My computer is infected by conhook.d trojan and windows defender cannot remove the infection. I followed don77 self-help steps and when I ran windows defender again, the computer seems fine. But, it seems that it is working slower now. Here are the SUPERAntiSpyware Home Edition, On-line Panda activescan and HiJackThis logs. I'm running on Windows Vista Home Premium. Thanks in Advance.
SUPERAntiSpyware Scan Log
Generated 04/11/2008 at 00:42 AM
Application Version : 3.6.1000
Core Rules Database Version : 3436
Trace Rules Database Version: 1428
Scan type : Complete Scan
Total Scan Time : 05:05:57
Memory items scanned : 905
Memory threats detected : 0
Registry items scanned : 9524
Registry threats detected : 0
File items scanned : 437979
File threats detected : 126
Adware.Tracking Cookie
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adbrite[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adecn[1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adinterax[1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adnetserver[1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adrevolver[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@atdmt[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@clickbank[1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@doubleclick[1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@interclick[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@mediaplex[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@specificclick[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@tribalfusion[2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Documents and Settings\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@zedo[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adbrite[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adecn[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adinterax[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adnetserver[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adrevolver[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@atdmt[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@clickbank[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@doubleclick[1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@interclick[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@mediaplex[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@specificclick[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@tribalfusion[2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Documents and Settings\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@zedo[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@adbrite[2].txt
C:\Documents and Settings\eman\Cookies\Low\eman@adecn[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@adinterax[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@adnetserver[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@adrevolver[2].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@atdmt[2].txt
C:\Documents and Settings\eman\Cookies\Low\eman@clickbank[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@doubleclick[1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@interclick[2].txt
C:\Documents and Settings\eman\Cookies\Low\eman@mediaplex[2].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Cookies\Low\eman@specificclick[2].txt
C:\Documents and Settings\eman\Cookies\Low\eman@tribalfusion[2].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][4].txt
C:\Documents and Settings\eman\Cookies\Low\[email protected][5].txt
C:\Documents and Settings\eman\Cookies\Low\eman@zedo[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adbrite[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adecn[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adinterax[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adnetserver[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@adrevolver[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@atdmt[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@clickbank[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@doubleclick[1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@interclick[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@mediaplex[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@specificclick[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@tribalfusion[2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@zedo[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adbrite[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adecn[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adinterax[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adnetserver[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@adrevolver[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@atdmt[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@clickbank[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@doubleclick[1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@interclick[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@mediaplex[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@specificclick[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@tribalfusion[2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Users\eman\Application Data\Microsoft\Windows\Cookies\Low\eman@zedo[1].txt
C:\Users\eman\Cookies\Low\eman@adbrite[2].txt
C:\Users\eman\Cookies\Low\eman@adecn[1].txt
C:\Users\eman\Cookies\Low\eman@adinterax[1].txt
C:\Users\eman\Cookies\Low\eman@adnetserver[1].txt
C:\Users\eman\Cookies\Low\eman@adrevolver[2].txt
C:\Users\eman\Cookies\Low\[email protected][1].txt
C:\Users\eman\Cookies\Low\eman@atdmt[2].txt
C:\Users\eman\Cookies\Low\eman@clickbank[1].txt
C:\Users\eman\Cookies\Low\eman@doubleclick[1].txt
C:\Users\eman\Cookies\Low\eman@interclick[2].txt
C:\Users\eman\Cookies\Low\eman@mediaplex[2].txt
C:\Users\eman\Cookies\Low\[email protected][1].txt
C:\Users\eman\Cookies\Low\eman@specificclick[2].txt
C:\Users\eman\Cookies\Low\eman@tribalfusion[2].txt
C:\Users\eman\Cookies\Low\[email protected][1].txt
C:\Users\eman\Cookies\Low\[email protected][1].txt
C:\Users\eman\Cookies\Low\[email protected][2].txt
C:\Users\eman\Cookies\Low\[email protected][3].txt
C:\Users\eman\Cookies\Low\[email protected][4].txt
C:\Users\eman\Cookies\Low\[email protected][5].txt
C:\Users\eman\Cookies\Low\eman@zedo[1].txt
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-11 09:37:23
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Norton Internet Security 2007 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\eman\AppData\Roaming\Microsoft\Windows\Cookies\Low\eman@com[1].txt
02388619 Application/Webmediaplayer HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\WebMediaPlayer\WebMediaPlayer.exe.vir
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location �t+���
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description �t+���
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:08 AM, on 4/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SciFinder Scholar Bar - {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 17148 bytes