Solve : New version of TDSSServ.Q ?? – InterviewSolution

InterviewSolution

1.	Solve : New version of TDSSServ.Q ??
Answer» My logs: HJT & random/random Logfile of random's system information tool 1.06 (written by random/random) Run by Daniel at 2009-04-17 11:37:01 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 8 GB (10%) free of 76 GB Total RAM: 2939 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:37:26, on 17-4-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\Elogsvc.exe C:\Program Files\Norman\Ngs\Bin\Nprosec.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\npf\bin\npfsvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Windows\system32\svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Program Files\Toshiba TEMPRO\TempoSVC.exe C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Windows\system32\vmnat.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Windows\system32\vmnetdhcp.exe C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe C:\Program Files\Norman\Npm\Bin\Nvcsched.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Program Files\Norman\Nse\Bin\NSESVC.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\TechSmith\Snagit 9\Snagit32.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Norman\Nvc\Bin\nvcoas.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\mmc.exe C:\Users\Daniel\Downloads\RSIT.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\Daniel.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV HELPER - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O13 - Gopher Prefix: O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe O23 - Service: Google Updateservice (gupdate1c9babbdc6ff782) (gupdate1c9babbdc6ff782) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13183 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachine.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [2008-11-06 68936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-21 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-21 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2008-11-06 211272] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904] "NDSTray.exe"=NDSTray.exe [] "cfFncEnabler.exe"=cfFncEnabler.exe [] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-06-25 150040] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-06-25 170520] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-06-25 145944] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504] "Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456] "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-06-24 509816] "Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-04-29 417792] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] "Norman ZANDA"=C:\Program Files\Norman\Npm\Bin\ZLH.EXE [2009-02-11 187504] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-04-24 430080] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-05-09 716800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-21 136600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-10-29 96816] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe Snagit 9.lnk - C:\Program Files\TechSmith\Snagit 9\Snagit32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-06-12 208896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e700c04-eeca-11dd-8eda-806e6f6e6963}] shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77086f0b-f37f-11dd-ad13-005056c00008}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Servers\splash.hta DVD* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc431f3d-04c9-11de-87c8-005056c00008}] shell\AutoRun\command - wscript .\go.vbe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc431f42-04c9-11de-87c8-005056c00008}] shell\AutoRun\command - G:\LaunchU3.exe -a ======File associations====== .reg - open - "regedit.exe" "%1" ======List of files/folders created in the last 1 months====== 2009-04-17 11:37:01 ----D---- C:\rsit 2009-04-17 10:19:27 ----A---- C:\Windows\ntbtlog.txt 2009-04-17 10:05:28 ----D---- C:\SDFix 2009-04-17 09:55:57 ----D---- C:\Program Files\Trend Micro 2009-04-16 23:37:27 ----D---- C:\Program Files\Windows Live Safety Center 2009-04-16 21:12:51 ----A---- C:\Windows\system32\GEARAspi.dll 2009-04-16 21:12:34 ----D---- C:\Program Files\iPod 2009-04-16 21:12:30 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-16 21:12:30 ----D---- C:\Program Files\iTunes 2009-04-08 13:46:36 ----D---- C:\Program Files\ASIO4ALL v2 2009-04-08 13:46:17 ----D---- C:\Program Files\VstPlugins 2009-04-08 13:46:17 ----A---- C:\Windows\system32\rewire.dll 2009-04-08 13:45:37 ----D---- C:\Program Files\Outsim 2009-04-08 13:42:15 ----D---- C:\Program Files\Image-Line 2009-04-05 11:05:08 ----D---- C:\Program Files\ToniArts 2009-03-31 12:26:07 ----RA---- C:\Windows\system32\msxml.dll 2009-03-31 12:26:02 ----RA---- C:\Windows\system32\xmltok.dll 2009-03-31 12:26:02 ----RA---- C:\Windows\system32\xmlparse.dll 2009-03-31 12:26:02 ----RA---- C:\Windows\system32\xmlinst.exe 2009-03-31 12:26:02 ----RA---- C:\Windows\system32\msxmlr.dll 2009-03-31 12:26:02 ----RA---- C:\Windows\system32\msxml3a.dll 2009-03-31 12:26:01 ----RA---- C:\Windows\system32\VB5DB.DLL 2009-03-31 12:25:19 ----D---- C:\Users\Daniel\AppData\Roaming\ubi.com 2009-03-31 12:25:18 ----A---- C:\Windows\patchw32.dll 2009-03-31 12:25:12 ----D---- C:\Program Files\Common Files\PocketSoft 2009-03-31 12:25:11 ----D---- C:\Program Files\ubi.com 2009-03-31 12:14:36 ----D---- C:\Program Files\Ubi Soft 2009-03-31 09:46:05 ----D---- C:\Program Files\Norman 2009-03-30 15:17:40 ----D---- C:\ProgramData\Messenger Plus! 2009-03-29 17:37:26 ----D---- C:\Program Files\Messenger Plus! Live 2009-03-24 18:30:39 ----D---- C:\Users\Daniel\AppData\Roaming\vlc 2009-03-24 18:29:05 ----D---- C:\Program Files\VideoLAN 2009-03-24 18:22:00 ----D---- C:\Program Files\SubDownloader2 2009-03-24 17:48:47 ----D---- C:\Users\Daniel\AppData\Roaming\mIRC 2009-03-24 17:48:46 ----D---- C:\Program Files\mIRC 2009-03-24 14:31:29 ----D---- C:\Users\Daniel\AppData\Roaming\Apple Computer 2009-03-24 14:31:05 ----DC---- C:\Windows\system32\DRVSTORE 2009-03-24 14:30:14 ----D---- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-24 14:29:40 ----D---- C:\Program Files\Bonjour 2009-03-24 14:27:58 ----D---- C:\Program Files\QuickTime 2009-03-24 14:27:55 ----D---- C:\ProgramData\Apple Computer 2009-03-24 14:27:13 ----D---- C:\Program Files\Apple Software Update 2009-03-24 14:25:47 ----D---- C:\Program Files\Common Files\Apple 2009-03-24 14:25:45 ----D---- C:\ProgramData\Apple 2009-03-22 00:35:20 ----D---- C:\Windows\Minidump 2009-03-21 11:57:50 ----D---- C:\Program Files\Lame for Audacity 2009-03-21 09:49:38 ----D---- C:\Program Files\Audacity ======List of files/folders modified in the last 1 months====== 2009-04-17 11:37:04 ----D---- C:\Windows\Temp 2009-04-17 11:13:07 ----D---- C:\Windows\inf 2009-04-17 11:13:07 ----AD---- C:\Windows\System32 2009-04-17 11:13:07 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-04-17 11:08:32 ----D---- C:\ProgramData\VMware 2009-04-17 10:19:27 ----D---- C:\Windows 2009-04-17 10:06:45 ----D---- C:\Windows\system32\Tasks 2009-04-17 09:55:57 ----RD---- C:\Program Files 2009-04-16 23:38:27 ----SHD---- C:\Windows\Installer 2009-04-16 23:38:27 ----SHD---- C:\Config.Msi 2009-04-16 21:12:52 ----D---- C:\Windows\system32\catroot 2009-04-16 21:12:51 ----D---- C:\Windows\system32\drivers 2009-04-16 21:12:30 ----HD---- C:\ProgramData 2009-04-16 16:40:19 ----D---- C:\Users\Daniel\AppData\Roaming\VMware 2009-04-15 09:52:41 ----D---- C:\Windows\system32\catroot2 2009-04-11 18:49:26 ----D---- C:\Windows\system32\WDI 2009-04-11 17:41:37 ----D---- C:\Program Files\Google 2009-04-11 17:40:37 ----D---- C:\Windows\Tasks 2009-04-11 16:17:03 ----SHD---- C:\System Volume Information 2009-04-09 18:22:36 ----D---- C:\Windows\Prefetch 2009-04-05 11:05:07 ----HD---- C:\Program Files\InstallShield Installation Information 2009-04-01 16:02:32 ----SD---- C:\Users\Daniel\AppData\Roaming\Microsoft 2009-03-31 12:25:12 ----D---- C:\Program Files\Common Files 2009-03-31 12:13:18 ----D---- C:\Program Files\Common Files\InstallShield 2009-03-30 10:12:28 ----D---- C:\Program Files\Mozilla Firefox 2009-03-24 14:29:17 ----D---- C:\Program Files\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ALE_NF;Norman Firewall ALE driver; \??\C:\Windows\system32\drivers\ale_nf.sys [2008-04-16 42552] R1 NPROSEC;Norman Security driver; \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys [2008-10-10 53816] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896] R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896] R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2008-10-29 32304] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672] R2 Ndiskio;Ndiskio; \??\C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS [2007-01-02 20448] R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2008-10-29 54960] R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-10-28 31280] R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-10-29 26288] R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-10-29 857392] R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2008-10-02 22448] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-04 8704] R3 CmBatt;Stuurprogramma voor Microsoft ACPI-besturingsmethode-accu; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-15 980992] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-15 207360] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512] R3 NvcMFlt;NvcMFlt; C:\Windows\system32\DRIVERS\nvcv32mf.sys [2009-01-22 19512] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784] R3 RTL8187B;Realtek RTL8187B draadloos 802.11b/g 54Mbps USB 2.0 netwerkadapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128] R3 tosporte;Bluetooth COM PORT; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600] R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432] R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2008-10-29 23216] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-10-28 16560] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-15 661504] S1 NGS;Norman General Security Driver; \??\c:\program files\norman\ngs\bin\ngs.sys [2009-02-11 22712] S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552] S3 alhgnabc;alhgnabc; C:\Windows\system32\drivers\alhgnabc.sys [] S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-04-02 62976] S3 toshidpt;Bluetooth HID Port; C:\Windows\system32\drivers\Toshidpt.sys [2005-07-11 3712] S3 Tosrfbd;Bluetooth RFBUS; C:\Windows\System32\Drivers\tosrfbd.sys [2006-11-21 113792] S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480] S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600] S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612] S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2006-11-02 53504] S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\System32\Drivers\tosrfusb.sys [2006-10-28 40960] S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2008-10-28 31280] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960] R2 eLoggerSvc6;Norman eLogger service 6; C:\Program Files\Norman\Npm\Bin\Elogsvc.exe [2007-11-21 150584] R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2009-02-25 408696] R2 NPFSvc32;Norman Personal Firewall Service; C:\Program Files\Norman\npf\bin\npfsvc32.exe [2009-01-13 597104] R2 NPROSECSVC;Norman Security service; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [2009-02-25 121912] R2 NVOY;Norman Resource Provider; C:\Program Files\Norman\npm\bin\nvoy.exe [2009-01-20 126008] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904] R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-22 185640] R2 TempoMonitoringService;Notebook Performance Tuning Service ; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720] R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-01-17 431456] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 77824] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976] R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-10-29 113200] R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-10-29 326192] R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-10-29 399920] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168] R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\Bin\Njeeves.exe [2008-05-13 203896] R3 nsesvc;Norman Scanner Engine Service; C:\Program Files\Norman\Nse\Bin\NSESVC.EXE [2008-11-27 183352] R3 nvcoas;Norman Virus Control on-access component; C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [2009-02-05 195640] R3 NVCScheduler;Norman Virus Control Scheduler; C:\Program Files\Norman\Npm\Bin\Nvcsched.exe [2007-09-18 154680] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728] S2 gupdate1c9babbdc6ff782;Google Updateservice (gupdate1c9babbdc6ff782); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-11 133104] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-13 316664] S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-10-02 191024] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] S4 msvsmon90;Visual Studio 2008 Remote Debugger; E:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416] -----------------EOF----------------- HJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJT HJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJTHJT HJTHJTHJTHJTHJTHJTHJTHJT info.txt logfile of random's system information tool 1.06 2009-04-17 11:37:35 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.3 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81300000003} Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0013 Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240 Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe Geluiddemper v. cd/dvd-station-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0013 -removeonly Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IPZAZCMzK.INF HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe IL-2 Sturmovik: Forgotten Battles-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3} /l1033 Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - nld-->MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Device Emulator version 3.0 - ENU-->MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66} Microsoft Document Explorer 2008-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D} Microsoft Office Professional Editie 2003-->MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9} Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510413-6000-11D3-8CFE-0150048383C9} Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE} Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE} Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD} Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8} Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3} Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504} Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD} Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4} Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7} Microsoft Visual Studio 2008 Professional Edition - ENU-->E:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools-->MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D} Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D} Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense-->MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f} Microsoft Windows SDK for Visual Studio 2008 Tools-->MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3} Microsoft Windows SDK for Visual Studio 2008 Win32 Tools-->MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7} mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC Mozilla Firefox (3.0.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nero 7 Ultra Edition-->MsiExec.exe /X{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1043} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0013 -removeonly Norman Security Suite-->MsiExec.exe /X{C8B34404-2E52-4C1F-A2B7-D26E46E5974D} Packet Tracer 5.0-->"C:\Program Files\Packet Tracer 5.0\unins000.exe" Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F} PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0013 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}\Install.exe -uninst -l0x13 Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly Realtek WiFi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}\Install.exe -uninst -l0x13 Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Snagit 9.1-->MsiExec.exe /I{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SubDownloader2-->"C:\Program Files\SubDownloader2\uninstall.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0013 -removeonly TOSHIBA ConfigFree-->MsiExec.exe /X{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755} TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0013 -ADDREMOVE -removeonly TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0413 TOSHIBA Face Recognition-->"C:\Program Files\InstallShield Installation Information\{C730E42C-935A-45BB-A0C5-37E5234D111B}\setup.exe" -runfromtemp -l0x0413 -removeonly TOSHIBA Face Recognition-->MsiExec.exe /I{C730E42C-935A-45BB-A0C5-37E5234D111B} TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0x13 Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0013 -removeonly TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF} TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}\setup.exe" -l0x13 Toshiba TEMPRO-->MsiExec.exe /X{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA} TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0413 TOSHIBA-handleidingen-->C:\Program Files\InstallShield Installation Information\{8A8EECC0-FECF-42BF-B414-D8E2F884E5AF}\setup.exe -runfromtemp -l0x0013 -removeonly Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe TRDCReminder-->C:\Program Files\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0413 TRORDCLauncher-->C:\Program Files\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0413 ubi.com-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E} Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Visual Studio 2005 Tools for Office tweede editie runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6} VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA} Windows Live - HULPPROGRAMMA voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Live aanmeldhulp-->MsiExec.exe /I{1BD6AE96-4742-4498-9D03-9451C7E5A214} Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{3CDAFDF9-A993-4B64-8D9B-36253D9C0DC9} Windows Live Mail-->MsiExec.exe /I{B38B1F86-8202-482F-A289-A4806DFA498D} Windows Live Messenger-->MsiExec.exe /X{1A38EBE5-08BD-4E0D-AAB9-0DFECACE108B} Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe" Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D} Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876} Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B} WinRAR-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AV: Norman Security Suite ver. 7.00 FW: Persoonlijke firewall AS: Windows Defender ======System event log====== Computer Name: Daan Event Code: 537 Message: Kan geen compatibel TPM (Trusted Platform Module)-beveiligingsapparaat op deze computer vinden. Kan TBS niet starten. Record Number: 43975 Source Name: Microsoft-Windows-TBS Time Written: 20090417091156.807176-000 Event Type: Informatie User: NT AUTHORITY\LOCAL SERVICE Computer Name: Daan Event Code: 7036 Message: De Security Center-service heeft nu de status wordt uitgevoerd. Record Number: 43976 Source Name: Service Control Manager Time Written: 20090417091158.000000-000 Event Type: Informatie User: Computer Name: Daan Event Code: 7036 Message: De Windows Media Center Service Launcher-service heeft nu de status gestopt. Record Number: 43977 Source Name: Service Control Manager Time Written: 20090417091159.000000-000 Event Type: Informatie User: Computer Name: Daan Event Code: 7036 Message: De Windows Update-service heeft nu de status wordt uitgevoerd. Record Number: 43978 Source Name: Service Control Manager Time Written: 20090417091208.000000-000 Event Type: Informatie User: Computer Name: Daan Event Code: 7036 Message: De WinHTTP Web Proxy Auto-Discovery-service-service heeft nu de status gestopt. Record Number: 43979 Source Name: Service Control Manager Time Written: 20090417093058.000000-000 Event Type: Informatie User: =====Application event log===== Computer Name: Daan Event Code: 1 Message: Norman Message [2009/04/17 11:33:02] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.2.2 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'TDSSServ.Q' Login information: User 'Daniel' on host 'DAAN'. File infected: C:/Windows/explorer.exe Virus repair error: Virus name: 'TDSSServ.Q'. Repair failed. Record Number: 13039 Source Name: NormanNPT Time Written: 20090417093302.000000-000 Event Type: Fout User: Computer Name: Daan Event Code: 1 Message: Norman Message [2009/04/17 11:33:02] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.2.2 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'TDSSServ.Q' Login information: User 'Daniel' on host 'DAAN'. File infected: C:/Windows/explorer.exe Virus repair error: Virus name: 'TDSSServ.Q'. Repair failed. Record Number: 13040 Source Name: NormanNPT Time Written: 20090417093302.000000-000 Event Type: Fout User: Computer Name: Daan Event Code: 1 Message: Norman Message [2009/04/17 11:33:03] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.2.2 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'TDSSServ.Q' Login information: User 'Daniel' on host 'DAAN'. File infected: C:/Windows/explorer.exe Virus repair error: Virus name: 'TDSSServ.Q'. Repair failed. Record Number: 13041 Source Name: NormanNPT Time Written: 20090417093303.000000-000 Event Type: Fout User: Computer Name: Daan Event Code: 1 Message: Norman Message [2009/04/17 11:33:04] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.2.2 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'TDSSServ.Q' Login information: User 'Daniel' on host 'DAAN'. File infected: C:/Windows/explorer.exe Virus repair error: Virus name: 'TDSSServ.Q'. Repair failed. Record Number: 13042 Source Name: NormanNPT Time Written: 20090417093304.000000-000 Event Type: Fout User: Computer Name: Daan Event Code: 1 Message: Norman Message [2009/04/17 11:33:20] -------------------------------------------------------- Application: NVC Cats Claw Node address: 192.168.2.2 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'TDSSServ.Q' Login information: User 'Daniel' on host 'DAAN'. File infected: C:/Windows/explorer.exe Virus repair error: Virus name: 'TDSSServ.Q'. Repair failed. Record Number: 13043 Source Name: NormanNPT Time Written: 20090417093320.000000-000 Event Type: Fout User: =====Security event log===== Computer Name: Daan Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id:S-1-5-18 Accountnaam:DAAN$ Accountdomein:WORKGROUP Aanmeldings-id:0x3e7 Aanmeldingstype:2 Nieuwe aanmelding: Beveiligings-id:S-1-5-21-1886378062-3032731309-4235970695-1000 Accountnaam:Daniel Accountdomein:Daan Aanmeldings-id:0x41630 Aanmeldings-GUID:{00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id:0x31c Naam proces:C:\Windows\System32\winlogon.exe Netwerkgegevens: Naam van werkstation:DAAN Netwerkadres van bron:127.0.0.1 Poort van bron:0 Gedetailleerde verificatiegegevens: Aanmeldingsproces:User32 Verificatiepakket:Negotiate Doorgezette services:- Pakketnaam (alleen NTLM):- Sleutellengte:0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 11599 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090417091006.492976-000 Event Type: Controle geslaagd User: Computer Name: Daan Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id:S-1-5-18 Accountnaam:DAAN$ Accountdomein:WORKGROUP Aanmeldings-id:0x3e7 Aanmeldingstype:2 Nieuwe aanmelding: Beveiligings-id:S-1-5-21-1886378062-3032731309-4235970695-1000 Accountnaam:Daniel Accountdomein:Daan Aanmeldings-id:0x41644 Aanmeldings-GUID:{00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id:0x31c Naam proces:C:\Windows\System32\winlogon.exe Netwerkgegevens: Naam van werkstation:DAAN Netwerkadres van bron:127.0.0.1 Poort van bron:0 Gedetailleerde verificatiegegevens: Aanmeldingsproces:User32 Verificatiepakket:Negotiate Doorgezette services:- Pakketnaam (alleen NTLM):- Sleutellengte:0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 11600 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090417091006.492976-000 Event Type: Controle geslaagd User: Computer Name: Daan Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id:S-1-5-21-1886378062-3032731309-4235970695-1000 Accountnaam:Daniel Accountdomein:Daan Aanmeldings-id:0x41630 Bevoegdheden:SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 11601 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090417091006.492976-000 Event Type: Controle geslaagd User: Computer Name: Daan Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam:\Device\HarddiskVolume2\Windows\System32\drivers\nvcv32mf.sys Record Number: 11602 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090417091029.752776-000 Event Type: Controle mislukt User: Computer Name: Daan Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam:\Device\HarddiskVolume2\Program Files\Norman\Npm\Bin\NmchInjDrv.sys Record Number: 11603 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090417091053.090376-000 Event Type: Controle mislukt User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\;%NpmLib% "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "VS90COMNTOOLS"=E:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip "NpmLib"=C:\Program Files\Norman\Npm\Bin ------------------------------------------------------------------------------------------------------------------------------------------- I can't seem to get rid of TDSSserv because general removal methods( http://www.myantispyware.com/2008/11/05/how-to-remove-trojan-tdsserv/ ), because there aren't any listed drivers installed. My norman antivirus reports that c\windows\eplorer.exe is infected, which i obviously can't remove. For anyone else with this problem: If explorer.exe gets quarantined, hit F8 and try to run a windows-bootup scan. This lets you restart again without you're windows going blind/black. I also use Norman Virus Scan and received the same MSG. Telling me my Explorer.exe file was infected with the Trojan TDSSServ.Q file. I tried using the Norman Malware Cleaner file that you run from "Safe" mode. But it didn't catch or clean it. Has anybody figured out a way to clean out this Trojan without destroying the explorer.exe file?

Discussion

No Comment Found

Related InterviewSolutions