Jump to content

.exe is not a Valid Win32s application

Recommended Posts

I cannot install an instant messaging program on my work computer. I continue to get "QQ.exe is not a valid Win32s application". The install file is original and tried several times - works at home. I ran Malwarebytes and nothing came up. I have double clicked the dds script but nothing happened. Here is the first hijack this report.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:54:47 AM, on 10/19/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:










C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe


C:\Program Files\Juniper Networks\Common Files\dsNcService.exe


C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\iPass\iPassConnect PB Remote Access\iPCAgent.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\Program Files\Nortel NetDirect Client\NetDirectService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe


c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe


C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

c:\program files\lenovo\system update\suservice.exe



C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe


C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe



C:\Program Files\McAfee\Common Framework\McTray.exe


C:\Program Files\iPass\iPassConnect PB Remote Access\downloader\ipccheck.exe

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe


C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe

C:\Documents and Settings\Childress\Local Settings\Application Data\ATT Connect\Participant\pull.exe

C:\Program Files\iPass\iPassConnect PB Remote Access\IPassConnectGUI.exe

C:\Documents and Settings\Childress\Local Settings\Application Data\ABC Imaging\ACR.Client.Windows.Bootstrap\Win32\ACR.Client.Windows.exe

C:\Program Files\iPass\iPassConnect PB Remote Access\iPassConnectEngine.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe


C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe


C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111004084304.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QPMEnroll] C:\WINDOWS\system32\QPMEnroll.exe

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe"

O4 - HKCU\..\Run: [ClearHistory] C:\Program Files\Clear History\ClearHistory.exe -hidden

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Childress\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

O4 - HKCU\..\Run: [installIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun

O4 - HKCU\..\Run: [Push Client] "C:\Documents and Settings\Childress\Local Settings\Application Data\ATT Connect\Participant\pull.exe"

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Global Startup: BootStrap.lnk = C:\Documents and Settings\All Users\Application Data\ABC Imaging\ACR.Client.Windows.Bootstrap\ACR.Client.Windows.Bootstrap.exe

O4 - Global Startup: iPassConnect.lnk = C:\Program Files\iPass\iPassConnect PB Remote Access\IPassConnectGUI.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://lenovo.live.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268832915600

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268830629453

O16 - DPF: {b5859259-c40b-4b2a-af9d-3bf0f634b1d5} (Oracle JInitiator -

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.pbwan.net

O17 - HKLM\Software\..\Telephony: DomainName = corp.pbwan.net

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.pbwan.net

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect PB Remote Access\iPassConnectEngine.exe

O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect PB Remote Access\iPCAgent.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: NetDirectService (NetDirectService) - Unknown owner - C:\Program Files\Nortel NetDirect Client\NetDirectService.exe

O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe


End of file - 19249 bytes

Link to post
Share on other sites

Hi and Welcome to Malwarebytes' Forum,

It could be that McAfee is blocking the install and perhaps this is a good thing -

FYI qq.exe is very often a threat:



What instant messaging program are you attempting to download? If you have a trusted installer from the IM Program Vendor site on your home PC, I suggest you transfer that to your work PC and run it. Work computers often have restrictions in place through group policy settings and that may explain why DDS won't run. Then again, I have seen AVs completely nip DDS in the bud, so again, McAfee must be completely disabled because it is the most likely culprit that is preventing DDS from running.

Link to post
Share on other sites

a few quick questions - are you suggesting that I find the .exe file for QQ on my home computer and send to my work compueter and trying running? I guess the assumption woud be that something is happening during the download, because it is literally teh same install file from the same website.

what exactly does the DDS do?

Link to post
Share on other sites

It is most likely not a threat. I just downloaded the installer named QQIntl1.1.exe from:


I scanned with both ESET & Malwarebytes and neither sees it as a threat. Also scanned with sigcheck and this is a digitally signed file so highly unlikely anything within it is malicious

Double-check the name of the installer to make sure it corresponds with what I got. If so, the most likely scenario is that you are being blocked on your work computer. qq.exe is probably the main chat application EXE file that is extracted from the installer and called to run when you invoke the program.

Link to post
Share on other sites

I just saw your questions here:

a few quick questions - are you suggesting that I find the .exe file for QQ on my home computer and send to my work compueter and trying running? I guess the assumption woud be that something is happening during the download, because it is literally teh same install file from the same website.

Yes, I am suggesting that you use the same installer that works at home. You probably had an incomplete or corrupt download (possbly caused by restrictions on your work computer or McAfee Blocking).

what exactly does the DDS do?

DDS, is an acronym for "doesn't do squat". DDS examines key areas of your system that malware commonly targets and then it creates a log of its findings. It was aptly named DDS (doesn't do squat) because it does not alter your system in anyway - it just reports what it sees so we can use it as an aid in troubleshooting your computer.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.