Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Seek mo installer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Seek mo installer

Unread postby frerom » February 13th, 2010, 3:42 pm

Hi Dakeyras.

1.- Removed Microsoft Visual C++
Would also like to remove Microsoft.net framework as long as it doesn`t impact other programs.
2.- I Will keep Diskeeper lite.
3.-Tried removing Rescue and Recovery. Message stated other versions still on computer. I believe I did an update at one time. There is an IBM Thinkvantage folder still in the Program folder. It has 5 Folders. Client Security Solution, Common,Rescue and Recovery, Safeguard PrivateDisk,SMA.
Only Rescue and Recovery and System Migration Assistant 5 are listed in the Control Panel.
4.- Looking at the list of programs in the program folder there are several others that I don`t use. As long as the folders are empty I can delete them but what about the folders that still have some files? Is there some safe way to remove them without affecting programs we use?

5.-Maintenance on drive went ok.

6.-For the Kaspersky scan I believe the AVAST anti virus was disabled automatically.

7.- RSIT scan ok

8.- I Was going to post the notepad report but I had a problem with the keyboard that I wanted to fix first. I use the French language sometimes and the keyboard my wife uses has some of the French functions on it. I installed it but I guess I needed a special driver because some of the letters weren't coming out correctly. So I searched on Firefox for a Scorpius keyboard and I was surprised to have one of those screens with 'your computer is infected'come up. Then I noticed Avast icon was still missing on the task bar. So I tried to start it up but it reported a misconfiguration and suggested a reinstall.
I reinstalled Avast (it uninstalled first) and searched for the keyboard driver again but I was suspicious when I tried to install it ,so I cancelled the install.. Program was Driver fetch and the setup is still on the desktop. I will run RSIT again and will post the old and latest log (2 posts) after this post.

I won't do anymore about the keyboard driver until I hear back from you.


Kasp report follows:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, February 13, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, February 13, 2010 16:43:36
Records in database: 3495156
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 47471
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:21:28

No threats found. Scanned area is clean.

Selected area has been scanned.
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada
Advertisement
Register to Remove

Re: Seek mo installer

Unread postby frerom » February 13th, 2010, 3:44 pm

RSIT (before Avast reinstall) log follows:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin New at 2010-02-13 13:12:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (77%) free of 73 GB
Total RAM: 1013 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:11 PM, on 2/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin New\Desktop\RSIT.exe
C:\Documents and Settings\Admin New\Desktop\Admin New.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7910773562
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

--
End of file - 6124 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"PDService.exe"=C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-07-07 49152]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"cssauth"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe [2005-08-02 1988144]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

C:\Documents and Settings\Admin New\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac75fcf0-0d07-11df-a513-0010c6b4a8c8}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-02-13 08:36:30 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-11 21:48:53 ----D---- C:\rsit
2010-02-11 21:11:05 ----D---- C:\_OTM
2010-02-11 16:18:51 ----D---- C:\WINDOWS\ERDNT
2010-02-11 16:17:19 ----D---- C:\Program Files\ERUNT
2010-02-10 11:54:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 11:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-31 03:22:28 ----A---- C:\WINDOWS\is-V7OER.exe
2010-01-30 15:50:43 ----D---- C:\Documents and Settings\Admin New\Application Data\Mozilla
2010-01-30 15:50:34 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 13:38:34 ----D---- C:\Downloads
2010-01-27 14:09:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-27 13:44:47 ----D---- C:\Program Files\Secunia
2010-01-27 13:42:35 ----D---- C:\WINDOWS\Sun
2010-01-27 13:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-27 13:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-21 13:59:51 ----D---- C:\Program Files\Google
2010-01-21 13:59:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-21 13:59:28 ----D---- C:\Program Files\Alwil Software
2010-01-21 13:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\Admin New\Application Data\OnlineArmor
2010-01-21 12:57:28 ----D---- C:\Program Files\Tall Emu
2010-01-21 12:53:36 ----D---- C:\Documents and Settings\Admin New\Application Data\WinPatrol
2010-01-21 12:53:29 ----D---- C:\Program Files\BillP Studios
2010-01-21 12:45:26 ----D---- C:\Program Files\Common Files\Java
2010-01-21 12:45:26 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\java.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-21 12:44:52 ----D---- C:\Program Files\Java
2010-01-21 12:44:24 ----D---- C:\Documents and Settings\Admin New\Application Data\Sun
2010-01-21 06:05:12 ----D---- C:\Program Files\Common Files\Adobe
2010-01-21 06:02:22 ----HD---- C:\WINDOWS\PIF
2010-01-21 04:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-21 04:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-21 04:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-21 04:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-21 04:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-21 04:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-21 04:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-21 04:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-21 04:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-21 04:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-01-21 04:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-21 04:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-21 04:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-21 04:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-21 04:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-21 04:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-21 04:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-21 04:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-21 04:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-21 04:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-21 04:19:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-21 04:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-21 04:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-21 04:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-21 04:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-21 04:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-21 04:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-21 04:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-21 04:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-21 04:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-21 02:49:44 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-02-13 13:12:45 ----D---- C:\WINDOWS\Prefetch
2010-02-13 11:23:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-13 11:19:33 ----D---- C:\WINDOWS\Temp
2010-02-13 11:18:50 ----RSHD---- C:\RRbackups
2010-02-13 10:45:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-13 10:19:06 ----HD---- C:\WINDOWS\inf
2010-02-13 08:39:06 ----SHD---- C:\WINDOWS\Installer
2010-02-13 08:37:00 ----D---- C:\WINDOWS\WinSxS
2010-02-13 08:36:30 ----AD---- C:\WINDOWS
2010-02-13 08:36:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-12 12:31:09 ----RD---- C:\Program Files
2010-02-12 12:14:24 ----D---- C:\WINDOWS\Help
2010-02-12 12:14:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-12 12:14:23 ----D---- C:\Program Files\ThinkVantage
2010-02-12 12:14:23 ----D---- C:\Icons
2010-02-12 11:49:43 ----D---- C:\Documents and Settings\Admin New\Application Data\SUPERAntiSpyware.com
2010-02-12 11:49:29 ----D---- C:\Program Files\Common Files
2010-02-12 11:49:28 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-12 11:47:36 ----D---- C:\Program Files\Lenovo
2010-02-12 11:43:26 ----AD---- C:\WINDOWS\system32
2010-02-12 11:42:20 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 11:32:00 ----A---- C:\WINDOWS\win.ini
2010-02-11 15:54:49 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-11 15:54:42 ----SD---- C:\WINDOWS\Tasks
2010-02-10 12:44:07 ----D---- C:\WINDOWS\Minidump
2010-02-10 11:54:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 11:53:44 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 11:53:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-01 14:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 04:17:26 ----D---- C:\WINDOWS\WBEM
2010-01-31 03:45:06 ----SD---- C:\Documents and Settings\Admin New\Application Data\Microsoft
2010-01-31 03:23:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-30 15:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-27 13:57:08 ----D---- C:\WINDOWS\system32\wbem
2010-01-27 13:57:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-27 13:36:40 ----D---- C:\WINDOWS\system32\en-us
2010-01-27 13:36:40 ----D---- C:\Program Files\Internet Explorer
2010-01-27 13:36:32 ----D---- C:\WINDOWS\ie7updates
2010-01-21 12:41:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2010-01-21 12:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-21 12:34:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-21 06:12:56 ----D---- C:\Program Files\Adobe
2010-01-21 05:59:34 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-21 05:55:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-21 05:13:14 ----D---- C:\WINDOWS\AppPatch
2010-01-21 04:19:15 ----D---- C:\Program Files\Outlook Express
2010-01-21 04:09:14 ----D---- C:\IBMSHARE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-07-19 163840]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-05 241296]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2007-05-01 17792]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 TPM12;NSC Integrated Trusted Platform Module 1.2; C:\WINDOWS\system32\DRIVERS\nsctpm12.sys [2005-04-21 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-09-28 622700]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-21 153376]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]
R2 TSSCoreService;TSS Core Service; C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe [2005-08-02 722480]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-08-02 1372160]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-11 28160]

-----------------EOF-----------------
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby frerom » February 13th, 2010, 3:47 pm

Latest RSIT log follows:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin New at 2010-02-13 14:45:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (76%) free of 73 GB
Total RAM: 1013 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:08 PM, on 2/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin New\Desktop\RSIT.exe
C:\Documents and Settings\Admin New\Desktop\Admin New.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7910773562
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

--
End of file - 6196 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"PDService.exe"=C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-07-07 49152]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"cssauth"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe [2005-08-02 1988144]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

C:\Documents and Settings\Admin New\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac75fcf0-0d07-11df-a513-0010c6b4a8c8}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-02-13 13:43:49 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-13 13:27:52 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla Firefox
2010-02-13 08:36:30 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-11 21:48:53 ----D---- C:\rsit
2010-02-11 21:11:05 ----D---- C:\_OTM
2010-02-11 16:18:51 ----D---- C:\WINDOWS\ERDNT
2010-02-11 16:17:19 ----D---- C:\Program Files\ERUNT
2010-02-10 11:54:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 11:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-31 03:22:28 ----A---- C:\WINDOWS\is-V7OER.exe
2010-01-30 15:50:43 ----D---- C:\Documents and Settings\Admin New\Application Data\Mozilla
2010-01-30 15:50:34 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 13:38:34 ----D---- C:\Downloads
2010-01-27 14:09:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-27 13:44:47 ----D---- C:\Program Files\Secunia
2010-01-27 13:42:35 ----D---- C:\WINDOWS\Sun
2010-01-27 13:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-27 13:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-21 13:59:51 ----D---- C:\Program Files\Google
2010-01-21 13:59:28 ----D---- C:\Program Files\Alwil Software
2010-01-21 13:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\Admin New\Application Data\OnlineArmor
2010-01-21 12:57:28 ----D---- C:\Program Files\Tall Emu
2010-01-21 12:53:36 ----D---- C:\Documents and Settings\Admin New\Application Data\WinPatrol
2010-01-21 12:53:29 ----D---- C:\Program Files\BillP Studios
2010-01-21 12:45:26 ----D---- C:\Program Files\Common Files\Java
2010-01-21 12:45:26 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\java.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-21 12:44:52 ----D---- C:\Program Files\Java
2010-01-21 12:44:24 ----D---- C:\Documents and Settings\Admin New\Application Data\Sun
2010-01-21 06:05:12 ----D---- C:\Program Files\Common Files\Adobe
2010-01-21 06:02:22 ----HD---- C:\WINDOWS\PIF
2010-01-21 04:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-21 04:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-21 04:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-21 04:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-21 04:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-21 04:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-21 04:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-21 04:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-21 04:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-21 04:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-01-21 04:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-21 04:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-21 04:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-21 04:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-21 04:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-21 04:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-21 04:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-21 04:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-21 04:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-21 04:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-21 04:19:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-21 04:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-21 04:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-21 04:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-21 04:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-21 04:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-21 04:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-21 04:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-21 04:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-21 04:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-21 02:49:44 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-02-13 13:59:14 ----D---- C:\WINDOWS\Temp
2010-02-13 13:53:13 ----D---- C:\WINDOWS\Prefetch
2010-02-13 13:44:06 ----D---- C:\WINDOWS\system32\drivers
2010-02-13 13:44:00 ----SHD---- C:\WINDOWS\Installer
2010-02-13 13:43:58 ----D---- C:\WINDOWS\WinSxS
2010-02-13 13:43:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-13 13:43:49 ----AD---- C:\WINDOWS\system32
2010-02-13 13:42:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-13 13:42:41 ----RSHD---- C:\RRbackups
2010-02-13 13:41:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-13 10:19:06 ----HD---- C:\WINDOWS\inf
2010-02-13 08:36:30 ----AD---- C:\WINDOWS
2010-02-12 12:31:09 ----RD---- C:\Program Files
2010-02-12 12:14:24 ----D---- C:\WINDOWS\Help
2010-02-12 12:14:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-12 12:14:23 ----D---- C:\Program Files\ThinkVantage
2010-02-12 12:14:23 ----D---- C:\Icons
2010-02-12 11:49:43 ----D---- C:\Documents and Settings\Admin New\Application Data\SUPERAntiSpyware.com
2010-02-12 11:49:29 ----D---- C:\Program Files\Common Files
2010-02-12 11:49:28 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-12 11:47:36 ----D---- C:\Program Files\Lenovo
2010-02-12 11:32:00 ----A---- C:\WINDOWS\win.ini
2010-02-11 15:54:49 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-11 15:54:42 ----SD---- C:\WINDOWS\Tasks
2010-02-10 12:44:07 ----D---- C:\WINDOWS\Minidump
2010-02-10 11:54:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 11:53:44 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 11:53:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-01 14:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 04:17:26 ----D---- C:\WINDOWS\WBEM
2010-01-31 03:45:06 ----SD---- C:\Documents and Settings\Admin New\Application Data\Microsoft
2010-01-31 03:23:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-30 15:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-27 13:57:08 ----D---- C:\WINDOWS\system32\wbem
2010-01-27 13:57:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-27 13:36:40 ----D---- C:\WINDOWS\system32\en-us
2010-01-27 13:36:40 ----D---- C:\Program Files\Internet Explorer
2010-01-27 13:36:32 ----D---- C:\WINDOWS\ie7updates
2010-01-21 12:41:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2010-01-21 12:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-21 12:34:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-21 06:12:56 ----D---- C:\Program Files\Adobe
2010-01-21 05:59:34 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-21 05:55:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-21 05:13:14 ----D---- C:\WINDOWS\AppPatch
2010-01-21 04:19:15 ----D---- C:\Program Files\Outlook Express
2010-01-21 04:09:14 ----D---- C:\IBMSHARE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-07-19 163840]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-05 241296]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2007-05-01 17792]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 TPM12;NSC Integrated Trusted Platform Module 1.2; C:\WINDOWS\system32\DRIVERS\nsctpm12.sys [2005-04-21 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-09-28 622700]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-21 153376]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]
R2 TSSCoreService;TSS Core Service; C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe [2005-08-02 722480]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-08-02 1372160]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-11 28160]

-----------------EOF-----------------
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby Dakeyras » February 14th, 2010, 7:34 am

Hi.

What you mentioned is fine and we can address in due course but I will need to review a new set of RSIT logs first so I am able to have a more up to date picture of system so to speak.

I won't do anymore about the keyboard driver until I hear back from you.
Which exact modal of the Scorpius keyboard is it and I will gladly locate the correct one for you.

Did you run the online scan before or after you received the 'your computer is infected' notification?

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
"%userprofile%\desktop\rsit.exe" /info
and click on OK

  • Click on Run and RSIT will start.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • Answer to my question.
  • A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Seek mo installer

Unread postby frerom » February 14th, 2010, 1:32 pm

Hi Dakeyras,
The computer is working fine.

I ran the online scan before I received the 'your computer is infected' notification? I read the Kaspersky message re disabling the antivirus programs on the computer after I started the scan. But I noticed the avast icon was missing from the tray. Another thing I believe I checked the run as an install program when the Online armor window came up. Maybe it was this that upset the Avast installation. Because of this possibility I am not sure when the Avast icon disappeared. So when I searched for the drivers I was unprotected by Avast. I did allow some actions from the Driver Fetch web site but not all.

The keyboard was manufactured by ione and is called scorpius K11.

The RSIT posts follow.
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby frerom » February 14th, 2010, 1:33 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin New at 2010-02-14 12:25:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (76%) free of 73 GB
Total RAM: 1013 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:30 PM, on 14/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin New\desktop\rsit.exe
C:\Documents and Settings\Admin New\Desktop\Admin New.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7910773562
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

--
End of file - 6372 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"PDService.exe"=C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-07-07 49152]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"cssauth"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe [2005-08-02 1988144]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\Admin New\Start Menu\Programs\Startup
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac75fcf0-0d07-11df-a513-0010c6b4a8c8}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-02-13 13:43:49 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-13 13:27:52 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla Firefox
2010-02-13 08:36:30 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-11 21:48:53 ----D---- C:\rsit
2010-02-11 21:11:05 ----D---- C:\_OTM
2010-02-11 16:18:51 ----D---- C:\WINDOWS\ERDNT
2010-02-11 16:17:19 ----D---- C:\Program Files\ERUNT
2010-02-10 11:54:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 11:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-31 03:22:28 ----A---- C:\WINDOWS\is-V7OER.exe
2010-01-30 15:50:43 ----D---- C:\Documents and Settings\Admin New\Application Data\Mozilla
2010-01-30 15:50:34 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 13:38:34 ----D---- C:\Downloads
2010-01-27 14:09:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-27 13:44:47 ----D---- C:\Program Files\Secunia
2010-01-27 13:42:35 ----D---- C:\WINDOWS\Sun
2010-01-27 13:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-27 13:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-21 13:59:51 ----D---- C:\Program Files\Google
2010-01-21 13:59:28 ----D---- C:\Program Files\Alwil Software
2010-01-21 13:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2010-01-21 12:57:48 ----D---- C:\Documents and Settings\Admin New\Application Data\OnlineArmor
2010-01-21 12:57:28 ----D---- C:\Program Files\Tall Emu
2010-01-21 12:53:36 ----D---- C:\Documents and Settings\Admin New\Application Data\WinPatrol
2010-01-21 12:53:29 ----D---- C:\Program Files\BillP Studios
2010-01-21 12:45:26 ----D---- C:\Program Files\Common Files\Java
2010-01-21 12:45:26 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\java.exe
2010-01-21 12:45:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-21 12:44:52 ----D---- C:\Program Files\Java
2010-01-21 12:44:24 ----D---- C:\Documents and Settings\Admin New\Application Data\Sun
2010-01-21 06:05:12 ----D---- C:\Program Files\Common Files\Adobe
2010-01-21 06:02:22 ----HD---- C:\WINDOWS\PIF
2010-01-21 04:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-21 04:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-21 04:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-21 04:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-21 04:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-21 04:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-21 04:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-21 04:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-21 04:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-21 04:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-01-21 04:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-21 04:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-21 04:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-21 04:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-21 04:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-21 04:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-21 04:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-21 04:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-21 04:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-21 04:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-21 04:19:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-21 04:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-21 04:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-21 04:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-21 04:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-21 04:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-21 04:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-21 04:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-21 04:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-21 04:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-21 02:49:44 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-02-14 12:25:26 ----D---- C:\WINDOWS\Prefetch
2010-02-14 12:22:49 ----D---- C:\WINDOWS\Temp
2010-02-13 15:24:34 ----SHD---- C:\WINDOWS\Installer
2010-02-13 15:24:24 ----AD---- C:\WINDOWS
2010-02-13 13:44:06 ----D---- C:\WINDOWS\system32\drivers
2010-02-13 13:43:58 ----D---- C:\WINDOWS\WinSxS
2010-02-13 13:43:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-13 13:43:49 ----AD---- C:\WINDOWS\system32
2010-02-13 13:42:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-13 13:42:41 ----RSHD---- C:\RRbackups
2010-02-13 13:41:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-13 10:19:06 ----HD---- C:\WINDOWS\inf
2010-02-12 12:31:09 ----RD---- C:\Program Files
2010-02-12 12:14:24 ----D---- C:\WINDOWS\Help
2010-02-12 12:14:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-12 12:14:23 ----D---- C:\Program Files\ThinkVantage
2010-02-12 12:14:23 ----D---- C:\Icons
2010-02-12 11:49:43 ----D---- C:\Documents and Settings\Admin New\Application Data\SUPERAntiSpyware.com
2010-02-12 11:49:29 ----D---- C:\Program Files\Common Files
2010-02-12 11:49:28 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-12 11:47:36 ----D---- C:\Program Files\Lenovo
2010-02-12 11:32:00 ----A---- C:\WINDOWS\win.ini
2010-02-11 15:54:49 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-11 15:54:42 ----SD---- C:\WINDOWS\Tasks
2010-02-10 12:44:07 ----D---- C:\WINDOWS\Minidump
2010-02-10 11:54:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 11:53:44 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 11:53:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-01 14:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 04:17:26 ----D---- C:\WINDOWS\WBEM
2010-01-31 03:45:06 ----SD---- C:\Documents and Settings\Admin New\Application Data\Microsoft
2010-01-31 03:23:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-30 15:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-27 13:57:08 ----D---- C:\WINDOWS\system32\wbem
2010-01-27 13:57:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-27 13:36:40 ----D---- C:\WINDOWS\system32\en-us
2010-01-27 13:36:40 ----D---- C:\Program Files\Internet Explorer
2010-01-27 13:36:32 ----D---- C:\WINDOWS\ie7updates
2010-01-21 12:41:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2010-01-21 12:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-21 12:34:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-21 06:12:56 ----D---- C:\Program Files\Adobe
2010-01-21 05:59:34 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-21 05:55:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-21 05:13:14 ----D---- C:\WINDOWS\AppPatch
2010-01-21 04:19:15 ----D---- C:\Program Files\Outlook Express
2010-01-21 04:09:14 ----D---- C:\IBMSHARE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-07-19 163840]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-05 241296]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2007-05-01 17792]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 TPM12;NSC Integrated Trusted Platform Module 1.2; C:\WINDOWS\system32\DRIVERS\nsctpm12.sys [2005-04-21 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-09-28 622700]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-21 153376]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]
R2 TSSCoreService;TSS Core Service; C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe [2005-08-02 722480]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-08-02 1372160]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-11 28160]

-----------------EOF-----------------
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby frerom » February 14th, 2010, 1:35 pm

info.txt logfile of random's system information tool 1.06 2010-02-14 12:25:32

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Diskeeper Lite-->MsiExec.exe /X{D5A4CE1B-59ED-4D85-A3B2-6E0AFF448E4B}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center-->C:\ibmtools\apps\thinkmmc\sequencer.exe -fc:\ibmtools\apps\thinkmmc\uninst.seq
Rescue and Recovery - Client Security Solution-->MsiExec.exe /I{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
System Migration Assistant 5.0-->MsiExec.exe /X{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! Antivirus
FW: Online Armor Firewall

======System event log======

Computer Name: THINKVANTAGE
Event Code: 1
Message: The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Record Number: 2453
Source Name: sr
Time Written: 20090724064328.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 19
Message: Sharing printer failed + 1722, Printer HP DeskJet 612C share name Printer2.

Record Number: 2354
Source Name: Print
Time Written: 20090718115611.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: THINKVANTAGE
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Record Number: 2339
Source Name: Print
Time Written: 20090718115246.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: THINKVANTAGE
Event Code: 3
Message: Printer Microsoft Office Document Image Writer was deleted.

Record Number: 2338
Source Name: Print
Time Written: 20090718115245.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: THINKVANTAGE
Event Code: 4
Message: Printer Microsoft Office Document Image Writer is pending deletion.

Record Number: 2337
Source Name: Print
Time Written: 20090718115245.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: THINKVANTAGE
Event Code: 1001
Message:
Record Number: 63
Source Name: Microsoft Management Console
Time Written: 20090520134705.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1000
Message:
Record Number: 62
Source Name: Microsoft Management Console
Time Written: 20090520134701.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1001
Message:
Record Number: 49
Source Name: Microsoft Management Console
Time Written: 20090520134131.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1000
Message:
Record Number: 48
Source Name: Microsoft Management Console
Time Written: 20090520133930.000000-240
Event Type: error
User:

Computer Name: THINKVANTAGE
Event Code: 1004
Message: Detection of product '{91130409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.

Record Number: 46
Source Name: MsiInstaller
Time Written: 20090520132826.000000-240
Event Type: warning
User: THINKVANTAGE\Admin New

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\IBM ThinkVantage\Client Security Solution;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Lenovo
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"SMA"=C:\Program Files\IBM ThinkVantage\SMA\
"IBMSHARE"=%SystemDrive%\IBMSHARE
"RR"=C:\Program Files\IBM ThinkVantage\Rescue and Recovery
"TVTPYDIR"=C:\Program Files\IBM ThinkVantage\Common\Python24

-----------------EOF-----------------
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby Dakeyras » February 15th, 2010, 9:31 am

Hi.

OK thanks for the update, as a precaution I will be asking you to run a different online scan. Tedious it may seem but I assure you it a prudent course of action.

The keyboard was manufactured by ione and is called scorpius K11.
If you still have the installation CD-ROM that came with the keyboard a driver if required should be on that. Though is the actual name of the keyboard Scorpius K2 or is this K11 denoting K eleven. If the former my research has revealed no driver is required.

If further issues regarding this my best suggestion would be seek advice about this as a specific hardware/software support forum as primarily I only provide Anti-Malware support. I will further add if the keyboard does indeed require a driver do not go searching for it again as I came across many disreputable sites claiming to host such and indications malware was on site.

I am a member of both of the below myself and they have outstanding IT Tech Support Staff:

Specific Hardware/Software Support:


Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Next:

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes

:Services
PsaSrv
TSSCoreService

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDService.exe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IBM PSA Access Driver Control]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITSS Core Servicel]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ThinkVantage Technologies Welcome Message]

:Files
C:\WINDOWS\SxsCaPendDel
C:\WINDOWS\is-V7OER.exe
C:\Program Files\ThinkVantage
C:\Program Files\IBM ThinkVantage
C:\Documents and Settings\Admin New\Application Data\SUPERAntiSpyware.com
C:\Program Files\SUPERAntiSpyware
C:\Program Files\Common Files\Symantec Shared
C:\Documents and Settings\All Users\Application Data\avg8
C:\IBMSHARE

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • OTM Log.
  • Eset Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Seek mo installer

Unread postby frerom » February 15th, 2010, 1:29 pm

Hi Dakeyras,
Computer is working fine.
No problems encountered.
Re instructions for OTM, believe you have a typo for copying script file CTRL B should be CTRL C.

Disabled both Online Armor and AVAST for the Eset Scan.

OTM Report follows:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service PsaSrv stopped successfully!
Service PsaSrv deleted successfully!
Service TSSCoreService stopped successfully!
Service TSSCoreService deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PDService.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IBM PSA Access Driver Control\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITSS Core Servicel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ThinkVantage Technologies Welcome Message\ not found.
========== FILES ==========
C:\WINDOWS\SxsCaPendDel folder moved successfully.
C:\WINDOWS\is-V7OER.exe moved successfully.
C:\Program Files\ThinkVantage\SystemUpdate folder moved successfully.
C:\Program Files\ThinkVantage\Active Update folder moved successfully.
C:\Program Files\ThinkVantage folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\temp folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\system folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\tw folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\sw folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\pt folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\no folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\ko folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\ja folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\it folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\fr folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\fi folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\es folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\en folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\du folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\de folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\da folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\cn folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res\br folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\res folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\InstPkg folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\etc\data folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\etc folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\capture folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\apps folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA\apply folder moved successfully.
C:\Program Files\IBM ThinkVantage\SMA folder moved successfully.
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\SysInfo\gather folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\SysInfo folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\system folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\tw folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\sw folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\pt folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\no folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\ko folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\ja folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\it folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\fr folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\fi folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\es folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\en folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\du folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\de folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\da folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\cn folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back\br folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res_back folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\tw folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\sw folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\pt folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\no folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\ko folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\ja folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\it folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\fr folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\fi folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\es folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\en folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\du folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\de folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\da folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\cn folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res\br folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\res folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\InstPkg folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\etc folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\capture folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\Apps folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin\apply folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration\bin folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\Migration folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ADM\dne\work folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ADM\dne\cache folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ADM\dne folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ADM folder moved successfully.
C:\Program Files\IBM ThinkVantage\Rescue and Recovery folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\WST folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\us folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\tc folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\sv folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\sp folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\sc folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\po folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\no folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\nl folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\kr folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\jp folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\it folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\gr folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\fr folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\fi folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\dk folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls\br folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi\nls folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\spi folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Scheduler folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tk8.4\msgs folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tk8.4\images folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tk8.4 folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tix8.1\pref folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tix8.1\bitmaps folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tix8.1 folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tcl8.4\tcltest2.2 folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tcl8.4\opt0.4 folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tcl8.4\msgcat1.3 folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tcl8.4\http2.4 folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tcl8.4\http1.0 folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tcl8.4\encoding folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl\tcl8.4 folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\tcl folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\xml\sax folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\xml\parsers folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\xml\dom folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\xml folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\xpath folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\utils folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\unicode folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\schema folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\sax\drivers2 folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\sax\drivers folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\sax folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\parsers\xmlproc folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\parsers folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\marshal folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\dom\html folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\dom\ext\reader folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\dom\ext folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus\dom folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\_xmlplus folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\Crypto\Util folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\Crypto\PublicKey folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\Crypto\Protocol folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\Crypto\Hash folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\Crypto\Cipher folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages\Crypto folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\site-packages folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\logging folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\lib-tk folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\lib-old folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\hotshot folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\encodings folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\email folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\distutils\command folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\distutils folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\curses folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib\compiler folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\Lib folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24\DLLs folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Python24 folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\us folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\tc folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\sv folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\sp folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\sc folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\po folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\no folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\nl folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\kr folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\jp folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\it folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\gr folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\fr folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\fi folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\dk folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls\br folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\nls folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\MND folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\Logger folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\infozip\zip folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\infozip\unzip folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\infozip folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\eGatherer folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\CSSLaunchINI folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common\BMGR folder moved successfully.
C:\Program Files\IBM ThinkVantage\Common folder moved successfully.
C:\Program Files\IBM ThinkVantage\Client Security Solution folder moved successfully.
C:\Program Files\IBM ThinkVantage folder moved successfully.
C:\Documents and Settings\Admin New\Application Data\SUPERAntiSpyware.com folder moved successfully.
C:\Program Files\SUPERAntiSpyware folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Licenses folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8 folder moved successfully.
C:\IBMSHARE folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin New
->Temp folder emptied: 163998841 bytes
->Temporary Internet Files folder emptied: 7917474 bytes
->Java cache emptied: 128123 bytes
->FireFox cache emptied: 53608449 bytes
->Google Chrome cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fred
->Temp folder emptied: 10306 bytes
->Temporary Internet Files folder emptied: 103045 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39068989 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Julia
->Temp folder emptied: 2564 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33273 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 253.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02152010_103539

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


ESET Report follows:

C:\Documents and Settings\Fred\My Documents\Downloads\unlocker1.8.7.exe a variant of Win32/Adware.ADON application
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP84\A0039075.exe a variant of Win32/Adware.180Solutions application
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby Dakeyras » February 15th, 2010, 5:57 pm

Hi.

Computer is working fine.
Good to know.

Re instructions for OTM, believe you have a typo for copying script file CTRL B should be CTRL C.
Thank you for bringing this to my attention, much appreciated.

Could you post the complete ESET log please, thank you.

It can be located as follows:-

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
C:\Program Files\ESET\ESET Online Scanner
and click on OK

In the ESET Online Scanner window that appears locate log.txt, open it and copy the contents and post it in your next reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Seek mo installer

Unread postby frerom » February 16th, 2010, 4:01 am

ESET log follows

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6d98875d0863fe429a5204e7340ae5d8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-15 04:56:01
# local_time=2010-02-15 11:56:01 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1270945 1270945 0 0
# compatibility_mode=768 16777191 100 0 1231571 1231571 0 0
# compatibility_mode=6401 16777214 66 100 0 5314321 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=46076
# found=2
# cleaned=0
# scan_time=3022
C:\Documents and Settings\Fred\My Documents\Downloads\unlocker1.8.7.exe a variant of Win32/Adware.ADON application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP84\A0039075.exe a variant of Win32/Adware.180Solutions application 00000000000000000000000000000000 I
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby Dakeyras » February 16th, 2010, 9:07 am

Hi.

Upload a Suspicious File:

Note: Internet Explorer is the browser to use for best results.

  • Please go to VirSCAN.org free on-line scan service.
  • Copy and paste the following file path into the "Suspicious files to scan" box at the top of the page:

    C:\Documents and Settings\Fred\My Documents\Downloads\unlocker1.8.7.exe

  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply. (Ctrl & V)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Seek mo installer

Unread postby frerom » February 16th, 2010, 11:21 am

Hi Dakeyros,
Just had a bit of trouble finding the Copy to clipboard button. It appears at the bottom of the page after you select the Scan Report button.

VirSCAN.org Scanned Report :
Scanned time : 2010/02/15 08:36:22 (EST)
Scanner results: 6% Scanner(s) (2/36) found malware!
File Name : unlocker1.8.7.exe
File Size : 243204 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a501fa8c8b7b3297b7031476beca0c73
SHA1 : 9c7ec8eb5d7ca43214e25369cbfe1a35e25245fa
Online report : http://virscan.org/report/8ffdd8b7af38a ... 33ca8.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100215173548 2010-02-15 10.00 -
AhnLab V3 2010.02.16.00 2010.02.16 2010-02-16 1.47 -
AntiVir 8.2.1.170 7.10.4.59 2010-02-15 0.20 -
Antiy 2.0.18 20100213.3845580 2010-02-13 0.02 -
Arcavir 2009 201002101845 2010-02-10 0.33 -
Authentium 5.1.1 201002142312 2010-02-14 1.46 -
AVAST! 4.7.4 100215-0 2010-02-15 0.08 -
AVG 8.5.720 271.1.1/2660 2010-02-01 5.17 -
BitDefender 7.81008.5077053 7.30395 2010-02-15 5.65 -
ClamAV 0.95.3 10391 2010-02-15 0.20 -
Comodo 3.13.579 3409 2010-02-15 1.39 -
CP Secure 1.3.0.5 2010.02.15 2010-02-15 0.00 -
Dr.Web 5.0.1.12222 2010.02.15 2010-02-15 5.92 -
F-Prot 4.4.4.56 20100214 2010-02-14 1.49 -
F-Secure 7.02.73807 2010.02.15.10 2010-02-15 11.23 -
Fortinet 11.499- 11.499 2010-02-15 0.21 -
GData 19.10520/19.754 20100215 2010-02-15 7.06 -
ViRobot 20100213 2010.02.13 2010-02-13 0.42 -
Ikarus T3.1.01.80 2010.02.15.75198 2010-02-15 4.49 -
JiangMin 13.0.900 2010.02.08 2010-02-08 9.17 -
Kaspersky 5.5.10 2010.02.15 2010-02-15 0.62 -
KingSoft 2009.2.5.15 2010.2.15.7 2010-02-15 0.61 -
McAfee 5.3.00 5892 2010-02-14 3.64 -
Microsoft 1.5406 2010.02.15 2010-02-15 7.89 TrojanClicker:Win32/Yabector.gen
Norman 6.01.09 6.01.00 2010-02-10 4.01 -
Panda 9.05.01 2010.02.14 2010-02-14 2.44 Adware/AdOnDemand
Trend Micro 9.120-1004 6.850.05 2010-02-15 0.17 -
Quick Heal 10.00 2010.02.15 2010-02-15 1.40 -
Rising 20.0 22.34.01.03 2010-02-09 1.99 -
Sophos 3.04.1 4.50 2010-02-15 3.59 -
Sunbelt 3.9.2400.2 5678 2010-02-14 3.46 -
Symantec 1.3.0.24 20100211.002 2010-02-11 0.02 -
nProtect 20100215.01 7253254 2010-02-15 6.43 -
The Hacker 6.5.1.4 v00194 2010-02-15 0.42 -
VBA32 3.12.12.2 20100214.2301 2010-02-14 4.10 -
VirusBuster 4.5.11.10 10.119.56/2017777 2010-02-15 2.72 -
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Seek mo installer

Unread postby Dakeyras » February 16th, 2010, 12:28 pm

Hi.

Any other issues remaining before we remove the tools used during the malware removal process and I provide some advice about online safety.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Seek mo installer

Unread postby frerom » February 16th, 2010, 1:47 pm

Hi Dakeyras,
1.-I have a question re Keyloggers. Several programs appear to have Keylogging functions. Online Armor reports them when I run the program, ex Adobe, HP scanner. What should we do? Only allow if we know the program.

2.- Also I now see the Windows Installer window pop up for a couple of seconds when I log on. I don't see what's being installed. Should I try and investigate further? I have used Malwarebytes Startup lite to remove Startup programs.

3.- Should I just delete the Driverfetch program from my Desktop?

4.-I removed Diskeeper Lite with windows control panel. No problems encountered.

5.-I have a folder on the C drive "I386" I believe I created it at one time when I was looking to make a bootable CD for WinXP. I would like to delete it now. Is there any way I can make sure it's not required?

Thanks
Frerom
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 488 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware