Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with pcantispyware, winbutler, spyguarder, vundo, amongst others


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mad Dog Vee

Mad Dog Vee

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 06 December 2008 - 10:00 PM

I provided some other logs previously but for now I will stick to the instructions.

I twigged I had some malware when a random PDF kept trying to download, it was an ever changing sequence of letters.pdf.

So I ran MBAM, my AV Avast!, SmitFraud, Spybot S&D, Ad Aware, CCleaner, rebooted and did it all again in safe mode and rebooted again, ran MBAM and each and every one of them was back again.

All that did manage to fix my recycle bin which wouldn't empty though.

More often than not when I run one of the above programs I get the corrupt file message when I don't believe it is. When I originally posted I was running Spybot and got

SpybotSD.exe - Corrupt File

The file or directory Path\VidoeLAN\Quck Settings\Video is corrupt and unreadable. Please run the Chkdsk utility.



I've tried chkdsk but it seems to be fizzling out halfway through.

I'm running Windows Vista Basic on a Lenovo 3000 c200 laptop 1.6GHz, 1GB RAM and about 100-120GB HDD.

The bad news is it WAS my netbanking computer. The good news is I think I know how I got it, so I wont be going there again.

However, after attempting to fix it myself a few times (and will probably have tried a few times more by the time someone responds) I now turn to you for help. This is me starting from scratch again and logging it every step of the way.

It seems since then all the fixit programs have been disabled or are suddenly found corrupt when ran. eg RSIT just threw up the mesg.

HIJACKTHIS

Logfile of random's system information tool 1.04 (written by random/random)
Run by Mad Dog Vee at 2008-12-07 09:35:18
Microsoft® Windows Vistaâ„¢ Home Basic
System drive C: has 66 GB (60%) free of 110 GB
Total RAM: 1014 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:21, on 7/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\PM Driver\PMHandler.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Darren\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Darren.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: w98Eject.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D665E2D9-879B-4DFE-8711-49D4750D47B3}: NameServer = 61.9.194.49,61.9.195.193,208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Apache\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 9545 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-12-07 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]
CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-12-14 796224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2006-12-22 56368]
"PMHandler"=C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [2007-06-06 34352]
"TPWAUDAP"=C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [2006-09-06 54824]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-20 4018176]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-11-06 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-06 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-06 81920]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2006-12-14 536576]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2006-12-21 493104]
"LPManager"=C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [2007-02-01 120368]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2006-12-14 2614848]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007-03-10 419376]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007-03-10 120368]
"LenovoOobeOffers"=c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe [2006-12-30 28672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-27 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
w98Eject.lnk - C:\Windows\System\w98eject.exe

C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-06 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a315b48f-4c1e-11dd-83b4-001b3807bfe6}]
shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe


======List of files/folders created in the last 1 months======

2008-12-07 09:35:18 ----D---- C:\rsit
2008-12-06 17:38:13 ----D---- C:\Program Files\Trend Micro
2008-12-06 12:45:52 ----A---- C:\Users\Darren\AppData\Roaming\SetValue.bat
2008-12-06 12:45:52 ----A---- C:\Users\Darren\AppData\Roaming\GetValue.vbs
2008-12-06 12:43:48 ----A---- C:\Windows\system32\tmp.txt
2008-12-06 12:43:46 ----A---- C:\rapport.txt
2008-12-06 12:35:35 ----A---- C:\Windows\ntbtlog.txt
2008-12-06 12:32:26 ----D---- C:\Program Files\RogueRemover FREE
2008-12-06 11:51:46 ----A---- C:\lfclq.txt
2008-12-05 12:10:19 ----D---- C:\Program Files\CCleaner
2008-12-04 22:15:45 ----A---- C:\Windows\system32\rpcnet.dll
2008-12-04 22:14:00 ----A---- C:\Windows\system32\rpcnet.exe
2008-12-04 15:15:06 ----D---- C:\Users\Darren\AppData\Roaming\TeraCopy
2008-12-04 15:14:53 ----D---- C:\Program Files\TeraCopy
2008-12-03 18:53:21 ----D---- C:\KnightTrek Productions
2008-11-27 10:21:33 ----D---- C:\Users\Darren\AppData\Roaming\Canon
2008-11-15 12:42:47 ----D---- C:\Users\Darren\AppData\Roaming\Jarte
2008-11-15 12:42:43 ----D---- C:\Program Files\Jarte
2008-11-11 09:53:57 ----A---- C:\Windows\system32\rpcnetp.dll
2008-11-11 09:53:10 ----A---- C:\Windows\system32\rpcnetp.exe
2008-11-09 12:56:15 ----D---- C:\Program Files\Lavasoft
2008-11-09 12:55:18 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 16:55:05 ----AH---- C:\Windows\system32\ROA1FC.tmp.LOG2
2008-11-08 16:55:05 ----AH---- C:\Windows\system32\ROA1FC.tmp.LOG1
2008-11-08 16:55:05 ----AH---- C:\Windows\system32\ROA1F7.tmp.LOG2
2008-11-08 16:55:05 ----AH---- C:\Windows\system32\ROA1F7.tmp.LOG1
2008-11-08 16:55:05 ----AH---- C:\Windows\system32\ROA1F4.tmp.LOG2
2008-11-08 16:55:05 ----AH---- C:\Windows\system32\ROA1F4.tmp.LOG1
2008-11-08 16:55:05 ----AH---- C:\Windows\system32\ROA1EF.tmp.LOG2
2008-11-08 16:55:05 ----AH---- C:\Windows\system32\ROA1EF.tmp.LOG1
2008-11-08 16:55:04 ----AH---- C:\Windows\system32\ROA1EC.tmp.LOG2
2008-11-08 16:55:04 ----AH---- C:\Windows\system32\ROA1EC.tmp.LOG1
2008-11-08 16:55:04 ----AH---- C:\Windows\system32\ROA1E7.tmp.LOG2
2008-11-08 16:55:04 ----AH---- C:\Windows\system32\ROA1E7.tmp.LOG1
2008-11-08 16:55:04 ----AH---- C:\Windows\system32\ROA1E4.tmp.LOG2
2008-11-08 16:55:04 ----AH---- C:\Windows\system32\ROA1E4.tmp.LOG1
2008-11-08 16:55:04 ----AH---- C:\Windows\system32\ROA1DF.tmp.LOG2
2008-11-08 16:55:04 ----AH---- C:\Windows\system32\ROA1DF.tmp.LOG1
2008-11-08 16:55:03 ----AH---- C:\Windows\system32\ROA1DC.tmp.LOG2
2008-11-08 16:55:03 ----AH---- C:\Windows\system32\ROA1DC.tmp.LOG1
2008-11-08 16:55:02 ----AH---- C:\Windows\system32\ROA1D7.tmp.LOG2
2008-11-08 16:55:02 ----AH---- C:\Windows\system32\ROA1D7.tmp.LOG1
2008-11-08 16:55:02 ----AH---- C:\Windows\system32\ROA1D4.tmp.LOG2
2008-11-08 16:55:02 ----AH---- C:\Windows\system32\ROA1D4.tmp.LOG1
2008-11-08 16:55:02 ----AH---- C:\Windows\system32\ROA1CF.tmp.LOG2
2008-11-08 16:55:02 ----AH---- C:\Windows\system32\ROA1CF.tmp.LOG1

======List of files/folders modified in the last 1 months======

2008-12-07 09:35:13 ----D---- C:\Windows\Temp
2008-12-07 09:35:11 ----D---- C:\Windows\Prefetch
2008-12-07 09:35:00 ----D---- C:\Users\Darren\AppData\Roaming\uTorrent
2008-12-07 09:19:20 ----D---- C:\SWSHARE
2008-12-07 09:19:18 ----D---- C:\Windows\system32\drivers
2008-12-06 21:57:38 ----SHD---- C:\System Volume Information
2008-12-06 19:43:22 ----D---- C:\Windows\System32
2008-12-06 19:43:22 ----A---- C:\Windows\system32\IPSCtrl.INI
2008-12-06 17:38:13 ----RD---- C:\Program Files
2008-12-06 17:27:56 ----D---- C:\Windows\system32\catroot2
2008-12-06 17:19:32 ----D---- C:\Program Files\HijackThis
2008-12-06 12:48:03 ----SD---- C:\Windows\Downloaded Program Files
2008-12-06 12:35:35 ----D---- C:\Windows
2008-12-06 11:24:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-06 11:09:16 ----D---- C:\Program Files\Synovel Spicebird
2008-12-05 17:01:14 ----D---- C:\Program Files\Mozilla Firefox
2008-12-05 13:16:30 ----D---- C:\Windows\Debug
2008-12-05 13:16:29 ----D---- C:\Windows\Minidump
2008-12-03 10:32:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-03 10:32:43 ----D---- C:\Windows\inf
2008-11-27 10:52:53 ----D---- C:\Program Files\Digsby
2008-11-27 04:21:30 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-13 18:52:15 ----HD---- C:\ProgramData
2008-11-13 18:52:15 ----D---- C:\Users\Darren\AppData\Roaming\Digsby
2008-11-13 17:54:45 ----SD---- C:\Users\Darren\AppData\Roaming\Microsoft
2008-11-09 12:58:52 ----SHD---- C:\Windows\Installer
2008-11-09 12:55:18 ----D---- C:\Program Files\Common Files
2008-11-08 17:00:05 ----D---- C:\Users\Darren\AppData\Roaming\Skype
2008-11-08 16:55:04 ----SHD---- C:\Boot
2008-11-08 16:55:04 ----D---- C:\Windows\system32\config
2008-11-08 16:38:02 ----D---- C:\Users\Darren\AppData\Roaming\skypePM
2008-11-08 16:24:53 ----D---- C:\Windows\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-27 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-27 111184]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-27 50864]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-27 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-27 51792]
R2 PROCDD;IPS Helper Driver; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2007-09-24 33536]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-05 1161152]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
R3 gbridge;Gbridge Virtual Miniport; C:\Windows\system32\DRIVERS\gbridge.sys [2008-10-19 39928]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968]
R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-08-12 47360]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2006-09-13 28224]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-09-24 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2006-09-14 35264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\Windows\system32\DRIVERS\enethusb.sys [2007-03-23 28005]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-03-10 83504]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-03-10 194096]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apache2.2;Apache2.2; C:\Apache\bin\httpd.exe [2007-09-05 24635]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-27 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-27 155160]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2006-11-10 54832]
R2 IPSSVC;IPS Core Service; C:\Windows\system32\IPSSVC.EXE [2006-11-20 108080]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]
R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2006-05-25 57344]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-03 174656]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2008-12-04 47104]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2006-12-16 11776]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2006-12-14 644672]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2006-10-13 55928]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-12-14 722496]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2006-12-14 569344]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2006-12-14 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2006-12-14 1118208]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-27 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-27 352920]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

-----------------EOF-----------------

RSIT LOG

info.txt logfile of random's system information tool 1.04 2008-12-07 09:35:25

======Uninstall list======

Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Advanced System Optimizer 2.01-->"C:\Program Files\Advanced System Optimizer\unins000.exe"
Agere Systems HDA Modem-->agrsmdel
Apache HTTP Server 2.2.6-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CD-DA X-Tractor v0.24-->"C:\Program Files\CD-DA X-Tractor\unins000.exe"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Client Security Solution-->MsiExec.exe /X{0F4EFCE8-E358-4430-A504-F55F32BA1816}
Digsby-->C:\Program Files\Digsby\uninstall.exe
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.6-->"C:\Program Files\DVDFab 5\unins000.exe"
Family Tree Maker 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}\Setup.exe" -l0x9
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Gbridge (remove only)-->C:\Program Files\Gbridge LLC\Gbridge\uninstall.exe
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GenoPro-->C:\Program Files\GenoPro17\Uninstall.exe
GIMP 2.4.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GPL Ghostscript 8.61-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.61\uninstal.txt"
GPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Handbrake 0.9.2-->C:\Program Files\Handbrake\uninst.exe
Handy Image Mapper 1.5-->"C:\Program Files\SilverAge Software\Tools\Free\Handy Image Mapper\unins000.exe"
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Jarte 3.3-->"C:\Program Files\Jarte\unins000.exe"
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Legacy 6.0-->C:\Legacy\UNWISE.EXE /U C:\Legacy\Install.log
Lenovo Care Supplement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\SETUP.EXE" -l0x9 -AddRemove
Lenovo Care-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\SETUP.EXE" -l0x9 -AddRemove
Lenovo Registration-->C:\Program Files\Lenovo Registration\uninstall.exe
Lenovo System Interface Driver-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTx86 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\setup.exe" -l0x9 UNINSTALL
Maintenance Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\AWAYTASK.INF
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muCommander (remove only)-->"C:\Program Files\muCommander\uninstall.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
On Screen Display-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.LH 132 C:\Program Files\Lenovo\HOTKEY\tphk_3k.inf
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Pawn 2-->C:\Program Files\Pawn 2\Uninstall.exe
PC Wizard 2008.1.84-->"C:\Program Files\PC Wizard 2008\unins000.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PM Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{62715632-A555-4D9E-9CEC-4F84EB55B07B}
Power Ux Customization-->MsiExec.exe /X{B1F625EB-9691-4889-A864-DA085739F3F0}
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Real Alternative 1.51-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Registry patch for Windows Vista USB S3 PM Enablement-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\USBPMon\USBPMon.inf
Rescue and Recovery-->MsiExec.exe /X{7E4C16B8-8F76-4940-8505-98E93C00BF19}
SigmaTel MSCN Audio Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}\setup.exe" -l0x9
Skypeâ„¢ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Synovel Spicebird (0.7)-->C:\Program Files\Synovel Spicebird\uninstall\helper.exe
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
TeraCopy 1.22-->"C:\Program Files\TeraCopy\unins000.exe"
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar-->"c:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar-->MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
WinFF 0.41-->"C:\Program Files\WinFF\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081206-0]
AV: Norton Internet Security
FW: Norton Internet Security
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender (outdated)
AS: Norton Internet Security
AS: avast! antivirus 4.8.1296 [VPS 081206-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;C:\Program Files\ThinkPad\ConnectUtilities;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"TPCCommon"=C:\PROGRA~1\Lenovo\LENOVO~2
"TVT"=C:\Program Files\Lenovo
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"SWSHARE"=C:\SWSHARE
"RR"=C:\Program Files\Lenovo\Rescue and Recovery
"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24

-----------------EOF-----------------

I realise Norton's is still listed as an AV in that list but it was only a silly 30 day trial that Ithought I had removed. The laptop came with a bunch of preloaded junk. I thought I uninstalled it and had registry cleaned that thing away amongst other tools.

Edited by Mad Dog Vee, 07 December 2008 - 07:27 PM.


BC AdBot (Login to Remove)

 


#2 Mad Dog Vee

Mad Dog Vee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 14 December 2008 - 01:04 AM

Resolved!

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 14 December 2008 - 04:21 AM

Thanks for letting us know.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users