downloader.zlob tdssserv.sys removal - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

downloader.zlob tdssserv.sys removal

#1 mrbriggs1

  • Group: Member
  • Posts: 2
  • Joined: 24-December 08

Posted 24 December 2008 - 04:26 AM

Well i have this virus that came in from a crack site and Spyware Detector will quarantine it but when I reboot my computer won't startup. When I do a sys restore the [bleep] thing is back! Any help out there? Hopefully my Hijack this uploaded

Attached File(s)


#2 kahdah

  • Group: GeekU Moderator
  • Posts: 15,822
  • Joined: 13-April 06

Posted 24 December 2008 - 07:04 AM

Hello mrbriggs1

Welcome to G2Go. :)
=====================

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

==================================
Download GMER from Here :
Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

#3 mrbriggs1

  • Group: Member
  • Posts: 2
  • Joined: 24-December 08

Posted 24 December 2008 - 07:47 PM

Thanks kahdah!

hopefully evreything copies over fine


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-24 18:41:11
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----
info.txt logfile of random's system information tool 1.05 2008-12-24 18:14:40



======Uninstall list======

-->"C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Word Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
BrainWave Generator-->C:\Windows\IsUninst.exe -f"C:\Program Files\BrainWave Generator\Uninst.isu"
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Canon CanoScan LiDE 100 User Registration-->C:\Program Files\Canon\IJEREG\CanoScan LiDE 100\UNINST.EXE
Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R
Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
Canon S750-->C:\Windows\system32\CNMCP3q.exe "-PRINTERNAMECanon S750" "-HELPERDLLC:\BJPrinter\CNMWindows\Canon S750 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWindows\Canon S750 Installer\Inst2\cnmi0409.dll"
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CanoScan LiDE 100 Scanner Driver-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413 /L0x0009
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CleanMyPC - Registry Cleaner-->"C:\Program Files\CleanMyPC\Registry Cleaner\unins000.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
CrystalReports11_Runtime-->MsiExec.exe /I{21B3EFF4-5AFB-46AA-80DB-56AB22714CE9}
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
drafixPDF Writer-->C:\Program Files\drafixPDF Writer\uninstpw.exe C:\Program Files\drafixPDF Writer
DWG TrueView 2009-->C:\Program Files\DWG TrueView 2009\Setup\Setup.exe /P {5783F2D6-7028-0409-0000-0060B0CE6BBA} /M AOEM
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 7-->MsiExec.exe /I{BEF106F8-2689-4530-925A-E1117836E8CD}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Users\scott\Desktop\Temp Installs\HijackThis.exe" /uninstall
Horticopia Image Gallery-->C:\PROGRA~1\HORTIC~1\IMAGEG~1\UNWISE.EXE C:\PROGRA~1\HORTIC~1\IMAGEG~1\INSTALL.LOG
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Connections (remove only)-->C:\Windows\HPCPCUninstall-6811507\HPBWSetup.exe -appid 6811507 -uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.10 B9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Total Care Advisor-->MsiExec.exe /X{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guide 0042-->MsiExec.exe /I{B0F97FBF-9F98-4522-B65D-8980FE38C726}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Linksys Wireless-G Notebook Adapter Driver - WPC54Gv3-->C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\setup.exe -runfromtemp -l0x0009 -removeonly
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99C5770C-1C90-42E7-9B74-D47CFAF14621}\setup.exe" -l0x9
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Network Magic-->C:\ProgramData\Pure Networks\Setup\nmsetup.exe /uninstall
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OLYMPUS Master 2-->MsiExec.exe /X{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82}
PaperPort 7.02-->C:\Windows\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort\Config\DeIsL1.isu" -y -c"C:\Program Files\ScanSoft\PaperPort\UnInstl2.dll"
PRO Landscape 13.1-->C:\PROGRA~1\Drafix\PROLAN~1\UNWISE.EXE /U C:\PROGRA~1\Drafix\PROLAN~1\INSTALL.LOG
PRO Landscape 14.1 Upgrade-->C:\PROGRA~1\Drafix\PROLAN~1\UNWISE.EXE /U C:\PROGRA~1\Drafix\PROLAN~1\INSTALL.LOG
QuickBooks Premier: Contractor Edition 2007-->msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="contractor" QBFULLNAME="QuickBooks Premier: Contractor Edition 2007" ADDREMOVE=1
QuickBooks Product Listing Service-->MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RemoveIT Pro v7 (Trial)-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Office 2007 (KB934062)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spyware Detector-->"C:\Program Files\SpywareDetector\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
Trend Micro AntiVirus-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro AntiVirus-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB932080)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934393)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
VeryPDF Image2PDF v3.2-->"C:\Program Files\VeryPDF Image2PDF v3.2\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
yDecode 1.41-->C:\Program Files\yDecode\uninst.exe

======Hosts File======

127.0.0.1 www.test.com127.0.0.1 www.ads.x10.com127.0.0.1 www.600pics.com127.0.0.1 www.doberman.befree.com127.0.0.1 www.enews.bfast.com127.0.0.1 www.etoys.bfast.com127.0.0.1 www.falcon.bfast.com127.0.0.1 www.ftp.befree.com127.0.0.1 www.ftp.bfast.com
======Security center information======

AV: Trend Micro AntiVirus - Virus Protection (disabled) (outdated)
AV: Trend Micro AntiVirus
AV: Norton Internet Security
FW: Norton Internet Security
AS: Trend Micro AntiVirus (disabled)
AS: Windows Defender
AS: Norton Internet Security
AS: Trend Micro AntiVirus - Spyware Protection (disabled) (outdated)

System event log

Computer Name: laptop
Event Code: 1
Message: The system has resumed from sleep.

Sleep Time: 2008-12-24T21:28:46.006Z
Wake Time: 2008-12-25T00:08:51.136Z

Wake Source: Power Button
Record Number: 165734
Source Name: Microsoft-Windows-Power-Troubleshooter
Time Written: 20081225000852.790000-000
Event Type: Information
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: laptop
Event Code: 102
Message: The service temporarily stopped publishing because of a power event.
Record Number: 165735
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20081225000852.899200-000
Event Type: Information
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: laptop
Event Code: 104
Message: The service is publishing to the network.
Record Number: 165736
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20081225000855.504400-000
Event Type: Information
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: laptop
Event Code: 10029
Message: DCOM started the service usnjsvc with arguments "" in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
Record Number: 165737
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20081225011019.000000-000
Event Type: Information
User:

Computer Name: laptop
Event Code: 7036
Message: The Messenger Sharing Folders USN Journal Reader service service entered the running state.
Record Number: 165738
Source Name: Service Control Manager
Time Written: 20081225011019.000000-000
Event Type: Information
User:

Application event log

Computer Name: laptop
Event Code: 102
Message: msnmsgr (5416) \\.\C:\Users\scott\AppData\Local\Microsoft\Messenger\grandscapesllc@msn.com\SharingMetadata\Working\database_2501_DF73_3CF4_735\dfsr.db: The database engine (6.00.6001.0000) started a new instance (0).
Record Number: 32523
Source Name: ESENT
Time Written: 20081225011019.000000-000
Event Type: Information
User:

Computer Name: laptop
Event Code: 300
Message: msnmsgr (5416) \\.\C:\Users\scott\AppData\Local\Microsoft\Messenger\grandscapesllc@msn.com\SharingMetadata\Working\database_2501_DF73_3CF4_735\dfsr.db: The database engine is initiating recovery steps.
Record Number: 32524
Source Name: ESENT
Time Written: 20081225011020.000000-000
Event Type: Information
User:

Computer Name: laptop
Event Code: 301
Message: msnmsgr (5416) \\.\C:\Users\scott\AppData\Local\Microsoft\Messenger\grandscapesllc@msn.com\SharingMetadata\Working\database_2501_DF73_3CF4_735\dfsr.db: The database engine has begun replaying logfile \\.\C:\Users\scott\AppData\Local\Microsoft\Messenger\grandscapesllc@msn.com\SharingMetadata\Working\database_2501_DF73_3CF4_735\fsr.log.
Record Number: 32525
Source Name: ESENT
Time Written: 20081225011020.000000-000
Event Type: Information
User:

Computer Name: laptop
Event Code: 302
Message: msnmsgr (5416) \\.\C:\Users\scott\AppData\Local\Microsoft\Messenger\grandscapesllc@msn.com\SharingMetadata\Working\database_2501_DF73_3CF4_735\dfsr.db: The database engine has successfully completed recovery steps.
Record Number: 32526
Source Name: ESENT
Time Written: 20081225011020.000000-000
Event Type: Information
User:

Computer Name: laptop
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 32527
Source Name: LightScribeService
Time Written: 20081225011435.000000-000
Event Type: Information
User:

Security event log

Computer Name: laptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 117479
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081225011415.422000-000
Event Type: Audit Failure
User:

Computer Name: laptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 117480
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081225011415.507000-000
Event Type: Audit Failure
User:

Computer Name: laptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 117481
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081225011415.562000-000
Event Type: Audit Failure
User:

Computer Name: laptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 117482
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081225011415.626000-000
Event Type: Audit Failure
User:

Computer Name: laptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 117483
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081225011415.685000-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------



Logfile of random's system information tool 1.05 (written by random/random)
Run by scott at 2008-12-24 18:31:02
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 58 GB (54%) free of 108 GB
Total RAM: 2750 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:13 PM, on 12/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SpywareDetector\SpywareDetector.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\scott\Desktop\Temp Installs\RSIT.exe
C:\Users\scott\Desktop\Temp Installs\scott.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDMainSvc - Max Secure Software - C:\Program Files\SpywareDetector\SDMainService.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7510 bytes

======Scheduled tasks folder======

C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\User_Feed_Synchronization-{47EDBE63-D1D2-43AB-A62B-C8CB38DB580A}.job
C:\Windows\tasks\xerlmkvh.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-09-21 55824]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-07 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-07 8534560]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-11-07 81920]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe [2008-12-16 1362696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRO Landscape Dashboard]
C:\Program Files\Drafix\PRO Landscape\PRO Landscape Dashboard.exe [2008-01-03 3211264]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll [2008-12-01 475136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-12-24 18:13:08 ----D---- C:\rsit
2008-12-24 03:32:22 ----D---- C:\Users\scott\AppData\Roaming\Malwarebytes
2008-12-24 03:32:15 ----D---- C:\ProgramData\Malwarebytes
2008-12-24 03:32:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-23 13:43:28 ----D---- C:\Users\scott\AppData\Roaming\PC Tools
2008-12-23 13:43:28 ----D---- C:\Program Files\Spyware Doctor
2008-12-23 13:30:56 ----D---- C:\ERDNT
2008-12-23 13:30:54 ----D---- C:\Windows\ERUNT
2008-12-23 13:30:54 ----D---- C:\Windows\ERDNT
2008-12-23 13:29:46 ----D---- C:\!FixIEDef
2008-12-23 13:24:00 ----SHD---- C:\Config.Msi
2008-12-23 12:42:58 ----A---- C:\rollback.ini
2008-12-23 12:40:17 ----D---- C:\ProgramData\ParetoLogic
2008-12-23 12:40:17 ----D---- C:\Program Files\Common Files\ParetoLogic
2008-12-23 11:13:05 ----A---- C:\rapport.txt
2008-12-23 09:08:51 ----D---- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-12-18 15:26:17 ----RSH---- C:\SDVirus.txt
2008-12-18 14:40:46 ----A---- C:\Windows\system32\SDEarlyDelete.exe
2008-12-18 14:15:48 ----D---- C:\Program Files\InCode Solutions
2008-12-18 14:15:48 ----A---- C:\Windows\system32\37d7c3e4-.txt
2008-12-18 07:25:29 ----A---- C:\Windows\system32\mshtml.dll
2008-12-10 06:33:34 ----A---- C:\Windows\system32\tzres.dll
2008-12-09 19:53:51 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-09 19:53:50 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-09 14:44:34 ----A---- C:\Windows\system32\mf.dll
2008-12-09 14:44:33 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-09 14:44:32 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-09 14:44:32 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 14:18:03 ----A---- C:\Windows\system32\shell32.dll
2008-12-09 14:17:31 ----A---- C:\Windows\system32\wininet.dll
2008-12-09 14:17:31 ----A---- C:\Windows\system32\urlmon.dll
2008-12-09 14:17:31 ----A---- C:\Windows\system32\ieframe.dll
2008-12-09 14:17:30 ----A---- C:\Windows\system32\mstime.dll
2008-12-09 14:17:30 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-09 14:17:30 ----A---- C:\Windows\system32\iertutil.dll
2008-12-09 14:08:16 ----A---- C:\Windows\system32\gdi32.dll
2008-12-09 14:06:29 ----A---- C:\Windows\explorer.exe
2008-12-01 12:07:51 ----D---- C:\Users\scott\AppData\Roaming\Autodesk
2008-12-01 12:06:36 ----D---- C:\Program Files\Common Files\Autodesk Shared
2008-12-01 12:06:35 ----D---- C:\ProgramData\Autodesk
2008-12-01 12:06:35 ----D---- C:\Program Files\DWG TrueView 2009
2008-12-01 12:06:11 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-12-01 10:16:17 ----D---- C:\Program Files\Unilock v9.0
2008-11-30 09:20:13 ----D---- C:\ProgramData\Google Updater
2008-11-26 16:22:34 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-26 16:11:11 ----D---- C:\ProgramData\NOS
2008-11-26 16:11:11 ----D---- C:\Program Files\NOS
2008-11-26 15:21:17 ----D---- C:\Program Files\Drafix
2008-11-26 05:57:54 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 05:57:52 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 05:57:52 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 05:57:52 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 05:57:49 ----A---- C:\Windows\system32\connect.dll

======List of files/folders modified in the last 1 months======

2008-12-24 18:31:14 ----D---- C:\Windows\Temp
2008-12-24 18:26:36 ----D---- C:\Windows\Prefetch
2008-12-24 18:10:28 ----D---- C:\Users\scott\AppData\Roaming\MSN6
2008-12-24 17:17:14 ----RASH---- C:\SDSignature.txt
2008-12-24 17:14:55 ----D---- C:\Windows\System32
2008-12-24 17:14:23 ----RASH---- C:\ExecSignature.txt
2008-12-24 06:26:30 ----D---- C:\Windows\system32\drivers
2008-12-24 06:25:21 ----D---- C:\Windows
2008-12-24 05:34:37 ----D---- C:\Windows\inf
2008-12-24 05:34:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-24 05:05:21 ----SHD---- C:\System Volume Information
2008-12-24 05:02:41 ----SD---- C:\Windows\Downloaded Program Files
2008-12-24 03:32:15 ----RD---- C:\Program Files
2008-12-24 03:32:15 ----HD---- C:\ProgramData
2008-12-24 03:30:58 ----D---- C:\Program Files\SpywareDetector
2008-12-23 17:12:40 ----AD---- C:\ProgramData\TEMP
2008-12-23 16:01:57 ----A---- C:\Windows\DCEBoot.exe
2008-12-23 13:26:08 ----SHD---- C:\Windows\Installer
2008-12-23 13:22:46 ----D---- C:\Windows\Tasks
2008-12-23 13:22:45 ----D---- C:\Windows\system32\catroot
2008-12-23 12:47:32 ----D---- C:\Windows\system32\Tasks
2008-12-23 12:40:17 ----D---- C:\Program Files\Common Files
2008-12-23 12:16:52 ----D---- C:\Windows\system32\wbem
2008-12-23 12:16:12 ----D---- C:\Windows\system32\config
2008-12-23 12:15:46 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-23 12:15:46 ----D---- C:\Windows\system32\Msdtc
2008-12-23 12:15:46 ----D---- C:\Windows\system32\CodeIntegrity
2008-12-23 12:15:46 ----D---- C:\Windows\system32\catroot2
2008-12-23 12:15:46 ----D---- C:\Windows\system
2008-12-23 12:15:45 ----D---- C:\Windows\registration
2008-12-23 12:10:39 ----D---- C:\Windows\SMINST
2008-12-23 09:48:15 ----D---- C:\Windows\system32\spool
2008-12-23 09:48:08 ----D---- C:\ProgramData\CanonIJ
2008-12-23 09:08:39 ----A---- C:\Windows\system32\WLAN.INI
2008-12-23 09:04:48 ----D---- C:\Windows\Minidump
2008-12-23 08:14:30 ----SHD---- C:\boot
2008-12-19 08:13:33 ----D---- C:\ProgramData\CanonIJPLM
2008-12-18 14:43:48 ----D---- C:\Users\scott\AppData\Roaming\Identities
2008-12-18 14:40:52 ----A---- C:\Windows\system32\SDEarlyDelete.ini
2008-12-18 12:27:22 ----D---- C:\ProgramData\Microsoft Help
2008-12-18 07:26:34 ----D---- C:\Windows\winsxs
2008-12-17 19:12:18 ----A---- C:\Windows\system32\CheckDll.dll
2008-12-12 09:36:00 ----D---- C:\Temp install
2008-12-12 09:14:42 ----RSD---- C:\Windows\Fonts
2008-12-12 09:10:28 ----D---- C:\Program Files\Common Files\Adobe
2008-12-12 09:10:01 ----D---- C:\Program Files\Adobe
2008-12-12 09:05:08 ----D---- C:\TEMP
2008-12-11 07:29:14 ----D---- C:\Windows\rescache
2008-12-10 06:38:16 ----D---- C:\Program Files\Windows Mail
2008-12-10 06:38:15 ----D---- C:\Windows\system32\en-US
2008-12-10 06:38:15 ----D---- C:\Windows\AppPatch
2008-12-09 15:24:38 ----A---- C:\Windows\system32\mrt.exe
2008-12-05 17:03:05 ----D---- C:\Program Files\MSN
2008-12-05 11:41:59 ----D---- C:\Users\scott\AppData\Roaming\Google
2008-12-05 11:40:52 ----D---- C:\ProgramData\Google
2008-12-04 13:05:08 ----D---- C:\Program Files\Google
2008-12-01 12:09:14 ----RSD---- C:\Windows\assembly
2008-12-01 12:09:14 ----D---- C:\Windows\Microsoft.NET
2008-12-01 12:06:46 ----D---- C:\Windows\Help
2008-12-01 12:04:54 ----D---- C:\Program Files\Common Files\microsoft shared
2008-12-01 11:27:15 ----A---- C:\Windows\RECOVER.INI
2008-12-01 10:15:18 ----D---- C:\Windows\Downloaded Installations
2008-12-01 09:05:57 ----D---- C:\Windows\pss
2008-11-26 16:22:17 ----D---- C:\ProgramData\Adobe
2008-11-26 15:51:52 ----D---- C:\PRO Landscape Library
2008-11-26 14:52:41 ----D---- C:\Program Files\DrafixOld

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2008-02-16 65936]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-05-16 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-05-16 26424]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-09 113664]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2008-02-16 52496]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2008-02-16 138384]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2008-02-16 52240]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-11-16 1207288]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-07 8231584]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 SDActMon;SDActMon; \??\C:\Program Files\SpywareDetector\SDActMon.sys [2008-12-10 21888]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-11-16 1207288]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-02-22 159232]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 OlCamudp;OLYMPUS Digital Camera; C:\Windows\System32\Drivers\olcamudp.sys [2000-02-08 10379]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\Windows\system32\DRIVERS\rt2500usb.sys [2005-11-17 245376]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-24 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-24 118877]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-30 168432]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 SDMainSvc;SDMainSvc; C:\Program Files\SpywareDetector\SDMainService.exe [2008-12-16 920840]
R2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe [2008-12-17 1701328]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-16 333064]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-26 648456]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2006-11-28 63080]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Sourc

#4 kahdah

  • Group: GeekU Moderator
  • Posts: 15,822
  • Joined: 13-April 06

Posted 24 December 2008 - 10:31 PM

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton Internet Security or Trend Micro AntiVirus .
============================================================
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


  • Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Share this topic:


Page 1 of 1