rtlnicxp.sys
2009-03-01 19:52 425,984 a------- c:\windows\system32\hpqPres.dll
2009-03-01 19:52 225,280 a------- c:\windows\system32\cpqinfo.dll
2009-03-01 19:52 65,536 a------- c:\windows\system32\hpqactn.dll
2009-03-01 19:52 32,768 a------- c:\windows\system32\eabhbrn8.dll
2009-03-01 19:52 5,220 a------- c:\windows\system32\drivers\EabUsb.sys
2009-03-01 19:52 7,432 a------- c:\windows\system32\drivers\eabfiltr.sys
2009-03-01 19:52 <DIR> --d----- c:\program files\HPQ
2009-03-01 19:51 15,781 a------- c:\windows\system32\drivers\mdc8021x.sys
2009-03-01 19:51 1,237,095 -------- c:\windows\system32\BCMWLCPL.CPL
2009-03-01 19:51 913,408 -------- c:\windows\system32\AegisE5.dll
2009-03-01 19:51 671,846 -------- c:\windows\system32\BCMWLTRY.EXE
2009-03-01 19:51 110,592 -------- c:\windows\system32\AegisI5.exe
2009-03-01 19:51 81,920 -------- c:\windows\system32\wltrynt.dll
2009-03-01 19:51 69,632 -------- c:\windows\system32\BCMLogon.dll
2009-03-01 19:51 57,344 -------- c:\windows\system32\WLTRYSVC.EXE
2009-03-01 19:51 176,128 a------- c:\windows\system32\bcmwlu00.EXE
2009-03-01 19:51 69,632 a------- c:\windows\system32\bcmwlD2K.EXE
2009-03-01 19:51 1,391,104 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-03-01 19:50 5,632 a----r-- c:\windows\system32\drivers\atiide.sys
2009-03-01 19:50 <DIR> --d----- c:\program files\ATI Technologies
2009-03-01 19:48 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-03-01 19:48 94,601 a------- c:\windows\system32\drivers\Apfiltr.sys
2009-03-01 19:48 87,821 a------- c:\windows\system32\Vxdif.dll
2009-03-01 19:48 <DIR> --d----- c:\program files\Apoint2K
2009-03-01 19:47 <DIR> --d----- c:\windows\Options
2009-03-01 19:47 <DIR> --d----- C:\SWSetup
2009-03-01 19:46 <DIR> --d----- c:\program files\Analog Devices
2009-03-01 19:45 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-03-01 19:35 <DIR> --d----- c:\documents and settings\Gage Brumbaugh
2009-03-01 19:33 <DIR> --ds---- c:\windows\system32\Microsoft
2009-03-01 19:32 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-01 19:30 15,872 ac------ c:\windows\system32\dllcache\padrs404.dll
2009-03-01 19:29 5,632 ac------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-03-01 19:28 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-01 19:28 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-03-01 19:28 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-01 19:28 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-03-01 19:28 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-03-01 19:28 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-01 19:28 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-01 19:28 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-03-01 19:28 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-03-01 19:28 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-03-01 19:28 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-03-01 19:28 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-01 19:28 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-03-01 19:27 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-01 19:25 <DIR> --d----- c:\program files\Online Services
2009-03-01 19:25 <DIR> --d----- c:\program files\Messenger
2009-03-01 19:25 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-01 19:24 <DIR> --d----- c:\program files\Windows NT
2009-03-01 12:16 <DIR> --d----- c:\program files\common files\ODBC
2009-03-01 12:16 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-01 12:16 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-03-01 22:10 72,748 a------- c:\windows\unins000.exe
2009-03-01 20:07 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-01 19:26 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-13 17:09 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-02-13 17:09 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-13 17:09 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 17:00:01.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:17 AM

Posted 22 March 2009 - 01:04 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 SRacer2000

SRacer2000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 22 March 2009 - 11:58 PM

SpySweeper shows my system as infected with 'ufp 007 spy' but won't remove it. Help me out here, Please.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Gage Brumbaugh at 21:55:04.14 on Sun 03/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.685 [GMT -7:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\User Profile Hive Cleanup\uphclean.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Norton SystemWorks\NswUiTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hack-It\HackIt.exe
C:\Program Files\Shove-it\Shove-it.exe
C:\Program Files\Sizer\sizer.exe
C:\Program Files\TrayMenu\TrayMenu.exe
C:\Program Files\Volume OSD\osd_vol.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gage Brumbaugh\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.0.0.125\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\soundmax\SMax4PNP.exe"
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AGRSMMSG] "AGRSMMSG.exe"
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [eabconfg.cpl] "c:\program files\hpq\quick launch buttons\EabServr.exe" /Start
mRun: [NSWosCheck] "c:\program files\norton systemworks\osCheck.exe"
mRun: [NswUiTray] "c:\program files\norton systemworks\NswUiTray.exe"
mRun: [BIH] "c:\windows\system32\rundll32.exe" bih.dll,InitGauge
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\gagebr~1\startm~1\programs\startup\hack-i~1.lnk - c:\program files\hack-it\HackIt.exe
StartupFolder: c:\docume~1\gagebr~1\startm~1\programs\startup\shove-it.lnk - c:\program files\shove-it\Shove-it.exe
StartupFolder: c:\docume~1\gagebr~1\startm~1\programs\startup\sizer.lnk - c:\program files\sizer\sizer.exe
StartupFolder: c:\docume~1\gagebr~1\startm~1\programs\startup\trayme~1.lnk - c:\program files\traymenu\TrayMenu.exe
StartupFolder: c:\docume~1\gagebr~1\startm~1\programs\startup\volume~1.lnk - c:\program files\volume osd\osd_vol.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gagebr~1\applic~1\mozilla\firefox\profiles\lfjylx0a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2009-3-1 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-11 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-13 29808]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1000000.07d\SymEFA.sys [2009-3-1 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1000000.07d\BHDrvx86.sys [2009-3-1 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1000000.07d\ccHPx86.sys [2009-3-1 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090310.003\IDSXpx86.sys [2009-3-12 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-3 10384]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.0.0.125\ccSvcHst.exe [2009-3-1 115560]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2008-9-25 95600]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-2-13 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-3-3 1180976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-2 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090312.032\naveng.sys [2009-3-12 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090312.032\navex15.sys [2009-3-12 876144]

=============== Created Last 30 ================

2009-03-11 21:33 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-11 21:26 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-11 21:25 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 21:25 <DIR> --d----- c:\program files\Lavasoft
2009-03-08 16:11 <DIR> --d----- c:\program files\Microangelo Toolset 6
2009-03-08 16:10 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-08 16:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-08 16:03 <DIR> --d----- c:\program files\Search and Replace
2009-03-08 16:02 <DIR> --d----- c:\program files\TrashReg
2009-03-08 16:01 <DIR> --d----- c:\program files\RegCOPA
2009-03-08 16:01 <DIR> --d----- c:\program files\common files\InterVations
2009-03-08 16:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\InterVations
2009-03-08 15:59 92,544 a------- c:\windows\system32\drivers\mcdbus.sys
2009-03-08 15:59 <DIR> --d----- c:\program files\MagicDisc
2009-03-08 15:59 <DIR> --d----- c:\program files\FreshDiagnose
2009-03-08 15:56 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2009-03-08 15:55 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-08 15:55 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 15:55 <DIR> --d----- c:\program files\iPod
2009-03-08 15:55 <DIR> --d----- c:\program files\iTunes
2009-03-08 15:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-08 15:55 <DIR> --d----- c:\program files\Bonjour
2009-03-08 15:50 <DIR> --d----- c:\program files\eMule Plus
2009-03-08 15:48 <DIR> --d----- c:\program files\Skype
2009-03-08 15:46 <DIR> --d----- c:\program files\RapGet
2009-03-07 22:32 <DIR> --d--r-- c:\temp\Start Menu
2009-03-07 22:24 <DIR> --d----- c:\program files\FTP Explorer
2009-03-05 19:03 <DIR> --d----- c:\program files\Classic Menu for Office
2009-03-05 18:01 <DIR> --d----- c:\program files\MSECache
2009-03-05 17:18 32,592 a------- c:\windows\system32\msonpmon.dll
2009-03-05 17:01 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-03-05 17:00 <DIR> --d----- c:\windows\SHELLNEW
2009-03-04 21:03 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-04 20:03 <DIR> --dsh--- C:\Diskeeper
2009-03-03 21:29 <DIR> --d----- c:\windows\Easy CD-DA Extractor 11.5.3
2009-03-03 21:29 <DIR> --d----- c:\program files\Easy CD-DA Extractor 11
2009-03-03 21:23 10,384 a------- c:\windows\system32\drivers\LBeepKE.sys
2009-03-03 21:22 301,656 a------- c:\windows\system32\BtCoreIf.dll
2009-03-03 21:21 170,512 a------- c:\windows\system32\kemutb.dll
2009-03-03 21:21 117,264 a------- c:\windows\system32\KemWnd.dll
2009-03-03 21:21 84,496 a------- c:\windows\system32\KemXML.dll
2009-03-03 21:21 145,936 a------- c:\windows\system32\KemUtil.dll
2009-03-03 19:30 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-03 18:52 <DIR> --d----- c:\program files\MSSOAP
2009-03-03 18:51 1,553,784 a------- c:\windows\WRSetup.dll
2009-03-03 18:51 <DIR> --d----- c:\program files\Webroot
2009-03-03 18:51 <DIR> --d----- c:\docume~1\gagebr~1\applic~1\Webroot
2009-03-03 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-03-03 18:51 164 a------- c:\windows\install.dat
2009-03-03 18:42 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-03-03 18:41 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-03-03 18:41 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-03-03 18:41 38,400 a------- c:\windows\system32\hpz3l4sa.dll
2009-03-03 18:41 132 a------- c:\windows\system32\AddPort.ini
2009-03-03 18:39 804 a------- c:\windows\hpntwksetup.ini
2009-03-03 18:37 <DIR> --d----- c:\windows\carrier
2009-03-03 18:37 <DIR> --d----- c:\program files\HP
2009-03-03 18:37 140,527 a------- c:\windows\hpwins05.dat
2009-03-03 18:36 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-03-03 18:34 <DIR> --d----- c:\program files\ID3-TagIT 3
2009-03-03 18:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ID3-TagIT 3
2009-03-03 18:33 1,101,824 a------- c:\windows\hpzshl01.exe
2009-03-03 18:33 1,101,824 a------- c:\windows\hpzmsi01.exe
2009-03-03 18:33 876,544 a------- c:\windows\system32\hpwwiax1.dll
2009-03-03 18:33 835,072 a------- c:\windows\system32\hpwtiop1.dll
2009-03-03 18:33 286,720 a------- c:\windows\system32\HPZc3212.dll
2009-03-03 18:33 258,122 a------- c:\windows\system32\hpovst09.dll
2009-03-03 18:33 77,824 a------- c:\windows\system32\hpzids01.dll
2009-03-03 18:33 36,864 a------- c:\windows\system32\hpw7x00co.dll
2009-03-03 18:33 12,400 a------- c:\windows\hpwscr05.dat
2009-03-03 18:33 3,953 a------- c:\windows\hpwmdl05.dat
2009-03-03 18:31 <DIR> --d----- C:\Temp
2009-03-03 18:26 <DIR> --d----- c:\program files\Volume OSD
2009-03-03 18:09 6,480 a------- c:\windows\movexe.exe
2009-03-03 18:08 <DIR> --d----- c:\program files\Shove-it
2009-03-03 18:06 <DIR> --d----- c:\program files\Hack-It
2009-03-03 18:04 14,848 a------- c:\windows\system32\3dcc.cpl
2009-03-03 18:04 <DIR> --d----- c:\program files\3D Color Changer 4
2009-03-03 18:02 <DIR> --d----- c:\program files\Sizer
2009-03-03 18:02 <DIR> --d----- c:\program files\TrayMenu
2009-03-02 21:55 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-02 21:55 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-02 21:55 <DIR> --d----- c:\windows\system32\Adobe
2009-03-02 21:54 <DIR> --d----- c:\program files\Accessories
2009-03-02 21:53 <DIR> --d----- c:\program files\MozBackup
2009-03-02 21:53 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-02 20:30 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-02 20:30 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-01 22:39 <DIR> --d----- c:\docume~1\gagebr~1\applic~1\X-Setup Pro
2009-03-01 22:39 <DIR> --d----- c:\program files\X-Setup Pro
2009-03-01 22:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\X-Setup Pro
2009-03-01 22:18 <DIR> --d----- c:\program files\common files\Diskeeper Corporation
2009-03-01 22:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Diskeeper Corporation
2009-03-01 22:18 <DIR> --d----- c:\program files\Diskeeper Corporation
2009-03-01 22:15 <DIR> --d----- c:\program files\common files\EZB Systems
2009-03-01 22:15 <DIR> --d----- c:\program files\UltraISO
2009-03-01 22:13 167,936 a------- c:\windows\system32\SendToToys.cpl
2009-03-01 22:13 90,112 a------- c:\windows\SendToClip.exe
2009-03-01 22:13 <DIR> --d----- c:\program files\Send To Toys
2009-03-01 22:12 <DIR> --d----- c:\program files\SyncBackSE
2009-03-01 22:10 666 a------- c:\windows\unins000.dat
2009-03-01 22:09 <DIR> --d----- c:\program files\Unlocker
2009-03-01 22:07 <DIR> --d----- c:\program files\User Profile Hive Cleanup
2009-03-01 22:06 <DIR> --d----- c:\program files\Microsoft Color Control Panel Applet for Windows XP
2009-03-01 22:06 <DIR> --d----- c:\windows\Downloaded Installations
2009-03-01 21:58 208,896 a------- c:\windows\system32\bih.dll
2009-03-01 21:58 <DIR> --d----- c:\program files\BatteryInfo
2009-03-01 21:55 266,360 a------- c:\windows\system32\TweakUI.exe
2009-03-01 21:55 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-03-01 21:45 <DIR> --d----- C:\I386
