1 2 Previous Next 11 Replies Latest reply on Nov 7, 2009 9:01 AM by secured2k

    FakeAlert-DZ

      Hello, I'm having an annoying problem with what I believe to be a trojan/virus called FakeAlert-DZ. I have searched for solutions online and I am having trouble removing the virus. So far what has happened is:
      1. Popups began appearing while i browsed the internet around the same time McAfee detected FakeAlert-DZ.
      2. A fake toolbar called "Windows Security Alerts" keeps shooting me popups with a fake anti-virus program which, in turn, tries to make me un-install McAfee.
      Please help!
      Keaton.
        • 1. RE: FakeAlert-DZ
          Please use the steps below:

          On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:

          Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

          Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
          http://www.besttechie.net/tools/mbam-setup.exe

          Malwarebytes Manual Updater link
          http://www.malwarebytes.org/mbam/database/mbam-rules.exe

          Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well. After installing and updating SuperAntispyware, run another full system scan and delete everything it finds as well. As before, you may need to rename the installer file to get the program to install.:

          SuperAntispyware
          http://www.superantispyware.com/

          SuperAntispyware Manual Updater
          http://www.superantispyware.com/definitions.html
          ____________

          In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
          _____________________

          Hope this helps.

          Grif
          • 2. Re: RE: FakeAlert-DZ

            Hi Grif,

            Thanks for providing this solution above, but unfortunately I am having the same trouble. I have run Malwarebytes and also SuperAntispyware at least twice each time and they both found files to delete only the first time around. My system is running on Win XP professional with McAfee 8.5i enterprise. Apart from Malwarebytes and Superantispyware, I have also run Spybot search and destroy and Ad-aware. I do not have any issues with popups as I use chrome and Mozilla, but McAfee discovers a .tmp every 5 to 6 min to delete if I am connected to the net. Any help would be greatly appreciated.

             

            Thanks

            • 3. Re: RE: FakeAlert-DZ

              When McAfee detects FakeAlert what action do we take? Does the threat say that it was cleaned or deleted? Update system to the latest DAT which is 5792 and run a full system scan with Artemis enabled on High (KB53732) . We can take a look at the log to see what the location of the infected files are and target those directories for undetected samples that we can submit to McAfee Labs (KB50388) . I have also attached a document for fighting FakeAlert Trojans. Also, One thing we can do is configure an "User Defined" Access Protection rule within Virus Scan. This can be a "File-Folder" blocking rule on the directory in which the temp files are being dropped. We can set that action to block or report on that directory. Once the detection takes place on the .tmp files we can then look in the Access Protection log to see what process is responsible for dropping the .tmp file. We can then target that process. If you need further assistance just let me know.

               

              Ron

               

               

              Message was edited by: Rsteven1 on 11/5/09 7:04 AM
              • 4. Re: RE: FakeAlert-DZ

                Hi Ron,

                   thanks so much for the detailed response.

                 

                1. McAfee ends up deleting the file after it is created in the Temp folder.

                2. I activated high on protection with Artemis and ran a full scan. It picked up 1 file which it deleted right away. Problem still exists after reboot after that.

                3. I did the File/Folder Access protection rule and this is what I found.

                 

                11/5/2009 7:29:29 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe C:\WINDOWS\TEMP\iwnv.tmp User-defined Rules:File block for Trojan Action blocked : Create

                 

                since it is a svchost.exe file I believe its a system process attempting to create the temp file in the temp folder.

                 

                I am not sure where to go from here. Logs from reg perhaps?? Please do let me know. I really do appreciate your help in this matter.

                 

                Thanks,

                 

                Maneesh

                • 5. Re: RE: FakeAlert-DZ

                  Perfect, we are getting closer. Now download Process Explorer  http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

                   

                  Launch Process Explorer

                  Once the application is up perform a CTRL+D

                  Highlight the first svchost process

                  This should show the lower pane with the listed dll's of the svchost process

                  You will be looking for any dll that does not have Description or company name (record the dll)

                  Do this for each svchost process

                   

                  Once you have identified the suspicous dll's go to the following site and upload each dll one by one

                  http://www.virustotal.com/

                   

                  This will let you know who is detecting the file as a threat and what kind of threat it is. If you have any of the dll's being detected by 3 or more AV vendors then I would feel confident that we may have found some valid samples for research. You will want to zip all the samples and password protect the zip with the password  - infected

                  You will then want to submit the sample to McAfee Labs KB50388

                  After you get the analysis ID you may get an extra.dat within an hour. If not, you will want to call into support create a case and have it escalated to McAfee Labs for research.

                   

                  Let me know how it goes and if you have any questions.

                   

                  Ron

                  • 6. Re: RE: FakeAlert-DZ

                    Went through the whole process and found the following with either the description missing (which was all but one) or the company name missing (one). Just to be sure I was only looking for dll files right? Or any file without either description or company name?

                     

                    CLBCATQ.DLL

                    COMRes.dll

                    OLEAUT32.dll

                    colbact.dll

                    comsvcs.dll

                    es.dll

                    dmserver.dll - Company name was Microsoft Corp. instead of Microsoft Corporation like the rest of them.

                    NCObjAPI.dll

                     

                    uploaded each one separately to the site you pointed to and all of them gave a result of 0/41 (o.oo%). Does that mean that they were safe?

                     

                    Thanks and looking forward to hearing back.

                    • 7. Re: RE: FakeAlert-DZ

                      More than likely they are not malicous. I went back and read through the original post and notice you say the detection occurs when browsing the web. We may need to launch your browser and look at the svchost processes again and also the browser's process as well.

                       

                      Just to confirm, you are still getting detections if you launch your browser correct?

                      Does it matter which browser?

                       

                      There may be a BHO involved here as well.

                       

                      Download IceSword (link below) and you will see a section for BHO. See if there are any suspicous BHO's shown. Delete the BHO's and then see if the detection still occurs. Make sure browsers are closed before deleting the BHO.

                       

                      ftp://custftp2.nai.com/outgoing/rstevens/icesword.zip

                      • 8. Re: RE: FakeAlert-DZ

                        Actually its starts as soon as I start any application that needs an internet connection. As long as I am not connected, the detection/deletion does not happen.

                        I have run icesword, and nothing out of the ordinary on there. Have only 4 entries, three for acrobat related products and one for snagit which I use for editing.

                        Also have gone through a lot more dll's on the process explorer and checked some processes which run right before the tmp file is created. unfortunately, all the dll's which I looked up returned with either 0/40 or 0/41. This is getting challenging by the minute. Do let me know what other options we have.

                         

                        Thanks again for all your help and patience.

                        • 9. Re: RE: FakeAlert-DZ

                          hi Ron, I just thought I will paste the Hijackthis log in case that might help. Please do let me know if there is anything else we can do.

                           

                          Logfile of Trend Micro HijackThis v2.0.2

                          Scan saved at 9:19:32 AM, on 11/7/2009

                          Platform: Windows XP SP3 (WinNT 5.01.2600)

                          MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

                          Boot mode: Normal

                           

                          Running processes:

                          C:\WINDOWS\System32\smss.exe

                          C:\WINDOWS\system32\csrss.exe

                          C:\WINDOWS\system32\winlogon.exe

                          C:\WINDOWS\system32\services.exe

                          C:\WINDOWS\system32\lsass.exe

                          C:\WINDOWS\system32\DTS.exe

                          C:\WINDOWS\system32\ibmpmsvc.exe

                          C:\WINDOWS\system32\AtService.exe

                          C:\WINDOWS\system32\Ati2evxx.exe

                          C:\WINDOWS\system32\svchost.exe

                          C:\WINDOWS\system32\svchost.exe

                          C:\WINDOWS\System32\svchost.exe

                          C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

                          C:\WINDOWS\system32\svchost.exe

                          C:\WINDOWS\system32\svchost.exe

                          C:\WINDOWS\system32\spoolsv.exe

                          C:\WINDOWS\system32\Ati2evxx.exe

                          C:\Program Files\GuardianEdge Technologies\EP Hard Disk\User\EPHDManager.exe

                          C:\WINDOWS\system32\svchost.exe

                          C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

                          C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe

                          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

                          C:\Program Files\Bonjour\mDNSResponder.exe

                          C:\WINDOWS\system32\svchost.exe

                          C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

                          C:\Program Files\Intel\WiFi\bin\EvtEng.exe

                          c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

                          C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

                          C:\Program Files\Intel\AMT\LMS.exe

                          C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

                          C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

                          C:\Program Files\McAfee\Common Framework\FrameworkService.exe

                          C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

                          C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

                          C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

                          C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

                          C:\WINDOWS\system32\svchost.exe

                          C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

                          C:\WINDOWS\System32\TPHDEXLG.exe

                          C:\WINDOWS\system32\TpKmpSVC.exe

                          C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

                          C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

                          C:\Program Files\PC Guardian\Encryption Plus Management Console Client\WebClientSrv.exe

