Need Help! All downloads give .part file - cannot install MWAB, HJT, ComboFix etc.

HuxleysChair · February 12, 2009

I followed initial instruction from AdvancedSetup regarding installation of MWB and then AntiVir - all end up as an empty exe and .part file....

I use XP Pro and believe I have a nasty bug that I caught as I was setting up a new drive. I ran Trojan Remover, which found many- they were removed, now it runs clean. I was able to install Spybot, which removed 20 more entries, one for a "Remote Access Trojan". But I cannot download any AV software, sometimes being redirected. When I d/l malwarebytes I get an empty exe file along with a part file - useless. I tried the suggestion to disable in Non-Plug-n-Play drivers the TDSSServ but I do not have it. I disabled TDS MAPI as a guess and rebooted. I tried saving the malware bytes setup exe as a different name but it would not open. Also, I cannot open any installers on the network, which has never been a problem - I get permission errors. Looked to reset permissions w/ admin account but no luck. I downloaded Hijack this, and some other free AV software to try, but none of the installers will open, I get a 'not a Win32 app' error.

Safe Mode didn't yield success in terms of additional downloadability/installations or progress.

I also tried to download spyware doctor but also get the .part file, so the exe file is useless.

Also tried to d/l the experimental Kaspersky A/V Firefox add-on but I get an error upon installation

I have never encountered such a nasty bug. Any help would be appreciated. After seeing the 'remote access' trojan I am almost paranoid... After all of this, I just started using the Firefox addon 'key scrambler' to avert possible keyloggers.

IBM Thinkpad t42

________________________________________

After the above post, I found Norton AV 2004 on the service stripe and was able to initiate installation. On reboot, when trying to update/scan, it stalls - remained that way for 8 hours. Rebooting yielded the same.

Impass,

Thank You.

HuxleysChair · February 12, 2009

I followed initial instruction from AdvancedSetup regarding installation of MWB and then AntiVir - all end up as an empty exe and .part file....
I use XP Pro and believe I have a nasty bug that I caught as I was setting up a new drive. I ran Trojan Remover, which found many- they were removed, now it runs clean. I was able to install Spybot, which removed 20 more entries, one for a "Remote Access Trojan". But I cannot download any AV software, sometimes being redirected. When I d/l malwarebytes I get an empty exe file along with a part file - useless. I tried the suggestion to disable in Non-Plug-n-Play drivers the TDSSServ but I do not have it. I disabled TDS MAPI as a guess and rebooted. I tried saving the malware bytes setup exe as a different name but it would not open. Also, I cannot open any installers on the network, which has never been a problem - I get permission errors. Looked to reset permissions w/ admin account but no luck. I downloaded Hijack this, and some other free AV software to try, but none of the installers will open, I get a 'not a Win32 app' error.
Safe Mode didn't yield success in terms of additional downloadability/installations or progress.
I also tried to download spyware doctor but also get the .part file, so the exe file is useless.
Also tried to d/l the experimental Kaspersky A/V Firefox add-on but I get an error upon installation
I have never encountered such a nasty bug. Any help would be appreciated. After seeing the 'remote access' trojan I am almost paranoid... After all of this, I just started using the Firefox addon 'key scrambler' to avert possible keyloggers.
IBM Thinkpad t42
________________________________________
After the above post, I found Norton AV 2004 on the service stripe and was able to initiate installation. On reboot, when trying to update/scan, it stalls - remained that way for 8 hours. Rebooting yielded the same.
Impass,
Thank You.

MAY NOT BE RELATED: Also, whenever I reboot/shutdown, the system hangs every time with an End Now window for "CertToolHiddenWindow", perhaps related to certtool.exe in the background. (I read that this is involved in Thinkpad security/fingerprint reader, but is also sometimes a hidden spoofed trojan/virus). A search finds certtool.exe in c:/program files/IBM/Security)

HuxleysChair · February 12, 2009

MAY NOT BE RELATED: Also, whenever I reboot/shutdown, the system hangs every time with an End Now window for "CertToolHiddenWindow", perhaps related to certtool.exe in the background. (I read that this is involved in Thinkpad security/fingerprint reader, but is also sometimes a hidden spoofed trojan/virus). A search finds certtool.exe in c:/program files/IBM/Security)

Update:

Using Trojan remover I scanned a file, the AVG download file obtained from 3rd party. TR said it was a virus, it was renamed and removed. Rebooting led to no network connectivy - the whole network went down. Reset router and modem, no access. Repeat, no access. Repair connection, no access. Could not access router. Reboot, repair, disable ;files and printer sharing', repair, got connectivity.

