Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Many windows of IE7 started opening on their own

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Many windows of IE7 started opening on their own

Unread postby mak_20789 » December 16th, 2007, 9:53 am

Hi,
I have Vista home basic. I opened a new user account and when I logged in to it for first time and opened IE, after I closed the first window many windows started opening on theri own. Does it mean my laptop is infected?
I ran Norton security 2008 and it sways its OK. I tried to scan online with trend micro house call and I got this message.

Trend Micro can run on your system. If you want to start scanning for malware and vulnerabilitires, you need an additional houseCall Kernel.you can select relevant Kernel here.

Using Java based House Call kernel

Java support is disabled on your system or no java runtime is installed.If you want to use Java-based House call kernel, please enable or instal a Java runtime environment version 1.4 or higher.
If your runtime enviropnment is up-to-date but you are still recieving this message please close browser and open Trend Micro House call in a new window.


Now how can I be sure that I need Java 1.4 or higher?
Also please tell me if softwares like Jav and other ones update to newer versions themselves or I have to do it manually?
If I install manually, do i need to remover older one?

Can I check my system with Hijack this to be sure that my laptop software is uptodate?

Thank you.
mak_20789
Regular Member
 
Posts: 102
Joined: September 6th, 2007, 12:40 pm
Advertisement
Register to Remove

Re: Many windows of IE7 started opening on their own

Unread postby Katana » December 21st, 2007, 9:21 pm

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Let's start with a HJT log and see what is there


Click here to download HJTinstall.exe
  • Save HJTinstall.exe to your desktop.
  • Double click on the HJTinstall.exe icon on your desktop.
  • By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
  • Click I accept
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Many windows of IE7 started opening on their own

Unread postby mak_20789 » December 24th, 2007, 7:57 am

Hi katana,
thank you for the reply.
After posting, I did a complete re installation of my system and then when I created anew account the same thing happned once again, the only difference was that there were fewer windows this time. I am posting my Hijack this log here. thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:39, on 24-12-2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\EpiValley\TATA Indicom Dialer\TATA Indicom Dialer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1

\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live

Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client

Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live

Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\swtools\LenovoWelcome\LenovoOobeOffers.exe

/filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [LenovoRegistration] C:\SWTOOLS\LenovoWelcome\LenovoRegistration.exe

/inif="C:\SWSHARE\leadertech.ini"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security

Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program

Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{05775F14-26CC-48FF-B6A1-605A1E8B4EC1}: NameServer = 202.54.29.5

202.54.10.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{05775F14-26CC-48FF-B6A1-605A1E8B4EC1}: NameServer = 202.54.29.5

202.54.10.2
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program

Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program

Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common

Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security

Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and

Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and

Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 9522 bytes
mak_20789
Regular Member
 
Posts: 102
Joined: September 6th, 2007, 12:40 pm

Re: Many windows of IE7 started opening on their own

Unread postby Katana » December 24th, 2007, 8:03 am

There is no obvious malware showing,

What do the windows that open have in them ?


Deckard's System Scanner
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Many windows of IE7 started opening on their own

Unread postby mak_20789 » December 24th, 2007, 8:40 am

The IE windows that opened were totally blank.However it happened only once. When I logged in to that account just now and opened IE, this problem didn't repeat.
Also please let me know if the softwares like Java and all on my system are up to date.

Thank you.

Main.txt

Deckard's System Scanner v20071014.68
Run by Main on 2007-12-24 17:41:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2007-12-23 07:10:00 UTC - RP48 - Windows Update
6: 2007-12-21 16:37:24 UTC - RP47 - Windows Update
5: 2007-12-19 19:27:00 UTC - RP46 - Installed Symantec Technical Support Web Controls
4: 2007-12-19 15:18:42 UTC - RP45 - Windows Update
3: 2007-12-19 13:59:08 UTC - RP44 - Windows Update


-- First Restore Point --
1: 2007-12-19 12:30:44 UTC - RP42 - Device Driver Package Install: Symantec Network Service


Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 1014 MiB (1024 MiB recommended).[/color]


-- HijackThis (run as Main.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:22, on 24-12-2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Users\Main\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Main.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\swtools\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [LenovoRegistration] C:\SWTOOLS\LenovoWelcome\LenovoRegistration.exe /inif="C:\SWSHARE\leadertech.ini"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 9056 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 tvtfilter - c:\windows\system32\drivers\tvtfilter.sys <Not Verified; Lenovo; Rescue and Recovery>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
R2 PMSveH - c:\program files\lenovo\pm driver\pmsveh.exe <Not Verified; Lenovo; PMSveH>
R2 SUService (System Update) - "c:\program files\lenovo\system update\suservice.exe"
R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module>
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-24 16:56:00 252 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2007-12-19 21:26:46 544 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Main.job


-- Files created between 2007-11-24 and 2007-12-24 -----------------------------

2007-12-24 17:20:51 0 d-------- C:\Program Files\Trend Micro
2007-12-20 18:37:24 0 d--hs---- C:\Users\Guest2\Templates
2007-12-20 18:37:24 0 d--hs---- C:\Users\Guest2\Start Menu
2007-12-20 18:37:24 0 d--hs---- C:\Users\Guest2\SendTo
2007-12-20 18:37:24 0 d--hs---- C:\Users\Guest2\Recent
2007-12-20 18:37:24 0 d--hs---- C:\Users\Guest2\PrintHood
2007-12-20 18:37:24 0 d--hs---- C:\Users\Guest2\NetHood
2007-12-20 18:37:24 0 d--hs---- C:\Users\Guest2\My Documents
2007-12-20 18:37:24 0 d--hs---- C:\Users\Guest2\Local Settings
2007-12-20 18:37:24 0 d--hs---- C:\Users\Guest2\Cookies
2007-12-20 18:37:24 0 d--hs---- C:\Users\Guest2\Application Data
2007-12-20 18:37:03 0 dr------- C:\Users\Guest2\Downloads
2007-12-20 18:37:03 0 dr------- C:\Users\Guest2\Documents
2007-12-20 18:37:03 0 dr------- C:\Users\Guest2\Desktop
2007-12-20 18:37:03 0 dr------- C:\Users\Guest2\Contacts
2007-12-20 18:37:03 0 d--h----- C:\Users\Guest2\AppData
2007-12-20 18:37:02 0 dr------- C:\Users\Guest2\Videos
2007-12-20 18:37:02 0 dr------- C:\Users\Guest2\Searches
2007-12-20 18:37:02 0 dr------- C:\Users\Guest2\Saved Games
2007-12-20 18:37:02 0 dr------- C:\Users\Guest2\Pictures
2007-12-20 18:37:02 0 dr------- C:\Users\Guest2\Music
2007-12-20 18:37:02 0 dr------- C:\Users\Guest2\Links
2007-12-20 18:37:02 0 dr------- C:\Users\Guest2\Favorites
2007-12-20 18:36:55 786432 --ahs---- C:\Users\Guest2\NTUSER.DAT
2007-12-20 06:47:27 0 d-------- C:\Users\All Users\Symantec
2007-12-20 06:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-20 06:47:01 0 dr-hs---- C:\RRbackups
2007-12-20 06:41:28 0 d-------- C:\Program Files\Google
2007-12-20 06:41:23 0 d-------- C:\Program Files\Picasa2
2007-12-20 06:41:02 0 d-------- C:\Program Files\ThinkPad
2007-12-20 06:40:24 0 d-------- C:\Program Files\Diskeeper Corporation
2007-12-20 06:37:29 33536 --a------ C:\Windows\system32\drivers\tvtfilter.sys <Not Verified; Lenovo; Rescue and Recovery>
2007-12-20 06:34:53 0 d-------- C:\Windows\Downloaded Installations
2007-12-20 06:29:46 0 d-------- C:\Icons
2007-12-20 06:25:36 82432 --a------ C:\Windows\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-12-20 06:25:36 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-12-20 06:25:29 0 d-------- C:\Users\All Users\Lenovo
2007-12-20 06:25:27 0 d-------- C:\Program Files\ThinkVantage
2007-12-20 06:24:36 0 d-------- C:\Program Files\Java
2007-12-20 06:24:36 0 d-------- C:\Program Files\Common Files\Java
2007-12-20 06:24:22 0 d-------- C:\Windows\system32\Macromed
2007-12-20 06:23:28 0 d-------- C:\Program Files\PCDR5
2007-12-20 06:23:25 0 d-------- C:\Program Files\Lenovo Registration
2007-12-20 06:23:12 0 d-------- C:\Windows\system32\(null)
2007-12-20 06:22:37 0 d-------- C:\Program Files\Common Files\Lenovo
2007-12-20 06:21:38 0 d-------- C:\SWSHARE
2007-12-20 06:16:32 0 d-------- C:\Windows\system32\Lang
2007-12-20 06:16:31 385024 --a------ C:\Windows\system32\igxpun.exe <Not Verified; Intel(R) Corporation; Intel(R) Graphics Media Accelerator Driver>
2007-12-20 06:16:31 0 d-------- C:\Intel
2007-12-20 06:15:11 0 d-------- C:\Windows\Options
2007-12-20 06:15:07 176 --a------ C:\Windows\system32\drivers\RTHDAEQ2.dat
2007-12-20 06:15:07 176 --a------ C:\Windows\system32\drivers\RTHDAEQ1.dat
2007-12-20 06:15:07 176 --a------ C:\Windows\system32\drivers\RTHDAEQ0.dat
2007-12-20 06:14:55 0 d-------- C:\Windows\system32\RTCOM
2007-12-20 06:14:24 0 d-------- C:\Program Files\Realtek
2007-12-20 06:14:11 499712 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-12-20 06:12:46 0 d-------- C:\Program Files\Synaptics
2007-12-20 06:11:41 0 d-------- C:\Program Files\Common Files\snp2std
2007-12-20 06:09:46 0 d--hs---- C:\Windows\Installer
2007-12-20 06:09:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-20 06:08:48 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-20 06:08:03 0 d-------- C:\Program Files\Lenovo
2007-12-20 06:05:22 0 d-------- C:\Windows\SoftwareDistribution
2007-12-20 06:04:44 12 --a------ C:\Windows\bthservsdp.dat
2007-12-20 06:00:18 0 d-------- C:\Windows\Users
2007-12-20 06:00:00 478 --a------ C:\Windows\CLNDR.CMD
2007-12-20 06:00:00 0 d-------- C:\DRIVERS
2007-12-20 05:55:15 0 d--hs---- C:\System Volume Information
2007-12-19 20:53:07 0 d-------- C:\Program Files\MSXML 4.0
2007-12-19 19:15:12 0 d-------- C:\Program Files\EpiValley
2007-12-19 18:01:46 0 d-------- C:\Program Files\Norton Internet Security
2007-12-19 18:00:00 0 d-------- C:\Program Files\Symantec
2007-12-19 17:38:24 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-19 17:38:19 0 d--hs---- C:\Users\Main\Templates
2007-12-19 17:38:19 0 d--hs---- C:\Users\Main\Start Menu
2007-12-19 17:38:19 0 d--hs---- C:\Users\Main\SendTo
2007-12-19 17:38:19 0 d--hs---- C:\Users\Main\Recent
2007-12-19 17:38:19 0 d--hs---- C:\Users\Main\PrintHood
2007-12-19 17:38:19 0 d--hs---- C:\Users\Main\NetHood
2007-12-19 17:38:19 0 d--hs---- C:\Users\Main\My Documents
2007-12-19 17:38:19 0 d--hs---- C:\Users\Main\Local Settings
2007-12-19 17:38:19 0 d--hs---- C:\Users\Main\Cookies
2007-12-19 17:38:19 0 d--hs---- C:\Users\Main\Application Data
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Videos
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Searches
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Saved Games
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Pictures
2007-12-19 17:38:15 1048576 --ahs---- C:\Users\Main\NTUSER.DAT
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Music
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Links
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Favorites
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Downloads
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Documents
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Desktop
2007-12-19 17:38:15 0 dr------- C:\Users\Main\Contacts
2007-12-19 17:38:15 0 d--h----- C:\Users\Main\AppData


-- Find3M Report ---------------------------------------------------------------

2007-12-19 21:30:34 174 --ahs---- C:\Program Files\desktop.ini
2007-12-19 21:23:24 0 d-------- C:\Program Files\Windows Calendar
2007-12-19 21:23:22 0 d-------- C:\Program Files\Windows Mail
2007-12-19 21:23:20 0 d-------- C:\Program Files\Windows Defender
2007-12-19 19:15:47 0 d-------- C:\Users\Main\AppData\Roaming\SUNGIL TELECOM
2007-12-19 18:05:31 0 d-------- C:\Users\Main\AppData\Roaming\Symantec
2007-12-19 18:02:52 0 d-------- C:\Program Files\Common Files
2007-12-19 17:40:54 0 d-------- C:\Users\Main\AppData\Roaming\Lenovo


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
25-08-2007 09:21 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
19-12-2007 18:02 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [25-08-2007 09:21 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19-12-2007 21:11]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [21-12-2006 23:30]
"PMHandler"="C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe" [23-11-2006 06:15]
"snp2std"="C:\Windows\vsnp2std.exe" [16-09-2006 02:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23-10-2006 07:30]
"TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [06-09-2006 13:08]
"RtHDVCpl"="RtHDVCpl.exe" [20-11-2006 10:43 C:\Windows\RtHDVCpl.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [06-11-2006 05:32]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [06-11-2006 05:35]
"Persistence"="C:\Windows\system32\igfxpers.exe" [06-11-2006 05:32]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [29-12-2006 22:31]
"LenovoRegistration"="C:\SWTOOLS\LenovoWelcome\LenovoRegistration.exe" [16-02-2007 01:06]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [14-12-2006 12:53]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [07-11-2006 16:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [20-12-2007 06:24]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [21-12-2006 15:21]
"LPManager"="C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [31-01-2007 22:31]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [14-12-2006 01:40]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [16-11-2006 05:51]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [10-03-2007 03:53]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [10-03-2007 03:53]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [25-08-2007 10:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02-11-2006 18:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc
bthsvcs BthServ

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-12-24 17:44:05 ------------

Extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2080 @ 1.73GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 1013.88 MiB / 396 MiB
Pagefile Memory (total/avail): 2282.35 MiB / 1189.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.1 MiB

C: is Fixed (NTFS) - 68.2 GiB total, 49.93 GiB free.
D: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - TOSHIBA MK8034GSX ATA Device - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 6.33 GiB
\PARTITION1 (bootable) - Installable File System - 68.2 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Main\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAIN-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Main
LOCALAPPDATA=C:\Users\Main\AppData\Local
LOGONSERVER=\\MAIN-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\ThinkPad\ConnectUtilities
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RR=C:\Program Files\Lenovo\Rescue and Recovery
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Main\AppData\Local\Temp
TMP=C:\Users\Main\AppData\Local\Temp
TPCCommon=C:\PROGRA~1\Lenovo\LENOVO~2
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=Main-PC
USERNAME=Main
USERPROFILE=C:\Users\Main
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Main
Guest2 [I](new local, net ready)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
Agere Systems HDA Modem --> agrsmdel
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Client Security Solution --> MsiExec.exe /X{0F4EFCE8-E358-4430-A504-F55F32BA1816}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Diskeeper Home --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Integrated camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe" -l0x9 -removeonly -u
Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Lenovo Care --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\SETUP.EXE" -l0x9 -AddRemove
Lenovo Care Supplement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\SETUP.EXE" -l0x9 -AddRemove
Lenovo Registration --> C:\Program Files\Lenovo Registration\uninstall.exe
Lenovo System Interface Driver --> RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTx86 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\AWAYTASK.INF
Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.LH 132 C:\Program Files\Lenovo\HOTKEY\tphk_3k.inf
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PM Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{62715632-A555-4D9E-9CEC-4F84EB55B07B}
Power Ux Customization --> MsiExec.exe /X{B1F625EB-9691-4889-A864-DA085739F3F0}
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Registry patch for Windows Vista USB S3 PM Enablement --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\USBPMon\USBPMon.inf
Rescue and Recovery --> MsiExec.exe /X{7E4C16B8-8F76-4940-8505-98E93C00BF19}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
TATA Indicom Dialer --> MsiExec.exe /I{9B5FE330-0E0C-4CE2-BD96-303E4E9827CE}
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Live Toolbar --> "c:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type774 / Warning
Event Submitted/Written: 12/24/2007 08:48:11 AM
Event ID/Source: 4362 / EventSystem
Event Description:
{1A00473E-2AEF-430B-BCB1-2109096A14EB}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Event Record #/Type734 / Error
Event Submitted/Written: 12/23/2007 00:37:57 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program TATA Indicom Dialer.exe version 1.0.9.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 156c
Start Time: 01c8453259d97bbd
Termination Time: 0

Event Record #/Type729 / Error
Event Submitted/Written: 12/23/2007 00:37:15 PM
Event ID/Source: 20227 / RasClient
Event Description:
CoID={4D9CC4AB-AEC9-4333-8872-57A1990D1A3E}: The user Main-PC\Main dialed a connection named SXC-1080 which has failed. The error code returned on failure is 680.

Event Record #/Type721 / Success
Event Submitted/Written: 12/23/2007 00:35:16 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type719 / Success
Event Submitted/Written: 12/23/2007 00:35:13 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4824 / Error
Event Submitted/Written: 12/24/2007 00:55:21 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
30000Schedule

Event Record #/Type4708 / Error
Event Submitted/Written: 12/23/2007 00:35:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type4628 / Warning
Event Submitted/Written: 12/23/2007 00:11:55 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type4627 / Warning
Event Submitted/Written: 12/23/2007 00:11:55 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type4478 / Warning
Event Submitted/Written: 12/21/2007 00:02:22 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Main-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Main-PC27 can't undo changes that you allow.

For more information please see the following:
%Main-PC275

Scan ID: {2695AB65-BD4B-48D8-AB20-46940F9F6271}

User: Main-PC\Main

Name: %Main-PC271

ID: %Main-PC272

Severity ID: %Main-PC273

Category ID: %Main-PC274

Path Found: %Main-PC276

Alert Type: %Main-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2007-12-24 17:44:05 ------------
mak_20789
Regular Member
 
Posts: 102
Joined: September 6th, 2007, 12:40 pm

Re: Many windows of IE7 started opening on their own

Unread postby Katana » December 24th, 2007, 2:44 pm

That looks fine, it was probably just IE setting itself up properly :)

Java is the only thing out of date

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u3
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The Java Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
Java(TM) SE Runtime Environment 6
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.



Congratulations your logs look clean :D

Let’s see if I can help you keep it that way

First lets tidy up :D

Delete any logs we have produced and empty your recycle bin


Here is some info on staying safe,
NOTE Please make sure any program you choose is Vista compatible
AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    All of the programs in this list have a free version,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • AVG Anti-Spyware 7.5 <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner
  • Ad-Aware 2007 Free <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 3.5.1
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Merry Christmas, and a Happy New Year :drunken:
Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Many windows of IE7 started opening on their own

Unread postby mak_20789 » December 25th, 2007, 3:12 am

Thanks for the help.
Happy to know that the system is clean.
When I was typing a mail in yahoo, then when I pressed shift key and tried to press some other key, the other key was not working. I had to press it very hard only then it worked. Then I opened notepad and it worked properly in notepad. But the same problem occured while typing the underscore in my username while logging in to this site and even while typing in this window.Also I cant do ctrl + V in this window. I have to press the keys very hard. But it works OK in notepad.
And this is the first time this problem is occuring.
One more strange thing is happening. When I use my laptop, some windows are minimized and they are shown on the taskbar.Now when I am looking at the screen, many times I notice some movement in the minimized tabs on the taskbar.I have noticed that this happens only when the takbar is completely filled with tabs.The movement is very quick and until I look at the task bar its over.Its like what happens when we open and close a new window - that new window also shows on the taskbar and other tabs size gets reduced on enlarged. But here I dont see any new thing - I only see the movement.I hope I have made my problem clear. I dont understand whats going on. Please let me know if this is common, but I havent seen this happening on any other comp I have used.

I deleted the log files and recycle bin was already empty.
Will update java soon.
Also please tell me if Norton is running all the time on my system - I am confused if I have real time protection even though it shows up on my taskbar.
I need to remain safe as I use my system a lot for online transactions.
Thank you for your valuable help and HAPPY CHRISTMAS AND HAPPY NEW YEAR!!!

[ I am editing this after posting for adding two more points...the shift + underscore worked well just now while signing in to yahoo,and even in this window shift + any key is working well as well as ctrl + V. Second point is the movement on taskbar is very small - just a millimmeter or two.]
mak_20789
Regular Member
 
Posts: 102
Joined: September 6th, 2007, 12:40 pm

Re: Many windows of IE7 started opening on their own

Unread postby Katana » December 25th, 2007, 4:19 am

Let's do an online scan to make sure nothing is lurking.

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/virusscanner ( please use IE. and allow active X)

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Many windows of IE7 started opening on their own

Unread postby mak_20789 » December 25th, 2007, 9:34 am

Here is my Kapersky scan result. The one thing I noticed was when it reached 70%, it just got finished within a moment. It took some 40 minutes to reach 70% steadily.When i tried to save it to desktop I got a message as its saving to my temporary files folder for computers security. Now do I need to delete some files after completing this?
Thank You.
[ Editing here: My shift key problem is solved - by the good old restart way ! I rarely switch off my laptop as I prefer to put it in the sleep mode. So I thought that may be I restart it once and see if shift function works properly...and it worked like magic. Just thought that would let you know.]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 25, 2007 6:58:20 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/12/2007
Kaspersky Anti-Virus database records: 493476
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 57415
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:36:53

