Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop drivers dvd email error excel firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem ram recovery router safe mode screen slow sound spyware tdlwsp.dll trojan upgrade vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Windowsclick/Fake Windows Security Center Virus (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
psr87's Avatar
Junior Member with 3 posts.
  
Join Date: Sep 2009
11-Sep-2009, 06:55 PM #1
Windowsclick/Fake Windows Security Center Virus
Hello,

I have a Windows XP machine and I have been having trouble with windowsclick and a fake Windows Security Center alert. The fake Windows security is popping up a window saying "Security Center Alert" and each time the name of the file it refers to is different (i.e. NetWorm.Win32.d) Then it pops up a second window which asks me to download protection. I am unable to install HijackThis. I have already tried Malwarebytes which detected four "UAC" items and it deleted them on a reboot. However, it keeps finding them over and over if I rerun Malwarebytes. Please let me know how I should proceed. Thank you very much.
Register for free to hide this ad!
psr87's Avatar
Junior Member with 3 posts.
  
Join Date: Sep 2009
11-Sep-2009, 07:08 PM #2
HijackThis
I got the HijackThis to work by renaming the extension to .bat

Please help me fix this! Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:36 PM, on 9/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Novell\ZENworks\wm.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B4E8B2B7-E358-483F-952A-63A79E34E9FF} - C:\WINDOWS\system32\mlJBroOf.dll (file missing)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [zoyuvusuyu] Rundll32.exe "C:\WINDOWS\system32\vihefowe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175173685593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175174085546
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\wenunuve.dll C:\WINDOWS\system32\wedusoha.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASR Service (ASRSVC) - Lenovo Group Limited - C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZfD Remote Management (Remote Management Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TABLET Service (TabletSVC) - Lenovo Group Limited - C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - C:\Program Files\Novell\ZENworks\wm.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Padmavati Sridhar\Local Settings\Temporary Internet Files\Content.IE5\8HUROHUB\CA85MRCX.gif
O24 - Desktop Component 2: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 14012 bytes
psr87's Avatar
Junior Member with 3 posts.
  
Join Date: Sep 2009
11-Sep-2009, 08:47 PM #3
ComboFix
Okay, so I ran ComboFix (the log is below) based on some other wall post suggestions. However, how can I be sure that this problem is no longer there?

Also, should I uninstall ComboFix now? I have Kaspersky Antivirus 2010. Would you recommend I use something else from now on?

Thanks!

ComboFix 09-09-11.01 - Padmavati Sridhar 09/11/2009 19:16.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1100 [GMT -5:00]
Running from: c:\documents and settings\Padmavati Sridhar\Desktop\bilgerat.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-565422776-542073649-391601752-500
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\PRE45
c:\temp\PRE45\pG8.log
c:\temp\tn3
c:\windows\Installer\4967a4.msi
c:\windows\Installer\9afac.msi
c:\windows\Installer\a2c7e.msi
c:\windows\Installer\ebf32dd.msi
c:\windows\system32\asugukup.ini
c:\windows\system32\drivers\UACclmsgjsosi.sys
c:\windows\system32\drt
c:\windows\system32\logs
c:\windows\system32\MX5
c:\windows\system32\svm
c:\windows\system32\sX3i19
c:\windows\system32\u2
c:\windows\system32\uacinit.dll
c:\windows\system32\UACpvgwvklmaj.dll
c:\windows\system32\UACswcdhxlwwg.dll
c:\windows\system32\UACsyiktaioeq.dll
c:\windows\system32\UACtciopfvwwr.dat
c:\windows\system32\UACxtipuhhfge.dll
c:\windows\system32\zb
c:\windows\Tasks\qnxodegu.job

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_TDSSSERV
-------\Legacy_IPRIP
-------\Legacy_KAVSYS
-------\Service_AVPsys
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2020-02-02 11:18 . 2020-02-02 11:18 -------- d-----w- c:\program files\Microsoft.NET
2020-02-02 11:17 . 2020-02-02 11:17 -------- d-----r- C:\MSOCache
2020-02-02 11:17 . 2020-02-02 11:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\ThinkVantage
2020-02-02 11:17 . 2020-02-02 11:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Lenovo
2020-02-02 11:17 . 2020-02-02 11:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Lenovo
2020-02-02 11:17 . 2020-02-02 11:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lenovo
2020-02-02 11:13 . 2020-02-02 11:13 -------- d-sh--r- C:\RRbackups
2020-02-02 11:10 . 2007-04-23 00:15 118520 ------w- c:\windows\system32\pxinsi64.exe
2020-02-02 11:10 . 2007-04-23 00:15 116472 ------w- c:\windows\system32\pxcpyi64.exe
2020-02-02 11:09 . 2009-09-06 05:00 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2020-02-02 11:09 . 2020-02-02 11:09 -------- d-----w- c:\program files\SMI2
2020-02-02 11:09 . 2020-02-02 11:09 -------- d-----w- c:\program files\TVT SMBus
2020-02-02 11:09 . 2009-09-10 03:20 -------- d-----w- C:\SWSHARE
2020-02-02 11:09 . 2020-02-02 11:09 23552 ----a-w- c:\windows\system32\drivers\psasrv.exe
2020-02-02 11:09 . 2020-02-02 11:09 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2020-02-02 11:08 . 2009-05-09 03:24 -------- d-----w- c:\program files\Picasa2
2020-02-02 11:08 . 2007-02-05 21:45 583232 ----a-w- c:\windows\system32\tvt_gina.dll
2020-02-02 11:08 . 2007-02-05 21:45 292416 ----a-w- c:\windows\system32\tvt_gina_api.dll
2020-02-02 11:08 . 2020-02-02 11:08 -------- d-----w- c:\program files\Diskeeper Corporation
2020-02-02 11:08 . 2020-02-02 11:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2020-02-02 11:07 . 2008-05-30 02:53 -------- d-----w- C:\Icons
2020-02-02 11:07 . 2005-06-16 07:45 114688 ----a-w- c:\windows\desktopset.exe
2020-02-02 11:07 . 2005-09-21 01:27 10368 ----a-w- c:\windows\system32\drivers\iviaspi.sys
2020-02-02 11:07 . 2005-11-16 05:42 45056 ----a-w- c:\windows\system32\drivers\iviVD.sys
2020-02-02 11:03 . 2020-02-02 11:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2020-02-02 11:02 . 2007-03-30 11:05 40 ----a-w- c:\windows\system32\profile.dat
2020-02-02 11:02 . 2020-02-02 11:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2020-02-02 11:01 . 2008-12-10 06:06 -------- d-----w- c:\program files\Symantec
2020-02-02 11:01 . 2008-12-12 21:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2020-02-02 11:01 . 2008-12-12 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2020-02-02 11:01 . 2007-03-30 11:10 -------- d-----w- c:\program files\Symantec Client Security
2020-02-02 11:00 . 2008-11-05 15:55 -------- d-----w- c:\program files\Common Files\Lenovo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-02-02 11:17 . 2009-09-07 21:30 -------- d-----w- c:\documents and settings\Fixing\Application Data\ThinkVantage
2020-02-02 11:17 . 2007-03-31 04:07 -------- d-----w- c:\documents and settings\Padmavati Sridhar\Application Data\ThinkVantage
2020-02-02 11:17 . 2007-03-29 12:54 -------- d-----w- c:\documents and settings\sseshadr\Application Data\ThinkVantage
2020-02-02 11:17 . 2007-03-29 12:53 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ThinkVantage
2020-02-02 11:17 . 2009-09-07 21:30 -------- d-----w- c:\documents and settings\Fixing\Application Data\Lenovo
2020-02-02 11:17 . 2007-03-31 04:07 -------- d-----w- c:\documents and settings\Padmavati Sridhar\Application Data\Lenovo
2020-02-02 11:17 . 2007-03-29 12:54 -------- d-----w- c:\documents and settings\sseshadr\Application Data\Lenovo
2020-02-02 11:17 . 2007-03-29 12:53 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Lenovo
2020-02-02 11:08 . 2020-02-02 10:48 -------- d-----w- c:\program files\ThinkPad
2020-02-02 11:07 . 2020-02-02 10:58 -------- d-----w- c:\program files\ThinkVantage
2020-02-02 11:07 . 2020-02-02 10:58 -------- d-----w- c:\program files\InterVideo
2020-02-02 11:02 . 2009-09-07 21:30 -------- d-----w- c:\documents and settings\Fixing\Application Data\Symantec
2020-02-02 11:02 . 2007-03-31 04:07 -------- d-----w- c:\documents and settings\Padmavati Sridhar\Application Data\Symantec
2020-02-02 11:02 . 2007-03-29 12:54 -------- d-----w- c:\documents and settings\sseshadr\Application Data\Symantec
2020-02-02 11:02 . 2007-03-29 12:53 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2020-02-02 11:00 . 2020-02-02 10:59 -------- d-----w- c:\program files\PCDR5
2020-02-02 10:59 . 2020-02-02 10:59 -------- d-----w- c:\program files\Sonic Icons for Lenovo
2020-02-02 10:59 . 2020-02-02 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2020-02-02 10:59 . 2020-02-02 10:59 -------- d-----w- c:\program files\Sonic
2020-02-02 10:59 . 2020-02-02 10:59 -------- d-----w- c:\program files\Common Files\SureThing Shared
2020-02-02 10:59 . 2020-02-02 10:59 -------- d-----w- c:\program files\Multimedia Center for Think Offerings
2020-02-02 10:59 . 2020-02-02 10:59 -------- d-----w- c:\program files\Common Files\Sonic Shared
2020-02-02 10:58 . 2020-02-02 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Agilix GoBinder
2020-02-02 10:57 . 2020-02-02 10:57 -------- d-----w- c:\program files\Microsoft Education Pack
2020-02-02 10:56 . 2020-02-02 10:55 -------- d-----w- c:\program files\Microsoft Experience Pack
2020-02-02 10:54 . 2020-02-02 10:54 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2020-02-02 10:52 . 2020-02-02 10:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2020-02-02 10:52 . 2020-02-02 10:52 -------- d-----w- c:\program files\Digital Line Detect
2020-02-02 10:52 . 2020-02-02 10:52 -------- d-----w- c:\program files\NetWaiting
2020-02-02 10:51 . 2020-02-02 10:51 -------- d-----w- c:\program files\CONEXANT
2020-02-02 10:51 . 2020-02-02 10:42 -------- d-----w- c:\program files\Analog Devices
2020-02-02 10:50 . 2020-02-02 10:49 -------- d-----w- c:\program files\ThinkVantage Fingerprint Software
2020-02-02 10:49 . 2020-02-02 10:49 -------- d-----w- c:\program files\Common Files\ThinkVantage Fingerprint Software
2020-02-02 10:49 . 2020-02-02 10:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2020-02-02 10:49 . 2020-02-02 10:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2020-02-02 10:49 . 2009-09-07 21:30 -------- d-----w- c:\documents and settings\Fixing\Application Data\InstallShield
2020-02-02 10:49 . 2007-03-31 04:07 -------- d-----w- c:\documents and settings\Padmavati Sridhar\Application Data\InstallShield
2020-02-02 10:49 . 2007-03-29 12:54 -------- d-----w- c:\documents and settings\sseshadr\Application Data\InstallShield
2020-02-02 10:49 . 2007-03-29 12:53 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2020-02-02 10:49 . 2020-02-02 10:49 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2020-02-02 10:49 . 2020-02-02 10:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2020-02-02 10:49 . 2020-02-02 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2020-02-02 10:49 . 2020-02-02 10:49 -------- d-----w- c:\program files\Intel
2020-02-02 10:33 . 2020-02-02 10:33 -------- d-----w- c:\program files\microsoft frontpage
2009-09-12 00:13 . 2009-09-12 00:13 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-11 23:40 . 2009-09-06 22:54 -------- d-----w- c:\documents and settings\Padmavati Sridhar\Application Data\HPAppData
2009-09-11 23:36 . 2008-11-08 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-11 23:02 . 2009-09-11 23:02 -------- d-----w- c:\program files\Trend Micro
2009-09-11 22:15 . 2007-10-15 06:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-11 22:15 . 2007-10-15 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 17:41 . 2009-09-11 17:41 -------- d-----w- c:\program files\Western Digital
2009-09-10 21:40 . 2009-09-08 05:28 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-10 21:40 . 2009-09-08 05:28 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-08 22:18 . 2020-02-02 10:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 22:18 . 2009-09-08 22:18 -------- d-----w- c:\program files\Seagate
2009-09-08 22:18 . 2009-09-08 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-09-08 05:26 . 2009-09-08 03:59 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-08 05:25 . 2008-09-30 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-08 01:06 . 2009-09-08 01:06 -------- d-----w- c:\documents and settings\Fixing\Application Data\Malwarebytes
2009-09-08 00:39 . 2009-09-07 21:30 -------- d-----w- c:\documents and settings\Fixing\Application Data\HPAppData
2009-09-07 21:45 . 2009-09-07 21:44 -------- d-----w- c:\program files\MWB
2009-09-07 21:30 . 2009-09-07 21:30 129 ----a-w- c:\documents and settings\Fixing\Local Settings\Application Data\fusioncache.dat
2009-09-06 22:52 . 2009-03-04 00:47 704544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-06 22:52 . 2009-03-04 00:47 3584032 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-06 22:52 . 2009-03-04 00:47 3488 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-06 22:52 . 2009-03-04 00:47 29080 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-30 20:31 . 2009-08-30 19:28 179945 ----a-w- c:\windows\hpwins14.dat
2009-08-30 19:55 . 2009-08-30 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-08-30 19:47 . 2009-08-30 19:47 -------- d-----w- c:\documents and settings\Padmavati Sridhar\Application Data\HP
2009-08-30 19:34 . 2009-08-30 19:30 -------- d-----w- c:\program files\HP
2009-08-30 19:32 . 2009-08-30 19:32 -------- d-----w- c:\program files\Common Files\HP
2009-08-30 19:32 . 2009-08-30 19:32 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-28 16:44 . 2007-09-06 05:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-26 06:31 . 2009-08-26 06:30 -------- d-----w- c:\program files\iTunes
2009-08-26 06:31 . 2009-08-26 06:31 -------- d-----w- c:\program files\iPod
2009-08-26 06:31 . 2007-10-17 05:45 -------- d-----w- c:\program files\Common Files\Apple
2009-08-03 18:36 . 2009-09-07 21:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-09-07 21:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 19:16 . 2007-05-11 02:13 -------- d-----w- c:\program files\DivX
2009-08-02 19:15 . 2009-08-02 19:15 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-03 20:48 . 2009-07-03 20:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 20:45 . 2009-07-03 20:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-06-15 19:01 . 2009-06-15 19:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2005-07-29 21:24 . 2008-11-08 03:38 472 --sha-r- c:\windows\c3Nlc2hhZHI\wah5wZ11tJK.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"NWTRAY"="NWTRAY.EXE" - c:\windows\system32\nwtray.exe [2002-03-12 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Padmavati Sridhar\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-8-18 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2020-2-2 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Padmavati Sridhar\Local Settings\Temporary Internet Files\Content.IE5\8HUROHUB\CA85MRCX.gif
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LoginKey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 03:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_01\\jre\\bin\\java.exe"=
"c:\\Program Files\\Conceptworld\\QNPlus\\QNPlus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2/2/2020 5:48 AM 88576]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [3/30/2007 10:06 AM 34671]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2/2/2020 5:48 AM 4736]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2/2/2020 5:48 AM 4442]
R1 TSMSMI;Lenovo System Interface Driver;c:\windows\system32\drivers\TSMSMI32.sys [2/2/2020 5:51 AM 6656]
R2 ASRSVC;ASR Service;c:\program files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2/2/2020 5:51 AM 81920]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [3/18/2003 5:26 PM 4768]
R2 Kblock;Kblock;c:\windows\system32\drivers\kblock.sys [3/18/2003 2:16 PM 4043]
R2 Mouslock;Mouslock;c:\windows\system32\drivers\mouslock.sys [3/18/2003 2:16 PM 4080]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 7:05 PM 58368]
R2 Prometheus Wake-On-LAN Status Agent;Novell ZfD Wake on LAN Status Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe [3/18/2003 1:40 PM 49152]
R2 Remote Management Agent;Novell ZfD Remote Management;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [9/26/2005 1:20 PM 135168]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 6:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 10:00 PM 3456]
R2 TabletSVC;TABLET Service;c:\program files\ThinkPad\Tablet Shortcut\TSMService.exe [2/2/2020 5:51 AM 53248]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [3/18/2003 2:14 PM 2773]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 nscmnt;Novell Local Security Context Manager;c:\windows\system32\drivers\Novell\nscmnt.sys [3/3/2004 10:51 AM 25616]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2/2/2020 5:39 AM 13840]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2/2/2020 5:40 AM 14208]
S1 e1e51322;e1e51322;c:\windows\system32\drivers\e1e51322.sys --> c:\windows\system32\drivers\e1e51322.sys [?]
S2 devwmg;devwmg;c:\windows\system32\drivers\yoznn.sys --> c:\windows\system32\drivers\yoznn.sys [?]
S2 hbnip;hbnip;c:\windows\system32\drivers\mruo.sys --> c:\windows\system32\drivers\mruo.sys [?]
S2 rlcjqaf;rlcjqaf;c:\windows\system32\drivers\vhsdf.sys --> c:\windows\system32\drivers\vhsdf.sys [?]
S3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [8/30/2007 10:16 AM 513152]
S3 TunRVideo32;TunRVideo32;c:\windows\system32\drivers\TunRVideo32.sys [8/30/2007 10:16 AM 2688]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [9/11/2009 12:42 PM 11520]
S3 xauthnt;Novell XTier Authentication Service;c:\windows\system32\drivers\Novell\xauthnt.sys [3/24/2004 10:01 AM 11640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2008-09-29 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2020-02-02 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Padmavati Sridhar\Application Data\Mozilla\Firefox\Profiles\nsqtvwyb.default\
FF - prefs.js: browser.startup.homepage - www.nyt.com
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Padmavati Sridhar\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnipp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{B4E8B2B7-E358-483F-952A-63A79E34E9FF} - c:\windows\system32\mlJBroOf.dll
HKCU-Run-Protection System - c:\program files\Protection System\psystem.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 19:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\vrlogon.dll
c:\program files\novell\zenworks\ZENPOL32.DLL
c:\program files\novell\zenworks\ZenLite.dll
c:\windows\system32\xmlparse.dll
c:\program files\novell\zenworks\ZENNW32.DLL
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(544)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\btmmhook.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized. dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Novell\ZENworks\NALNTSRV.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Novell\ZENworks\WM.EXE
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\tabbtnu.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2009-09-12 19:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 00:42

Pre-Run: 9,433,759,744 bytes free
Post-Run: 10,693,373,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

405 --- E O F --- 2008-12-07 03:38
Closed Thread Bookmark and Share

Tags
hijackthis, windows security center, windowsclick

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 01:51 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.