So um, why so many responses to the average post but none to mine? Too wordy, too difficult, too confusing, poor username selection?

Should I try ComboFix? (I suspect it will load into a .part file or give a 'not Win32 app' error.

HuxleysChair · February 12, 2009

Hi. I need help removing a virus / malware / trojans. I have searched these forums but see no resemblance to my problem.

Windows XP SP2 / IBM Thinkpad T42

MWAB download into an empty .exe and .part file.

Tried to download multiple AV software, Hijack This - I either get redirected, prevented, or the files download as above - an empty exe file and a part file - neither will run. Same for Hijack This, same for Kaspersky Firefox addon (hash error).

Was able to d/l Spybot, which found multiple trojans, including 'remote access' trojan.

Tried to access installers across network from backup machine. First, nothing would open: all errors say 'not a Win32 app' or that I do not have permission (despite admin acct). Next, lost all network connectivity after reboot.

Was able to install and run Trojan Remover, which found many. I used features to reset Explorer HOSTS file, etc. After reboot, scan is clean. I scanned a suspect software installer (3rd party AVG software) and Trojan Remover said it was a trojan. The file was renamed. The file was then deleted with Trojan Remover. After that -> (Next entry)

Lost Network connectivity (still have internet, but each reboot required repair of connection). In repairing, tried to connect to Google & observed in status bar the address: zfsearch.com

On every shutdown I get an 'End Now' box for 'CertToolHiddenWindow. Hangs every time.

Tried to rename downloaded installers - no use with .part files present. = 'not Win32 app' errors.

Summary to now: Spybot, Trojan Remover and Adaware are the only programs for fighting back. All other downloads give the .part file, so cannot install.

Tried to d/l ComboFix to desktop but give the .part file. Won't run.

Booted to Safe Mode: Could not run or rename any of the empty exe files (HJT, MWAB, etc). With the ComboFix.exe.part file, I removed the '.part. portion and the ComboFix icon appeared. will not open, error message says it is corrupt.

Safe Mode: Successfully downloaded HijackThis installer. Both before and after renaming it, I get the 'not a Win32 app' error.

Safe Mode: Renamed the AVG .part file by removing '.part'. Appropriate icon appeared. Tried to open but got a 'file is corrupt' error. All 0 byte exe files still gives 'not Win32' errors.

I was able to install 'reg analyzer' and 'run analyzer'.

I'm completely lost on what to do if I cannot install anything. Please help. Thanks Kindly!

AdvancedSetup · February 13, 2009

Please download and burn this from another working PC at home, or a friend, or at work as needed.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

Download the
Avira AntiVir Rescue System
from
here
Place a blank CD in your burner and double-click on the downloaded file.
The program will automatically burn the CD for you.
Place the burned CD into the affected computer and start the computer from this CD.
On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
Click on the
Configuration
button.
- Select
  Scan all files
- Select
  Try to repair infected files
  and
  Rename files, if they cannot be removed
- Select
  Scan for dialers
- Select
  Scan for joke programs (Jokes)
- Select
  Scan for games
- Select
  Scan for spyware (SPR)
[*]
Click on
Virus scanner
[*]
Click on
Start scanner
at the bottom of the screen
[*]
Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Screen resolution problems

Please see the post

here

if you're unable to view the entire screen of Avira.

HuxleysChair · February 14, 2009

AdvanceSetup, If you are only one man or woman, you are amazing. If you are being paid, you deserve a huge raise for helping so many! I followed your directions, and then went on trying to cleanup as much as possible before reposting, hopefully eliminating the easy-to-eliminate, leaving behind better focus for your expertise.

*Using the AntiVir RescueCD resolved some problems - 20 ALERTS and 116 Warnings. *Future Users: The progress bars never left 0%, AntiVir RescueCD appears to stall on XP - don't shut it down, just wait.

After your post, but before following it, I lost the whole network and all USB ports. I connected directly to the modem to find that my IP address was WAY OFF - not even close - it appeared spoofed and that freaked me out. I also observed redirects to fzsearch.com (zfsearch.com?) and to google-analytics.com. **NOTE: I was able to get around redirects to download AV installers by using anonymouse.org.**

After running the RESCUE CD I was FINALLY able to reboot and install MWAB, HJT and AntiVir Antivirus. I ran through updates and multiple iterations of: MWAB, AntiVir, Spybot, Adaware, Trojan Remover. Each one found multiple trojans/ads.

Questions:

What is the proper AntiVir setting for handling trojans/viruses. Should I chose "repair", "delete" or "quarantine" as the primary action? Secondary?

I accidentally installed SQL Engine (don't ask) and can't find an uninstall file.

After updating today (2/14/2009) I ran AntiVir and Malwarbytes. Everything reports CLEAR, but at this point I don't believe it. I want to complete this and do it right! Let me know a PayPal address and I'll send you a tip for being so dedicated to helping.

Here is the current HJT Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:50:18 AM, on 2/14/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\IBM\Security\uvmserv.exe

C:\WINDOWS\System32\ibmsmbus.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\lenovo\system update\suservice.exe

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\IBM\Security\certtool.exe

C:\Program Files\IBM\Password Manager\pwmgr.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [iSS_Certtool] C:\Program Files\IBM\Security\certtool.exe

O4 - HKLM\..\Run: [iBM_PWMGR] C:\Program Files\IBM\Password Manager\pwmgr.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234331711155

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Intel

HuxleysChair · February 14, 2009

* Looking at the HJT log, I see Google Updater running. I "uninstalled" this days ago. Is it real, how do I kill it. In fact, is there a FAQ about how to manually unregister things like this? I know messing with the registry can wreak havoc, but I can learn this valuable knowledge on a sacrifice computer - I want to learn.

AdvancedSetup · February 15, 2009

Thank you very much for the kind words. Yes, just one person. Not paid to do it, just a volunteer as many others.

SQL = Well it would depend on what version and flavor. Many don't have an uninstaller, but if you Google search around you should be able to find directions for removal. Though some flavors of MS Office and Tools might put it there as well.

Well experience comes from research and trying things and fixing them. Again Google search (there was no such method when I started) and a PC like a virtual system would be an excellent way to learn. Take a look at Virtual Box or MS Virtual PC 2007 http://www.virtualbox.org/

As for your current system, please run Combofix so that I can take a deeper look at what's going on with the system.

Please visit this webpage for instructions for downloading ComboFix to your

DESKTOP

:

how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run

ComboFix.exe

on your DESKTOP and not from any other folder.

Also,

DO NOT

click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

ComboFix.exe

Note:

The

Windows Recovery Console

will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click
Yes
to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please post the
C:\ComboFix.txt
along with a
new HijackThis log
so we may continue cleaning the system.

HuxleysChair · February 15, 2009

Ugh! On my way to download ComboFix I saw 'www.fzsearch.com' flash in the lower display. When I tried to download, the old problem made itself known - files download into a .part file and exe file. I reran AntiVir Rescue CD and it found no problems (smart virus?) but 180 warnings, mainly from encrypted cab files on the service stripe. However, it claimed that the AllUsers/Application Data/Spybot/Recovery folder was encrypted and it was not. It contained about 12 quarantined files. The folder was hidden but not encrypted. I un-hid it.

Start page is being reset (Firefox).

Each time I reboot I loose the network (backup computer still connected), but recover by resetting router and network adapter. Spybot found nothing. MWAB found nothing. I used MWAB File Assassin to delete the files in the Spybot/recovery folder.

Searched the internet for info on zfsearch and it's as if information has evaporated.

Here is the current HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:02:02 AM, on 2/15/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\IBM\Security\uvmserv.exe

C:\WINDOWS\System32\ibmsmbus.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\IBM\Security\certtool.exe

C:\Program Files\IBM\Password Manager\pwmgr.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe