Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Seek mo installer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Seek mo installer

Unread postby frerom » January 31st, 2010, 6:13 am

Hi,
I recently tried to install firefox 3.6.
When I tried to run firefox setup, Online Armor reported that the program was trying to access drive0, then drive1, 2, 3, etc. I cancelled after drive 8.
When I looked at the properties of the setup file, it stated seekmo installer.
I used malwarebytes to remove it. I did manage to download the correct firefox setup file later. I have no idea how I got the other file. I may have went to the firefox site instead of the mozilla site.
I would like to have some help in checking and cleaning up this computer it. I bought it (used) from a computer store in Ottawa last spring. I had trouble with it right away and brought it back to the store. They reported that they had to remove a root kit virus. I have used it occasionally since.

Hijack log file follows

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:10 AM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin New\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7910773562
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 7438 bytes

Malwarebytes log follows

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/31/2010 4:15:37 AM
mbam-log-2010-01-31 (04-15-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 184332
Time elapsed: 21 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Admin New\Desktop\firefoxsetup.exe (Adware.Seekmo) -> No action taken.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP84\A0039075.exe (Adware.Seekmo) -> No action taken.
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada
Advertisement
Register to Remove

Re: Seek mo installer

Unread postby MWR 3 day Mod » February 5th, 2010, 3:14 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Seek mo installer

Unread postby Dakeyras » February 10th, 2010, 12:19 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Hi frerom. I'm Dakeyras and I am going to try to assist you with your problem.

Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Scan with GMER:

Please download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • GMER Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Seek mo installer

Unread postby frerom » February 10th, 2010, 2:22 pm

Hi Dakeyras,
I wasn't successfull finishing the GMER scan. I went for lunch and when I came back the computer was at the login page. Then I logged in to the limited account. When I logged in to the Admin account I had the message re recovered from blue screen error. I will run it again since I forgot to close the firefox browser when I ran it. In the mean time I will post both logs.

RE computer opereration:

The hard drive seems to be operating a lot without any reason. Back in April I had scanned with the online Semantic scanner and it reported a Downloader infection. I captured the screen report and have it attached as a file. I did bring it to a computer store and they reported removing virus and root kit.

The drive is a noisy drive and sometimes I hear a sound like a cat. I hear it with the volume muted so it must be coming from the computer speaker directly as I don't believe it's a mechanical noise.

RSIT LOG follows:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin New at 2010-02-10 13:00:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (77%) free of 73 GB
Total RAM: 1013 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:47 PM, on 2/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Documents and Settings\Admin New\Desktop\RSIT.exe
C:\Documents and Settings\Admin New\Desktop\Admin New.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7910773562
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 7445 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"PDService.exe"=C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-07-07 49152]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2005-09-08 102400]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"cssauth"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe [2005-08-02 1988144]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[]

C:\Documents and Settings\Admin New\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
csspwntfy

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\hbcd\wintools\autorun.exe
shell\Option1\command - D:\hbcd\wintools\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac75fcf0-0d07-11df-a513-0010c6b4a8c8}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-02-10 13:00:07 ----D---- C:\rsit
2010-02-10 11:54:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 11:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-31 03:22:28 ----A---- C:\WINDOWS\is-V7OER.exe
2010-01-30 15:50:43 ----D---- C:\Documents and Settings\Admin New\Application Data\Mozilla
2010-01-30 15:50:34 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 13:38:34 ----D---- C:\Downloads
2010-01-27 14:09:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-27 13:44:47 ----D---- C:\Program Files\Secunia
2010-01-27 13:42:35 ----D---- C:\WINDOWS\Sun
2010-01-27 13:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-27 13:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-21 13:59:51 ----D---- C:\Program Files\Google
2010-01-21 13:59:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-21 13:59:28 ----D---- C:\Program Files\Alwil Software
2010-01-21 13:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\Admin New\Application Data\OnlineArmor
2010-01-21 12:57:28 ----D---- C:\Program Files\Tall Emu
2010-01-21 12:53:36 ----D---- C:\Documents and Settings\Admin New\Application Data\WinPatrol
2010-01-21 12:53:29 ----D---- C:\Program Files\BillP Studios
2010-01-21 12:45:26 ----D---- C:\Program Files\Common Files\Java
2010-01-21 12:45:26 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\java.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-21 12:44:52 ----D---- C:\Program Files\Java
2010-01-21 12:44:24 ----D---- C:\Documents and Settings\Admin New\Application Data\Sun
2010-01-21 06:05:12 ----D---- C:\Program Files\Common Files\Adobe
2010-01-21 06:02:22 ----HD---- C:\WINDOWS\PIF
2010-01-21 04:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-21 04:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-21 04:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-21 04:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-21 04:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-21 04:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-21 04:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-21 04:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-21 04:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-21 04:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-01-21 04:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-21 04:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-21 04:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-21 04:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-21 04:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-21 04:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-21 04:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-21 04:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-21 04:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-21 04:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-21 04:19:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-21 04:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-21 04:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-21 04:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-21 04:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-21 04:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-21 04:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-21 04:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-21 04:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-21 04:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-21 02:49:44 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-02-10 12:59:17 ----D---- C:\WINDOWS\Temp
2010-02-10 12:44:39 ----RSHD---- C:\RRbackups
2010-02-10 12:44:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-10 12:44:07 ----D---- C:\WINDOWS\Minidump
2010-02-10 12:44:07 ----AD---- C:\WINDOWS
2010-02-10 11:55:20 ----AD---- C:\WINDOWS\system32
2010-02-10 11:54:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-10 11:54:17 ----HD---- C:\WINDOWS\inf
2010-02-10 11:54:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 11:54:11 ----SHD---- C:\WINDOWS\Installer
2010-02-10 11:53:44 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 11:53:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-10 11:53:42 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 09:05:51 ----D---- C:\WINDOWS\Prefetch
2010-02-01 14:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 04:17:26 ----D---- C:\WINDOWS\WBEM
2010-01-31 03:45:06 ----SD---- C:\Documents and Settings\Admin New\Application Data\Microsoft
2010-01-31 03:23:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-30 15:50:34 ----RD---- C:\Program Files
2010-01-30 15:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-30 13:21:30 ----D---- C:\WINDOWS\Help
2010-01-27 14:09:02 ----SD---- C:\WINDOWS\Tasks
2010-01-27 13:57:08 ----D---- C:\WINDOWS\system32\wbem
2010-01-27 13:57:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-27 13:36:40 ----D---- C:\WINDOWS\system32\en-us
2010-01-27 13:36:40 ----D---- C:\Program Files\Internet Explorer
2010-01-27 13:36:32 ----D---- C:\WINDOWS\ie7updates
2010-01-21 13:59:42 ----D---- C:\WINDOWS\WinSxS
2010-01-21 12:45:26 ----D---- C:\Program Files\Common Files
2010-01-21 12:41:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2010-01-21 12:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-21 12:34:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-21 06:12:56 ----D---- C:\Program Files\Adobe
2010-01-21 05:59:34 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-21 05:58:38 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-21 05:55:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-21 05:13:14 ----D---- C:\WINDOWS\AppPatch
2010-01-21 04:23:27 ----A---- C:\WINDOWS\win.ini
2010-01-21 04:19:15 ----D---- C:\Program Files\Outlook Express
2010-01-21 04:09:14 ----D---- C:\IBMSHARE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2005-09-02 5120]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-07-19 163840]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-05 241296]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2007-05-01 17792]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-02-01 12416]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 TPM12;NSC Integrated Trusted Platform Module 1.2; C:\WINDOWS\system32\DRIVERS\nsctpm12.sys [2005-04-21 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-09-28 622700]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2005-09-02 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-21 153376]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TSSCoreService;TSS Core Service; C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe [2005-08-02 722480]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-08-02 1372160]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-11 28160]

-----------------EOF-----------------
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby frerom » February 10th, 2010, 2:25 pm

RSIT INFO LOG follows:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin New at 2010-02-10 13:00:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (77%) free of 73 GB
Total RAM: 1013 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:47 PM, on 2/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Documents and Settings\Admin New\Desktop\RSIT.exe
C:\Documents and Settings\Admin New\Desktop\Admin New.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7910773562
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 7445 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"PDService.exe"=C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-07-07 49152]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2005-09-08 102400]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"cssauth"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe [2005-08-02 1988144]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[]

C:\Documents and Settings\Admin New\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
csspwntfy

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\hbcd\wintools\autorun.exe
shell\Option1\command - D:\hbcd\wintools\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac75fcf0-0d07-11df-a513-0010c6b4a8c8}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-02-10 13:00:07 ----D---- C:\rsit
2010-02-10 11:54:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 11:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-31 03:22:28 ----A---- C:\WINDOWS\is-V7OER.exe
2010-01-30 15:50:43 ----D---- C:\Documents and Settings\Admin New\Application Data\Mozilla
2010-01-30 15:50:34 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 13:38:34 ----D---- C:\Downloads
2010-01-27 14:09:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-27 13:44:47 ----D---- C:\Program Files\Secunia
2010-01-27 13:42:35 ----D---- C:\WINDOWS\Sun
2010-01-27 13:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-27 13:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-21 13:59:51 ----D---- C:\Program Files\Google
2010-01-21 13:59:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-21 13:59:28 ----D---- C:\Program Files\Alwil Software
2010-01-21 13:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\Admin New\Application Data\OnlineArmor
2010-01-21 12:57:28 ----D---- C:\Program Files\Tall Emu
2010-01-21 12:53:36 ----D---- C:\Documents and Settings\Admin New\Application Data\WinPatrol
2010-01-21 12:53:29 ----D---- C:\Program Files\BillP Studios
2010-01-21 12:45:26 ----D---- C:\Program Files\Common Files\Java
2010-01-21 12:45:26 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\java.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-21 12:44:52 ----D---- C:\Program Files\Java
2010-01-21 12:44:24 ----D---- C:\Documents and Settings\Admin New\Application Data\Sun
2010-01-21 06:05:12 ----D---- C:\Program Files\Common Files\Adobe
2010-01-21 06:02:22 ----HD---- C:\WINDOWS\PIF
2010-01-21 04:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-21 04:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-21 04:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-21 04:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-21 04:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-21 04:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-21 04:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-21 04:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-21 04:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-21 04:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-01-21 04:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-21 04:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-21 04:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-21 04:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-21 04:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-21 04:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-21 04:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-21 04:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-21 04:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-21 04:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-21 04:19:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-21 04:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-21 04:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-21 04:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-21 04:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-21 04:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-21 04:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-21 04:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-21 04:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-21 04:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-21 02:49:44 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-02-10 12:59:17 ----D---- C:\WINDOWS\Temp
2010-02-10 12:44:39 ----RSHD---- C:\RRbackups
2010-02-10 12:44:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-10 12:44:07 ----D---- C:\WINDOWS\Minidump
2010-02-10 12:44:07 ----AD---- C:\WINDOWS
2010-02-10 11:55:20 ----AD---- C:\WINDOWS\system32
2010-02-10 11:54:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-10 11:54:17 ----HD---- C:\WINDOWS\inf
2010-02-10 11:54:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 11:54:11 ----SHD---- C:\WINDOWS\Installer
2010-02-10 11:53:44 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 11:53:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-10 11:53:42 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 09:05:51 ----D---- C:\WINDOWS\Prefetch
2010-02-01 14:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 04:17:26 ----D---- C:\WINDOWS\WBEM
2010-01-31 03:45:06 ----SD---- C:\Documents and Settings\Admin New\Application Data\Microsoft
2010-01-31 03:23:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-30 15:50:34 ----RD---- C:\Program Files
2010-01-30 15:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-30 13:21:30 ----D---- C:\WINDOWS\Help
2010-01-27 14:09:02 ----SD---- C:\WINDOWS\Tasks
2010-01-27 13:57:08 ----D---- C:\WINDOWS\system32\wbem
2010-01-27 13:57:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-27 13:36:40 ----D---- C:\WINDOWS\system32\en-us
2010-01-27 13:36:40 ----D---- C:\Program Files\Internet Explorer
2010-01-27 13:36:32 ----D---- C:\WINDOWS\ie7updates
2010-01-21 13:59:42 ----D---- C:\WINDOWS\WinSxS
2010-01-21 12:45:26 ----D---- C:\Program Files\Common Files
2010-01-21 12:41:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2010-01-21 12:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-21 12:34:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-21 06:12:56 ----D---- C:\Program Files\Adobe
2010-01-21 05:59:34 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-21 05:58:38 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-21 05:55:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-21 05:13:14 ----D---- C:\WINDOWS\AppPatch
2010-01-21 04:23:27 ----A---- C:\WINDOWS\win.ini
2010-01-21 04:19:15 ----D---- C:\Program Files\Outlook Express
2010-01-21 04:09:14 ----D---- C:\IBMSHARE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2005-09-02 5120]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-07-19 163840]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-05 241296]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2007-05-01 17792]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-02-01 12416]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 TPM12;NSC Integrated Trusted Platform Module 1.2; C:\WINDOWS\system32\DRIVERS\nsctpm12.sys [2005-04-21 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-09-28 622700]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2005-09-02 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-21 153376]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TSSCoreService;TSS Core Service; C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe [2005-08-02 722480]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-08-02 1372160]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-11 28160]

-----------------EOF-----------------
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby frerom » February 10th, 2010, 3:03 pm

Hi Dakeyras,
Well I failed to complete GMER again. While scanning through the restore points the GMER screen disappeared and I was left with the background screen.
After a minute or so the computer rebooted to the log in screen. No error or warning messages this time when I logged in as admin.

Re the GMER scan I noticed GMER was scanning a couple of additional users that I don't see on the control panel. (All Users and Default USER).

That's all for now.
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby Dakeyras » February 10th, 2010, 4:32 pm

Hi.

RE: the problems with the GMER scan, we can come back to this. You have posted the RSIT log.txt twice by mistake, not a problem but I would like to be able to review this as it contains pertinent information.

It can be located as follows:-

Click on Start >> Run... >> copy/paste the following command into the box and press OK:
C:\rsit\info.txt
Post the contents of info.txt in your next reply, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Seek mo installer

Unread postby frerom » February 11th, 2010, 10:43 am

Hi,
Sorry about that. Thanks for your patience.

info.txt logfile of random's system information tool 1.06 2010-02-10 13:00:49

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Diskeeper Lite-->MsiExec.exe /X{D5A4CE1B-59ED-4D85-A3B2-6E0AFF448E4B}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
PC-Doctor for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8F55B163-7B42-42A3-9307-C7FCB9655225} /l1033
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center-->C:\ibmtools\apps\thinkmmc\sequencer.exe -fc:\ibmtools\apps\thinkmmc\uninst.seq
Rescue and Recovery - Client Security Solution-->MsiExec.exe /I{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Migration Assistant 5.0-->MsiExec.exe /X{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkVantage Away Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}

======Security center information======

AV: avast! Antivirus
FW: Online Armor Firewall

======System event log======

Computer Name: LENOVO-D693A54E
Event Code: 1003
Message: Error code 1000008e, parameter1 c0000005, parameter2 80599272, parameter3 aa195cac, parameter4 00000000.

Record Number: 1742
Source Name: System Error
Time Written: 20090423101944.000000-240
Event Type: error
User:

Computer Name: LENOVO-D693A54E
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0010C6B4A8C8. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1723
Source Name: Dhcp
Time Written: 20090423101908.000000-240
Event Type: warning
User:

Computer Name: LENOVO-D693A54E
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 1707
Source Name: Tcpip
Time Written: 20090422221858.000000-240
Event Type: warning
User:

Computer Name: LENOVO-D693A54E
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 1706
Source Name: Tcpip
Time Written: 20090422220014.000000-240
Event Type: warning
User:

Computer Name: LENOVO-D693A54E
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 1642
Source Name: Tcpip
Time Written: 20090422191644.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: THINKVANTAGE
Event Code: 1001
Message:
Record Number: 63
Source Name: Microsoft Management Console
Time Written: 20090520134705.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1000
Message:
Record Number: 62
Source Name: Microsoft Management Console
Time Written: 20090520134701.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1001
Message:
Record Number: 49
Source Name: Microsoft Management Console
Time Written: 20090520134131.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1000
Message:
Record Number: 48
Source Name: Microsoft Management Console
Time Written: 20090520133930.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1004
Message: Detection of product '{91130409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.

Record Number: 46
Source Name: MsiInstaller
Time Written: 20090520132826.000000-240
Event Type: warning
User: THINKVANTAGE\Admin New

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\IBM ThinkVantage\Client Security Solution;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Lenovo
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"SMA"=C:\Program Files\IBM ThinkVantage\SMA\
"TVT"=C:\Program Files\Lenovo
"IBMSHARE"=%SystemDrive%\IBMSHARE
"RR"=C:\Program Files\IBM ThinkVantage\Rescue and Recovery
"TVTPYDIR"=C:\Program Files\IBM ThinkVantage\Common\Python24

-----------------EOF-----------------
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby Dakeyras » February 11th, 2010, 11:34 am

Hi.

Sorry about that. Thanks for your patience.
Not a problem I assure you.

Going back to what you mentioned prior:-
The drive is a noisy drive and sometimes I hear a sound like a cat. I hear it with the volume muted so it must be coming from the computer speaker directly as I don't believe it's a mechanical noise.
There is no indication in the System event logs that any type of Hard-Drive problem is either a issue or imminent. As a precaution though I do advise you creates any backups required just in-case.

We will however check the hard-drive specifically in due course as a precaution.

I have a query regarding the ThinkVantage software installed, do you actually use this at all? Only reason asking it is disrupting the Local Security Authority on your machine somewhat. This is not a cause for concern however but if you do not use it it would be prudent to uninstall and we can reset the Local Security Authority registry setting.

Let myself know about the aforementioned in your next reply, thank you.

SUPERAntiSpyware Advice:

CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.

Next:

Take your time with the below and all should go well. :thumbup:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

LiveUpdate 2.6 (Symantec Corporation)

To do so, click once on the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Reset Host File:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Image

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Next:

Please download OTM to your Desktop.

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
[-HKEY_CLASSES_ROOT\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

:Files
C:\WINDOWS\tasks\Symantec NetDetect.job

:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
"%userprofile%\desktop\rsit.exe" /info
and click on OK

  • Click on Run and RSIT will start.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • Answer to my ThinkVantage query.
  • OTM Log.
  • Malwarebytes Anti-Malware Log.
  • A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Seek mo installer

Unread postby frerom » February 11th, 2010, 11:05 pm

Hi Dakeyras,
Re THINK Vantage. I don't use it. In fact there are several programs that I would like to remove but I hesitated because I wasn't sure if I would do more harm than good. Symantec would be another. Possibly PC Doctor also.

RE Live Update 2.6. I was going to remove it before. But when I tried, the warning re removing all Symantec software first came up. I also wanted to remove Symantic client security but when I checked the web site it looked quite complicated.

Live update 2.6 successfully removed.

Host File reset

Registry backed up.

OTM Log file follows: I had a bit of trouble getting the results because I think Online Armor interfered a bit. So I disabled it and ran OTM again and found where the original notepad was stored,

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.msn.com" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\"SearchAssistant"|"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\"CustomizeSearch"|"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\ deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\tasks\Symantec NetDetect.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin New
->Temp folder emptied: 19954442 bytes
->Temporary Internet Files folder emptied: 21152800 bytes
->Java cache emptied: 1309 bytes
->FireFox cache emptied: 36889890 bytes
->Google Chrome cache emptied: 15044066 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fred
->Temp folder emptied: 57092 bytes
->Temporary Internet Files folder emptied: 10305582 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6541295 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Julia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 209961 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 70908688 bytes

Total Files Cleaned = 173.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02112010_211105

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Mawarebytes log follows:
Malwarebytes' Anti-Malware 1.44
Database version: 3728
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/11/2010 9:44:35 PM
mbam-log-2010-02-11 (21-44-35).txt

Scan type: Quick Scan
Objects scanned: 150807
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby frerom » February 11th, 2010, 11:08 pm

RSIT log file

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin New at 2010-02-11 21:48:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (77%) free of 73 GB
Total RAM: 1013 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:01 PM, on 2/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin New\desktop\rsit.exe
C:\Documents and Settings\Admin New\Desktop\Admin New.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7910773562
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 7149 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"PDService.exe"=C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-07-07 49152]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2005-09-08 102400]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"cssauth"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe [2005-08-02 1988144]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\Admin New\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
csspwntfy

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac75fcf0-0d07-11df-a513-0010c6b4a8c8}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-02-11 21:48:53 ----D---- C:\rsit
2010-02-11 21:11:05 ----D---- C:\_OTM
2010-02-11 16:18:51 ----D---- C:\WINDOWS\ERDNT
2010-02-11 16:17:19 ----D---- C:\Program Files\ERUNT
2010-02-10 11:54:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 11:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-31 03:22:28 ----A---- C:\WINDOWS\is-V7OER.exe
2010-01-30 15:50:43 ----D---- C:\Documents and Settings\Admin New\Application Data\Mozilla
2010-01-30 15:50:34 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 13:38:34 ----D---- C:\Downloads
2010-01-27 14:09:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-27 13:44:47 ----D---- C:\Program Files\Secunia
2010-01-27 13:42:35 ----D---- C:\WINDOWS\Sun
2010-01-27 13:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-27 13:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-21 13:59:51 ----D---- C:\Program Files\Google
2010-01-21 13:59:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-21 13:59:28 ----D---- C:\Program Files\Alwil Software
2010-01-21 13:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\Admin New\Application Data\OnlineArmor
2010-01-21 12:57:28 ----D---- C:\Program Files\Tall Emu
2010-01-21 12:53:36 ----D---- C:\Documents and Settings\Admin New\Application Data\WinPatrol
2010-01-21 12:53:29 ----D---- C:\Program Files\BillP Studios
2010-01-21 12:45:26 ----D---- C:\Program Files\Common Files\Java
2010-01-21 12:45:26 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\java.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-21 12:44:52 ----D---- C:\Program Files\Java
2010-01-21 12:44:24 ----D---- C:\Documents and Settings\Admin New\Application Data\Sun
2010-01-21 06:05:12 ----D---- C:\Program Files\Common Files\Adobe
2010-01-21 06:02:22 ----HD---- C:\WINDOWS\PIF
2010-01-21 04:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-21 04:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-21 04:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-21 04:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-21 04:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-21 04:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-21 04:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-21 04:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-21 04:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-21 04:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-01-21 04:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-21 04:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-21 04:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-21 04:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-21 04:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-21 04:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-21 04:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-21 04:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-21 04:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-21 04:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-21 04:19:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-21 04:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-21 04:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-21 04:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-21 04:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-21 04:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-21 04:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-21 04:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-21 04:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-21 04:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-21 02:49:44 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-02-11 21:41:24 ----D---- C:\WINDOWS\Temp
2010-02-11 21:30:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-11 21:26:59 ----RSHD---- C:\RRbackups
2010-02-11 21:25:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-11 21:02:46 ----AD---- C:\WINDOWS\system32
2010-02-11 16:18:51 ----AD---- C:\WINDOWS
2010-02-11 16:17:19 ----RD---- C:\Program Files
2010-02-11 15:54:49 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-11 15:54:42 ----SD---- C:\WINDOWS\Tasks
2010-02-10 12:44:07 ----D---- C:\WINDOWS\Minidump
2010-02-10 11:54:17 ----HD---- C:\WINDOWS\inf
2010-02-10 11:54:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 11:54:11 ----SHD---- C:\WINDOWS\Installer
2010-02-10 11:53:44 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 11:53:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-10 11:53:42 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 09:05:51 ----D---- C:\WINDOWS\Prefetch
2010-02-01 14:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 04:17:26 ----D---- C:\WINDOWS\WBEM
2010-01-31 03:45:06 ----SD---- C:\Documents and Settings\Admin New\Application Data\Microsoft
2010-01-31 03:23:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-30 15:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-30 13:21:30 ----D---- C:\WINDOWS\Help
2010-01-27 13:57:08 ----D---- C:\WINDOWS\system32\wbem
2010-01-27 13:57:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-27 13:36:40 ----D---- C:\WINDOWS\system32\en-us
2010-01-27 13:36:40 ----D---- C:\Program Files\Internet Explorer
2010-01-27 13:36:32 ----D---- C:\WINDOWS\ie7updates
2010-01-21 13:59:42 ----D---- C:\WINDOWS\WinSxS
2010-01-21 12:45:26 ----D---- C:\Program Files\Common Files
2010-01-21 12:41:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2010-01-21 12:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-21 12:34:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-21 06:12:56 ----D---- C:\Program Files\Adobe
2010-01-21 05:59:34 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-21 05:58:38 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-21 05:55:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-21 05:13:14 ----D---- C:\WINDOWS\AppPatch
2010-01-21 04:23:27 ----A---- C:\WINDOWS\win.ini
2010-01-21 04:19:15 ----D---- C:\Program Files\Outlook Express
2010-01-21 04:09:14 ----D---- C:\IBMSHARE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2005-09-02 5120]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-07-19 163840]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-05 241296]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2007-05-01 17792]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-02-01 12416]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 TPM12;NSC Integrated Trusted Platform Module 1.2; C:\WINDOWS\system32\DRIVERS\nsctpm12.sys [2005-04-21 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-09-28 622700]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2005-09-02 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-21 153376]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TSSCoreService;TSS Core Service; C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe [2005-08-02 722480]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-08-02 1372160]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-11 28160]

-----------------EOF-----------------
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby frerom » February 11th, 2010, 11:14 pm

Rsit Info file

info.txt logfile of random's system information tool 1.06 2010-02-11 21:49:04

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Diskeeper Lite-->MsiExec.exe /X{D5A4CE1B-59ED-4D85-A3B2-6E0AFF448E4B}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
PC-Doctor for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8F55B163-7B42-42A3-9307-C7FCB9655225} /l1033
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center-->C:\ibmtools\apps\thinkmmc\sequencer.exe -fc:\ibmtools\apps\thinkmmc\uninst.seq
Rescue and Recovery - Client Security Solution-->MsiExec.exe /I{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Migration Assistant 5.0-->MsiExec.exe /X{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkVantage Away Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! Antivirus
FW: Online Armor Firewall

======System event log======

Computer Name: LENOVO-D693A54E
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0010C6B4A8C8. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1830
Source Name: Dhcp
Time Written: 20090504174408.000000-240
Event Type: warning
User:

Computer Name: LENOVO-D693A54E
Event Code: 7000
Message: The SASDIFSV service failed to start due to the following error:
Cannot create a file when that file already exists.


Record Number: 1825
Source Name: Service Control Manager
Time Written: 20090504172847.000000-240
Event Type: error
User:

Computer Name: LENOVO-D693A54E
Event Code: 1003
Message: Error code 1000008e, parameter1 c0000005, parameter2 80599272, parameter3 a981ccac, parameter4 00000000.

Record Number: 1819
Source Name: System Error
Time Written: 20090504171209.000000-240
Event Type: error
User:

Computer Name: LENOVO-D693A54E
Event Code: 1003
Message: Error code 1000008e, parameter1 c0000005, parameter2 80599272, parameter3 a9307cac, parameter4 00000000.

Record Number: 1818
Source Name: System Error
Time Written: 20090504171207.000000-240
Event Type: error
User:

Computer Name: LENOVO-D693A54E
Event Code: 1003
Message: Error code 1000008e, parameter1 c0000005, parameter2 80599272, parameter3 aa1fdcac, parameter4 00000000.

Record Number: 1817
Source Name: System Error
Time Written: 20090504170840.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: THINKVANTAGE
Event Code: 1001
Message:
Record Number: 63
Source Name: Microsoft Management Console
Time Written: 20090520134705.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1000
Message:
Record Number: 62
Source Name: Microsoft Management Console
Time Written: 20090520134701.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1001
Message:
Record Number: 49
Source Name: Microsoft Management Console
Time Written: 20090520134131.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1000
Message:
Record Number: 48
Source Name: Microsoft Management Console
Time Written: 20090520133930.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1004
Message: Detection of product '{91130409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.

Record Number: 46
Source Name: MsiInstaller
Time Written: 20090520132826.000000-240
Event Type: warning
User: THINKVANTAGE\Admin New

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\IBM ThinkVantage\Client Security Solution;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Lenovo
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"SMA"=C:\Program Files\IBM ThinkVantage\SMA\
"TVT"=C:\Program Files\Lenovo
"IBMSHARE"=%SystemDrive%\IBMSHARE
"RR"=C:\Program Files\IBM ThinkVantage\Rescue and Recovery
"TVTPYDIR"=C:\Program Files\IBM ThinkVantage\Common\Python24

-----------------EOF-----------------
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby Dakeyras » February 12th, 2010, 7:00 am

Hi.

Re THINK Vantage. I don't use it. In fact there are several programs that I would like to remove but I hesitated because I wasn't sure if I would do more harm than good. Symantec would be another. Possibly PC Doctor also.
OK by all means we will uninstall these applications. At this juncture also if there is any other software you do not need and or use apart from security related by all means uninstall them also. However if unsure merely inform myself in your next reply which software you would like removed.

RE Live Update 2.6. I was going to remove it before. But when I tried, the warning re removing all Symantec software first came up. I also wanted to remove Symantic client security but when I checked the web site it looked quite complicated.
OK as a precaution I am going to ask your good self to download and run a generic removal tool. As anything software related from Symantec has a propensity to leave stray files and registry entries behind after uninstalltion. It is quite safe to use I will add.

OTM Log file follows: I had a bit of trouble getting the results because I think Online Armor interfered a bit. So I disabled it and ran OTM again and found where the original notepad was stored,
Hmmm interesting and thank you for bringing this to my attention. The way I devised the custom OTM script, all security related applications should have been disabled so not as to hinder the script. It appears OA have updated the self protection feature of the software firewall.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

PC-Doctor for Windows
ThinkVantage Away Manager
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message


To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select Off(not recommended) >> OK.

Note: No need for it to be active after the reset because you have the Online Armour Firewall.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Norton/Symantec RT:

Please download the Norton Removal Tool and Save it to your Desktop.

  • Close all programs and double-click the Norton_Removal_Tool.exe then click Run
  • Follow the on-screen instructions.
  • Restart the computer if asked.
  • Then delete Norton_Removal_Tool.exe from your desktop.

Next:

Please temporally disable Online Armour.

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 

:Commands
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

Note: Re-enable Online Armour.

F-Secure Blacklight:

Please download Blacklight from here to your desktop.

or

Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
and save it to your desktop from there.

Go to Start-->Run, copy in the following text, and press Enter:
"%userprofile%\desktop\fsbl.exe" /expert
Accept the license agreement.
Click > scan, wait for it to finish, then click Close

There will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • OTM Log.
  • Blacklight Log.
  • checkhd.txt.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Seek mo installer

Unread postby frerom » February 12th, 2010, 2:50 pm

Hi Dakeyras,
Computer is working fine. The only thing that bothers me a bit is that the drive makes a noise whenever it's reading or writing. I guess computers are always reading and writing even wnen suppsedly idle. I previously never really noticed this. But since I had the downloader virus I'm always thinking that stuff is happening that shouldn't be happening. I'll try and ignore it in the future. Especially now since there are automatic updates with several programs.

Following were removed no trouble.
PC-Doctor for Windows
ThinkVantage Away Manager
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
SUPERAntiSpyware Advice:
Help center
Access Help

I'm not sure about the following:
1.- 3 programs of Microsoft Visual C. Should they be removed in any particular order?
2.- Diskeeper lite
3.- MSN removed after post
4.- Rescue and Recovery Client Solution

Registry backed up okay

Norton tool removed all files ok. Program deleted itself.


Ran OTM
Forgot to disable Online Armor. When the Reboot Question came up I selected No and then I was able to copy the results window. Then I rebooted.
========== PROCESSES ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.8.0 log created on 02122010_132116

Blacklight log follows:
02/12/10 13:35:07 [Info]: BlackLight Engine 2.2.1092 initialized
02/12/10 13:35:07 [Info]: OS: 5.1 build 2600 (Service Pack 3)
02/12/10 13:35:07 [Note]: 7019 4
02/12/10 13:35:07 [Note]: 7005 0
02/12/10 13:35:20 [Note]: 7006 0
02/12/10 13:35:20 [Note]: 7022 0
02/12/10 13:35:20 [Note]: 7011 1996
02/12/10 13:35:20 [Note]: 7035 0
02/12/10 13:35:20 [Note]: 7026 0
02/12/10 13:35:20 [Note]: 7026 0
02/12/10 13:35:20 [Note]: FSRAW library version 1.7.1024
02/12/10 13:35:41 [Info]: Hidden file: c:\preboot\utils\diagdisk\pcdr\disk_01.exe
02/12/10 13:35:41 [Note]: 7002 0
02/12/10 13:35:41 [Note]: 7003 1
02/12/10 13:35:41 [Note]: 10002 3
02/12/10 13:35:41 [Info]: Hidden file: c:\preboot\utils\diagdisk\pcdr\disk_02.exe
02/12/10 13:35:41 [Note]: 7002 0
02/12/10 13:35:41 [Note]: 7003 1
02/12/10 13:35:41 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Admin New\Application Data\Microsoft\Crypto\RSA\S-
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Admin New\Application Data\Microsoft\Crypto\RSA\S-
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Admin New\Application Data\Microsoft\Crypto\RSA\S-
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Admin New\Application Data\Microsoft\Protect\CREDH
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Admin New\Application Data\Microsoft\Protect\S-1-5
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Admin New\Application Data\Microsoft\Protect\S-1-5
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Admin New\Application Data\Microsoft\Protect\S-1-5
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Admin New\Application Data\Microsoft\Protect\S-1-5
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Admin New\Application Data\ThinkVantage\Client Sec
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Fred\Application Data\Microsoft\Crypto\RSA\S-1-5-2
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Fred\Application Data\Microsoft\Protect\CREDHIST
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Fred\Application Data\Microsoft\Protect\S-1-5-21-3
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Fred\Application Data\Microsoft\Protect\S-1-5-21-3
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Fred\Application Data\Microsoft\Protect\S-1-5-21-3
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Fred\Application Data\Microsoft\Protect\S-1-5-21-3
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Fred\Application Data\Microsoft\Protect\S-1-5-21-3
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:50 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Fred\Application Data\ThinkVantage\Client Security
02/12/10 13:35:50 [Note]: 7002 0
02/12/10 13:35:50 [Note]: 7003 1
02/12/10 13:35:50 [Note]: 10002 3
02/12/10 13:35:51 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Julia\Application Data\Microsoft\Protect\CREDHIST
02/12/10 13:35:51 [Note]: 7002 0
02/12/10 13:35:51 [Note]: 7003 1
02/12/10 13:35:51 [Note]: 10002 3
02/12/10 13:35:51 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Julia\Application Data\Microsoft\Protect\S-1-5-21-
02/12/10 13:35:51 [Note]: 7002 0
02/12/10 13:35:51 [Note]: 7003 1
02/12/10 13:35:51 [Note]: 10002 3
02/12/10 13:35:51 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Julia\Application Data\Microsoft\Protect\S-1-5-21-
02/12/10 13:35:51 [Note]: 7002 0
02/12/10 13:35:51 [Note]: 7003 1
02/12/10 13:35:51 [Note]: 10002 3
02/12/10 13:35:51 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Julia\Application Data\ThinkVantage\Client Securit
02/12/10 13:35:51 [Note]: 7002 0
02/12/10 13:35:51 [Note]: 7003 1
02/12/10 13:35:51 [Note]: 10002 3
02/12/10 13:35:51 [Info]: Hidden file: c:\RRbackups\hints.dat
02/12/10 13:35:51 [Note]: 7002 0
02/12/10 13:35:51 [Note]: 7003 1
02/12/10 13:35:51 [Note]: 10002 1
02/12/10 13:35:51 [Info]: Hidden file: c:\RRbackups\SAM
02/12/10 13:35:51 [Note]: 7002 0
02/12/10 13:35:51 [Note]: 7003 1
02/12/10 13:35:51 [Note]: 10002 1
02/12/10 13:35:52 [Info]: Hidden file: c:\RRbackups\system
02/12/10 13:35:52 [Note]: 7002 0
02/12/10 13:35:52 [Note]: 7003 1
02/12/10 13:35:52 [Note]: 10002 1
02/12/10 13:35:52 [Info]: Hidden file: c:\RRbackups\system.dat
02/12/10 13:35:52 [Note]: 7002 0
02/12/10 13:35:52 [Note]: 7003 1
02/12/10 13:35:52 [Note]: 10002 1
02/12/10 13:35:53 [Info]: Hidden file: c:\RRbackups\tvt.txt
02/12/10 13:35:53 [Note]: 7002 0
02/12/10 13:35:53 [Note]: 7003 1
02/12/10 13:35:53 [Note]: 10002 1
02/12/10 13:35:53 [Info]: Hidden file: c:\RRbackups\usersids.dat
02/12/10 13:35:53 [Note]: 7002 0
02/12/10 13:35:53 [Note]: 7003 1
02/12/10 13:35:53 [Note]: 10002 1
02/12/10 13:37:28 [Note]: 7007 0

Checkhd text file follows:

The type of the file system is NTFS.
Volume label is IBM_PRELOAD.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

74276492 KB total disk space.
16932036 KB in 45257 files.
15072 KB in 4296 indexes.
0 KB in bad sectors.
175004 KB in use by the system.
65536 KB occupied by the log file.
57154380 KB available on disk.

4096 bytes in each allocation unit.
18569123 total allocation units on disk.
14288595 allocation units available on disk.
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby Dakeyras » February 12th, 2010, 7:51 pm

Hi.

Computer is working fine. The only thing that bothers me a bit is that the drive makes a noise whenever it's reading or writing. I guess computers are always reading and writing even wnen suppsedly idle. I previously never really noticed this. But since I had the downloader virus I'm always thinking that stuff is happening that shouldn't be happening. I'll try and ignore it in the future. Especially now since there are automatic updates with several programs.
OK I appreciate your concern. Sometimes Hard-Drives can be somewhat noisy during usage and this does not necessarily mean they are defective but merely due to a unique footprint anything can have that has been assembled......for example where the particular Hard-Drive was assembled in the factory line. I have on one of my computers a old SATA drive and it sounds like a nest of bee's when put under load but it is in perfect health so to speak and merely the platters(easy way to explain, the individual disks' akin to the old 1.44 floppy disk) rubbing against each other.

There is however indication some maintenance is needed which we will address in due course and if the need there is one more scan I can ask your good self to carry to confirm the Hard-Drive is not failing.

I'm not sure about the following:
OK my advice as follows:-

1.- 3 programs of Microsoft Visual C. Should they be removed in any particular order?
Not required unless you make use of the Microsoft .NET Framework software.

2.- Diskeeper lite
Personally I in two minds about this particular application. It is actually a slightly better version of the Windows in-built Disk Defrag' utility and the Windows in-built is based upon this under licence.

4.- Rescue and Recovery Client Solution
Not a particularly effective application in my humble opinion. Either use the XP Pro inbuilt via:-

Click on Start >> All Programs >> Accessories >> System Tools >> Backup.

Or consider:-

How to backup and restore your data using Cobian Backup

How to Backup and Restore your hard drive with DriveImage XML

Next:

Click Start >> Run and type cleanmgr in the box and press OK.

  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Run Kaspersky Online AV Scanner:

Go to this Kaspersky website and perform an online antivirus scan.

Note: You can use either Internet Explorer or Mozilla Firefox for this scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tuturial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • Kaspersky report.
  • A new RSIT Log. <-- When you double click on RSIT.exe only one log will be produced and that is all I need to review at this time.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware