Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

conhook.d trojan infection

Started by auring , Apr 11 2008 11:10 AM

  • Please log in to reply

#1
auring
Posted 11 April 2008 - 11:10 AM

auring

    New Member

  • Member
  • Pip
  • 4 posts
Hi,
My computer is infected by conhook.d trojan and windows defender cannot remove the infection. I followed don77 self-help steps and when I ran windows defender again, the computer seems fine. But, it seems that it is working slower now. Here are the SUPERAntiSpyware Home Edition, On-line Panda activescan and HiJackThis logs. I'm running on Windows Vista Home Premium. Thanks in Advance.

SUPERAntiSpyware Scan Log
Generated 04/11/2008 at 00:42 AM

Application Version : 3.6.1000

Core Rules Database Version : 3436
Trace Rules Database Version: 1428

Scan type : Complete Scan
Total Scan Time : 05:05:57

Memory items scanned : 905
Memory threats detected : 0
Registry items scanned : 9524
Registry threats detected : 0
File items scanned : 437979
File threats detected : 126

Adware.Tracking Cookie
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adbrite[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adecn[1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adinterax[1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adnetserver[1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adrevolver[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@atdmt[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@clickbank[1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@doubleclick[1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@interclick[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@mediaplex[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@specificclick[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@tribalfusion[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@zedo[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adbrite[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adecn[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adinterax[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adnetserver[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adrevolver[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@atdmt[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@clickbank[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@doubleclick[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@interclick[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@mediaplex[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@specificclick[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@tribalfusion[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@zedo[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@adbrite[2].txt
C:\Documents and Settings\eman\Cookies\Low\eman@adecn[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@adinterax[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@adnetserver[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@adrevolver[2].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@atdmt[2].txt
C:\Documents and Settings\eman\Cookies\Low\eman@clickbank[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@doubleclick[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@interclick[2].txt
C:\Documents and Settings\eman\Cookies\Low\eman@mediaplex[2].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@specificclick[2].txt
C:\Documents and Settings\eman\Cookies\Low\eman@tribalfusion[2].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][4].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][5].txt
C:\Documents and Settings\eman\Cookies\Low\eman@zedo[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adbrite[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adecn[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adinterax[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adnetserver[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adrevolver[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@atdmt[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@clickbank[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@doubleclick[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@interclick[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@mediaplex[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@specificclick[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@tribalfusion[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@zedo[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adbrite[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adecn[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adinterax[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adnetserver[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adrevolver[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@atdmt[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@clickbank[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@doubleclick[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@interclick[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@mediaplex[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@specificclick[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@tribalfusion[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@zedo[1].txt
C:\Users\eman\Cookies\Low\eman@adbrite[2].txt
C:\Users\eman\Cookies\Low\eman@adecn[1].txt
C:\Users\eman\Cookies\Low\eman@adinterax[1].txt
C:\Users\eman\Cookies\Low\eman@adnetserver[1].txt
C:\Users\eman\Cookies\Low\eman@adrevolver[2].txt
C:\Users\eman\Cookies\Low\[email protected][1].txt
C:\Users\eman\Cookies\Low\eman@atdmt[2].txt
C:\Users\eman\Cookies\Low\eman@clickbank[1].txt
C:\Users\eman\Cookies\Low\eman@doubleclick[1].txt
C:\Users\eman\Cookies\Low\eman@interclick[2].txt
C:\Users\eman\Cookies\Low\eman@mediaplex[2].txt
C:\Users\eman\Cookies\Low\[email protected][1].txt
C:\Users\eman\Cookies\Low\eman@specificclick[2].txt
C:\Users\eman\Cookies\Low\eman@tribalfusion[2].txt
C:\Users\eman\Cookies\Low\[email protected][1].txt
C:\Users\eman\Cookies\Low\[email protected][1].txt
C:\Users\eman\Cookies\Low\[email protected][2].txt
C:\Users\eman\Cookies\Low\[email protected][3].txt
C:\Users\eman\Cookies\Low\[email protected][4].txt
C:\Users\eman\Cookies\Low\[email protected][5].txt
C:\Users\eman\Cookies\Low\eman@zedo[1].txt


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-11 09:37:23
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Norton Internet Security 2007 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@com[1].txt
02388619 Application/Webmediaplayer HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\WebMediaPlayer\WebMediaPlayer.exe.vir
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location �t+���
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description �t+���
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:08 AM, on 4/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SciFinder Scholar Bar - {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 17148 bytes
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP