Random Pop-ups....Lots of em! [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Random Pop-ups....Lots of em! [Solved]

Options

patel715 View Member Profile	Dec 27 2008, 06:27 PM Post #1
Member Posts: 31 OS: windows xp	Hi, I've been having some trouble with my internet. I have random pop-ups and my pages get stuck in the scroll funtion. So i was wondering if you can help me out. I recieved help from you guys before and i know you can come through for me again. I have posted my log here and seeking help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:24:59 PM, on 12/27/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\National Instruments\MAX\nimxs.exe C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe C:\WINDOWS\system32\nisvcloc.exe C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\nipalsm.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE

greyknight17 View Member Profile	Dec 28 2008, 02:53 PM Post #2
Malware Expert Posts: 16,559 From: New York OS: Windows 98, XP, Vista, Mac OS X	That log file is incomplete. Please post the entire log here.

patel715 View Member Profile	Jan 1 2009, 08:47 PM Post #3
Member Posts: 31 OS: windows xp	Sorry about that, here it is again Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:46:57 PM, on 1/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\National Instruments\MAX\nimxs.exe C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe C:\WINDOWS\system32\nisvcloc.exe C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\nipalsm.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\mobsync.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Documents and Settings\patelc\Application Data\gadcom\gadcom.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Lenovo\System Update\tvsukernel.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lconnect.wit.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [38925ce5] rundll32.exe "C:\WINDOWS\system32\dverednu.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\patelc\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211323164140 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211323730468 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wit.private O17 - HKLM\Software\..\Telephony: DomainName = wit.private O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wit.private O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wit.private O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: ivrvuu.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Solver for COSMOSFloWorks 2008 - Unknown owner - C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 19055 bytes

greyknight17 View Member Profile	Jan 3 2009, 03:01 PM Post #4
Malware Expert Posts: 16,559 From: New York OS: Windows 98, XP, Vista, Mac OS X	Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html Double-click on mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform Full Scan, then click Scan. * The scan may take some time to finish, so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below). * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy & paste the entire report into your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one: O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKLM\..\Run: [38925ce5] rundll32.exe "C:\WINDOWS\system32\dverednu.dll",b O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\patelc\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O20 - AppInit_DLLs: ivrvuu.dll O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them): C:\WINDOWS\system32\dverednu.dll C:\WINDOWS\system32\prunnet.exe C:\Documents and Settings\patelc\Application Data\gadcom\ C:\WINDOWS\system32\ivrvuu.dll C:\Program Files\Viewpoint\ 1. Download combofix at http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to your Desktop before you run it. 2. Double-click combofix.exe & follow the prompts. 3. When finished, it will produce a log for you. Post that log in your next reply. Note: Do not click on combofix's window while it's running. That may cause it to stall.

patel715 View Member Profile	Jan 4 2009, 01:55 PM Post #5
Member Posts: 31 OS: windows xp	I did the steps you asked me to. I wasn't able to find any of the files cept Viewpoint. I tried deleting it but didn't let me. And the things you asked to fix thourgh hi-jack this i wasn't able to find any cept the viewpoint in this one as well. I have the 2 reports you asked for as well. Malwarebytes' Anti-Malware 1.31 Database version: 1607 Windows 5.1.2600 Service Pack 3 1/4/2009 2:10:42 PM mbam-log-2009-01-04 (14-10-42).txt Scan type: Full Scan (C:\\|) Objects scanned: 356514 Time elapsed: 1 hour(s), 22 minute(s), 0 second(s) Memory Processes Infected: 1 Memory Modules Infected: 7 Registry Keys Infected: 19 Registry Values Infected: 4 Registry Data Items Infected: 2 Folders Infected: 1 Files Infected: 37 Memory Processes Infected: C:\Documents and Settings\patelc\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\bscdyamd.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\pmnnNdbc.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vawddt.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\qoMgggFU.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\oiaepemd.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\bguueyuy.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\efzhke.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c74038ca-ccae-4475-bd1c-e4a91349c277} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{c74038ca-ccae-4475-bd1c-e4a91349c277} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomgggfu (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c74038ca-ccae-4475-bd1c-e4a91349c277} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8c8bd2fc-32e1-4c59-ac1f-4fc0fa9f2699} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c8bd2fc-32e1-4c59-ac1f-4fc0fa9f2699} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c8bd2fc-32e1-4c59-ac1f-4fc0fa9f2699} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnnndbc -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnndbc -> Delete on reboot. Folders Infected: C:\Documents and Settings\patelc\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\pmnnNdbc.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\cbdNnnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbdNnnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bscdyamd.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\dmaydcsb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\buvtqljg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gjlqtvub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uaxtpyjw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wjyptxau.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vawddt.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\qoMgggFU.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\oiaepemd.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\bguueyuy.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\patelc\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efzhke.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\patelc\Local Settings\Temporary Internet Files\Content.IE5\519ZF6DU\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\patelc\Local Settings\Temporary Internet Files\Content.IE5\N0WZ7VU0\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\patelc\Local Settings\Temporary Internet Files\Content.IE5\XX7UT2PO\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E2239F20-93FB-46DF-A084-03A0FAB1CFE2}\RP69\A0014767.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E2239F20-93FB-46DF-A084-03A0FAB1CFE2}\RP69\A0016055.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E2239F20-93FB-46DF-A084-03A0FAB1CFE2}\RP69\A0017067.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E2239F20-93FB-46DF-A084-03A0FAB1CFE2}\RP69\A0017068.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E2239F20-93FB-46DF-A084-03A0FAB1CFE2}\RP69\A0017069.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\exvjni.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fmrdhtmi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kcsckjfv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vysppx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gwiwvuyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iifGWMec.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ktoybgku.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xgarfz.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zrhlqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ugfaavhw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ivrvuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvSkLdC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. COMBO FIX- ComboFix 09-01-02.01 - patelc 2009-01-04 14:33:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1232 [GMT -5:00] Running from: c:\documents and settings\patelc\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition On-access scanning disabled (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\patelc\Local Settings\Temporary Internet Files\fbk.sts c:\windows\IE4 Error Log.txt c:\windows\system32\keidexgr.ini c:\windows\system32\qkvrkwfu.ini c:\windows\system32\sdsuixln.ini c:\windows\system32\underevd.ini ----- BITS: Possible infected sites ----- hxxp://witwsus.wit.private . ((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 ))))))))))))))))))))))))))))))) . 2009-01-03 22:57 . 2009-01-03 22:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-03 22:57 . 2009-01-03 22:57 <DIR> d-------- c:\documents and settings\patelc\Application Data\Malwarebytes 2009-01-03 22:57 . 2009-01-03 22:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-03 22:57 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-03 22:57 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-27 19:22 . 2008-12-27 19:22 <DIR> d-------- c:\program files\Trend Micro 2008-12-14 15:13 . 2008-12-14 15:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\SwiftSwitch 2008-12-10 14:28 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-12-04 10:03 . 2008-12-04 10:03 268 --ah----- C:\sqmdata15.sqm 2008-12-04 10:03 . 2008-12-04 10:03 244 --ah----- C:\sqmnoopt15.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-04 19:41 --------- d-----w c:\documents and settings\patelc\Application Data\IM 2009-01-04 19:16 31 ----a-w c:\documents and settings\patelc\jagex_runescape_preferences.dat 2008-12-27 03:33 --------- d-----w c:\program files\Steam 2008-12-27 01:58 --------- d-----w c:\program files\AutoMacroRecorder 2008-12-27 00:32 --------- d-----w c:\program files\Lenovo 2008-12-27 00:32 --------- d-----w c:\program files\Common Files\Lenovo 2008-12-26 21:41 --------- d-----w c:\program files\DivX 2008-12-26 02:29 --------- d-----w c:\program files\Symantec AntiVirus 2008-12-12 04:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-08 07:00 --------- d-----w c:\program files\Full Tilt Poker 2008-12-01 19:53 --------- d-----w c:\documents and settings\patelc\Application Data\Red Alert 3 2008-12-01 19:23 --------- d-----w c:\program files\Electronic Arts 2008-12-01 01:52 --------- d-----w c:\documents and settings\patelc\Application Data\U3 2008-11-25 05:09 --------- d-----w c:\documents and settings\patelc\Application Data\LimeWire 2008-11-25 05:08 --------- d-----w c:\documents and settings\patelc\Application Data\Apple Computer 2008-11-25 03:54 --------- d-----w c:\program files\LimeWire 2008-10-28 02:21 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-10-28 02:21 249,856 ------w c:\windows\Setup1.exe 2008-09-14 06:17 82,494 ----a-w c:\program files\Uninstal.exe 2007-08-14 08:25 90,112 ----a-w c:\program files\DemoPlayer.dll 2007-08-14 08:25 69,632 ----a-w c:\program files\dbg.dll 2007-08-14 08:25 62,976 ----a-w c:\program files\steam_api.dll 2007-08-14 08:25 351,744 ----a-w c:\program files\Mss32.dll 2007-08-14 08:25 332,800 ----a-w c:\program files\vstdlib_s.dll 2007-08-14 08:25 241,664 ----a-w c:\program files\tier0.dll 2007-08-14 08:25 226,304 ----a-w c:\program files\tier0_s.dll 2007-08-14 08:25 211,456 ----a-w c:\program files\a3dapi.dll 2007-08-14 08:25 196,608 ----a-w c:\program files\vstdlib.dll 2007-08-14 08:25 122,974 ----a-w c:\program files\FileSystem_Steam.dll 2007-03-17 08:04 307,200 ----a-w c:\program files\steam.dll 2004-03-15 21:51 114,688 ----a-w c:\program files\internet explorer\plugins\LV71ActiveXControl.dll 2006-01-23 14:32 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll 2007-02-08 14:48 133,920 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll 2007-07-24 22:03 118,784 ----a-w c:\program files\internet explorer\plugins\LV85ActiveXControl.dll 2008-07-03 19:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat 2008-06-16 22:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-07-03 18:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-21 13524992] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-21 86016] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-01-11 144728] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-01-11 124248] "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-11 294912] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-11 208896] "SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-06-14 6862104] "niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-12-23 106064] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-03-14 126976] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-03-14 425984] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "nwiz"="nwiz.exe" [2008-03-21 c:\windows\system32\nwiz.exe] "TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\system32\TpShocks.exe] c:\documents and settings\Admin\Start Menu\Programs\Startup\ Shortcut to bg.lnk - c:\documents and settings\Admin\BGinfo\bg.bat [2008-05-21 34] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceStartMenuLogOff"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-08-14 14:54 89600 c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2008-03-14 17:54 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=efzhke.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2746289630-3061505222-2800193894-63121\Scripts\Logon\0\0] "Script"=\\wit.private\SysVol\wit.private\scripts\students.bat [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MATLAB License Server"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Ruckus Player\\Ruckus.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:Enabled:CombatArms.exe "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:Enabled:Engine.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Steam\\SteamApps\\fr3ak715\\counter-strike source\\hl2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2007-07-10 15448] R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504] R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-05-21 11520] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-05-21 4224] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-05-21 4442] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-12 99376] R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2007-12-14 11360] R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2007-12-14 11360] R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2007-12-18 11360] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-05-22 30336] R4 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2007-02-16 12696] R4 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2007-09-18 11552] R4 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2007-07-19 11360] R4 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [2008-06-04 237568] R4 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896] S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2007-12-20 20056] S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2007-10-08 25888] S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2007-10-08 11552] S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2007-10-08 22360] S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2007-12-26 11352] S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2008-02-22 11336] S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2007-12-18 11336] S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2008-02-15 11344] S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2008-02-22 11336] S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2008-02-22 11336] S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2007-12-26 11352] S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-01-11 11392] S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2007-04-04 14464] S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2007-04-04 151683] S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2007-12-18 11368] S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2007-12-27 11360] S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2007-12-12 11904] S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2007-12-12 11896] S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2007-11-26 20768] S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2008-01-07 11376] S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2008-01-07 11352] S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2007-12-20 11344] S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2008-01-07 11376] S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2008-02-22 11336] S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2008-01-07 11312] S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2008-02-14 11360] S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-01-02 11336] S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2008-02-19 11360] S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2008-02-22 11368] S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2007-07-19 11384] S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2007-07-19 11360] S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2008-02-22 11336] S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2008-02-22 11336] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952] S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?] S4 MATLAB License Server;MATLAB License Server;c:\program files\MATLAB\R2008a\flexlm\lmgrd.exe [2008-06-16 1339392] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-09-04 24652] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##ntwit17#office12$] \Shell\AutoRun\command - X:\SETUP.EXE \Shell\configure\command - X:\SETUP.EXE \Shell\install\command - X:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0D0467EA-54FA-4CD1-9D91-D4D093F26821}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{115E4588-E14D-4105-8DCB-190DBDD7CC37}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3B67A8B7-7860-43E2-98D9-23C241353757}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4CA450E5-3117-44A1-932E-07938F381037}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835b0437-7f5c-11dd-a614-001f3baf0a51}] \Shell\Auto\command - Windows.scr \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{A8EF4C2C-0D15-4362-8F63-AFF1A642B72C}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{AE77DF5F-7B6E-4FF0-842B-791D3962E602}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aed48d19-bf4a-11dd-a645-001f3baf0a51}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b85030a2-9a04-11dd-a637-001f3baf0a51}] \Shell\AutoRun\command - E:\StartPortableApps.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{C6EDC877-F9D0-43F3-8B4F-03DA6D0F716E}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{E73490C3-5040-498D-987D-D2E9F130DB24}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{FEE45688-7813-4590-B733-66F2E4CF08DB}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE Newly Created Service - NIPALK . Contents of the 'Scheduled Tasks' folder 2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-01-04 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-11 00:30] 2009-01-04 c:\windows\Tasks\sbqvvovb.job - c:\windows\system32\rundll32.exe [2008-04-14 04:42] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://lconnect.wit.edu/ uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm c:\windows\system32\capicom.dll - c:\windows\Downloaded Program Files\acpir2.dll O16 -: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://www-307.ibm.com/pc/support/acpir.cab c:\windows\Downloaded Program Files\acpir.inf FF - ProfilePath - c:\documents and settings\patelc\Application Data\Mozilla\Firefox\Profiles\p7m8mv7h.default\ FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-04 14:40:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2746289630-3061505222-2800193894-63121\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEYNULL] "??"=hex:df,ac,28,92,6e,8e,8f,e4,0a,74,ce,41,44,2c,74,22,e2,ab,b6,b2,91,e5,01,\ 55,2d,7d,8b,30,76,6f,83,8b,f9,6f,5a,32,a2,3d,a2,23,44,fb,99,0a,7e,32,13,12,\ 45,04,5b,62,be,ca,dc,e6,0e,98,54,21,ec,4c,a4,b3,25,55,e0,9a,32,af,d8,f5,54,\ ce,9c,29,58,ab,29,41,09,fa,2e,a6,0d,c2,b0,96,a9,f9,c2,c8,e4,d2,ce,c2,6c,13,\ d1,8b,d8,5e,8c,65,91,21,f3,90,cd,8f,8e,9f,6b,e6,cb,63,19,53,7b,88,41,dc,ad,\ 53,57,e7,35,3f,f9,75,06,3a,d9,c3,d5,5f,6f,11,93,64,95,fd,a6,fe,62,90,dc,4b,\ 0e,79,0c,54,49,6b,7c,20,38,16,99,ec,96,e6,be,50,05,ce,05,ed,26,fd,5d,0b,50,\ 6b,2b,fe,49,c2,b1,c4,ac,6d,e4,e2,d4,61,4a,c1,af,5a,35,95,8c,60,bb,98,a0,63,\ 2f,53,f9,c2,88,90,5b,cd,d4,41,3a,7a,9e,11,42,4b,2e,10,fd,79,66,57,fa,50,63,\ 51,3e,75,5b,69,7c,f8,9b,03,93,6e,2d,d8,38,cc,89,9b,b8,58,6d,fc,5d,d9,18,80,\ c7,64,a7,fd,ed,1b,d6,ba,b1,d2,b0,45,9d,0e,38,67,35,40,ff,df,97,16,68,be,e5,\ 12,3c,99,d4,b1,d2,c1,3d,36,ff,43,7f,9e,ac,f3,03,bb,0e,ff,02,fa,17,a8,db,e3,\ ca,e5,82,5c,a4,27,b7,b1,72,82,f2,73,bc,16,1f,c9,2c,a7,2d,a7,02,32,96,a5,e4,\ 30,c9,86,43,fb,98,35,e4,1b,b4,b3,d1,34,29,2d,44,ca,13,63,8c,ed,50,64,d0,c4,\ fb,55,5e,9e,eb,ef,44,d6,b0,a9,43,8f,29,7f,2b,4e,34,e7,e2,38,2c,1c,f5,d4,85,\ 61,e5,bb,be,42,ef,b5,28,e6,0f,6d,c2,33,f3,70,b8,a1,61,3e,4a,c8,6c,25,55,f1,\ dc,05,03,16,33,f8,58,ea,a9,ef,47,7a,43,cb,d0,dd,d8,63,99,ad,ed,eb,3f,d7,5e,\ d6,35,d1,d7,a2,bd,2d,26,28,d4,6f,8c,ce,79,e1,71,27,69,a3,4e,27,eb,87,47,a2,\ 84,24,87,01,6e,0f,48,db,38,b3,5e,32,e1,5d,b4,d9,86,71,32,c5,69,28,c2,b3,44,\ 91,8d,08,4c,2b,f2,0d,f2,c1,40,b6,e8,2b,2d,0a,40,32,88,8e,9e,b6,c3,e7,f4,d2,\ 4a,56,19,07,1a,2b,2f,9d,16,f5,34,f3,08,97,31,21,c3,24,89,24,c4,41,fb,22,3b,\ c0,88,4c,7c,a2,d4,c8,24,f6,8d,65,89,77,a8,da,d0,27,c5,c2,25,b4,80,7d,cc,39,\ bf,be,cd,ce,20,44,1f,fe,45,f8,b4,19,f0,00,a4,53,4d,54,bf,80,36,ac,09,f2,06,\ 91,d1,7d,f0,5a,95,39,60,82,a1,a4,3d,c0,6d,03,8f,d0,e2,cf,27,aa,a8,02,6c,29,\ f1,0e,70,5c,8c,27,3d,f9,63,ed,05,ae,e9,86,74,91,7e,cd,47,4f,ff,77,8a,17,7b,\ 0a,6d,bc,ee,2f,44,5a,a4,4e,8e,57,a6,b7,ee,7b,fb,9d,fe,5a,da,75,fc,db,fc,c2,\ 2d,40,d5,48,b9,83,31,ce,5d,da,77,ff,da,96,6b,ab,e4,d2,a1,b2,d3,30,93,75,0e,\ ac,d5,48,f5,37,65,52,ec,be,3d,01,d7,84,9b,c8,a3,ea,98,a0,23,9f,f8,a0,9c,31,\ b5,97,2c,ae,b2,2f,9e,37,46,39,1f,e0,b1,12,3b,94,3e,87,11,08,e2,b1,6b,f5,21,\ ce,c4,2c,da,fb,46,ef,86,4e,a8,a4,3a,55,b6,1f,30,bf,4a,77,32,46,cd,79,9a,d9,\ f4,d5,89,16,8c,77,77,74,40,f4,60,71,8a,78,d0,1c,03,9e,05,72,6c,f1,4a,26,36,\ 72,65,9b,9f,7d,c8,94,34,e7,09,f4,25,98,d5,f7,9c,cc,2b,9c,9b,0f,6c,0a,e4,4e,\ e6,17,ab,12,cb,5d,c2,e4,85,bc,da,bf,90,71,3a,c1,a6,d2,c1,ac,65,56,a2,b0,21,\ 2d,7f,8a,65,93,09,5f,3e,bd,0c,03,6d,fc,85,bd,0d,7a,fe,67,c2,b0,45,12,6f,f8,\ a4,05,64,9d,ac,1d,1c,95,a4 "??"=hex:1c,cd,f0,4e,8e,b3,c5,7d,3c,3a,c5,02,5e,02,1c,2c [HKEY_USERS\S-1-5-21-2746289630-3061505222-2800193894-63121\Software\SecuROM\License informationNULL] "datasecu"=hex:f0,4f,95,26,23,81,43,62,0e,84,ae,bc,ff,3a,d0,eb,e3,ee,7d,f4,69,\ 47,cc,a0,70,08,f5,c9,26,9a,0a,61,9e,a1,c2,16,22,90,7c,68,ed,6d,82,09,bb,c0,\ 63,38,8d,4e,8c,47,dd,bc,87,09,81,02,b8,89,fb,1a,24,0b,85,96,54,89,b4,a4,07,\ b7,ad,5e,9c,3d,95,65,ba,ba,31,0e,85,ac,0c,67,20,dc,10,0d,48,ac,e8,6d,30,b9,\ a1,4e,d2,e3,0d,64,f0,0c,88,a7,c5,23,f9,6b,c2,05,9d,52,03,68,b6,b5,cf,85,dd,\ e6,70,41,ab,42,dd,92,ec,c3,1e,4a,24,2b,02,19,3b,18,73,38,2f,73,b7,3c,ad,bc,\ 24,4f,07,cb,b7,39,ca,43,ed,3a,3d,e8,e5,89,3b,55,8a,6c,82,28,04,90,13,48,45,\ 6c,8e,97,9b,36,40,05,21,cb,4d,9e,cc,df,b2,e0,3c,e1,7d,87,2d,b5,18,3e,33,65,\ bb,c9,15,65,7f,45,cd,7e,69,0a,7a,5b,e7,9c,67,c0,4d,ab,cb,87,13,f3,3c,eb,b8,\ 9e,9b,78,c1,3f,22,a2,fe,4d,0a,c0,f8,38,83,95,8e,d6,c9,7d,4c,88,81,c1,37,2d,\ cf,23,be,93,8b,85,bd,2f,0b,35,59,40,46,c1,48,da,4a,1c,86,af,b0,3e,2f,40,86,\ ec,f7,d4,a0,b5,cb,19,1c,b1,34,d6,fe,bb,54,3c,e3,07,4e,f0,59,17,c2,76,41,c7,\ 24,55,50,25,da,15,15,f5,27,9f,85,7e,d8,de,b7,2f,05,0c,99,cb,37,f8,9c,f2,6c,\ e9,25,ca,e2,e2,b8,39,0d,0d,3e,87,cc,88,3b,0c,fb,48,b4,9f,2d,0a,06,dd,dd,2c,\ 3f,2b,e3,a2,ae,9d,68,1d,3c,f2,0b,71,8a,bd,60,0e,2d,9e,cf,c2,93,65,dc,e0,98,\ 8c,71,5c,6b,cb,e7,43,9f,f8,bb,98,46,25,b2,4f,1d,bb,9e,47,b5,f4,af,0e,f0,d9,\ 36,2b,5a,0b,a4,5d,1c,be,74,2c,4a,94,b4,d3,e4,de,46,fe,2e,c6,44,19,0c,86,99,\ 0f,08,05,7b,2f,af,01,93,7f,68,bc,6e,fc,06,09,97,0d,57,d3,ae,cb,83,4d,c1,40,\ 6b,22,ea,f4,36,13,32,28,c0,44,f6,48,0d,cd,d2,18,53,bb,ab,3b,17,77,5e,bd,83,\ 5a,8b,50,da,3e,22,4b,56,18,86,be,bb,19,cd,5d,78,e6,24,c5,1b,24,35,0e,49,0e,\ 3c,e3,d1,02,1f,d9,f3,dc,cf,4b,01,7c,30,0a,19,3d,75,ec,11,47,9d,49,44,2a,08,\ 5b,ff,18,80,7c,86,8f,b8,cc,1b,a0,75,4a,dd,29,31,d6,7b,3e,69,c4,9e,c5,3a,bb,\ ee,5d,d2,11,8a,64,e5,1b,ac,16,5d,56,b3,a5,e0,f5,91,e9,49,48,17,e0,f1,49,42,\ bb,f2,31,d1,6a,c2,26,6f,a3,c8,8e,22,8c,e3,77,31,96,20,b9,f7,a1,ff,27,23,0f,\ a7,52,80,6b,34,a7,d0,6b,c4,25,cc,34,23,80,f0,0e,d0,8a,13,b6,6e,ac,33,9c,d2,\ 4b,1a,34,f3,1b,56,88,b6,12,29,c3,5c,58,fd,1b,a1,a5,31,8f,9c,ac,63,39,38,cf,\ e7,eb,0d,71,5b,b4,df,0f,72,f4,e2,4e,e9,e6,e1,11,b2,96,58,d8,81,fa,6a,91,f6,\ 32,4e,f4,5a,70,92,f4,6d,83,17,b0,b9,db,58,c5,e6,37,a7,fa,62,55,f2,ca,c9,c3,\ 2d,3a,d3,e8,18,0e,5c,46,95,77,5e,f7,e6,85,06,5d,26,63,66,02,03,d7,c8,d5,cc,\ 00,b8,e2,2c,e4,15,69,8c,a3,5b,ae,2b,53,7e,17,c4,38,28,7e,5f,c0,c9,df,6c,15,\ 52,d9,9c,a1,61,a6,b9,28,68,aa,4d,95,08,ca,e6,9d,ed,f2,8e,e9,53,56,3e,dd,d6,\ 60,da,cc,17,9e,21,94,1e,ef,02,1c,d1,fc,e4,1c,b2,7b,7e,65,52,c9,29,d7,49,76,\ 20,87,b1,b7,63,a7,be,00,a3,a5,2b,69,37,69,d3,08,38,f1,e2,8b,85,08,5f,d3,18,\ db,80,0a,90,41,04,5e,0b,1c,a2,c2,70,04,42,39,49,28,63,c1,ea,05,1f,9d,95,6e,\ 5d,5f,d1,6c,07,4f,bf,6c,5a,e1,f3,03,3a,c9,a7,c7,70,4b,90,12,82,9f,2f,ad,92,\ 13,50,6f,cf,36,16,fc,53,12,2b,84,0e,e8,fc,93,c9,32,97,28,4b,38,88,67,56,72,\ f8,e2,c7,68,78,af,dc,be,69,fa,d0,1a,3b,c5,5c,9f,d9,1d,e0,f9,ee,d7,a7,53,dd,\ e9,d9,59,80,ce,c5,2d,e1,c2,60,a5,1f,6b,db,10,c2,c4,cd,cf,d2,f5,03,f1,db,cb,\ 6e,de,09,3a,de,89,38,ea,e2,8e,b8,f5,50,9d,ea,70,fa,d7,05,9c,67,f7,6f,40,e2,\ 36,a8,e6,71,3e,08,bc,5e,f2,49,f3,8e,1e,59,21,f0,c2,d5,69,79,bd,7e,72,4e,9d,\ 01,d3,e6,4d,7a,11,71,26,49,80,8a,5f,8f,7c,d0,18,49,d4,bf,e2,f7,4e,f4,a5,6b,\ 3c,f8,d5,dc,38,a5,de,44,78,71,90,58,bb,4e,67,64,93,74,19,24,88,c2,bf,08,e0,\ a2,ff,eb,50,8b,1c,11,84,dd,21,f0,41,d2,d1,63,84,2e,56,61,01,c7,d6,aa,b2,52,\ 11,34,ca,15,7b,88,a1,bf,3a,63,63,49,23,79,f6,76,d7,14,99,37,96,09,9e,59,9b,\ c6,2e,50,61,95,50,18,7a,11,2e,bb,fc,22,ca,ba,35,b3,5c,43,f3,6a,89,f0,05,d5,\ 58,17,aa,ea,0b,7b,31,c3,52,52,c3,33,57,26,74,44,16,81,cb,83,1f,8e,ce,37,60,\ 04,01,97,c7,e0,b4,09,61,a2,56,0d,7e,6e,23,b9,e3,f9,4a,84,ae,5a,59,20,dc,dc,\ d1,9e,0f,60,ac,22,70,7d,b6,cc,83,05,e7,ed,e1,30,f2,6d,91,e8,a1,04,06,54,35,\ 50,df,4b,84,7c,25,cf,bb,79,df,1b,27,9f,34,4d,c7,0a,7c,f9,5f,fa,a4,f2,8d,1c,\ b0,61,f8,43,32,8c,8b,e8,5e,18,44,17,23,f6,a0,9b,07,f4,f4,e2,72,29,fc,cc,9c,\ 36,d9,c1,3b,44,1e,08,85,0a,b7,0b,de,c1,48,a1,a2,88,0d,04,eb,55,c3,d8,69,a8,\ 25,54,94,75,99,85,c5,a6,85,b7,c3,96,b2,d6,51,d8,54,4e,ad,88,91,8d,ed,15,1f,\ ba,07,20,25,ca,8e,e2,a0,7a,e2,0e,1d,12,86,ab,f9,e9,8b,63,b3,7c,a4,f7,ae,3f,\ 07,68,bc,32,9f,5f,d7,bf,f3,ab,24,f0,41,f4,1b,9d,8e,62,e7,45,2e,01,18,c6,58,\ a7,e8,76,f4,e4,1a,90,17,b5,af,93,00,6a,f3,7f,77,b4,a2,d7,ce,3a,36,dc,f3,3c,\ 2e,79,6c,92,0a,78,a7,78,61,dd,21,0e,45,9e,a1,05,2e,d2,d2,60,d8,be,ff,a1,9c,\ ad,ef,13,af,f7,73,09,8c,93,4e,92,dc,6b,9e,b8,31,a2,ef,52,ec,8a,2d,c4,84,a6,\ 48,5c,3c,a0,95,b6,aa,4f,7e,c2,e7,4a,40,c3,69,2a,96,42,fe,11,d9,3a,64,9a,9f,\ 77,ab,a3,8a,6b,88,b3,66,2f,7a,37,48,28,b4,b9,21,f4,1a,bd,2a,b5,fd,44,4c,ef,\ 51,83,87,8d,cc,c6,78,76,8f,e6,48,0a,5d,48,c4,3e,f7,f2,10,28,92,19,75,aa,2f,\ 14,77,d1,2b,f4,20,73,f2,a2,f5,9f,c7,b4,41,49,63,1a,4f,cc,b7,45,ff,6b,c9,11,\ 71,5e,3d,38,c2,59,e2,ec,dc,94,cd,36,cc,9b,40,9f,fb,fd,04,ff,7b,34,ff,ae,38,\ 80,06,e9,06,c2,7f,17,2e,ea,18,1c,a4,cb,b5,39,31,1c,dd,dd,ba,f5,85,82,2f,6c,\ be,28,ba,d7,81,d8,56,52,af,3a,5c,a5,c4,52,b1,18,b1,e5,1d,a4,65,4f,ba,c2,55,\ 6b,62,30,be,13,c5,0f,13,d5,2f,21,95,fb,49,4a,07,e6,08,25,cf,c3,02,2b,d8,b6,\ f1,79,10,eb,d6,3a,d8,89,09,ff,8b,92,0b,e4,1b,c9,44,ba,52,3c,08,a6,37,22,a2,\ 28,d6,7d,fc,78,4d,7e,dd,ba,4a,d4,5c,cb,06,7d,d2,00,7d,4b,92,c4,00,47,3d,29,\ 45,41,ca,a5,b1,7f,6b,7d,7e,8e,a7,74,f3,fc,09,9f,f6,0e,02,22,d6,d3,cf,e8,9f,\ 86,0e,6d,66,41,0c,e3,2a,24,40,f2,78,7a,78,34,35,e5,f6,fa,39,50,83,d0,77,b6,\ df,13,93,41,b5,4e,8c,a5,e2,2b,ba,08,8b,02,82,11,ab,99,f6,98,cd,61,a4,6a,3b,\ 57,96,c5,e8,d1,c3,cd,65,fa,78,71,f3,92,b7,d2,22,6b,3f,cf,7a,1f,67,e1,ba,c9,\ 3b,46,f5,70,2a,15,c5,5d,2c,2b,cc,1d,33,3d,32,2e,fc,af,5f,f9,7a,e9,a7,b0,58,\ 6f,8f,52,6d,7c,87,56,ab,28,1b,35,af,de,7c,0e,67,86,5b,3a,3f,8b,48,78,a8,f0,\ e2,32,25,7d,55,2d,d2,b7,fc,03,8d,0a,12,85,31,70,3a,5c,9f,ad,b0,9a,cc,b9,f7,\ 64,b8,28,d2,f6,5d,1c,3e,a9,33,2d,af,a5,f6,3e,c6,7e,f3,e3,3f,53,28,1e,7a,2e,\ 52,c5,f3,2f,cf,39,6a,dd,da,cb,7b,ec,70,0e,91,85,4d,04,90,b4,5e,b0,89,a9,95,\ 73,0b,ab,e7,17,6a,d2,51,e6,4a,66,64,1f,3e,26,2d,24,22,05,d5,8b,4c,71,94,05,\ 8e,f3,39,a4,98,ba,a5,7c,5f,a3,9c,07,ab,ab,e9,f0,29,12,f6,92,e6,92,5d,ab,1e,\ cf,dc,cb,d3,4d,4e,00,d1,45,d7,39,a2,50,63,d2,87,a3,c5,fb,38,86,4e,22,7a,50,\ 89,c2,e0,55,6f,1b,ae,fc,6d,5a,16,9b,b6,7d,7b,12,b8,d2,46,e0,b6,28,7d,6d,30,\ 21,71,4e,99,16,bd,60,3c,df,79,92,e2,95,ec,c4,7e,57,d1,67,a5,95,72,c9,c6,be,\ c3,37,b2,e1,ef,ad,d7,84,09,15,fa,32,97,29,71,3b,5b,48,e2,cb,59,12,27,e0,89,\ 19,d8,43,00,37,53,2e,ea,89,68,62,72,4f,78,5e,da,ab,bd,95,ae,88,c9,21,7d,6f,\ df,7b,ec,19,f8,5a,20,ff,9a,67,17,07,73,f3,c1,47,8e,81,5d,08,a7,73,ca,58,17,\ 13,d5,56,8e,de,5f,60,f8,af,9c,27,27,1c,85,84,e3,00,71,83,4d,8d,ae,56,f5,cd,\ f7,42,9c,ff,ed,28,cd,47,1d,86,6a,10,ac,03,d7,81,e8,cb,76,33,65,0c,0c,f4,0f,\ 41,d2,55,a3,93,91,bd,3b,84,b3,99,e8,87,e5,a0,cc,3c,dd,e5,df,91,59,b6,8d,e1,\ 91,7c,c4,0b,95,d3,4f,8b,e4,8d,65,7b,a8,75,74,72,a5,1f,00,96,5a,46,06,6f,6c,\ 5c,27,0d,b6,db,4e,aa,4e,d0,59,ed,28,e6,8f,77,ed,ff,62,ec,90,26,8d,1c,55,08,\ ce,16,18,c3,1f,b0,b2,f3,e7,69,94,2a,ee,b0,e0,f5,3a,3e,d1,83,5c,9c,62,69,de,\ d7,2d,52,06,a1,99,ab,f7,bf,e0,24,06,4b,cf,31,80,4a,8b,cf,f7,c9,2c,7a,08,b2,\ ca,14,55,b3,54,d2,b2,e0,43,b1,90,54,dd,cb,7e,72,42,5f,84,60,11,39,85,2f,14,\ 6e,b8,49,06,88,83,ef,7e,94,ae,0c,1d,07,b9,fb,58,b6,8f,78,5a,70,61,e5,37,78,\ c7,4f,98,ee,e4,20,2f,f3,30,25,1c,40,86,60,30,03,6f,17,ab,61,60,03,28,34,55,\ 9f,5a,d0,da,37,37,2e,8c,80,b8,2a,e6,49,71,2c,0a,bb,d1,5f,59,68,79,7a,1d,3a,\ 3b,f8,4c,e7,38,4c,02,27,f8,06,f3,49,30,07,30,68,5f,6f,36,ac,8d,a5,a3,c1,33,\ ae,a5,f9,e3,8e,57,f8,c8,32,a0,0f,39,38,91,25,2b,1e,fa,52,60,c7,e5,c4,df,a8,\ a6,fd,f4,aa,41,af,f7,1c,10,df,29,77,64,fa,a0,07,0d,b9,57,a8,34,c0,d6,89,7e,\ 7f,b8,44,ea,4c,a9,a1,0a,7c,80,0f,61,18,fd,8b,17,11,ea,66,2a,ee,8c,d5,de,4b,\ 50,06,08,69,21,ec,68,0f,ad,cd,35,7e,4a,14,18,65,d6,62,5a,ba,cf,36,e6,29,02,\ 75,60,4c,2f,8e,70,ef,de,4b,73,9f,d3,fc,c1,a1,64,a4,b9,6b,b2,51,a3,9e,65,99,\ 13,10,ff,2d,a6,59,b0,9c,19,05,10,c2,c6,8a,4d,83,67,12,d7,05,1b,44,cc,85,03,\ 27,c7,d4,26,66,78,1f,8b,f4,40,fe,7e,30,05,b3,84,6e,29,a8,d0,1f,03,f9,0e,86,\ 35,80,37,60,52,3a,95,5d,46,b9,35,fc,3a,e4,07,fb,4e,f9,7b,79,d5,52,0f,fb,df,\ 04,23,bf,22,6b,62,0c,cc,f2,7a,70,0f,71,68,36,98,f4,8c,6b,19,f7,42,d2,da,6d,\ 21,77,7e,86,0a,ab,1f,55,4e,1b,f2,76,0b,3d,fb,f1,35,20,59,3c,23,ee,e4,6b,88,\ 7d,21,0f,eb,e6,24,52,fe,db,fe,6f,a1,aa,cd,68,50,8c,3e,85,55,6d,e2,13,66,e2,\ d0,b0,26,a5,0a,4c,af,7b,ac,c5,11,10,51,31,d7,0f,1e,36,69,6e,74,46,5b,90,47,\ ab,e8,f5,c6,c0,1a,08,52,46,cf,2a,57,a7,06,e0,9b,b6,76,6e,bd,9e,49,66,bf,d0,\ e1,76,1d,f1,a1,e9,6e,1e,62,95,7b,30,a0,ab,5a,b3,cb,ee,1e,55,1a,f3,80,bb,de,\ 08,44,6e,58,29,76,63,5c,8a,8e,45,21,20,5f,a1,ec,24,d8,a2,a1,ab,f1,4b,f8,a3,\ b3,8e,34,c4,f7,c6,f2,d8,73,ac,c5,29,8d,26,9a,be,ad,0f,ab,e4,c3,12,0c,c8,3a,\ d6,da,75,b4,ca,d4,58,6c,ae,91,71,16,ae,69,67,8b,e3,51,0a,c7,52,1d,e3,1a,0d,\ 65,71,75,6b,0d,ed,22,02,b0,8c,16,4d,31 "rkeysecu"=hex:85,07,fe,91,9d,9c,ec,08,bd,f2,08,94,bb,57,ff,7f . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\vrlogon.dll c:\windows\system32\tvt_gina.dll c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll c:\program files\ThinkPad\ConnectUtilities\Res\US\ACGinaRes.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\ThinkVantage Fingerprint Software\remote.dll c:\program files\ThinkVantage Fingerprint Software\pscssint.dll c:\program files\ThinkVantage Fingerprint Software\crypto.dll - - - - - - - > 'lsass.exe'(1080) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\windows\system32\lkcitdl.exe c:\windows\system32\lkads.exe c:\windows\system32\lktsrv.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\National Instruments\MAX\nimxs.exe c:\program files\National Instruments\Shared\Security\nidmsrv.exe c:\windows\system32\nisvcloc.exe c:\program files\National Instruments\Shared\Tagger\tagsrv.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\system32\TPHDEXLG.exe c:\windows\system32\TpKmpSvc.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\ThinkPad\Bluetooth Software\BTStackServer.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-01-04 14:47:14 - machine was rebooted [patelc] ComboFix-quarantined-files.txt 2009-01-04 19:47:10 Pre-Run: 101,779,275,776 bytes free Post-Run: 102,097,182,720 bytes free 547 --- E O F --- 2008-12-12 04:19:42

greyknight17 View Member Profile	Jan 4 2009, 04:02 PM Post #6
Malware Expert Posts: 16,559 From: New York OS: Windows 98, XP, Vista, Mac OS X	Did you go to Add/Remove Programs panel to uninstall Viewpoint first before trying to delete the folder? Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad: QUOTE KILLALL:: Driver:: Viewpoint Manager Service File:: c:\windows\system32\efzhke.dll c:\windows\Tasks\sbqvvovb.job Folder:: c:\program files\Viewpoint\ Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Save this as CFScript.txt in the same location as the ComboFix.exe tool. Drag the CFScript.txt into ComboFix.exe Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply. Note: Do not click on combofix's window while it's running. That may cause it to stall. How is the computer running so far?

patel715 View Member Profile	Jan 4 2009, 06:23 PM Post #7
Member Posts: 31 OS: windows xp	Well the computer is a little better, I mean i don't get pop-ups as long as i remember. And i think i was able to delete viewpoint from the program list. But was the computer suppose to restart again when i dragged the text into combofix, because i didn't see it input in what you wrote. I may be wrong though. But here's the log report ComboFix 09-01-02.01 - patelc 2009-01-04 17:52:10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1204 [GMT -5:00] Running from: c:\documents and settings\patelc\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\patelc\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition On-access scanning disabled (Updated) * Created a new restore point FILE :: c:\windows\system32\efzhke.dll c:\windows\Tasks\sbqvvovb.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Viewpoint\ c:\program files\Viewpoint\\Common\ViewpointService.exe c:\program files\Viewpoint\\Common\VistaBoot.sdll c:\program files\Viewpoint\\Viewpoint Media Player\AxMetaStream.dll c:\program files\Viewpoint\\Viewpoint Media Player\ClassIDs.ini c:\program files\Viewpoint\\Viewpoint Media Player\ComponentMgr.dll c:\program files\Viewpoint\\Viewpoint Media Player\MetaStreamID.ini c:\program files\Viewpoint\\Viewpoint Media Player\MtsAxInstaller.exe c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\AOLUserShell.dll c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\Cursors.dll c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\JpegReader.dll c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\Mts3Reader.dll c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\SceneComponent.dll c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\SreeDMMX.dll c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\SWFView.dll c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\VMPSpeech.dll c:\program files\Viewpoint\\Viewpoint Media Player\NewComponents\VMPVideo2.dll c:\program files\Viewpoint\\Viewpoint Media Player\npViewpoint.dll c:\program files\Viewpoint\\Viewpoint Media Player\npViewpoint.xpt c:\windows\Tasks\sbqvvovb.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VIEWPOINT_MANAGER_SERVICE -------\Service_Viewpoint Manager Service ((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 ))))))))))))))))))))))))))))))) . 2009-01-03 22:57 . 2009-01-03 22:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-03 22:57 . 2009-01-03 22:57 <DIR> d-------- c:\documents and settings\patelc\Application Data\Malwarebytes 2009-01-03 22:57 . 2009-01-03 22:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-03 22:57 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-03 22:57 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-27 19:22 . 2008-12-27 19:22 <DIR> d-------- c:\program files\Trend Micro 2008-12-14 15:13 . 2008-12-14 15:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\SwiftSwitch 2008-12-10 14:28 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-12-04 10:03 . 2008-12-04 10:03 268 --ah----- C:\sqmdata15.sqm 2008-12-04 10:03 . 2008-12-04 10:03 244 --ah----- C:\sqmnoopt15.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-04 19:41 --------- d-----w c:\documents and settings\patelc\Application Data\IM 2009-01-04 19:16 31 ----a-w c:\documents and settings\patelc\jagex_runescape_preferences.dat 2008-12-27 03:33 --------- d-----w c:\program files\Steam 2008-12-27 01:58 --------- d-----w c:\program files\AutoMacroRecorder 2008-12-27 00:32 --------- d-----w c:\program files\Lenovo 2008-12-27 00:32 --------- d-----w c:\program files\Common Files\Lenovo 2008-12-26 21:41 --------- d-----w c:\program files\DivX 2008-12-26 02:29 --------- d-----w c:\program files\Symantec AntiVirus 2008-12-12 04:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-08 07:00 --------- d-----w c:\program files\Full Tilt Poker 2008-12-01 19:53 --------- d-----w c:\documents and settings\patelc\Application Data\Red Alert 3 2008-12-01 19:23 --------- d-----w c:\program files\Electronic Arts 2008-12-01 01:52 --------- d-----w c:\documents and settings\patelc\Application Data\U3 2008-11-25 05:09 --------- d-----w c:\documents and settings\patelc\Application Data\LimeWire 2008-11-25 05:08 --------- d-----w c:\documents and settings\patelc\Application Data\Apple Computer 2008-11-25 03:54 --------- d-----w c:\program files\LimeWire 2008-10-28 02:21 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-10-28 02:21 249,856 ------w c:\windows\Setup1.exe 2008-09-14 06:17 82,494 ----a-w c:\program files\Uninstal.exe 2007-08-14 08:25 90,112 ----a-w c:\program files\DemoPlayer.dll 2007-08-14 08:25 69,632 ----a-w c:\program files\dbg.dll 2007-08-14 08:25 62,976 ----a-w c:\program files\steam_api.dll 2007-08-14 08:25 351,744 ----a-w c:\program files\Mss32.dll 2007-08-14 08:25 332,800 ----a-w c:\program files\vstdlib_s.dll 2007-08-14 08:25 241,664 ----a-w c:\program files\tier0.dll 2007-08-14 08:25 226,304 ----a-w c:\program files\tier0_s.dll 2007-08-14 08:25 211,456 ----a-w c:\program files\a3dapi.dll 2007-08-14 08:25 196,608 ----a-w c:\program files\vstdlib.dll 2007-08-14 08:25 122,974 ----a-w c:\program files\FileSystem_Steam.dll 2007-03-17 08:04 307,200 ----a-w c:\program files\steam.dll 2004-03-15 21:51 114,688 ----a-w c:\program files\internet explorer\plugins\LV71ActiveXControl.dll 2006-01-23 14:32 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll 2007-02-08 14:48 133,920 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll 2007-07-24 22:03 118,784 ----a-w c:\program files\internet explorer\plugins\LV85ActiveXControl.dll 2008-07-03 19:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat 2008-06-16 22:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-07-03 18:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-04_14.46.27.04 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-04 16:59:01 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat + 2009-01-04 19:59:02 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat - 2009-01-04 19:29:17 90,196 ----a-w c:\windows\system32\perfc009.dat + 2009-01-04 22:59:48 90,196 ----a-w c:\windows\system32\perfc009.dat - 2009-01-04 19:29:17 491,804 ----a-w c:\windows\system32\perfh009.dat + 2009-01-04 22:59:48 491,804 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-21 13524992] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-21 86016] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-01-11 144728] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-01-11 124248] "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-11 294912] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-11 208896] "SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-06-14 6862104] "niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-12-23 106064] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-03-14 126976] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-03-14 425984] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "nwiz"="nwiz.exe" [2008-03-21 c:\windows\system32\nwiz.exe] "TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\system32\TpShocks.exe] c:\documents and settings\Admin\Start Menu\Programs\Startup\ Shortcut to bg.lnk - c:\documents and settings\Admin\BGinfo\bg.bat [2008-05-21 34] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceStartMenuLogOff"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-08-14 14:54 89600 c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2008-03-14 17:54 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2746289630-3061505222-2800193894-63121\Scripts\Logon\0\0] "Script"=\\wit.private\SysVol\wit.private\scripts\students.bat [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MATLAB License Server"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Ruckus Player\\Ruckus.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:Enabled:CombatArms.exe "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:Enabled:Engine.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Steam\\SteamApps\\fr3ak715\\counter-strike source\\hl2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2007-07-10 15448] R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504] R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-05-21 11520] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-05-21 4224] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-05-21 4442] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-12 99376] R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2007-12-14 11360] R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2007-12-14 11360] R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2007-12-18 11360] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-05-22 30336] R4 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2007-02-16 12696] R4 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2007-09-18 11552] R4 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2007-07-19 11360] R4 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [2008-06-04 237568] R4 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896] S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2007-12-20 20056] S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2007-10-08 25888] S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2007-10-08 11552] S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2007-10-08 22360] S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2007-12-26 11352] S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2008-02-22 11336] S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2007-12-18 11336] S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2008-02-15 11344] S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2008-02-22 11336] S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2008-02-22 11336] S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2007-12-26 11352] S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-01-11 11392] S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2007-04-04 14464] S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2007-04-04 151683] S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2007-12-18 11368] S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2007-12-27 11360] S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2007-12-12 11904] S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2007-12-12 11896] S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2007-11-26 20768] S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2008-01-07 11376] S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2008-01-07 11352] S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2007-12-20 11344] S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2008-01-07 11376] S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2008-02-22 11336] S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2008-01-07 11312] S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2008-02-14 11360] S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-01-02 11336] S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2008-02-19 11360] S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2008-02-22 11368] S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2007-07-19 11384] S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2007-07-19 11360] S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2008-02-22 11336] S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2008-02-22 11336] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952] S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?] S4 MATLAB License Server;MATLAB License Server;c:\program files\MATLAB\R2008a\flexlm\lmgrd.exe [2008-06-16 1339392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##ntwit17#office12$] \Shell\AutoRun\command - X:\SETUP.EXE \Shell\configure\command - X:\SETUP.EXE \Shell\install\command - X:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0D0467EA-54FA-4CD1-9D91-D4D093F26821}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{115E4588-E14D-4105-8DCB-190DBDD7CC37}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3B67A8B7-7860-43E2-98D9-23C241353757}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4CA450E5-3117-44A1-932E-07938F381037}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835b0437-7f5c-11dd-a614-001f3baf0a51}] \Shell\Auto\command - Windows.scr \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{A8EF4C2C-0D15-4362-8F63-AFF1A642B72C}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{AE77DF5F-7B6E-4FF0-842B-791D3962E602}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aed48d19-bf4a-11dd-a645-001f3baf0a51}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b85030a2-9a04-11dd-a637-001f3baf0a51}] \Shell\AutoRun\command - E:\StartPortableApps.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{C6EDC877-F9D0-43F3-8B4F-03DA6D0F716E}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{E73490C3-5040-498D-987D-D2E9F130DB24}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{FEE45688-7813-4590-B733-66F2E4CF08DB}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE Newly Created Service - NIPALK . Contents of the 'Scheduled Tasks' folder 2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-01-04 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-11 00:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://lconnect.wit.edu/ uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm c:\windows\system32\capicom.dll - c:\windows\Downloaded Program Files\acpir2.dll O16 -: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://www-307.ibm.com/pc/support/acpir.cab c:\windows\Downloaded Program Files\acpir.inf FF - ProfilePath - c:\documents and settings\patelc\Application Data\Mozilla\Firefox\Profiles\p7m8mv7h.default\ FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-04 18:35:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2746289630-3061505222-2800193894-63121\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEYNULL] "??"=hex:df,ac,28,92,6e,8e,8f,e4,0a,74,ce,41,44,2c,74,22,e2,ab,b6,b2,91,e5,01,\ 55,2d,7d,8b,30,76,6f,83,8b,f9,6f,5a,32,a2,3d,a2,23,44,fb,99,0a,7e,32,13,12,\ 45,04,5b,62,be,ca,dc,e6,0e,98,54,21,ec,4c,a4,b3,25,55,e0,9a,32,af,d8,f5,54,\ ce,9c,29,58,ab,29,41,09,fa,2e,a6,0d,c2,b0,96,a9,f9,c2,c8,e4,d2,ce,c2,6c,13,\ d1,8b,d8,5e,8c,65,91,21,f3,90,cd,8f,8e,9f,6b,e6,cb,63,19,53,7b,88,41,dc,ad,\ 53,57,e7,35,3f,f9,75,06,3a,d9,c3,d5,5f,6f,11,93,64,95,fd,a6,fe,62,90,dc,4b,\ 0e,79,0c,54,49,6b,7c,20,38,16,99,ec,96,e6,be,50,05,ce,05,ed,26,fd,5d,0b,50,\ 6b,2b,fe,49,c2,b1,c4,ac,6d,e4,e2,d4,61,4a,c1,af,5a,35,95,8c,60,bb,98,a0,63,\ 2f,53,f9,c2,88,90,5b,cd,d4,41,3a,7a,9e,11,42,4b,2e,10,fd,79,66,57,fa,50,63,\ 51,3e,75,5b,69,7c,f8,9b,03,93,6e,2d,d8,38,cc,89,9b,b8,58,6d,fc,5d,d9,18,80,\ c7,64,a7,fd,ed,1b,d6,ba,b1,d2,b0,45,9d,0e,38,67,35,40,ff,df,97,16,68,be,e5,\ 12,3c,99,d4,b1,d2,c1,3d,36,ff,43,7f,9e,ac,f3,03,bb,0e,ff,02,fa,17,a8,db,e3,\ ca,e5,82,5c,a4,27,b7,b1,72,82,f2,73,bc,16,1f,c9,2c,a7,2d,a7,02,32,96,a5,e4,\ 30,c9,86,43,fb,98,35,e4,1b,b4,b3,d1,34,29,2d,44,ca,13,63,8c,ed,50,64,d0,c4,\ fb,55,5e,9e,eb,ef,44,d6,b0,a9,43,8f,29,7f,2b,4e,34,e7,e2,38,2c,1c,f5,d4,85,\ 61,e5,bb,be,42,ef,b5,28,e6,0f,6d,c2,33,f3,70,b8,a1,61,3e,4a,c8,6c,25,55,f1,\ dc,05,03,16,33,f8,58,ea,a9,ef,47,7a,43,cb,d0,dd,d8,63,99,ad,ed,eb,3f,d7,5e,\ d6,35,d1,d7,a2,bd,2d,26,28,d4,6f,8c,ce,79,e1,71,27,69,a3,4e,27,eb,87,47,a2,\ 84,24,87,01,6e,0f,48,db,38,b3,5e,32,e1,5d,b4,d9,86,71,32,c5,69,28,c2,b3,44,\ 91,8d,08,4c,2b,f2,0d,f2,c1,40,b6,e8,2b,2d,0a,40,32,88,8e,9e,b6,c3,e7,f4,d2,\ 4a,56,19,07,1a,2b,2f,9d,16,f5,34,f3,08,97,31,21,c3,24,89,24,c4,41,fb,22,3b,\ c0,88,4c,7c,a2,d4,c8,24,f6,8d,65,89,77,a8,da,d0,27,c5,c2,25,b4,80,7d,cc,39,\ bf,be,cd,ce,20,44,1f,fe,45,f8,b4,19,f0,00,a4,53,4d,54,bf,80,36,ac,09,f2,06,\ 91,d1,7d,f0,5a,95,39,60,82,a1,a4,3d,c0,6d,03,8f,d0,e2,cf,27,aa,a8,02,6c,29,\ f1,0e,70,5c,8c,27,3d,f9,63,ed,05,ae,e9,86,74,91,7e,cd,47,4f,ff,77,8a,17,7b,\ 0a,6d,bc,ee,2f,44,5a,a4,4e,8e,57,a6,b7,ee,7b,fb,9d,fe,5a,da,75,fc,db,fc,c2,\ 2d,40,d5,48,b9,83,31,ce,5d,da,77,ff,da,96,6b,ab,e4,d2,a1,b2,d3,30,93,75,0e,\ ac,d5,48,f5,37,65,52,ec,be,3d,01,d7,84,9b,c8,a3,ea,98,a0,23,9f,f8,a0,9c,31,\ b5,97,2c,ae,b2,2f,9e,37,46,39,1f,e0,b1,12,3b,94,3e,87,11,08,e2,b1,6b,f5,21,\ ce,c4,2c,da,fb,46,ef,86,4e,a8,a4,3a,55,b6,1f,30,bf,4a,77,32,46,cd,79,9a,d9,\ f4,d5,89,16,8c,77,77,74,40,f4,60,71,8a,78,d0,1c,03,9e,05,72,6c,f1,4a,26,36,\ 72,65,9b,9f,7d,c8,94,34,e7,09,f4,25,98,d5,f7,9c,cc,2b,9c,9b,0f,6c,0a,e4,4e,\ e6,17,ab,12,cb,5d,c2,e4,85,bc,da,bf,90,71,3a,c1,a6,d2,c1,ac,65,56,a2,b0,21,\ 2d,7f,8a,65,93,09,5f,3e,bd,0c,03,6d,fc,85,bd,0d,7a,fe,67,c2,b0,45,12,6f,f8,\ a4,05,64,9d,ac,1d,1c,95,a4 "??"=hex:1c,cd,f0,4e,8e,b3,c5,7d,3c,3a,c5,02,5e,02,1c,2c [HKEY_USERS\S-1-5-21-2746289630-3061505222-2800193894-63121\Software\SecuROM\License informationNULL] "datasecu"=hex:f0,4f,95,26,23,81,43,62,0e,84,ae,bc,ff,3a,d0,eb,e3,ee,7d,f4,69,\ 47,cc,a0,70,08,f5,c9,26,9a,0a,61,9e,a1,c2,16,22,90,7c,68,ed,6d,82,09,bb,c0,\ 63,38,8d,4e,8c,47,dd,bc,87,09,81,02,b8,89,fb,1a,24,0b,85,96,54,89,b4,a4,07,\ b7,ad,5e,9c,3d,95,65,ba,ba,31,0e,85,ac,0c,67,20,dc,10,0d,48,ac,e8,6d,30,b9,\ a1,4e,d2,e3,0d,64,f0,0c,88,a7,c5,23,f9,6b,c2,05,9d,52,03,68,b6,b5,cf,85,dd,\ e6,70,41,ab,42,dd,92,ec,c3,1e,4a,24,2b,02,19,3b,18,73,38,2f,73,b7,3c,ad,bc,\ 24,4f,07,cb,b7,39,ca,43,ed,3a,3d,e8,e5,89,3b,55,8a,6c,82,28,04,90,13,48,45,\ 6c,8e,97,9b,36,40,05,21,cb,4d,9e,cc,df,b2,e0,3c,e1,7d,87,2d,b5,18,3e,33,65,\ bb,c9,15,65,7f,45,cd,7e,69,0a,7a,5b,e7,9c,67,c0,4d,ab,cb,87,13,f3,3c,eb,b8,\ 9e,9b,78,c1,3f,22,a2,fe,4d,0a,c0,f8,38,83,95,8e,d6,c9,7d,4c,88,81,c1,37,2d,\ cf,23,be,93,8b,85,bd,2f,0b,35,59,40,46,c1,48,da,4a,1c,86,af,b0,3e,2f,40,86,\ ec,f7,d4,a0,b5,cb,19,1c,b1,34,d6,fe,bb,54,3c,e3,07,4e,f0,59,17,c2,76,41,c7,\ 24,55,50,25,da,15,15,f5,27,9f,85,7e,d8,de,b7,2f,05,0c,99,cb,37,f8,9c,f2,6c,\ e9,25,ca,e2,e2,b8,39,0d,0d,3e,87,cc,88,3b,0c,fb,48,b4,9f,2d,0a,06,dd,dd,2c,\ 3f,2b,e3,a2,ae,9d,68,1d,3c,f2,0b,71,8a,bd,60,0e,2d,9e,cf,c2,93,65,dc,e0,98,\ 8c,71,5c,6b,cb,e7,43,9f,f8,bb,98,46,25,b2,4f,1d,bb,9e,47,b5,f4,af,0e,f0,d9,\ 36,2b,5a,0b,a4,5d,1c,be,74,2c,4a,94,b4,d3,e4,de,46,fe,2e,c6,44,19,0c,86,99,\ 0f,08,05,7b,2f,af,01,93,7f,68,bc,6e,fc,06,09,97,0d,57,d3,ae,cb,83,4d,c1,40,\ 6b,22,ea,f4,36,13,32,28,c0,44,f6,48,0d,cd,d2,18,53,bb,ab,3b,17,77,5e,bd,83,\ 5a,8b,50,da,3e,22,4b,56,18,86,be,bb,19,cd,5d,78,e6,24,c5,1b,24,35,0e,49,0e,\ 3c,e3,d1,02,1f,d9,f3,dc,cf,4b,01,7c,30,0a,19,3d,75,ec,11,47,9d,49,44,2a,08,\ 5b,ff,18,80,7c,86,8f,b8,cc,1b,a0,75,4a,dd,29,31,d6,7b,3e,69,c4,9e,c5,3a,bb,\ ee,5d,d2,11,8a,64,e5,1b,ac,16,5d,56,b3,a5,e0,f5,91,e9,49,48,17,e0,f1,49,42,\ bb,f2,31,d1,6a,c2,26,6f,a3,c8,8e,22,8c,e3,77,31,96,20,b9,f7,a1,ff,27,23,0f,\ a7,52,80,6b,34,a7,d0,6b,c4,25,cc,34,23,80,f0,0e,d0,8a,13,b6,6e,ac,33,9c,d2,\ 4b,1a,34,f3,1b,56,88,b6,12,29,c3,5c,58,fd,1b,a1,a5,31,8f,9c,ac,63,39,38,cf,\ e7,eb,0d,71,5b,b4,df,0f,72,f4,e2,4e,e9,e6,e1,11,b2,96,58,d8,81,fa,6a,91,f6,\ 32,4e,f4,5a,70,92,f4,6d,83,17,b0,b9,db,58,c5,e6,37,a7,fa,62,55,f2,ca,c9,c3,\ 2d,3a,d3,e8,18,0e,5c,46,95,77,5e,f7,e6,85,06,5d,26,63,66,02,03,d7,c8,d5,cc,\ 00,b8,e2,2c,e4,15,69,8c,a3,5b,ae,2b,53,7e,17,c4,38,28,7e,5f,c0,c9,df,6c,15,\ 52,d9,9c,a1,61,a6,b9,28,68,aa,4d,95,08,ca,e6,9d,ed,f2,8e,e9,53,56,3e,dd,d6,\ 60,da,cc,17,9e,21,94,1e,ef,02,1c,d1,fc,e4,1c,b2,7b,7e,65,52,c9,29,d7,49,76,\ 20,87,b1,b7,63,a7,be,00,a3,a5,2b,69,37,69,d3,08,38,f1,e2,8b,85,08,5f,d3,18,\ db,80,0a,90,41,04,5e,0b,1c,a2,c2,70,04,42,39,49,28,63,c1,ea,05,1f,9d,95,6e,\ 5d,5f,d1,6c,07,4f,bf,6c,5a,e1,f3,03,3a,c9,a7,c7,70,4b,90,12,82,9f,2f,ad,92,\ 13,50,6f,cf,36,16,fc,53,12,2b,84,0e,e8,fc,93,c9,32,97,28,4b,38,88,67,56,72,\ f8,e2,c7,68,78,af,dc,be,69,fa,d0,1a,3b,c5,5c,9f,d9,1d,e0,f9,ee,d7,a7,53,dd,\ e9,d9,59,80,ce,c5,2d,e1,c2,60,a5,1f,6b,db,10,c2,c4,cd,cf,d2,f5,03,f1,db,cb,\ 6e,de,09,3a,de,89,38,ea,e2,8e,b8,f5,50,9d,ea,70,fa,d7,05,9c,67,f7,6f,40,e2,\ 36,a8,e6,71,3e,08,bc,5e,f2,49,f3,8e,1e,59,21,f0,c2,d5,69,79,bd,7e,72,4e,9d,\ 01,d3,e6,4d,7a,11,71,26,49,80,8a,5f,8f,7c,d0,18,49,d4,bf,e2,f7,4e,f4,a5,6b,\ 3c,f8,d5,dc,38,a5,de,44,78,71,90,58,bb,4e,67,64,93,74,19,24,88,c2,bf,08,e0,\ a2,ff,eb,50,8b,1c,11,84,dd,21,f0,41,d2,d1,63,84,2e,56,61,01,c7,d6,aa,b2,52,\ 11,34,ca,15,7b,88,a1,bf,3a,63,63,49,23,79,f6,76,d7,14,99,37,96,09,9e,59,9b,\ c6,2e,50,61,95,50,18,7a,11,2e,bb,fc,22,ca,ba,35,b3,5c,43,f3,6a,89,f0,05,d5,\ 58,17,aa,ea,0b,7b,31,c3,52,52,c3,33,57,26,74,44,16,81,cb,83,1f,8e,ce,37,60,\ 04,01,97,c7,e0,b4,09,61,a2,56,0d,7e,6e,23,b9,e3,f9,4a,84,ae,5a,59,20,dc,dc,\ d1,9e,0f,60,ac,22,70,7d,b6,cc,83,05,e7,ed,e1,30,f2,6d,91,e8,a1,04,06,54,35,\ 50,df,4b,84,7c,25,cf,bb,79,df,1b,27,9f,34,4d,c7,0a,7c,f9,5f,fa,a4,f2,8d,1c,\ b0,61,f8,43,32,8c,8b,e8,5e,18,44,17,23,f6,a0,9b,07,f4,f4,e2,72,29,fc,cc,9c,\ 36,d9,c1,3b,44,1e,08,85,0a,b7,0b,de,c1,48,a1,a2,88,0d,04,eb,55,c3,d8,69,a8,\ 25,54,94,75,99,85,c5,a6,85,b7,c3,96,b2,d6,51,d8,54,4e,ad,88,91,8d,ed,15,1f,\ ba,07,20,25,ca,8e,e2,a0,7a,e2,0e,1d,12,86,ab,f9,e9,8b,63,b3,7c,a4,f7,ae,3f,\ 07,68,bc,32,9f,5f,d7,bf,f3,ab,24,f0,41,f4,1b,9d,8e,62,e7,45,2e,01,18,c6,58,\ a7,e8,76,f4,e4,1a,90,17,b5,af,93,00,6a,f3,7f,77,b4,a2,d7,ce,3a,36,dc,f3,3c,\ 2e,79,6c,92,0a,78,a7,78,61,dd,21,0e,45,9e,a1,05,2e,d2,d2,60,d8,be,ff,a1,9c,\ ad,ef,13,af,f7,73,09,8c,93,4e,92,dc,6b,9e,b8,31,a2,ef,52,ec,8a,2d,c4,84,a6,\ 48,5c,3c,a0,95,b6,aa,4f,7e,c2,e7,4a,40,c3,69,2a,96,42,fe,11,d9,3a,64,9a,9f,\ 77,ab,a3,8a,6b,88,b3,66,2f,7a,37,48,28,b4,b9,21,f4,1a,bd,2a,b5,fd,44,4c,ef,\ 51,83,87,8d,cc,c6,78,76,8f,e6,48,0a,5d,48,c4,3e,f7,f2,10,28,92,19,75,aa,2f,\ 14,77,d1,2b,f4,20,73,f2,a2,f5,9f,c7,b4,41,49,63,1a,4f,cc,b7,45,ff,6b,c9,11,\ 71,5e,3d,38,c2,59,e2,ec,dc,94,cd,36,cc,9b,40,9f,fb,fd,04,ff,7b,34,ff,ae,38,\ 80,06,e9,06,c2,7f,17,2e,ea,18,1c,a4,cb,b5,39,31,1c,dd,dd,ba,f5,85,82,2f,6c,\ be,28,ba,d7,81,d8,56,52,af,3a,5c,a5,c4,52,b1,18,b1,e5,1d,a4,65,4f,ba,c2,55,\ 6b,62,30,be,13,c5,0f,13,d5,2f,21,95,fb,49,4a,07,e6,08,25,cf,c3,02,2b,d8,b6,\ f1,79,10,eb,d6,3a,d8,89,09,ff,8b,92,0b,e4,1b,c9,44,ba,52,3c,08,a6,37,22,a2,\ 28,d6,7d,fc,78,4d,7e,dd,ba,4a,d4,5c,cb,06,7d,d2,00,7d,4b,92,c4,00,47,3d,29,\ 45,41,ca,a5,b1,7f,6b,7d,7e,8e,a7,74,f3,fc,09,9f,f6,0e,02,22,d6,d3,cf,e8,9f,\ 86,0e,6d,66,41,0c,e3,2a,24,40,f2,78,7a,78,34,35,e5,f6,fa,39,50,83,d0,77,b6,\ df,13,93,41,b5,4e,8c,a5,e2,2b,ba,08,8b,02,82,11,ab,99,f6,98,cd,61,a4,6a,3b,\ 57,96,c5,e8,d1,c3,cd,65,fa,78,71,f3,92,b7,d2,22,6b,3f,cf,7a,1f,67,e1,ba,c9,\ 3b,46,f5,70,2a,15,c5,5d,2c,2b,cc,1d,33,3d,32,2e,fc,af,5f,f9,7a,e9,a7,b0,58,\ 6f,8f,52,6d,7c,87,56,ab,28,1b,35,af,de,7c,0e,67,86,5b,3a,3f,8b,48,78,a8,f0,\ e2,32,25,7d,55,2d,d2,b7,fc,03,8d,0a,12,85,31,70,3a,5c,9f,ad,b0,9a,cc,b9,f7,\ 64,b8,28,d2,f6,5d,1c,3e,a9,33,2d,af,a5,f6,3e,c6,7e,f3,e3,3f,53,28,1e,7a,2e,\ 52,c5,f3,2f,cf,39,6a,dd,da,cb,7b,ec,70,0e,91,85,4d,04,90,b4,5e,b0,89,a9,95,\ 73,0b,ab,e7,17,6a,d2,51,e6,4a,66,64,1f,3e,26,2d,24,22,05,d5,8b,4c,71,94,05,\ 8e,f3,39,a4,98,ba,a5,7c,5f,a3,9c,07,ab,ab,e9,f0,29,12,f6,92,e6,92,5d,ab,1e,\ cf,dc,cb,d3,4d,4e,00,d1,45,d7,39,a2,50,63,d2,87,a3,c5,fb,38,86,4e,22,7a,50,\ 89,c2,e0,55,6f,1b,ae,fc,6d,5a,16,9b,b6,7d,7b,12,b8,d2,46,e0,b6,28,7d,6d,30,\ 21,71,4e,99,16,bd,60,3c,df,79,92,e2,95,ec,c4,7e,57,d1,67,a5,95,72,c9,c6,be,\ c3,37,b2,e1,ef,ad,d7,84,09,15,fa,32,97,29,71,3b,5b,48,e2,cb,59,12,27,e0,89,\ 19,d8,43,00,37,53,2e,ea,89,68,62,72,4f,78,5e,da,ab,bd,95,ae,88,c9,21,7d,6f,\ df,7b,ec,19,f8,5a,20,ff,9a,67,17,07,73,f3,c1,47,8e,81,5d,08,a7,73,ca,58,17,\ 13,d5,56,8e,de,5f,60,f8,af,9c,27,27,1c,85,84,e3,00,71,83,4d,8d,ae,56,f5,cd,\ f7,42,9c,ff,ed,28,cd,47,1d,86,6a,10,ac,03,d7,81,e8,cb,76,33,65,0c,0c,f4,0f,\ 41,d2,55,a3,93,91,bd,3b,84,b3,99,e8,87,e5,a0,cc,3c,dd,e5,df,91,59,b6,8d,e1,\ 91,7c,c4,0b,95,d3,4f,8b,e4,8d,65,7b,a8,75,74,72,a5,1f,00,96,5a,46,06,6f,6c,\ 5c,27,0d,b6,db,4e,aa,4e,d0,59,ed,28,e6,8f,77,ed,ff,62,ec,90,26,8d,1c,55,08,\ ce,16,18,c3,1f,b0,b2,f3,e7,69,94,2a,ee,b0,e0,f5,3a,3e,d1,83,5c,9c,62,69,de,\ d7,2d,52,06,a1,99,ab,f7,bf,e0,24,06,4b,cf,31,80,4a,8b,cf,f7,c9,2c,7a,08,b2,\ ca,14,55,b3,54,d2,b2,e0,43,b1,90,54,dd,cb,7e,72,42,5f,84,60,11,39,85,2f,14,\ 6e,b8,49,06,88,83,ef,7e,94,ae,0c,1d,07,b9,fb,58,b6,8f,78,5a,70,61,e5,37,78,\ c7,4f,98,ee,e4,20,2f,f3,30,25,1c,40,86,60,30,03,6f,17,ab,61,60,03,28,34,55,\ 9f,5a,d0,da,37,37,2e,8c,80,b8,2a,e6,49,71,2c,0a,bb,d1,5f,59,68,79,7a,1d,3a,\ 3b,f8,4c,e7,38,4c,02,27,f8,06,f3,49,30,07,30,68,5f,6f,36,ac,8d,a5,a3,c1,33,\ ae,a5,f9,e3,8e,57,f8,c8,32,a0,0f,39,38,91,25,2b,1e,fa,52,60,c7,e5,c4,df,a8,\ a6,fd,f4,aa,41,af,f7,1c,10,df,29,77,64,fa,a0,07,0d,b9,57,a8,34,c0,d6,89,7e,\ 7f,b8,44,ea,4c,a9,a1,0a,7c,80,0f,61,18,fd,8b,17,11,ea,66,2a,ee,8c,d5,de,4b,\ 50,06,08,69,21,ec,68,0f,ad,cd,35,7e,4a,14,18,65,d6,62,5a,ba,cf,36,e6,29,02,\ 75,60,4c,2f,8e,70,ef,de,4b,73,9f,d3,fc,c1,a1,64,a4,b9,6b,b2,51,a3,9e,65,99,\ 13,10,ff,2d,a6,59,b0,9c,19,05,10,c2,c6,8a,4d,83,67,12,d7,05,1b,44,cc,85,03,\ 27,c7,d4,26,66,78,1f,8b,f4,40,fe,7e,30,05,b3,84,6e,29,a8,d0,1f,03,f9,0e,86,\ 35,80,37,60,52,3a,95,5d,46,b9,35,fc,3a,e4,07,fb,4e,f9,7b,79,d5,52,0f,fb,df,\ 04,23,bf,22,6b,62,0c,cc,f2,7a,70,0f,71,68,36,98,f4,8c,6b,19,f7,42,d2,da,6d,\ 21,77,7e,86,0a,ab,1f,55,4e,1b,f2,76,0b,3d,fb,f1,35,20,59,3c,23,ee,e4,6b,88,\ 7d,21,0f,eb,e6,24,52,fe,db,fe,6f,a1,aa,cd,68,50,8c,3e,85,55,6d,e2,13,66,e2,\ d0,b0,26,a5,0a,4c,af,7b,ac,c5,11,10,51,31,d7,0f,1e,36,69,6e,74,46,5b,90,47,\ ab,e8,f5,c6,c0,1a,08,52,46,cf,2a,57,a7,06,e0,9b,b6,76,6e,bd,9e,49,66,bf,d0,\ e1,76,1d,f1,a1,e9,6e,1e,62,95,7b,30,a0,ab,5a,b3,cb,ee,1e,55,1a,f3,80,bb,de,\ 08,44,6e,58,29,76,63,5c,8a,8e,45,21,20,5f,a1,ec,24,d8,a2,a1,ab,f1,4b,f8,a3,\ b3,8e,34,c4,f7,c6,f2,d8,73,ac,c5,29,8d,26,9a,be,ad,0f,ab,e4,c3,12,0c,c8,3a,\ d6,da,75,b4,ca,d4,58,6c,ae,91,71,16,ae,69,67,8b,e3,51,0a,c7,52,1d,e3,1a,0d,\ 65,71,75,6b,0d,ed,22,02,b0,8c,16,4d,31 "rkeysecu"=hex:85,07,fe,91,9d,9c,ec,08,bd,f2,08,94,bb,57,ff,7f . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\vrlogon.dll c:\windows\system32\tvt_gina.dll c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll c:\program files\ThinkPad\ConnectUtilities\Res\US\ACGinaRes.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\ThinkVantage Fingerprint Software\remote.dll c:\program files\ThinkVantage Fingerprint Software\pscssint.dll c:\program files\ThinkVantage Fingerprint Software\crypto.dll - - - - - - - > 'lsass.exe'(1080) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\windows\system32\lkcitdl.exe c:\windows\system32\lkads.exe c:\windows\system32\lktsrv.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\National Instruments\MAX\nimxs.exe c:\program files\National Instruments\Shared\Security\nidmsrv.exe c:\windows\system32\nisvcloc.exe c:\program files\National Instruments\Shared\Tagger\tagsrv.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\system32\TPHDEXLG.exe c:\windows\system32\TpKmpSvc.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\ThinkPad\Bluetooth Software\BTStackServer.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-01-04 18:41:19 - machine was rebooted [patelc] ComboFix-quarantined-files.txt 2009-01-04 23:41:15 ComboFix2.txt 2009-01-04 19:47:15 Pre-Run: 102,010,531,840 bytes free Post-Run: 101,990,817,792 bytes free 573 --- E O F --- 2008-12-12 04:19:42

greyknight17 View Member Profile	Jan 4 2009, 09:47 PM Post #8
Malware Expert Posts: 16,559 From: New York OS: Windows 98, XP, Vista, Mac OS X	Yes, ComboFix may require a reboot after it's done, in which case it did here. Good job. Your log is clean. To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided. Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

patel715 View Member Profile	Jan 7 2009, 12:21 AM Post #9
Member Posts: 31 OS: windows xp	k thx the computer is much better =)

greyknight17 View Member Profile	Jan 7 2009, 10:38 AM Post #10
Malware Expert Posts: 16,559 From: New York OS: Windows 98, XP, Vista, Mac OS X	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Spa_Start?...pop-ups out of control!	11 / 843	7th May 2008 - 02:32 PM seaseabass started - last by kahdah
Virus, Spyware and Trojan Removal Excessive pop-ups all of a sudden! [RESOLVED]	8 / 311	22nd October 2008 - 09:51 AM undun40cal started - last by Essexboy
Windows XP�, 2000, 2003, NT Random pop ups, viruses, slow computer!	1 / 221	2nd January 2009 - 08:33 AM Fawn H started - last by Rorschach112
Virus, Spyware and Trojan Removal Random pop-ups, suspect Vundo. [Solved]	10 / 124	17th August 2009 - 01:12 PM sparkle4596 started - last by fenzodahl512