Malwarebytes' Anti-Malware Log:
Malwarebytes' Anti-Malware 1.31
Database version: 1602
Windows 5.1.2600 Service Pack 3
03/01/2009 2:56:03 PM
mbam-log-2009-01-03 (14-56-03).txt
Scan type: Full Scan (C:\|)
Objects scanned: 112406
Time elapsed: 36 minute(s), 16 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 15
Registry Keys Infected: 29
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 77
Memory Processes Infected:
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.Spyguard) -> Unloaded process successfully.
C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\mlJDwTli.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\teligrpj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\owseke.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qqtksv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mopidm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aypfca.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fkcjvo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\weznhw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ilwzpv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUnNfda.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lydiwnai.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\zqelay.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\mcbzajwbjj.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5104a71-1081-4562-be27-54a4b8277da9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b5104a71-1081-4562-be27-54a4b8277da9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{98b10666-b0f0-4efb-b125-832574e1c35a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38804812-aa68-45e2-9273-1b4d34f3ee5d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{23c30dad-2266-4514-ac5b-ebc4aeb09060} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11b0f076-3dd0-4502-baaf-96dd6729c392} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09f85b62-663a-4d41-90c2-a885d529bcaa} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1883a345-c144-48a8-b8ae-22e0e6d10c97} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b976826f-9dcb-4287-a91b-042ecf0a63c6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvunnfda (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5104a71-1081-4562-be27-54a4b8277da9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{025359d3-9ea9-43aa-a339-a6c342924e84} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c025093-64f8-49ea-a017-6f5c00c5a04f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2aedfed-9715-4cd7-baa7-f0f2657e8a1b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.Spyguard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\InternetConnection (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ieModule (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljdwtli -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljdwtli -> Delete on reboot.
Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp9j0ee2p (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\mlJDwTli.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ilTwDJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilTwDJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cldcowyq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qywocdlc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deyfwsll.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\llswfyed.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etbkbjqb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bqjbkbte.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hokyhpyr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ryphykoh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jrmdqbqm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mqbqdmrj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kyqvrqsd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsqrvqyk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lgxkxyma.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amyxkxgl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\scdgbsnl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lnsbgdcs.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\teligrpj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jprgilet.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlgdafde.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edfadglx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\owseke.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qqtksv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mopidm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aypfca.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fkcjvo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\weznhw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ilwzpv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUnNfda.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lydiwnai.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\zqelay.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sprott\Local Settings\Temporary Internet Files\Content.IE5\4OQ2AIZE\upd105320[2] (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Sprott\Local Settings\Temporary Internet Files\Content.IE5\4OQ2AIZE\index[1] (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP25\A0020074.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP12\A0011818.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP26\A0020205.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP37\A0032403.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP39\A0033451.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP39\A0033505.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP39\A0033546.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP41\A0033627.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP41\A0033634.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP41\A0033640.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP41\A0033654.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\WINDOWS\eeqb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccmkherq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddccYrqP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\folufbpe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gsibnx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\llklnngm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oadmvlne.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pngkqlpp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rflkyjma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ronigofu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\telonapi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttvxnvjj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhjcfams.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJAsqPJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\vmgspntbmaq.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sprott\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\svhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\mcbzajwbjj.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Delete on reboot.
New HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:55 PM, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\cusrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Thomson Financial\Thomson ONE\Softdist\TF Update.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://ca.search.yahoo.com/search?fr=mcafee&p=%sF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {41DEF4AE-CB89-4956-B902-5FC2A58F9B65} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: (no name) - {756ADC10-F9D5-4A76-B1B4-6468DAEEC49C} - (no file)
O2 - BHO: (no name) - {9D8410BE-88AE-4AEA-B4EE-3627634E0C9F} - (no file)
O2 - BHO: (no name) - {9E72FDDF-1129-4461-93C1-0ECB65017ED3} - (no file)
O2 - BHO: (no name) - {A2E890E6-D6AC-4D79-9CF4-A92F884EB99B} - (no file)
O2 - BHO: (no name) - {B5104A71-1081-4562-BE27-54A4B8277DA9} - (no file)
O2 - BHO: (no name) - {D5541C6D-1C83-4261-B311-5EDFB7CBCE30} - (no file)
O2 - BHO: (no name) - {D9F5C8A6-534B-4E57-B451-FA8690F92905} - (no file)
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {13EE131D-E7E7-4CF0-8D84-DA14E704F2F5} (RevenuesEQCtrlEx Class) -
https://web-eq.demo.i-deal.com/cab/RevenuesEQ_usr.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cabO20 - AppInit_DLLs: owseke.dll qqtksv.dll mopidm.dll aypfca.dll fkcjvo.dll weznhw.dll ilwzpv.dll zqelay.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TF Update - - C:\Program Files\Thomson Financial\Thomson ONE\Softdist\TF Update.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 8589 bytes
Back to top