2009-03-01 21:20 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-01 21:19 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-01 21:19 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-01 21:19 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-01 21:19 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-01 21:19 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-01 21:19 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-01 21:19 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-01 21:15 873,374 a------- c:\windows\system32\oem18.inf
2009-03-01 21:15 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-03-01 21:14 <DIR> --d----- c:\windows\system32\LogFiles
2009-03-01 21:12 <DIR> --d----- c:\windows\system32\URTTemp
2009-03-01 21:12 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-03-01 21:12 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-01 21:12 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-03-01 21:12 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-03-01 21:12 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-03-01 21:12 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-03-01 21:12 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-03-01 21:12 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-01 21:12 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-03-01 20:45 <DIR> --d----- c:\program files\PerformanceTest
2009-03-01 20:45 <DIR> --d----- c:\program files\Smith Micro
2009-03-01 20:41 35,888 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-03-01 20:41 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-03-01 20:41 <DIR> --d----- c:\program files\Norton AntiVirus
2009-03-01 20:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-03-01 20:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-03-01 20:40 <DIR> --d----- c:\program files\NortonInstaller
2009-03-01 20:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-03-01 20:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonSystemWorks
2009-03-01 20:37 <DIR> --d----- c:\program files\Norton SystemWorks
2009-03-01 20:37 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-01 20:37 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-01 20:37 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-01 20:37 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-01 20:37 <DIR> --d----- c:\program files\Symantec
2009-03-01 20:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-03-01 20:37 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-03-01 20:17 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-01 20:16 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-01 20:16 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-01 20:16 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-01 20:16 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-01 20:14 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-01 20:14 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-01 20:08 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-01 20:08 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-01 20:07 <DIR> --dsh--- c:\documents and settings\gage brumbaugh\UserData
2009-03-01 19:59 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-01 19:54 <DIR> --d----- c:\windows\tiinst
2009-03-01 19:53 70,656 a------- c:\windows\system32\drivers\Rtlnicxp.sys
2009-03-01 19:52 425,984 a------- c:\windows\system32\hpqPres.dll
2009-03-01 19:52 225,280 a------- c:\windows\system32\cpqinfo.dll
2009-03-01 19:52 65,536 a------- c:\windows\system32\hpqactn.dll
2009-03-01 19:52 32,768 a------- c:\windows\system32\eabhbrn8.dll
2009-03-01 19:52 5,220 a------- c:\windows\system32\drivers\EabUsb.sys
2009-03-01 19:52 7,432 a------- c:\windows\system32\drivers\eabfiltr.sys
2009-03-01 19:52 <DIR> --d----- c:\program files\HPQ
2009-03-01 19:51 15,781 a------- c:\windows\system32\drivers\mdc8021x.sys
2009-03-01 19:51 1,237,095 -------- c:\windows\system32\BCMWLCPL.CPL
2009-03-01 19:51 913,408 -------- c:\windows\system32\AegisE5.dll
2009-03-01 19:51 671,846 -------- c:\windows\system32\BCMWLTRY.EXE
2009-03-01 19:51 110,592 -------- c:\windows\system32\AegisI5.exe
2009-03-01 19:51 81,920 -------- c:\windows\system32\wltrynt.dll
2009-03-01 19:51 69,632 -------- c:\windows\system32\BCMLogon.dll
2009-03-01 19:51 57,344 -------- c:\windows\system32\WLTRYSVC.EXE
2009-03-01 19:51 176,128 a------- c:\windows\system32\bcmwlu00.EXE
2009-03-01 19:51 69,632 a------- c:\windows\system32\bcmwlD2K.EXE
2009-03-01 19:51 1,391,104 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-03-01 19:50 5,632 a----r-- c:\windows\system32\drivers\atiide.sys
2009-03-01 19:50 <DIR> --d----- c:\program files\ATI Technologies
2009-03-01 19:48 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-03-01 19:48 94,601 a------- c:\windows\system32\drivers\Apfiltr.sys
2009-03-01 19:48 87,821 a------- c:\windows\system32\Vxdif.dll
2009-03-01 19:48 <DIR> --d----- c:\program files\Apoint2K
2009-03-01 19:47 <DIR> --d----- c:\windows\Options
2009-03-01 19:47 <DIR> --d----- C:\SWSetup
2009-03-01 19:46 <DIR> --d----- c:\program files\Analog Devices
2009-03-01 19:45 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-03-01 19:35 <DIR> --d----- c:\documents and settings\Gage Brumbaugh
2009-03-01 19:33 <DIR> --ds---- c:\windows\system32\Microsoft
2009-03-01 19:32 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-01 19:30 15,872 ac------ c:\windows\system32\dllcache\padrs404.dll
2009-03-01 19:29 5,632 ac------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-03-01 19:28 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-01 19:28 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-03-01 19:28 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-01 19:28 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-03-01 19:28 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-03-01 19:28 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-01 19:28 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-01 19:28 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-03-01 19:28 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-03-01 19:28 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-03-01 19:28 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-03-01 19:28 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-01 19:28 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-03-01 19:27 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-01 19:25 <DIR> --d----- c:\program files\Online Services
2009-03-01 19:25 <DIR> --d----- c:\program files\Messenger
2009-03-01 19:25 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-01 19:24 <DIR> --d----- c:\program files\Windows NT
2009-03-01 12:16 <DIR> --d----- c:\program files\common files\ODBC
2009-03-01 12:16 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-01 12:16 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-03-01 22:10 72,748 a------- c:\windows\unins000.exe
2009-03-01 20:07 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-01 19:26 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-13 17:09 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-02-13 17:09 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-13 17:09 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys

============= FINISH: 21:55:44.00 ===============

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 23 March 2009 - 03:48 PM

Hello.

Please tell me which files are being flagged as "ufp 007 spy".

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.

Are there signs of infection other than the detections?

With Regards,
The Panda

#5 SRacer2000

SRacer2000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 23 March 2009 - 04:34 PM

I'll run that scan later tonight. I keep getting SpySweeper notices that svchost.exe is trying to delete other services like tcp/ip, dchp, and I think norton a/v. So I'm pretty sure 'ufp 007 spy' it attached to a service

#6 SRacer2000

SRacer2000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 23 March 2009 - 10:34 PM

Nothing? WTH?

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 23, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 23, 2009 22:13:13
Records in database: 1958593
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 54442
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:09:19

No malware has been detected. The scan area is clean.
The selected area was scanned.

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 24 March 2009 - 07:25 AM

Hello.

If it is indeed attached to Svchost, we'll need some stronger tools.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

With Regards,
The Panda

#8 SRacer2000

SRacer2000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 24 March 2009 - 08:02 PM

ComboFix 09-03-23.01 - Gage Brumbaugh 2009-03-24 17:41:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.641 [GMT -7:00]
Running from: c:\documents and settings\Gage Brumbaugh\My Documents\Downloads\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-23 16:21 . 2009-03-23 16:21 <DIR> d-------- c:\windows\Sun
2009-03-23 12:00 . 2009-03-23 12:01 <DIR> d-------- c:\documents and settings\Gage Brumbaugh\Application Data\Symantec
2009-03-11 21:33 . 2009-03-11 21:44 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-11 21:26 . 2009-03-11 21:43 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-11 21:25 . 2009-03-11 21:25 <DIR> d-------- c:\program files\Lavasoft
2009-03-11 21:25 . 2009-03-11 21:25 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-08 16:11 . 2009-03-08 16:11 <DIR> d-------- c:\program files\Microangelo Toolset 6
2009-03-08 16:10 . 2009-03-08 16:10 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-08 16:10 . 2009-03-09 19:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-08 16:03 . 2009-03-08 16:03 <DIR> d-------- c:\program files\Search and Replace
2009-03-08 16:02 . 2009-03-08 16:02 <DIR> d-------- c:\program files\TrashReg
2009-03-08 16:01 . 2009-03-08 16:01 <DIR> d-------- c:\program files\RegCOPA
2009-03-08 16:01 . 2009-03-08 16:01 <DIR> d-------- c:\program files\Common Files\InterVations
2009-03-08 16:01 . 2009-03-08 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\InterVations
2009-03-08 15:59 . 2009-03-08 16:00 <DIR> d-------- c:\program files\MagicDisc
2009-03-08 15:59 . 2009-03-08 15:59 <DIR> d-------- c:\program files\FreshDiagnose
2009-03-08 15:59 . 2007-09-05 01:46 92,544 --a------ c:\windows\system32\drivers\mcdbus.sys
2009-03-08 15:56 . 2009-03-08 16:40 <DIR> d-------- c:\documents and settings\Gage Brumbaugh\Application Data\skypePM
2009-03-08 15:56 . 2009-03-08 15:56 <DIR> d-------- c:\documents and settings\Gage Brumbaugh\Application Data\Apple Computer
2009-03-08 15:56 . 2009-03-08 15:56 32 --a------ c:\documents and settings\All Users\Application Data\ezsid.dat
2009-03-08 15:55 . 2009-03-08 15:55 <DIR> d-------- c:\program files\iTunes
2009-03-08 15:55 . 2009-03-08 15:55 <DIR> d-------- c:\program files\iPod
2009-03-08 15:55 . 2009-03-08 15:55 <DIR> d-------- c:\program files\Bonjour
2009-03-08 15:55 . 2009-03-08 15:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-08 15:55 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-08 15:55 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 15:54 . 2009-03-08 15:55 <DIR> d-------- c:\program files\QuickTime
2009-03-08 15:54 . 2009-03-08 15:54 <DIR> d-------- c:\program files\Apple Software Update
2009-03-08 15:54 . 2009-03-08 16:42 <DIR> d-------- c:\documents and settings\Gage Brumbaugh\Application Data\Skype
2009-03-08 15:54 . 2009-03-08 15:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-08 15:53 . 2009-03-11 21:44 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-08 15:53 . 2009-03-08 15:55 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-08 15:53 . 2009-03-08 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-08 15:50 . 2009-03-08 15:50 <DIR> d-------- c:\program files\eMule Plus
2009-03-08 15:48 . 2009-03-08 15:48 <DIR> d-------- c:\program files\Skype
2009-03-08 15:48 . 2009-03-08 15:48 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-08 15:47 . 2009-03-08 15:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-03-08 15:46 . 2009-03-08 15:47 <DIR> d-------- c:\program files\RapGet
2009-03-07 22:56 . 2009-03-07 22:56 <DIR> d-------- c:\documents and settings\Gage Brumbaugh\Application Data\Thunderbird
2009-03-07 22:32 . 2009-03-07 22:32 <DIR> dr------- c:\temp\Start Menu
2009-03-07 22:24 . 2009-03-07 22:24 <DIR> d-------- c:\program files\FTP Explorer
2009-03-05 19:03 . 2009-03-05 19:03 <DIR> d-------- c:\program files\Classic Menu for Office
2009-03-05 18:01 . 2009-03-05 18:01 <DIR> d-------- c:\program files\MSECache
2009-03-05 17:18 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-03-05 17:04 . 2009-03-05 17:04 <DIR> d-------- c:\program files\Microsoft Works
2009-03-05 17:03 . 2009-03-05 17:03 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-05 17:01 . 2009-03-05 17:01 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-03-05 17:00 . 2009-03-05 17:04 <DIR> d-------- c:\windows\SHELLNEW
2009-03-05 17:00 . 2009-03-05 17:00 <DIR> dr-h----- C:\MSOCache
2009-03-05 17:00 . 2009-03-22 21:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-04 21:03 . 2009-03-04 21:03 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-04 20:03 . 2009-03-04 20:03 <DIR> d--hs---- C:\Diskeeper
2009-03-03 21:30 . 2009-03-07 22:31 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-03 21:29 . 2009-03-03 21:29 <DIR> d-------- c:\windows\Easy CD-DA Extractor 11.5.3
2009-03-03 21:29 . 2009-03-03 21:35 <DIR> d-------- c:\program files\Easy CD-DA Extractor 11
2009-03-03 21:24 . 2009-03-03 21:26 <DIR> d-------- c:\program files\Winamp
2009-03-03 21:24 . 2009-03-03 21:28 <DIR> d-------- c:\documents and settings\Gage Brumbaugh\Application Data\Winamp
2009-03-03 21:23 . 2009-03-03 21:23 <DIR> d-------- c:\documents and settings\Gage Brumbaugh\Application Data\Logitech
2009-03-03 21:23 . 2009-03-03 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2009-03-03 21:23 . 2008-09-26 09:52 10,384 --a------ c:\windows\system32\drivers\LBeepKE.sys
2009-03-03 21:22 . 2008-11-07 16:37 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2009-03-03 21:21 . 2009-03-03 21:21 <DIR> d-------- c:\program files\Logitech
2009-03-03 21:21 . 2009-03-03 21:22 <DIR> d-------- c:\program files\Common Files\Logishrd
2009-03-03 21:21 . 2009-03-03 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-03-03 21:21 . 2008-11-07 16:38 170,512 --a------ c:\windows\system32\kemutb.dll
2009-03-03 21:21 . 2008-11-07 16:38 145,936 --a------ c:\windows\system32\KemUtil.dll
2009-03-03 21:21 . 2008-11-07 16:38 117,264 --a------ c:\windows\system32\KemWnd.dll
2009-03-03 21:21 . 2008-11-07 16:38 84,496 --a------ c:\windows\system32\KemXML.dll
2009-03-03 19:30 . 2009-03-03 19:29 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-03 18:55 . 2009-03-03 18:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-03-03 18:52 . 2009-03-03 18:52 <DIR> d-------- c:\program files\MSSOAP
2009-03-03 18:51 . 2009-03-03 18:51 <DIR> d-------- c:\program files\Webroot
2009-03-03 18:51 . 2009-03-03 18:51 <DIR> d-------- c:\documents and settings\Gage Brumbaugh\Application Data\Webroot
2009-03-03 18:51 . 2009-03-03 18:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2009-03-03 18:51 . 2009-03-05 17:10 1,553,784 --a------ c:\windows\WRSetup.dll
2009-03-03 18:51 . 2009-03-23 20:42 164 --a------ c:\windows\install.dat
2009-03-03 18:42 . 2009-03-03 18:42 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-03-03 18:41 . 2006-07-03 11:54 38,400 --a------ c:\windows\system32\hpz3l4sa.dll
2009-03-03 18:41 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\drivers\serscan.sys
2009-03-03 18:41 . 2001-08-17 13:53 6,784 --a--c--- c:\windows\system32\dllcache\serscan.sys
2009-03-03 18:41 . 2009-03-03 18:41 132 --a------ c:\windows\system32\AddPort.ini
2009-03-03 18:39 . 2009-03-03 18:41 804 --a------ c:\windows\hpntwksetup.ini
2009-03-03 18:37 . 2009-03-03 18:37 <DIR> d-------- c:\windows\carrier
2009-03-03 18:37 . 2009-03-03 18:37 <DIR> d-------- c:\program files\HP
2009-03-03 18:37 . 2009-03-03 18:43 140,527 --a------ c:\windows\hpwins05.dat
2009-03-03 18:36 . 2009-03-03 18:36 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-03 18:34 . 2009-03-03 18:34 <DIR> d-------- c:\program files\ID3-TagIT 3
2009-03-03 18:34 . 2009-03-03 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\ID3-TagIT 3
2009-03-03 18:33 . 2006-02-07 23:49 1,101,824 --a------ c:\windows\hpzshl01.exe
2009-03-03 18:33 . 2006-02-07 23:49 1,101,824 --a------ c:\windows\hpzmsi01.exe
2009-03-03 18:33 . 2006-06-27 00:58 876,544 --a------ c:\windows\system32\hpwwiax1.dll
2009-03-03 18:33 . 2006-04-02 00:41 835,072 --a------ c:\windows\system32\hpwtiop1.dll
2009-03-03 18:33 . 2006-03-19 17:48 286,720 --a------ c:\windows\system32\HPZc3212.dll
2009-03-03 18:33 . 2005-08-25 18:19 258,122 --a------ c:\windows\system32\hpovst09.dll
2009-03-03 18:33 . 2005-10-11 19:20 77,824 --a------ c:\windows\system32\hpzids01.dll
2009-03-03 18:33 . 2006-07-06 20:28 36,864 --a------ c:\windows\system32\hpw7x00co.dll
2009-03-03 18:33 . 2007-01-11 11:43 12,400 --a------ c:\windows\hpwscr05.dat
2009-03-03 18:33 . 2007-01-11 11:31 3,953 --a------ c:\windows\hpwmdl05.dat
2009-03-03 18:31 . 2009-03-07 22:32 <DIR> d-------- C:\Temp
2009-03-03 18:26 . 2009-03-03 18:26 <DIR> d-------- c:\program files\Volume OSD
2009-03-03 18:09 . 2009-03-03 18:09 6,480 --a------ c:\windows\movexe.exe
2009-03-03 18:08 . 2009-03-03 18:10 <DIR> d-------- c:\program files\Shove-it
2009-03-03 18:06 . 2009-03-03 18:06 <DIR> d-------- c:\program files\Hack-It
2009-03-03 18:04 . 2009-03-03 18:05 <DIR> d-------- c:\program files\3D Color Changer 4
2009-03-03 18:04 . 2003-03-13 02:00 14,848 --a------ c:\windows\system32\3dcc.cpl
2009-03-03 18:02 . 2009-03-08 16:50 <DIR> d-------- c:\program files\TrayMenu
2009-03-03 18:02 . 2009-03-03 18:02 <DIR> d-------- c:\program files\Sizer
2009-03-02 22:00 . 2009-03-02 22:00 <DIR> d-------- c:\documents and settings\Gage Brumbaugh\Application Data\Talkback
2009-03-02 21:58 . 2009-03-02 21:58 0 --a------ c:\windows\nsreg.dat
2009-03-02 21:56 . 2009-03-02 21:56 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-02 21:55 . 2009-03-02 21:55 <DIR> d-------- c:\windows\system32\Adobe
2009-03-02 21:55 . 2008-08-06 15:27 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-03-02 21:55 . 2008-08-06 15:29 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-03-02 21:54 . 2009-03-03 18:11 <DIR> d-------- c:\program files\Accessories
2009-03-02 21:53 . 2009-03-02 21:53 <DIR> d-------- c:\program files\MozBackup
2009-03-02 21:53 . 2009-03-03 19:29 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-02 21:52 . 2009-03-03 19:29 <DIR> d-------- c:\program files\Java
2009-03-02 21:52 . 2009-03-02 21:52 <DIR> d-------- c:\program files\Common Files\Java
2009-03-02 21:50 . 2009-03-08 15:07 <DIR> d-------- c:\program files\Mozilla Thunderbird
2009-03-02 20:30 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-02 20:30 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-01 22:39 . 2009-03-01 22:39 <DIR> d-------- c:\program files\X-Setup Pro
2009-03-01 22:39 . 2009-03-01 22:39 <DIR> d-------- c:\documents and settings\Gage Brumbaugh\Application Data\X-Setup Pro
2009-03-01 22:39 . 2009-03-01 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\X-Setup Pro
2009-03-01 22:24 . 2009-03-11 21:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 04:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 05:10 72,748 ----a-w c:\windows\unins000.exe
2009-03-02 02:54 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-02 02:52 --------- d-----w c:\program files\HPQ
2009-03-02 02:51 15,781 ----a-w c:\windows\system32\drivers\mdc8021x.sys
2009-03-02 02:50 --------- d-----w c:\program files\ATI Technologies
2009-03-02 02:48 --------- d-----w c:\program files\Apoint2K
2009-03-02 02:46 --------- d-----w c:\program files\Analog Devices
2009-03-02 02:29 --------- d-----w c:\program files\microsoft frontpage
2009-02-25 22:24 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-25 22:24 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-02-25 22:24 176,752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-02-14 12:00 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 335872]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2008-09-25 160112]
"NswUiTray"="c:\program files\Norton SystemWorks\NswUiTray.exe" [2008-09-25 85360]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-11 515416]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-03-05 6308728]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-19 c:\windows\AGRSMMSG.exe]
"BIH"="bih.dll" [2009-03-01 c:\windows\system32\bih.dll]

c:\documents and settings\Gage Brumbaugh\Start Menu\Programs\Startup\
Hack-It Pro.lnk - c:\program files\Hack-It\HackIt.exe [2002-01-09 245760]
Shove-it.lnk - c:\program files\Shove-it\Shove-it.exe [1997-07-24 61952]
Sizer.lnk - c:\program files\Sizer\sizer.exe [2002-12-08 18944]
TrayMenu 2.0.2.lnk - c:\program files\TrayMenu\TrayMenu.exe [2001-02-14 108544]
Volume OSD.lnk - c:\program files\Volume OSD\osd_vol.exe [2005-08-06 64512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-03-03 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Norton AntiVirus\\Engine\\16.0.0.125\\ccSvcHst.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2009-03-01 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-11 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-02-13 29808]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1000000.07D\SymEFA.sys [2009-03-01 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2009-03-01 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2009-03-01 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSXpx86.sys [2009-03-12 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-03-03 10384]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [2009-03-01 115560]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2008-09-25 95600]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-03-03 1178728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-02 101936]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-11 21:42]

2009-03-23 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2008-09-25 14:52]

2009-03-23 c:\windows\Tasks\wrSpySweeper_L1023E40F0D2346A08FAC604A358B3A71.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-03-05 17:10]

2009-03-23 c:\windows\Tasks\wrSpySweeper_L1023E40F0D2346A08FAC604A358B3A71.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-03-05 17:10]

2009-03-23 c:\windows\Tasks\wrSpySweeper_L1023E40F0D2346A08FAC604A358B3A71.job
- C:\ [2009-03-24 17:43]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {C7765066-E071-40E9-A859-793AEE4DE251} = 24.116.2.34,24.116.0.202
FF - ProfilePath - c:\documents and settings\Gage Brumbaugh\Application Data\Mozilla\Firefox\Profiles\lfjylx0a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 17:52:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E77E5686-877C-343D-257E-183F999B4809}\InProcServer32*]
"pabednopgnangfbdokbflpmdinoiilbc"=hex:69,61,6a,6e,64,63,6f,67,6c,68,6e,6d,64,
70,6a,68,6a,64,00,00
"oabejmicbgdddlmndjminffenfakek"=hex:69,61,6a,6e,64,63,6f,67,6c,68,6e,6d,64,70,
6a,68,6a,64,00,00
"nabeifcdoafppnkhjclncpdhcgmo"=hex:64,62,66,65,69,70,69,70,6b,6c,6c,6f,67,64,
63,6f,68,69,70,6d,62,6b,63,70,6e,62,62,64,62,6c,6b,69,6a,69,62,64,62,65,6d,\
"bbbehfoalhpbnaabanjhfgjemmdomhodajab"=hex:6f,61,6c,61,6f,70,64,63,68,6a,6a,6e,
6a,65,67,65,6d,70,6b,6f,6c,6a,66,6e,61,6e,64,62,6a,64,00,69
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\User Profile Hive Cleanup\uphclean.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\rundll32.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-24 17:54:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-25 00:54:03

Pre-Run: 58,057,543,680 bytes free
Post-Run: 58,048,004,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

312 --- E O F --- 2009-03-23 04:47:27

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 25 March 2009 - 02:37 PM

Hello.

Still not seeing anything.

Please try to get a log of the detection, or take a screenshot.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

With Regards,
The Panda

#10 SRacer2000

SRacer2000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 25 March 2009 - 08:44 PM

I attached the log. I'll work on the screenshots.

Attached Files

  • Attached File  GMER.txt   19.07KB   1 downloads


#11 SRacer2000

SRacer2000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 25 March 2009 - 09:17 PM

Screenshots

Detection & Then the warnings I'm getting.

Attached Files


Edited by SRacer2000, 25 March 2009 - 09:55 PM.


#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 27 March 2009 - 07:15 AM

Hello.

I'm suspecting a false detection.

The scan says it was detected, but "0 Traces" meaning no items of it were actually found?

With Regards,
The Panda

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 08 April 2009 - 05:29 PM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users