                          C:\WINDOWS\system32\CCM\CcmExec.exe

                          C:\Program Files\Lenovo\System Update\SUService.exe

                          C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

                          C:\WINDOWS\system32\wbem\wmiprvse.exe

                          C:\WINDOWS\Explorer.EXE

                          C:\WINDOWS\system32\wbem\wmiprvse.exe

                          C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

                          C:\WINDOWS\System32\alg.exe

                          C:\WINDOWS\system32\wbem\wmiprvse.exe

                          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

                          C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

                          C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

                          C:\WINDOWS\system32\TpShocks.exe

                          C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

                          C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

                          C:\WINDOWS\system32\rundll32.exe

                          C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

                          C:\Program Files\GuardianEdge Technologies\EP Hard Disk\User\LaunchEPHD.exe

                          C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe

                          C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

                          C:\Program Files\McAfee\Common Framework\udaterui.exe

                          C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

                          C:\Program Files\Digital Line Detect\DLG.exe

                          C:\Program Files\RotateImage\RCIMGDIR.exe

                          C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

                          C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

                          C:\Program Files\McAfee\Common Framework\McTray.exe

                          C:\WINDOWS\system32\wbem\wmiprvse.exe

                          C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

                          C:\Documents and Settings\msahay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

                          C:\Documents and Settings\msahay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

                          C:\Documents and Settings\msahay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          C:\WINDOWS\system32\NOTEPAD.EXE

                           

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://inside.corp.adobe.com

                          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=LOOK-WARNTY#sw

                          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

                          O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll

                          O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

                          O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

                          O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

                          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

                          O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll

                          O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

                          O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

                          O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

                          O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

                          O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

                          O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

                          O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

                          O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

                          O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

                          O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

                          O4 - HKLM\..\Run: [EPHD User] "C:\Program Files\GuardianEdge Technologies\EP Hard Disk\User\LaunchEPHD.exe"

                          O4 - HKLM\..\Run: [AgentUiRunKey] "C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/

                          O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

                          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

                          O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

                          O4 - Global Startup: Bluetooth.lnk = ?

                          O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

                          O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

                          O4 - Global Startup: RCIMGDIR.exe.lnk = ?

                          O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

                          O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

                          O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

                          O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

                          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

                          O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

                          O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll

                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll

                          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

                          O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

                          O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

                          O15 - Trusted Zone: *.adobe.com

                          O15 - Trusted Zone: *.macromedia.com

                          O16 - DPF: {5328061E-6A43-4CA6-A4B9-13EB98922070} (IN_DB 80 Control) - https://infrav8app-prd.corp.adobe.com/infraprd/INFRA_CONTROLS80.CAB

                          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1257278618417

                          O16 - DPF: {8E8583EF-A32D-48CC-96D5-0B8EBA600E7A} (Infra wrapper 80) - https://infrav8app-prd.corp.adobe.com/infraprd/in_wrapper80.CAB

                          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = can.adobe.com

                          O17 - HKLM\Software\..\Telephony: DomainName = can.adobe.com

                          O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = can.adobe.com

                          O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = can.adobe.com,corp.adobe.com,sea.adobe.com,eur.adobe.com,pac.adobe.com,macromed ia.com, corp.adobe.com

                          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = can.adobe.com,corp.adobe.com,sea.adobe.com,eur.adobe.com,pac.adobe.com,macromed ia.com, corp.adobe.com

                          O20 - AppInit_DLLs: acaptuser32.dll zepuwuvi.dll c:\windows\system32\vulademu.dll

                          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

                          O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll

                          O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe

                          O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe

                          O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

                          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

                          O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe

                          O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

                          O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

                          O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

                          O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe

                          O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe

                          O23 - Service: EPHDManager - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge Technologies\EP Hard Disk\User\EPHDManager.exe

                          O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

                          O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe

                          O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

                          O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

                          O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

                          O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

                          O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

                          O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

                          O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

                          O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

                          O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

                          O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

                          O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

                          O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

                          O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

                          O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

                          O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

                          O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

                          O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)

                          O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

                          O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe

                          O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

                          O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

                          O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

                          O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

                          O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

                          O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

                          O23 - Service: WebClientSrv - PC Guardian Technologies, Inc. - C:\Program Files\PC Guardian\Encryption Plus Management Console Client\WebClientSrv.exe

                           

                          --

                          End of file - 15245 bytes

                          1 2 Previous Next