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\coinlog.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI1322.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI141A.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI176.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI619F.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMIFF7.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071220-173346-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071220-173355-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpSigStub.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_I_10.2.2.6.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_U_(1)10.2.0.57.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_Setup_10.2.2.6.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\srtUnin.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SYMEVENT.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_DX.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_KernelLog.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_StorageAsmt.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\wlumsp.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\wmsetup.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{62715632-A555-4D9E-9CEC-4F84EB55B07B}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\setup.ilg Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Lenovo\messages\logs\lf000.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{01E90344-A382-478A-AE38-13B145009D4C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{103ECED7-ADD2-44F7-ADAA-007760549E8B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{11E95EBA-8FA1-4D88-9641-807301D7E3FE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{11E95EBA-8FA1-4D88-9641-807301D7E3FE}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{13867AD7-0CB6-4173-96E6-192658F3140C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{13867AD7-0CB6-4173-96E6-192658F3140C}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{14ED3747-35E6-4382-B9F2-D2EDE36890CD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{169DC25F-667E-423C-9971-E3898151AD81}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{16AFC3F7-4B7F-4F62-A815-A3FA8AB8A11A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1F7DB14A-20BF-4182-9852-AA2C5DBD3DC3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{259EBCA2-BEC8-4470-87C3-8A6143BB2D9A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3089B602-B5CC-4585-ABD5-C4A2D1D3B4FB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3089B602-B5CC-4585-ABD5-C4A2D1D3B4FB}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{47AA4640-6A82-466E-9D91-CD0F5140D47F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{56916B18-915F-4D1C-9BFC-98679C189F94}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{59799F18-45BA-497E-8172-3924B2F9E051}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5BC2721F-4DB4-4343-A3E6-C0E61FA689BF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6FF6FDB0-3BF5-463E-9FC0-4D1878A73F67}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7230B389-64C0-41B5-A874-065D419213F8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7230B389-64C0-41B5-A874-065D419213F8}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7AA3EC2B-86BB-4352-9E69-3289E6647AA9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{81669E6C-C1CE-4199-94B0-D82D9AF2DCD3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8679A530-FC6D-4424-9FFB-E639A9DE5EC8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{88D5EB5E-BDED-4C4D-BA7A-318A03BA59D3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{89C4AB86-142F-494D-9851-481ABA679C78}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8F035786-E8B2-4321-8724-60EC9082777A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9179EC85-0EFD-4830-80A7-495113D027A3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{98791418-E0C1-44A0-A3D8-99C79D05B51D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B80CBDF4-B6F8-4C45-B54D-F8B6CEC43089}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C06FE015-2E40-4D02-9441-8ECDC17FCDFC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C0D5E02D-FEB9-4E41-99BD-7ED70F71753A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C151E2A2-2D65-4E78-AA09-CE2B4BE4E615}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C7760602-852D-4884-9183-531EFDA3E589}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CC0BCE1D-00EA-41BE-9A9F-C4DCDD1AC6BD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D6675E24-8C74-4360-8115-965698823236}.BAK Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2007-12-25_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{A6AB9A35-7999-4BCC-8DED-2FBFA4565A2A}.ldb Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{A6AB9A35-7999-4BCC-8DED-2FBFA4565A2A}.sds Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Guest2.dat Object is locked skipped
C:\Users\Main\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Main\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Main\AppData\Roaming\SUNGIL TELECOM\DialerClient\SungilAdd.rdb Object is locked skipped
C:\Users\Main\AppData\Roaming\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007122520071226\index.dat Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012007122520071226\index.dat Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WN60C9X6\1833714[1].htm Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\UsrClass.dat{af9e9a44-6a71-11db-b65a-0014220f6f7e}.TM.blf Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\UsrClass.dat{af9e9a44-6a71-11db-b65a-0014220f6f7e}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows\UsrClass.dat{af9e9a44-6a71-11db-b65a-0014220f6f7e}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows Defender\FileTracker\{8DE4789D-9A93-473A-8D5D-C931C6DF5B1A} Object is locked skipped
C:\Users\Main\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Main\NTUSER.DAT Object is locked skipped
C:\Users\Main\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Main\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Main\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Users\Main\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Main\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\KB931573.LOG.txt Object is locked skipped
C:\Windows\KB932079.LOG.txt Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{3BADDDA6-706D-4766-9587-D8417940E333}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG2 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{d8932e69-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{d8932e69-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{d8932e69-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.
mak_20789
Regular Member
 
Posts: 102
Joined: September 6th, 2007, 12:40 pm

Re: Many windows of IE7 started opening on their own

Unread postby Katana » December 25th, 2007, 5:22 pm

That looks fine, nothing found at all.

The taskbar movement may just be a case of the computer refreshing the tabs, it doesn't sound anything to worry about.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Many windows of IE7 started opening on their own

Unread postby mak_20789 » December 25th, 2007, 5:35 pm

Thats fine. Thank you .
mak_20789
Regular Member
 
Posts: 102
Joined: September 6th, 2007, 12:40 pm

Re: Many windows of IE7 started opening on their own

Unread postby NonSuch » December 28th, 2007, 6:24 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware