Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJAN (SPM/LX) pop up.


  • This topic is locked This topic is locked
2 replies to this topic

#1 anwarjhashmi

anwarjhashmi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 28 September 2009 - 10:42 AM

hi,

I have a problem . There is some malware which has disabled entry to Task Manager, Reg Edit , and even some other exes like mspaint.exe and chrome.exe.It gives and error "Application cannot be executed.The file is infected.Please activate your antivirus software."

Tried to run DDS.SCR file mentioned in the preparation guide and again got the same message "Application cannot be executed.The file is infected.Please activate your antivirus software."


I also get a balloon pop up from my notification area "protect you computer from spyware" which takes me to a http://advancedvirus-remover2009.com/buy/?code=0001090 website.

Also I get this pop up
" Attention! System detected a potential hazard (TrojanSPM/LX) on your computer|that may infect executable files. Your private information and PC safety is at risk.|To get rid of unwanted spyware and keep your computer safe you need to update your current security software.|Click Yes to download official intrusion detection system (IDS software) "

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:00 PM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\winupdate.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\StickyPad\StickyPad.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dilip Peswani\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: SVIEBHO Class - {B3C54716-9D0A-4666-A81A-6072A6325A5A} - C:\Program Files\SelectView\svie.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\UjBright_Antivirus.vbs"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dilip Peswani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sticky Pad] C:\Program Files\StickyPad\StickyPad.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RGSC] E:\games\GTA4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: SelectView - {16D60F96-2FF6-40b2-96D3-C32170E45A01} - C:\Program Files\SelectView\svie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Pictures - {C7486E80-B111-4768-995E-23CF307346FC} - C:\Program Files\Flash and Pics Control\FPCButton.dll (HKCU)
O9 - Extra button: (no name) - {FD424F56-B38D-4190-94D1-C2B4E91C9A17} - C:\Program Files\Flash and Pics Control\FlashPicsControl.exe (HKCU)
O9 - Extra 'Tools' menuitem: Flash and Pics Control - {FD424F56-B38D-4190-94D1-C2B4E91C9A17} - C:\Program Files\Flash and Pics Control\FlashPicsControl.exe (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 19130 bytes



ROOT REPEAL LOG

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/28 20:44
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6F1E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA628000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAC471000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RRbackups
Status: Locked to the Windows API!

Path: \\?\C:\RRbackups\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\common
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\common\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\common\css.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\hints.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\mnd.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\regcerts.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\restore.log
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\rr.log
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\SAM
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\seccache.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\secpolicy.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\settings.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\system.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\tvtcmn.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\tvtns.bin
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\usersids.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data
Status: Invisible to the Windows API!

Path: c:\documents and settings\dilip peswani\local settings\temp\~dfc66c.tmp
Status: Allocation size mismatch (API: 24576, Raw: 0)

Path: c:\documents and settings\dilip peswani\local settings\temp\~df3c0c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dilip peswani\local settings\temp\~df64e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dilip peswani\local settings\temp\~df86c7.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Lenovo
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Lenovo\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Lenovo\Client Security Solution
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Lenovo\Client Security Solution\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Crypto\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Crypto\RSA
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\CREDHIST
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1891600420-798163818-1730134295-1005
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500\4996a826-5b00-45b5-9f00-c8671a63ca58
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500\4996a826-5b00-45b5-9f00-c8671a63ca58
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Crypto\RSA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1891600420-798163818-1730134295-1005
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1891600420-798163818-1730134295-1005\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1891600420-798163818-1730134295-1005\05f11b7a-644c-48d5-894c-078e0385d7b6
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1891600420-798163818-1730134295-1005\9ac6360a-1b98-4b4b-8a2e-f89cda379d0d
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1891600420-798163818-1730134295-1005\a94d94f3-c24b-4cf2-b411-2bf81e6b16b4
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1891600420-798163818-1730134295-1005\b808f841-81b0-4721-80d9-1b25e1d62641
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1891600420-798163818-1730134295-1005\bfcdecaf-eec9-47fe-841c-7a77679b9040
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1891600420-798163818-1730134295-1005\f19f0278-28e0-4da0-9a2c-b16e65dba174
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1891600420-798163818-1730134295-1005\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500\4996a826-5b00-45b5-9f00-c8671a63ca58
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Protect\S-1-5-21-1964748938-3094878950-1425093854-500\Preferred
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1fbb9df9ff5f30a869112c4f7583df12_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4434134b27ec6ce298831a9d6f14d08d_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1891600420-798163818-1730134295-1005\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1891600420-798163818-1730134295-1005\6b29ae44e85efac3c72ff4d1865d73f1_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1891600420-798163818-1730134295-1005\83aa4cc77f591dfc2374580bbd95f6ba_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1891600420-798163818-1730134295-1005\8f71098770f72c7a67cd8f1151619865_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1891600420-798163818-1730134295-1005\a077ead69703e3bf1fd373a3c9376faa_db81860c-e780-413b-b020-df422a803003
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\SystemCertificates\My\Certificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\SystemCertificates\My\CRLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Dilip Peswani\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Stealth Objects
-------------------
Object: Hidden Handle [Index: 864, Type: Process]
Process: winupdate.exe (PID: 3440) Address: 0x86ade688 Size: -

Object: Hidden Module [Name: svchost.exe]
Process: svchost.exe (PID: 5084) Address: 0x01000000 Size: 20480

Object: Hidden Code [Driver: Steal==EOF==


-------------


I am attaching images of the pop ups.

Please help ASAP.

Thanks a lot

Attached Files


Edited by anwarjhashmi, 28 September 2009 - 12:26 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 15 October 2009 - 05:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please reply to this so we know you are there. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Normally, I request an updated scan, but with your problem, please hold off running anything and just let me know you still need help by replying to this thread.

Upon replying, another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Thanks and again sorry for the delay.

Edited by etavares, 15 October 2009 - 05:02 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:27 AM

Posted 24 October 2009 - 03:14 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users