Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer slow + Google redirects + windows opening on their own

Started by Leo2012 , Jan 20 2012 10:00 PM

  • Please log in to reply

#46
Leo2012
Posted 31 January 2012 - 06:29 AM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1bfbfb5353a6384c8ea6cf132b9f40b9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-31 07:00:28
# local_time=2012-01-31 02:00:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1131566 1131566 0 0
# compatibility_mode=768 16777215 100 0 36044932 36044932 0 0
# compatibility_mode=1792 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=317637
# found=1
# cleaned=1
# scan_time=20301
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP689\A0523324.old a variant of Win32/Rootkit.Kryptik.HQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Attached Thumbnails

  • Messages - Jan 31.JPG

  • 0

Advertisements

#47
Cookiegal
Posted 31 January 2012 - 08:23 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
I don't understand the second Avira alert. Where are these 27 viruses supposedly located?

The first one is just in system restore and is not a threat unless you restore to an earlier date. We will flush the restore points when we're finished.
  • 0

#48
Leo2012
Posted 31 January 2012 - 07:17 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I don't understand Avira alert either. What's the next step? Many thanks for your help and patience.
  • 0

#49
Cookiegal
Posted 31 January 2012 - 08:25 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Avira should have a log. Please check it and see what it detected.
  • 0

#50
Leo2012
Posted 31 January 2012 - 09:18 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Avira Free Antivirus
Report file date: Tuesday, January 31, 2012 07:23

Scanning for 3339783 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : LENOVO-D4F96F23

Version information:
BUILD.DAT : 12.0.0.872 41826 Bytes 12/15/2011 17:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 1/27/2012 02:56:16
AVSCAN.DLL : 12.1.0.17 54224 Bytes 9/23/2011 18:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 9/23/2011 17:55:16
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 1/26/2012 02:58:22
AVREG.DLL : 12.1.0.27 227536 Bytes 1/26/2012 02:58:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 01:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 02:56:38
VBASE003.VDF : 7.11.19.171 2048 Bytes 12/20/2011 02:56:39
VBASE004.VDF : 7.11.19.172 2048 Bytes 12/20/2011 02:56:40
VBASE005.VDF : 7.11.19.173 2048 Bytes 12/20/2011 02:56:40
VBASE006.VDF : 7.11.19.174 2048 Bytes 12/20/2011 02:56:41
VBASE007.VDF : 7.11.19.175 2048 Bytes 12/20/2011 02:56:41
VBASE008.VDF : 7.11.19.176 2048 Bytes 12/20/2011 02:56:41
VBASE009.VDF : 7.11.19.177 2048 Bytes 12/20/2011 02:56:42
VBASE010.VDF : 7.11.19.178 2048 Bytes 12/20/2011 02:56:42
VBASE011.VDF : 7.11.19.179 2048 Bytes 12/20/2011 02:56:43
VBASE012.VDF : 7.11.19.180 2048 Bytes 12/20/2011 02:56:43
VBASE013.VDF : 7.11.19.217 182784 Bytes 12/22/2011 02:56:46
VBASE014.VDF : 7.11.19.255 148480 Bytes 12/24/2011 02:56:48
VBASE015.VDF : 7.11.20.29 164352 Bytes 12/27/2011 02:56:51
VBASE016.VDF : 7.11.20.70 180224 Bytes 12/29/2011 02:56:53
VBASE017.VDF : 7.11.20.102 240640 Bytes 1/2/2012 02:56:56
VBASE018.VDF : 7.11.20.139 164864 Bytes 1/4/2012 02:56:58
VBASE019.VDF : 7.11.20.178 167424 Bytes 1/6/2012 02:57:00
VBASE020.VDF : 7.11.20.207 230400 Bytes 1/10/2012 02:57:02
VBASE021.VDF : 7.11.20.236 150528 Bytes 1/11/2012 02:57:04
VBASE022.VDF : 7.11.21.13 135168 Bytes 1/13/2012 02:57:06
VBASE023.VDF : 7.11.21.40 163840 Bytes 1/16/2012 02:57:09
VBASE024.VDF : 7.11.21.65 1001472 Bytes 1/17/2012 02:57:19
VBASE025.VDF : 7.11.21.98 487424 Bytes 1/19/2012 02:57:24
VBASE026.VDF : 7.11.21.156 1010688 Bytes 1/25/2012 02:57:34
VBASE027.VDF : 7.11.21.176 600576 Bytes 1/26/2012 02:56:14
VBASE028.VDF : 7.11.21.201 172544 Bytes 1/29/2012 02:53:42
VBASE029.VDF : 7.11.21.202 2048 Bytes 1/29/2012 02:53:42
VBASE030.VDF : 7.11.21.203 2048 Bytes 1/29/2012 02:53:43
VBASE031.VDF : 7.11.21.216 205824 Bytes 1/30/2012 02:54:16
Engineversion : 8.2.8.44
AEVDF.DLL : 8.1.2.2 106868 Bytes 1/26/2012 02:58:14
AESCRIPT.DLL : 8.1.4.2 434553 Bytes 1/27/2012 02:56:15
AESCN.DLL : 8.1.8.2 131444 Bytes 1/27/2012 02:56:15
AESBX.DLL : 8.2.4.5 434549 Bytes 1/26/2012 02:58:18
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 04:16:06
AEPACK.DLL : 8.2.16.2 799095 Bytes 1/27/2012 02:56:15
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 1/26/2012 02:58:05
AEHEUR.DLL : 8.1.3.23 4333943 Bytes 1/27/2012 02:56:15
AEHELP.DLL : 8.1.19.0 254327 Bytes 1/26/2012 02:57:44
AEGEN.DLL : 8.1.5.18 409973 Bytes 1/27/2012 02:56:14
AEEMU.DLL : 8.1.3.0 393589 Bytes 9/2/2011 04:46:01
AECORE.DLL : 8.1.25.3 201079 Bytes 1/27/2012 02:56:14
AEBB.DLL : 8.1.1.0 53618 Bytes 9/2/2011 04:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 9/23/2011 17:13:18
AVPREF.DLL : 12.1.0.17 51920 Bytes 9/23/2011 16:53:57
AVREP.DLL : 12.1.0.17 179408 Bytes 9/23/2011 16:55:01
AVARKT.DLL : 12.1.0.19 208848 Bytes 1/27/2012 02:56:15
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 9/23/2011 16:34:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 9/16/2011 07:05:58
AVSMTP.DLL : 12.1.0.17 62928 Bytes 9/23/2011 17:03:47
NETNT.DLL : 12.1.0.17 17104 Bytes 9/23/2011 17:58:06
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 9/23/2011 18:37:25
RCTEXT.DLL : 12.1.1.16 96208 Bytes 1/27/2012 02:56:14

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4f272e63\guard_slideup.avp
Logging.............................: default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Tuesday, January 31, 2012 07:23

The scan of running processes will be started
Scan process 'avwsc.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'mspaint.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'BrYNSvc.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'suservice.exe' - '1' Module(s) have been scanned
Scan process 'tbhDaemon.exe' - '1' Module(s) have been scanned
Scan process 'tvtsched.exe' - '1' Module(s) have been scanned
Scan process 'tvt_reg_monitor_svc.exe' - '1' Module(s) have been scanned
Scan process 'tbhMonitor.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'scheduler_proxy.exe' - '1' Module(s) have been scanned
Scan process 'Updater.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'BrStMonW.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'tbhSystray.exe' - '1' Module(s) have been scanned
Scan process 'Acrotray.exe' - '1' Module(s) have been scanned
Scan process 'PManage.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'Energy Management.exe' - '1' Module(s) have been scanned
Scan process 'utility.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'DVMExportService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP672\A0431752.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP672\A0431752.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c017c9e.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP675\A0438838.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP675\A0438838.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '54965339.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP675\A0439922.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP675\A0439922.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '06c909d2.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP676\A0443706.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP676\A0443706.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '60fe4610.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP676\A0444084.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP676\A0444084.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '257a6b2e.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP676\A0444816.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP676\A0444816.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5a61594f.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP680\A0450805.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP680\A0450805.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '16d97504.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP680\A0451208.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP680\A0451208.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6ac13554.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0452926.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0452926.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '479b1a19.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0453679.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0453679.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5ef32183.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0455480.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0455480.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '32af0dbc.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0455867.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0455867.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '43163429.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0459856.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0459856.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d0c04ee.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0460617.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0460617.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '08257dac.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0462801.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0462801.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '012e7906.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0467868.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0467868.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '596f606f.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0470868.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0470868.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '759b19a0.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0475563.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0475563.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b65797a.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0477563.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0477563.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '286b5209.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0479563.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0479563.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0ea31215.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0480563.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP681\A0480563.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3c3769b0.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP682\A0482782.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP682\A0482782.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '367242c9.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP683\A0483565.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP683\A0483565.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0921268c.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP683\A0514125.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP683\A0514125.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '770a2aaa.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP683\A0514532.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP683\A0514532.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '22722e61.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP683\A0515723.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP683\A0515723.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2fe45f4a.qua'.
Begin scan in 'C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP683\A0516291.sys'
C:\System Volume Information\_restore{4CC9AF0F-9A17-4C07-8BA6-240FC5CBECFE}\RP683\A0516291.sys
[DETECTION] Is the TR/Graftor.12678.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '33b94b42.qua'.


End of the scan: Tuesday, January 31, 2012 07:24
Used time: 01:28 Minute(s)

The scan has been done completely.

0 Scanned directories
88 Files were scanned
27 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
27 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
61 Files not concerned
0 Archives were scanned
0 Warnings
27 Notes
  • 0

#51
Cookiegal
Posted 31 January 2012 - 09:23 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
OK, they are all in system restore and that's normal after infection. They are not a threat and we will be flushing out the restore points when we're done.

How are things with the system now?
  • 0

#52
Leo2012
Posted 31 January 2012 - 09:39 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
-The system is still slow. I got a couple of those "unresponsive scripts" messages today.
-It takes about 10-15 min to start my computer and be able to use the internet.
-Is it safe to transfer my personal files to another computer by saving them on a USB flash drive? Or will that transfer malwares to another computer?

Thanks again for all your help!
  • 0

#53
Cookiegal
Posted 01 February 2012 - 09:38 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Generally it's fine to transfer documents or photos but it's preferable to reinstall programs using their original media, if you're thinking of a reformat.

There are a few things that should be uninstalled so please do the following and then I'll post further instructions:

Please go here to download HijackThis.
  • To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.exe file to your desktop.
  • Double-click the HijackThis.exe file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
  • Click on the Scan button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
  • Click on the Save log button and save the log file to your desktop. Copy and paste the contents of the log in your post.
Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.


Also, please do this:

Open HijackThis and click on the Open Misc Tools section button. Click on the Open Uninstall Manager button. Click the Save List button. Save the list then copy and paste it here.
  • 0

#54
Leo2012
Posted 01 February 2012 - 07:16 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:05 PM, on 2/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: PicNotify - PicNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 12436 bytes


Adobe Acrobat 7.1.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
Avira Free Antivirus
Bing Bar
BitTorrent
Bonjour
Broadcom Gigabit Integrated Controller
Broadcom WLAN
Browser Highlighter - Firefox
Energy Management
ESET Online Scanner v3
HiJackThis
HL-2270DW
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel® Graphics Media Accelerator Driver
iTunes
Java™ 6 Update 26
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo Quick Start
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 9.0.1 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
PC-Doctor 5 for Windows
QuickTime
Rapport
Rapport
Realtek Card Reader
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skype™ 4.2
Synaptics Pointing Device Driver
System Update
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VeriFace III
VLC media player 1.1.11
Wallpapers
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
  • 0

#55
Cookiegal
Posted 02 February 2012 - 08:02 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Go to Control Panel - Add or Remove Programs and unintsall:

Ask Toolbar

I also recommend uninstalling BitTorrent.

There are several items running at startup that are not necessary (the O4 items in the HijackThis log. You can research them at these sites and if they aren’t required at start-up then you can uncheck them in msconfig via Start - Run - type msconfig click OK and then click on the start-up tab.

http://www.systemloo...ists.php?list=2
http://www.bleepingc...r.com/startups/


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 30.
  • Select the option to download the Windows 7, XP Offline version
  • Save the executable file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment, JRE, J2SE or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download and follow the prompts to install the newest version.


After doing all of the above, please post a new HijackThis log.
  • 0

Advertisements

#56
Leo2012
Posted 02 February 2012 - 08:10 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hey, I removed BitTorrent but Ask Toolbar does not show in "Add or Remove programs"... Is there another way to remove it?
  • 0

#57
Cookiegal
Posted 03 February 2012 - 05:31 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Please run SystemLook with the following script:

:regfind
ask

  • 0

#58
Leo2012
Posted 03 February 2012 - 07:14 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Thanks again :) I ran SystemLook with that script several times but it kept on crashing. Anyway, I removed older JAVA versions and reinstalled it.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:08:56 PM, on 2/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Ask.com\Updater\Updater.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: PicNotify - PicNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 11974 bytes
  • 0

#59
Cookiegal
Posted 03 February 2012 - 08:21 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Please go to Start - Run - type in eventvwr.msc to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.
  • 0

#60
Leo2012
Posted 03 February 2012 - 10:06 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 2/3/2012
Time: 6:51:28 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
Faulting application systemlook.exe, version 0.0.0.0, faulting module systemlook.exe, version 0.0.0.0, fault address 0x00008cc3.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 79 73 ure sys
0018: 74 65 6d 6c 6f 6f 6b 2e temlook.
0020: 65 78 65 20 30 2e 30 2e exe 0.0.
0028: 30 2e 30 20 69 6e 20 73 0.0 in s
0030: 79 73 74 65 6d 6c 6f 6f ystemloo
0038: 6b 2e 65 78 65 20 30 2e k.exe 0.
0040: 30 2e 30 2e 30 20 61 74 0.0.0 at
0048: 20 6f 66 66 73 65 74 20 offset
0050: 30 30 30 30 38 63 63 33 00008cc3
0058: 0d 0a ..


Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 2/3/2012
Time: 6:50:07 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
Faulting application systemlook.exe, version 0.0.0.0, faulting module systemlook.exe, version 0.0.0.0, fault address 0x00008cc3.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 79 73 ure sys
0018: 74 65 6d 6c 6f 6f 6b 2e temlook.
0020: 65 78 65 20 30 2e 30 2e exe 0.0.
0028: 30 2e 30 20 69 6e 20 73 0.0 in s
0030: 79 73 74 65 6d 6c 6f 6f ystemloo
0038: 6b 2e 65 78 65 20 30 2e k.exe 0.
0040: 30 2e 30 2e 30 20 61 74 0.0.0 at
0048: 20 6f 66 66 73 65 74 20 offset
0050: 30 30 30 30 38 63 63 33 00008cc3
0058: 0d 0a ..


Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 1/30/2012
Time: 8:07:21 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.


For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:55 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:54 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:54 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:54 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:54 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:54 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:54 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:53 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:50 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:49 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:49 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/3/2012
Time: 7:12:48 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 2/3/2012
Time: 5:49:37 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 2/3/2012
Time: 5:45:07 PM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The SQL Server VSS Writer service hung on starting.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 2/2/2012
Time: 8:26:54 PM
User: NT AUTHORITY\SYSTEM
Computer: LENOVO-D4F96F23
Description:
DCOM got error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/2/2012
Time: 7:25:43 AM
User: N/A
Computer: LENOVO-D4F96F23
Description:
The Windows Installer service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP