Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Keyboard Settings Keeps Changing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Keyboard Settings Keeps Changing

Unread postby Wazakindjes » December 7th, 2008, 3:52 pm

Randomly my keyboard's repeating-delay is changing. From almost the maximum speed to almost the slowest. I was thinking that it could be some kind of malware, so I ran multiple scans with Malwarebytes's Anti-Malware. Every scan, it found the same virus. I've read the topic about the P2P programmes, but might I get a virus in an .exe form, my scanner detects it. In this case it isn't probably. I've removed LimeWire. Also, MBAM detected a Vundo virus and removed it.

This is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:52, on 7-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\sttray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Frank en Rick\I-Tunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpamWeed\swengine.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Frank en Rick\I-Tunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.ziggo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: TBSB02678 Class - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - C:\PROGRA~1\QUICKN~1\YOUTUB~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDownloader\GrabPro.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Frank en Rick\I-Tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Event Reminder.lnk = C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpamWeed.lnk = C:\Program Files\SpamWeed\swengine.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.rpgcross.nl
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-U ... E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - Winlogon Notify: byXOgggg - byXOgggg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Xampp\apache\bin\apache.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 13237 bytes
Wazakindjes
Regular Member
 
Posts: 15
Joined: December 7th, 2008, 3:32 pm
Advertisement
Register to Remove

Re: Keyboard Settings Keeps Changing

Unread postby jmw3 » December 11th, 2008, 9:05 am

Welcome Wazakindjes

I apologise in advance for the late reply. As you can appreciate the boards are quite busy. If you still require help with your computer problem could you post a new HijackThis log along with an Uninstall List.

Create an Uninstall List
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button
  • Click on the Save list... button and specify where you would like to save this file
  • When you press the Save button a notepad will open with the contents of that file
  • Copy and paste the contents of that notepad here in your next reply
Thanks

but might I get a virus in an .exe form, my scanner detects it.

Could you also expand on this comment please. What scanner & what .exe is being detected?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Keyboard Settings Keeps Changing

Unread postby Wazakindjes » December 11th, 2008, 10:28 am

Acoustica Beatcraft
Acoustica Effects Pack
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Photoshop Elements 4.0
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.3 - Nederlands
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Type Manager 4.0
AoA Audio Extractor 1.0
Apple Software Update
ASIO4ALL
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 9 (KB917734)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
BitLord 1.1
Call of Duty(R) 4 - Modern Warfare(TM)
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Citrix ICA Web Client
Collab
Common RTP 1.0
Compatibility Pack for the 2007 Office system
Davi-Tuin 3D DeLuxe 3
DivX Codec
DivX Content Uploader
DivX Web Player
Dropbox
Finale 2009
Firebird SQL Server - MAGIX Edition (NL)
Garritan Instruments for Finale 2009
getPlus(R)_ocx
Google Updater
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Assistant
HP PSC & OfficeJet 5.3.A
HP Solution Center & Imaging Support Tools 5.3
HP Update
HyperCam 2
Install Creator Pro
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Jewel Quest Deluxe
Linksys EasyLink Advisor
Linksys EasyLink Advisor
MAGIX Music Maker 2007 (NL)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - NLD
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Dutch Language Pack
Microsoft .NET Framework 3.0 Nederlands taalpakket
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office XP Standard Voor leerlingen, studenten en docenten
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works 6-9 Converter
MOBILedit! 2.8
Movavi Flash Converter
MSN BackUp 1.3.3
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NCH Toolbox
Nero 7 Essentials
Nintendo DS - GBA Max Drive
Norman Ad-Aware SE Plus
Norman Virus Control
NVIDIA Drivers
OLYMPUS CAMEDIA Master 4.1
Orbit Downloader
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
Peggle (remove only)
PowerDVD
PrintMaster® Platina 8.0
Prism Video Converter
QuickTime
RahJongg - The Curse of Ra
RGSS-RTP Standard
RPG Maker 2003
RPG Maker VX
RPG Maker VX RTP
RPGXP
Ruby-186-26
SABnzbd (remove only)
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Serif DrawPlus 3.0
SigmaTel Audio
Skype™ 3.6
SpamWeed 2.5 rev. 366
SpamWeed 2.7 rev. 599
Spelling Dictionaries Support For Adobe Reader 8
swf2avi 0.3
Switch
System Requirements Lab
TeamViewer 3
Text-To-Speech-Runtime
The legend of El Dorado Deluxe
Three Ships Browser Plugin
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Ventrilo Client
VentriloMIX
WavePad Uninstall
WebEx Support Manager for Internet Explorer
Windows Imaging Component
Windows Live aanmeldhulp
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (NLD)
Windows Workflow Foundation NL Language Pack
Windows XP Service Pack 3
WinRAR
World of Warcraft
Xfire (remove only)
XML Paper Specification Shared Components Language Pack 1.0
Youtube-Download-Convert-Toolbar
Zuma Deluxe


jmw3 wrote:
but might I get a virus in an .exe form, my scanner detects it.

Could you also expand on this comment please. What scanner & what .exe is being detected?
Norman Virus Scanner. The .exes are mostly programs, being removed as soon as Norman detects it as a virus. I don't have to open the .exe for being detected.
Wazakindjes
Regular Member
 
Posts: 15
Joined: December 7th, 2008, 3:32 pm

Re: Keyboard Settings Keeps Changing

Unread postby jmw3 » December 11th, 2008, 10:44 am

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitLord 1.1

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Create a new Uninstall List & HijackThis log when finished and post the logs back here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Keyboard Settings Keeps Changing

Unread postby Wazakindjes » December 11th, 2008, 10:50 am

Bad me, forgot BitLord. :P

HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:21, on 11-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Frank en Rick\I-Tunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\SpamWeed\swengine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\java.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Frank en Rick\I-Tunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Gebruiker\Menu Start\Programma's\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.ziggo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: TBSB02678 Class - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - C:\PROGRA~1\QUICKN~1\YOUTUB~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDownloader\GrabPro.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Frank en Rick\I-Tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Event Reminder.lnk = C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpamWeed.lnk = C:\Program Files\SpamWeed\swengine.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.rpgcross.nl
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-U ... E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - Winlogon Notify: byXOgggg - byXOgggg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Xampp\apache\bin\apache.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 13235 bytes


Uninstall List:
Acoustica Beatcraft
Acoustica Effects Pack
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Photoshop Elements 4.0
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.3 - Nederlands
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Type Manager 4.0
AoA Audio Extractor 1.0
Apple Software Update
ASIO4ALL
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 9 (KB917734)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Call of Duty(R) 4 - Modern Warfare(TM)
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Citrix ICA Web Client
Collab
Common RTP 1.0
Compatibility Pack for the 2007 Office system
Davi-Tuin 3D DeLuxe 3
DivX Codec
DivX Content Uploader
DivX Web Player
Dropbox
Finale 2009
Firebird SQL Server - MAGIX Edition (NL)
Garritan Instruments for Finale 2009
getPlus(R)_ocx
Google Updater
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Assistant
HP PSC & OfficeJet 5.3.A
HP Solution Center & Imaging Support Tools 5.3
HP Update
HyperCam 2
Install Creator Pro
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Jewel Quest Deluxe
Linksys EasyLink Advisor
Linksys EasyLink Advisor
MAGIX Music Maker 2007 (NL)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - NLD
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Dutch Language Pack
Microsoft .NET Framework 3.0 Nederlands taalpakket
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office XP Standard Voor leerlingen, studenten en docenten
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works 6-9 Converter
MOBILedit! 2.8
Movavi Flash Converter
MSN BackUp 1.3.3
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NCH Toolbox
Nero 7 Essentials
Nintendo DS - GBA Max Drive
Norman Ad-Aware SE Plus
Norman Virus Control
NVIDIA Drivers
OLYMPUS CAMEDIA Master 4.1
Orbit Downloader
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
Peggle (remove only)
PowerDVD
PrintMaster® Platina 8.0
Prism Video Converter
QuickTime
RahJongg - The Curse of Ra
RGSS-RTP Standard
RPG Maker 2003
RPG Maker VX
RPG Maker VX RTP
RPGXP
Ruby-186-26
SABnzbd (remove only)
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Serif DrawPlus 3.0
SigmaTel Audio
Skype™ 3.6
SpamWeed 2.5 rev. 366
SpamWeed 2.7 rev. 599
Spelling Dictionaries Support For Adobe Reader 8
swf2avi 0.3
Switch
System Requirements Lab
TeamViewer 3
Text-To-Speech-Runtime
The legend of El Dorado Deluxe
Three Ships Browser Plugin
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Ventrilo Client
VentriloMIX
WavePad Uninstall
WebEx Support Manager for Internet Explorer
Windows Imaging Component
Windows Live aanmeldhulp
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (NLD)
Windows Workflow Foundation NL Language Pack
Windows XP Service Pack 3
WinRAR
World of Warcraft
Xfire (remove only)
XML Paper Specification Shared Components Language Pack 1.0
Youtube-Download-Convert-Toolbar
Zuma Deluxe


EDIT± I've put my stick in the computer couple of hours ago, and a Trojan.DNSChanger was detected. Been removed, but coming back every time. The Trojan that was been removed is "autorun.inf". The .inf was on the stick. Like 1,5 hours ago, the computer crashed, so I thought to be sure, and did a MBAM scan, found the Trojan (actually 3 times) and 2 other virusses and removed it. The log is been translated, because it was Dutch, and this is an English forum:

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3

11-12-2008 18:35:15
mbam-log-2008-12-11 (18-35-15).txt

Scan type: Quick Scan
Files scanned: 67888
Elapsed time: 13 minute(s), 56 second(s)

Memoryprocesses infected: 0
Memorymodules infected: 0
Registrykeys infected: 1
Registryvalues infected: 1
Registrydata objects infected: 0
Folders infected: 1
Files infected: 2

Memoryprocesses infected:
(No harmful files found)

Memorymodules infected:
(No harmful files found)

Registrykeys infected:
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Registryvalues infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6ae02e1c-8859-4f57-9097-5a55a56a4caf} (Adware.BHO) -> Quarantined and deleted successfully.

Registrydata files infected:
(No harmful files found)

Folders infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files infected:
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-855.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Wazakindjes
Regular Member
 
Posts: 15
Joined: December 7th, 2008, 3:32 pm

Re: Keyboard Settings Keeps Changing

Unread postby jmw3 » December 13th, 2008, 11:03 am

Apologies for the late reply.

Fix HiJackThis Entries
  • Open HiJackThis
  • Click on Do a system scan only
  • Place a checkmark next to these lines(if still present):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: TBSB02678 Class - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - C:\PROGRA~1\QUICKN~1\YOUTUB~1.DLL (file missing)
O15 - Trusted Zone: http://www.download.com <<<<-------------- See Note below on IE's Trusted Zone
O15 - Trusted Zone: http://www.rpgcross.nl <<<<-------------- See Note below on IE's Trusted Zone
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - Winlogon Notify: byXOgggg - byXOgggg.dll (file missing)


  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.
You really should not have any website in the Trusted Zone of Internet Explorer. The reason being the default security settings in the Trusted Zone are set too low, which makes it unsafe. Plus it should not be necessary for any remote server to have that level of access. Plenty of good & reputable sites get hacked to host malware; advertising networks are renowned for serving malware which can appear on any site. The best policy is to remove anything from the Trusted Zone unless it's absolutely required in order for the site to work & you trust that site implicitly.

ATF Cleaner
Download ATF Cleaner here by Atribune.
    Double-click ATF-Cleaner.exe to run the program
    Under Main choose: Select All
    Click the Empty Selected button
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
Click Exit on the Main menu to close the program.

Random's System Information Tool (RSIT)
  • Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run the tool
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • Copy & paste the contents of both logs in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Keyboard Settings Keeps Changing

Unread postby Wazakindjes » December 13th, 2008, 11:13 am

Better a late reply than none, right? :P

But I only got log.txt. :?

Logfile of random's system information tool 1.04 (written by random/random)
Run by Gebruiker at 2008-12-13 16:11:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 173 GB (57%) free of 305 GB
Total RAM: 2045 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:11, on 13-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Frank en Rick\I-Tunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpamWeed\swengine.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Frank en Rick\I-Tunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Gebruiker\Bureaublad\RSIT.exe
C:\Documents and Settings\Gebruiker\Menu Start\Programma's\HijackThis\Gebruiker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.ziggo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDownloader\GrabPro.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Frank en Rick\I-Tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Event Reminder.lnk = C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpamWeed.lnk = C:\Program Files\SpamWeed\swengine.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-U ... E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Xampp\apache\bin\apache.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 12891 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\OrbitDownloader\orbitcth.dll [2008-11-24 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17FDB9F8-DCC4-4F6A-AE07-B16018A48469}]
ThreeShips IE Helper - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll [2007-02-13 562808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-07 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\OrbitDownloader\GrabPro.dll [2008-11-24 445560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-23 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-06-23 86016]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-06-23 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Photo Downloader"=C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-16 57344]
"Norman ZANDA"=C:\Norman\Npm\Bin\ZLH.EXE [2008-06-02 277616]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"iTunesHelper"=C:\Frank en Rick\I-Tunes\iTunesHelper.exe [2007-05-26 257088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-01 136600]
"Ad-Aware"=C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe [2007-09-27 1162240]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-01-08 451896]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AWMON"=C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe [2007-09-26 516608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Event Reminder.lnk - C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Linksys EasyLink Advisor.lnk - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
SpamWeed.lnk - C:\Program Files\SpamWeed\swengine.exe

C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Dropbox.lnk - C:\Program Files\Dropbox\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-23 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\496FGTEB\Norman_Repair_Center[1].exe"="C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\496FGTEB\Norman_Repair_Center[1].exe:*:Enabled:Norman_Repair_Center[1]"
"C:\Frank en Rick\I-Tunes\iTunes.exe"="C:\Frank en Rick\I-Tunes\iTunes.exe:*:Enabled:iTunes"
"C:\Frank en Rick\LimeWire Pro\LimeWire.exe"="C:\Frank en Rick\LimeWire Pro\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\VentSrv\ventrilo_srv.exe"="C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Documents and Settings\Gebruiker\Bureaublad\Spelletjes\Downloads\Ventrilo Server v2.1.0\ventrilo_srv.exe"="C:\Documents and Settings\Gebruiker\Bureaublad\Spelletjes\Downloads\Ventrilo Server v2.1.0\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Frank en Rick\World of Warcraft\BackgroundDownloader.exe"="C:\Frank en Rick\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe"="C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\Program Files\Multiverse Client\bin\MultiverseClient.exe"="C:\Program Files\Multiverse Client\bin\MultiverseClient.exe:*:Enabled:Multiverse World Browser"
"C:\Program Files\SmartFTP Client 3.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 3.0\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Frank en Rick\Eclipse Evolution 2.5\Server\Eclipse_Evolution_Server.exe"="C:\Frank en Rick\Eclipse Evolution 2.5\Server\Eclipse_Evolution_Server.exe:*:Enabled:Eclipse Server Program"
"C:\Frank en Rick\Eclipse Evolution 1.0\Server\Server.exe"="C:\Frank en Rick\Eclipse Evolution 1.0\Server\Server.exe:*:Enabled:Server"
"C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Jelle\Jelle\Net Rmxp Online Server 2.1.7\Server.exe"="C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Jelle\Jelle\Net Rmxp Online Server 2.1.7\Server.exe:*:Enabled:Server"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\dmremote.exe"="C:\WINDOWS\system32\dmremote.exe:*:Enabled:dmremote"
"C:\Program Files\Xampp\apache\bin\apache.exe"="C:\Program Files\Xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
"C:\Program Files\MSN BackUp\MSNBackup.exe"="C:\Program Files\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Wamp\bin\apache\apache2.2.6\bin\httpd.exe"="C:\Program Files\Wamp\bin\apache\apache2.2.6\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Ruby\bin\ruby.exe"="C:\Program Files\Ruby\bin\ruby.exe:*:Enabled:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]"
"C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Net RMXP Online\Net Rmxp Online Server 2.0\ServerNonXP.exe"="C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Net RMXP Online\Net Rmxp Online Server 2.0\ServerNonXP.exe:*:Enabled:ServerNonXP"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\OrbitDownloader\orbitdm.exe"="C:\Program Files\OrbitDownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\OrbitDownloader\orbitnet.exe"="C:\Program Files\OrbitDownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer – beheer van externe computers"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-11 16:21:28 ----D---- C:\Program Files\FLV Converter
2008-12-11 16:15:27 ----A---- C:\WINDOWS\system32\msqpdxwupeirxy.dll
2008-12-10 07:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 07:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 07:19:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 07:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 18:29:18 ----A---- C:\WINDOWS\19609.exe
2008-12-06 18:22:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-06 18:21:55 ----D---- C:\Program Files\AoA Audio Extractor
2008-12-06 17:20:53 ----A---- C:\WINDOWS\demdata.txt
2008-12-06 17:01:32 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Garritan
2008-12-06 17:01:29 ----D---- C:\Program Files\Plogue
2008-12-06 17:01:29 ----D---- C:\Program Files\Garritan
2008-12-06 16:58:26 ----D---- C:\Program Files\Finale 2009
2008-12-05 20:27:33 ----D---- C:\rsit
2008-12-05 20:11:59 ----D---- C:\Program Files\Trend Micro
2008-12-05 19:29:50 ----D---- C:\Program Files\vanBasco's Karaoke Player
2008-12-05 19:24:30 ----D---- C:\Program Files\TallStick
2008-12-05 16:27:37 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Samsung
2008-12-05 16:08:51 ----A---- C:\WINDOWS\system32\framedyn.dll
2008-12-05 16:08:33 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-12-03 17:07:36 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-12-03 17:07:35 ----D---- C:\Program Files\HotHotSoftware
2008-12-01 15:25:42 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-01 15:25:42 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-01 15:25:42 ----A---- C:\WINDOWS\system32\java.exe
2008-12-01 15:25:42 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-24 16:20:56 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-22 18:29:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-22 18:29:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 17:47:20 ----D---- C:\Documents and Settings\Gebruiker\Application Data\TeamViewer
2008-11-17 17:47:17 ----D---- C:\Program Files\TeamViewer3

======List of files/folders modified in the last 1 months======

2008-12-13 16:10:56 ----D---- C:\WINDOWS\Prefetch
2008-12-13 16:10:37 ----D---- C:\WINDOWS\Temp
2008-12-13 16:08:27 ----D---- C:\WINDOWS
2008-12-13 16:08:22 ----D---- C:\Program Files\WebEx
2008-12-13 15:51:14 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Orbit
2008-12-13 13:36:49 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 13:35:10 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Dropbox
2008-12-13 13:34:44 ----D---- C:\Norman
2008-12-13 08:29:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 07:45:34 ----A---- C:\WINDOWS\win.ini
2008-12-12 16:46:00 ----D---- C:\Frank en Rick
2008-12-12 16:30:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-12 07:30:41 ----D---- C:\WINDOWS\system32
2008-12-12 07:24:27 ----SHD---- C:\WINDOWS\Installer
2008-12-12 07:24:27 ----HD---- C:\Config.Msi
2008-12-12 07:24:11 ----HD---- C:\WINDOWS\inf
2008-12-12 07:24:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-12 07:24:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 07:23:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-12 07:23:52 ----D---- C:\Program Files\Internet Explorer
2008-12-11 17:02:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-11 16:27:53 ----RD---- C:\Program Files
2008-12-11 16:13:16 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-11 15:48:11 ----D---- C:\Program Files\BitLord
2008-12-10 11:15:49 ----D---- C:\WINDOWS\system32\config
2008-12-10 11:15:29 ----D---- C:\WINDOWS\system32\wbem
2008-12-10 11:15:29 ----D---- C:\WINDOWS\Registration
2008-12-10 07:20:25 ----D---- C:\WINDOWS\ie7updates
2008-12-10 07:20:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 07:46:04 ----D---- C:\WINDOWS\system32\Macromed
2008-12-07 14:07:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-06 19:39:19 ----D---- C:\Program Files\OrbitDownloader
2008-12-06 17:57:44 ----D---- C:\Downloads
2008-12-06 16:59:06 ----D---- C:\PSFONTS
2008-12-06 16:59:05 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 16:58:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-06 16:58:47 ----D---- C:\WINDOWS\WinSxS
2008-12-06 10:21:12 ----RSD---- C:\WINDOWS\assembly
2008-12-06 10:19:28 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-06 07:14:26 ----D---- C:\WINDOWS\system32\en-us
2008-12-06 07:14:24 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-05 19:35:16 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-12-05 19:35:15 ----D---- C:\Program Files\NCH Swift Sound
2008-12-05 19:33:14 ----D---- C:\WINDOWS\Help
2008-12-05 19:25:44 ----A---- C:\WINDOWS\MusicMaker.INI
2008-12-05 16:35:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-05 16:35:25 ----D---- C:\Program Files\SAMSUNG
2008-12-01 15:25:27 ----D---- C:\Program Files\Java
2008-11-20 20:24:35 ----SD---- C:\Documents and Settings\Gebruiker\Application Data\Microsoft
2008-11-20 09:18:43 ----D---- C:\Program Files\Common Files\Adobe
2008-11-20 09:16:52 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Adobe
2008-11-20 09:14:31 ----D---- C:\Program Files\Adobe
2008-11-20 09:07:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-16 21:13:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-05 5632]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 Ndiskio;Ndiskio; \??\C:\Norman\Nse\bin\NDISKIO.SYS []
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-01-08 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-01-08 25272]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys []
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S2 CDRPDACC;Arrowkey Device Access; \??\C:\Mam\321Studios\Shared\CDRPDACC.SYS []
S3 dsreader;MaxDrive Driver (dsreader.sys); C:\WINDOWS\System32\Drivers\dsreader.sys [2001-01-02 19677]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-06-23 1095680]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SliceDisk5;SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-10-03 102400]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Norman\Npm\bin\ELOGSVC.EXE [2007-11-21 150584]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-01 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-03-31 204800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-01-08 451896]
R2 Norman ZANDA;Norman ZANDA; C:\Norman\Npm\Bin\zanda.exe [2008-04-24 429176]
R2 NVOY;Norman's Very Own supplY of resources; C:\Norman\npm\bin\nvoy.exe [2008-02-07 121912]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-15 66872]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2006-05-26 86016]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2007-05-26 501312]
R3 Norman NJeeves;Norman NJeeves; C:\Norman\Npm\Bin\Njeeves.exe [2008-05-13 203896]
R3 nsesvc;Norman Scanner Engine Service; C:\Norman\nse\bin\NSESVC.EXE [2008-06-19 322616]
R3 nvcoas;Norman Virus Control on-access component; C:\Norman\Nvc\bin\nvcoas.exe [2008-04-30 191544]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Norman\Npm\Bin\Nvcsched.exe [2007-09-18 154680]
R3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Apache2.2;Apache2.2; C:\Program Files\Xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-05 72704]
S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-02 655624]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------
Wazakindjes
Regular Member
 
Posts: 15
Joined: December 7th, 2008, 3:32 pm

Re: Keyboard Settings Keeps Changing

Unread postby jmw3 » December 13th, 2008, 9:26 pm

Have a look in C:\rsit
info.txt should be in that folder.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Keyboard Settings Keeps Changing

Unread postby Wazakindjes » December 14th, 2008, 5:30 am

Wheeeee. :cheers:

info.txt logfile of random's system information tool 1.04 2008-12-05 20:27:38

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNIN0413.EXE -f"C:\Mam\PhotoDeluxe BE 1.0\DeIsL1.isu"
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Beatcraft-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 8.1.3 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Type Manager 4.0-->C:\WINDOWS\unin0413.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Beveiligingsupdate for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Beveiligingsupdate voor Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\ZoomBrowser EX\Program\Uninst.ini"
Citrix ICA Web Client-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Common RTP 1.0-->C:\WINDOWS\iun506.exe C:\Program Files\Enterbrain\RPG2003\RTP\\irunin.ini
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Davi-Tuin 3D DeLuxe 3-->C:\Program Files\Davilex\Shared\UNINST32.EXE C:\Mam\Davilex\DAVI-T~1\Install.log
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dropbox-->"C:\Program Files\Dropbox\uninstall.exe"
Firebird SQL Server - MAGIX Edition (NL)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix voor Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix voor Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HyperCam 2-->"C:\Program Files\HyperCam\UnHyCam2.exe"
Install Creator Pro-->C:\Program Files\Install Creator Pro\Uninstal.exe
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections-->MsiExec.exe /I{F6B23E59-1240-4C20-AE0B-70658A91976A}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{6E93572D-F31E-496F-8B2F-F400B3A2BC4E}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jewel Quest Deluxe-->"C:\Program Files\Zylom Games\Jewel Quest Deluxe\GameInstlr.exe" --uninstall UnInstall.log
LimeWire PRO 4.12.6-->"C:\Frank en Rick\LimeWire Pro\uninstall.exe"
Linksys EasyLink Advisor-->"C:\Program Files\InstallShield Installation Information\{3B0819D0-501C-47A1-8122-84800ACD5F41}\setup.exe" -runfromtemp -l0x0413 -removeonly
Linksys EasyLink Advisor-->MsiExec.exe /I{3B0819D0-501C-47A1-8122-84800ACD5F41}
MAGIX Music Maker 2007 (NL)-->C:\Program Files\MAGIX\MAGIX Music Maker 2007\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"
Messenger Plus! Live-->"C:\Program Files\Windows Live\Plus\Uninstall.exe"
Microsoft .NET Framework 1.1 Dutch Language Pack-->MsiExec.exe /X{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - NLD-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - NLD\install.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Dutch Language Pack-->MsiExec.exe /X{64371D22-A18B-436E-863B-2E12DA8042FF}
Microsoft .NET Framework 3.0 Nederlands taalpakket-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Dutch Language Pack\setup.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170413-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Standard Voor leerlingen, studenten en docenten-->MsiExec.exe /I{913D0413-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
MOBILedit! 2.8-->RunDll32 C:\PROGRA~1\MOBILE~1\MOBILE~1\Setup\Setup.dll,RemoveOnly
Movavi Flash Converter-->MsiExec.exe /I{ED3DA206-194C-4061-B55E-8E27170BE621}
MSN BackUp 1.3.3-->C:\Program Files\MSN BackUp\uninst.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Nero 7 Essentials-->MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1043}
Nintendo DS - GBA Max Drive-->"C:\Program Files\Datel\GBA Max Drive\unins000.exe"
Norman Ad-Aware SE Plus-->C:\PROGRA~1\Norman\NORMAN~1\UNWISE.EXE C:\PROGRA~1\Norman\NORMAN~1\INSTALL.LOG
Norman Virus Control-->C:\Norman\npm\bin\DelNvc5.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OLYMPUS CAMEDIA Master 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
Orbit Downloader-->"C:\Program Files\OrbitDownloader\unins000.exe"
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Peggle (remove only)-->C:\Program Files\Peggle\Uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PrintMaster® Platina 8.0-->C:\WINDOWS\UNIN0413.EXE -f"C:\Mam\TLCDOM~1\PRINTM~1\DeIsL1.isu" -c"C:\Mam\TLCDOM~1\PRINTM~1\psfinst.dll"
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RahJongg - The Curse of Ra-->C:\WINDOWS\uninst.exe -f"C:\Mam\Game Master\RahJongg\DeIsL1.isu" -c"C:\Mam\Game Master\RahJongg\_ISREG32.DLL"
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPG Maker 2003-->C:\WINDOWS\iun6002.exe "C:\Program Files\Enterbrain\RPG2003\irunin.ini"
RPG Maker VX RTP-->"C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe"
RPG Maker VX-->"C:\Program Files\Enterbrain\RPGVX\unins000.exe"
RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Ruby-186-26-->C:\Program Files\Ruby\uninstall.exe
SABnzbd (remove only)-->"C:\Program Files\SABnzbd\uninstall.exe"
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x13 -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0013 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Serif DrawPlus 3.0-->C:\WINDOWS\IsUn0413.exe -fC:\Spelletjes\Serif\dp30\DrawPlus_uninst.isu
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x13 -remove -removeonly
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpamWeed 2.5 rev. 366-->"C:\Program Files\SpamWeed\unins000.exe"
SpamWeed 2.7 rev. 599-->"C:\Program Files\SpamWeed\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
swf2avi 0.3-->"C:\Program Files\SWF2AVI\unins000.exe"
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
The legend of El Dorado Deluxe-->"C:\Program Files\Zylom Games\The legend of El Dorado Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Three Ships Browser Plugin-->MsiExec.exe /I{D4A2957D-5113-4722-A0A3-E7D0BF85D5D4}
Update voor Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update voor Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VentriloMIX-->C:\FRANK EN RICK\Vent mix\Uninstal.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live aanmeldhulp-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer-->MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger-->MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (NLD)-->MsiExec.exe /X{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation NL Language Pack-->MsiExec.exe /I{A06BD059-8EDE-41F3-B91A-73C2C6811187}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Frank en Rick\Winrar\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Youtube-Download-Convert-Toolbar-->regsvr32 /u /s "C:\Program Files\Quicknation\YouTubeDownload-Convert.dll"
Zuma Deluxe-->"C:\Program Files\Zylom Games\Zuma Deluxe\GameInstaller.exe" --uninstall UnInstall.log

======Hosts File======

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

======Security center information======

AV: Norman Security Suite ver. 7.00

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Ruby\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;%NpmLib%;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;C:\Frank en Rick\Samsung
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.RB;.RBW
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"NpmLib"=C:\Norman\Npm\Bin
"RUBYOPT"=-rubygems
"INPUTRC"=C:\Program Files\Ruby\bin\inputrc.euro

-----------------EOF-----------------
Wazakindjes
Regular Member
 
Posts: 15
Joined: December 7th, 2008, 3:32 pm

Re: Keyboard Settings Keeps Changing

Unread postby jmw3 » December 14th, 2008, 7:10 am

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Messenger Plus! Live
LimeWire PRO 4.12.6
BitLord 1.1

Any other P2P program that may be present

While in Add/Remove programs you may as well remove the following outdated Java versions as they are open to exploitation:
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1


View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Upload Files for Scanning
Go to VirSCAN or VirusTotal
(Just use one or the other. No need to use both.)

If you use VirSCAN click Browse
In the File Upload box that opens navigate to C:\WINDOWS\system32\msqpdxwupeirxy.dll, & double click on file name
Then click Upload
Wait for scans to finish then copy & paste the results into your next reply
Following the instructions above do the same for:
C:\WINDOWS\19609.exe
C:\WINDOWS\imsins.BAK

If you use VirusTotal click Browse
In the Choose File box that opens navigate to C:\WINDOWS\system32\msqpdxwupeirxy.dll, & double click on file name
Then click Send File
Wait for scans to finish then copy & paste the results into your next reply
Following the instructions above do the same for:
C:\WINDOWS\19609.exe
C:\WINDOWS\imsins.BAK

Flash_Disinfector
  • Download Flash_Disinfector here and save it to your desktop.
  • Double click to run it
  • You will be prompted to plug in your USB drive. Plug it in
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Lop S&D
Download Lop S&D by Eric_71 Here and save it to your desktop.
Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:
Norman AV | AdAware
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated. Post the contents of the log in your next reply
(A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

To post in next reply:
Results from either VirSCAN or VirusTotal
Lop S&D log
New HijackThis log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Keyboard Settings Keeps Changing

Unread postby Wazakindjes » December 14th, 2008, 7:35 am

I can't find LimeWire and BitLord in the Add/Remove section. Also, I don't understand what you mean with "scan result".
Wazakindjes
Regular Member
 
Posts: 15
Joined: December 7th, 2008, 3:32 pm

Re: Keyboard Settings Keeps Changing

Unread postby jmw3 » December 14th, 2008, 5:41 pm

I can't find LimeWire and BitLord in the Add/Remove section.

OK don't worry about Limewire & Bitlord if they are not there.
Also, I don't understand what you mean with "scan result".

By this are you refering to the VirSCAN or VirusTotal instructions?
  • If you use VirSCAN, once the scan is completed you will see a page with two headings: File Information & Scanner Results
  • At the bottom of the page is a button titled Copy to clipboard
  • Click that button then open Notepad on your computer by clicking Start>Run, type Notepad & click OK
  • When Notepad opens Right-click your mouse & select Paste
  • Click Edit then Select All
  • Right-click anywhere on the highlighted text & select Copy
  • Come back to this thread & paste the results in your next reply

If you use VirusTotal do this:
  • Once the scan has finished the results page will open
  • Place the cursor next the word File in the light blue box
  • Left-click your mouse & while holding the button down drag your mouse down to highlight All of the text
  • Once the text is highlighted right-click your mouse & Select Copy
  • Come back to this thread & paste the results in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Keyboard Settings Keeps Changing

Unread postby Wazakindjes » December 15th, 2008, 3:04 pm

Ok, the msqpdxwupeirxy.dll log:
VirSCAN.org Scanned Report :
Scanned time : 2008/12/10 02:40:44 (CET)
Scanner results: 38% van de scanners (15/39) detecteerde malware!
File Name : msqpdxosvdnrsr.dll
File Size : 41984 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : ea8c050ee2b08514c1e5ac09ad9b2e74
SHA1 : a3da9eba159c3dfb2ec404373ca94978ac53d2f6
Online report : http://virscan.org/report/615b176dd3b88 ... 0ca14.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.27 20081210070218 2008-12-10 3.43 Virus.Win32.Fasec!IK
AhnLab V3 2008.12.10.01 2008.12.10 2008-12-10 1.22 -
AntiVir 7.9.0.43 7.1.0.213 2008-12-09 1.58 TR/Crypt.XPACK.Gen
Antiy 2.0.18 20081209.1826225 2008-12-09 0.12 -
Arcavir 1.0.5 200812071316 2008-12-07 1.31 -
Authentium 5.1.1 200812092231 2008-12-09 1.13 W32/FakeAlert.3!Maximus (Heuristic)
AVAST! 3.0.1 081209-1 2008-12-09 0.01 Win32:Fasec [Trj]
AVG 7.5.52.442 270.9.16/1840 2008-12-09 1.78 -
BitDefender 7.81008.2339269 7.22418 2008-12-10 2.19 -
CA (VET) 9.0.0.143 31.6.6253 2008-12-10 10.44 -
ClamAV 0.94.1 8739 2008-12-10 0.01 -
Comodo 3.0 713 2008-12-09 0.80 -
CP Secure 1.1.0.715 2008.12.09 2008-12-09 6.05 -
Dr.Web 4.44.0.9170 2008.12.09 2008-12-09 3.66 Trojan.DnsChange.13
ewido 4.0.0.2 2008.12.09 2008-12-09 3.23 -
F-Prot 4.4.4.56 20081209 2008-12-09 1.12 W32/SuspPack.J.gen!Eldorado (generic, not disinfectable)
F-Secure 5.51.6100 2008.12.10.01 2008-12-10 0.17 -
Fortinet 2.81-3.117 9.797 2008-12-09 0.23 -
GData 19.1846/19.140 20081210 2008-12-10 7.43 Win32:Fasec [Trj] [Engine:B]
ViRobot 20081208 2008.12.08 2008-12-08 1.59 -
Ikarus T3.1.01.45 2008.12.10.71983 2008-12-10 3.66 Virus.Win32.Fasec
JiangMin 11.0.706 2008.12.09 2008-12-09 2.59 -
Kaspersky 5.5.10 2008.12.09 2008-12-09 0.23 -
KingSoft 2008.9.8.18 2008.12.9.17 2008-12-09 0.59 Win32.Troj.EdpckDown.a.41984
McAfee 5.3.00 5459 2008-12-09 2.65 DNSChanger.gen
Microsoft 1.4205 2008.12.09 2008-12-09 8.27 Trojan:Win32/Alureon.gen!I
mks_vir 2.01 2008.12.07 2008-12-07 2.77 -
Norman 5.93.01 5.93.00 2008-12-09 5.81 -
Panda 9.05.01 2008.12.09 2008-12-09 2.89 Generic Trojan
Trend Micro 8.700-1004 5.698.08 2008-12-09 0.02 TROJ_ARPOISON.B
Quick Heal 10.00 2008.12.09 2008-12-09 0.85 -
Rising 20.0 21.07.12.00 2008-12-09 1.00 -
Sophos 2.81.2 4.36 2008-12-10 2.15 Mal/EncPk-GJ
Sunbelt 4674 4674 2008-11-04 9.12 -
Symantec 1.3.0.24 20081209.003 2008-12-09 0.12 -
nProtect 2008-12-09.00 2753009 2008-12-09 9.55 -
The Hacker 6.3.1.2 v00180 2008-12-08 0.81 -
VBA32 3.12.8.10 20081209.1019 2008-12-09 1.47 -
VirusBuster 4.5.11.10 10.95.2/730120 2008-12-09 0.98 Trojan.FakeAlert.Gen!Pac.2

And the 19609.exe log:
VirSCAN.org Scanned Report :
Scanned time : 2008/12/15 19:44:02 (CET)
Scanner results: 3% van de scanners (1/39) detecteerde malware!
File Name : 19609.exe
File Size : 28672 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : d3302b9da355aa017328cbfeabd06b22
SHA1 : e5a6ef3951cd5d5a46bfc0b21bb74626e473b90c
Online report : http://virscan.org/report/3cd21a5ce912f ... d2fb9.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081215200646 2008-12-15 3.14 -
AhnLab V3 2008.12.15.03 2008.12.15 2008-12-15 1.13 -
AntiVir 7.9.0.45 7.1.0.235 2008-12-15 1.61 -
Antiy 2.0.18 20081215.1838801 2008-12-15 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.21 -
Authentium 5.1.1 200812151514 2008-12-15 1.06 -
AVAST! 3.0.1 081215-1 2008-12-15 0.00 -
AVG 7.5.52.442 270.9.18/1849 2008-12-15 1.81 -
BitDefender 7.81008.2352252 7.22548 2008-12-16 2.22 -
CA (VET) 9.0.0.143 31.6.6261 2008-12-15 3.82 -
ClamAV 0.94.1 8762 2008-12-15 0.02 -
Comodo 3.0 754 2008-12-14 0.83 -
CP Secure 1.1.0.715 2008.12.16 2008-12-16 6.03 -
Dr.Web 4.44.0.9170 2008.12.15 2008-12-15 3.69 -
ewido 4.0.0.2 2008.12.15 2008-12-15 3.45 -
F-Prot 4.4.4.56 20081215 2008-12-15 1.08 -
F-Secure 5.51.6100 2008.12.15.07 2008-12-15 3.90 -
Fortinet 2.81-3.117 9.813 2008-12-13 0.20 -
GData 19.1927/19.147 20081215 2008-12-15 2.91 -
ViRobot 20081215 2008.12.15 2008-12-15 0.41 -
Ikarus T3.1.01.45 2008.12.15.72011 2008-12-15 3.69 -
JiangMin 11.0.706 2008.12.15 2008-12-15 1.43 -
Kaspersky 5.5.10 2008.12.15 2008-12-15 0.06 -
KingSoft 2008.9.8.18 2008.12.15.20 2008-12-15 0.59 -
McAfee 5.3.00 5464 2008-12-14 2.61 -
Microsoft 1.4205 2008.12.15 2008-12-15 4.39 -
mks_vir 2.01 2008.12.15 2008-12-15 2.63 -
Norman 5.93.01 5.93.00 2008-12-12 5.78 -
Panda 9.05.01 2008.12.14 2008-12-14 2.79 -
Trend Micro 8.700-1004 5.710.05 2008-12-15 0.03 -
Quick Heal 10.00 2008.12.15 2008-12-15 0.85 Suspicious - DNAScan
Rising 20.0 21.08.02.00 2008-12-15 0.78 -
Sophos 2.81.2 4.36 2008-12-16 2.06 -
Sunbelt 4754 4754 2008-12-10 0.46 -
Symantec 1.3.0.24 20081214.003 2008-12-14 0.05 -
nProtect 12-15-2008.03 2773539 12-15-2008 4.24 -
The Hacker 6.3.1.2 v00188 2008-12-14 0.49 -
VBA32 3.12.8.10 20081215.0958 2008-12-15 1.49 -
VirusBuster 4.5.11.10 10.96.1/730495 2008-12-15 0.94 -

And the imsins.BAK log:
VirSCAN.org Scanned Report :
Scanned time : 2008/12/15 19:46:43 (CET)
Scanner results: Geen enkele scanner vond malware!
File Name : imsins.BAK
File Size : 1393 byte
File Type : ASCII text, with CRLF, LF line terminators
MD5 : db5be56b3dc37a6b1c4561723e479df0
SHA1 : fb456ba282138cc3d41c72400d9b1dc7c7b7af64
Online report : http://virscan.org/report/404fce86b16df ... 000bc.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081215200646 2008-12-15 3.06 -
AhnLab V3 2008.12.15.03 2008.12.15 2008-12-15 1.03 -
AntiVir 7.9.0.45 7.1.0.235 2008-12-15 1.69 -
Antiy 2.0.18 20081215.1838801 2008-12-15 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.19 -
Authentium 5.1.1 200812151514 2008-12-15 1.05 -
AVAST! 3.0.1 081215-1 2008-12-15 0.00 -
AVG 7.5.52.442 270.9.18/1849 2008-12-15 1.75 -
BitDefender 7.81008.2352252 7.22548 2008-12-16 2.14 -
CA (VET) 9.0.0.143 31.6.6261 2008-12-15 3.90 -
ClamAV 0.94.1 8762 2008-12-15 0.00 -
Comodo 3.0 754 2008-12-14 0.92 -
CP Secure 1.1.0.715 2008.12.16 2008-12-16 6.01 -
Dr.Web 4.44.0.9170 2008.12.15 2008-12-15 3.70 -
ewido 4.0.0.2 2008.12.15 2008-12-15 3.45 -
F-Prot 4.4.4.56 20081215 2008-12-15 1.06 -
F-Secure 5.51.6100 2008.12.15.07 2008-12-15 3.86 -
Fortinet 2.81-3.117 9.813 2008-12-13 0.17 -
GData 19.1927/19.147 20081215 2008-12-15 3.12 -
ViRobot 20081215 2008.12.15 2008-12-15 0.40 -
Ikarus T3.1.01.45 2008.12.15.72011 2008-12-15 3.67 -
JiangMin 11.0.706 2008.12.15 2008-12-15 1.41 -
Kaspersky 5.5.10 2008.12.15 2008-12-15 0.02 -
KingSoft 2008.9.8.18 2008.12.15.20 2008-12-15 0.60 -
McAfee 5.3.00 5464 2008-12-14 2.63 -
Microsoft 1.4205 2008.12.15 2008-12-15 5.97 -
mks_vir 2.01 2008.12.15 2008-12-15 2.61 -
Norman 5.93.01 5.93.00 2008-12-12 5.82 -
Panda 9.05.01 2008.12.14 2008-12-14 7.80 -
Trend Micro 8.700-1004 5.710.05 2008-12-15 0.02 -
Quick Heal 10.00 2008.12.15 2008-12-15 0.84 -
Rising 20.0 21.08.02.00 2008-12-15 0.24 -
Sophos 2.81.2 4.36 2008-12-16 2.01 -
Sunbelt 4754 4754 2008-12-10 0.43 -
Symantec 1.3.0.24 20081214.003 2008-12-14 0.04 -
nProtect 12-15-2008.03 2773539 12-15-2008 3.58 -
The Hacker 6.3.1.2 v00188 2008-12-14 0.54 -
VBA32 3.12.8.10 20081215.0958 2008-12-15 1.51 -
VirusBuster 4.5.11.10 10.96.1/730495 2008-12-15 0.93 -

And the LopSD log:

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.20GHz )
BIOS : Default System BIOS
USER : Gebruiker ( Administrator )
BOOT : Normal boot
Antivirus : Norman Security Suite ver. 7.00 7.00 (Not Activated)
C:\ (Local Disk) - NTFS - Total:298 Go (Free:168 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB) - FAT32 - Total:241 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( ma 15-12-2008|19:56 )

--------------------\\ Beschrijving van mappen in APPLIC~1

[30-08-2007|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
[20-11-2008|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[05-09-2008|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[21-05-2007|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[25-05-2007|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15-10-2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[22-05-2007|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[14-12-2008|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EmailNotifier
[19-10-2007|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
[02-11-2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[15-12-2008|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[25-05-2007|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[24-11-2008|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[10-07-2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Linksys
[08-08-2007|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
[24-09-2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[25-07-2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14-12-2008|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Megaupload
[12-10-2008|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23-08-2008|05:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12-04-2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[05-12-2008|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[12-07-2008|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[15-08-2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NewsBin
[25-05-2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NPF
[25-05-2007|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[15-08-2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[05-01-2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[23-06-2007|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OLYMPUS
[22-07-2008|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[10-07-2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
[12-09-2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25-05-2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[22-11-2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[24-07-2008|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[11-12-2008|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[08-05-2008|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[21-05-2007|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14-08-2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[26-05-2007|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[42|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar

[11-02-2008|19:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[21-05-2007|15:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[14-12-2008|15:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[5|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

[20-11-2008|09:16] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Adobe
[12-07-2008|22:25] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Ahead
[25-05-2007|14:50] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Apple Computer
[24-05-2007|07:57] C:\DOCUME~1\GEBRUI~1\APPLIC~1\CyberLink
[16-07-2007|14:07] C:\DOCUME~1\GEBRUI~1\APPLIC~1\DivX
[15-12-2008|16:14] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Dropbox
[22-06-2007|00:28] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Eyeblaster
[30-08-2008|22:10] C:\DOCUME~1\GEBRUI~1\APPLIC~1\FLV Extract
[30-07-2008|15:44] C:\DOCUME~1\GEBRUI~1\APPLIC~1\fretsonfire
[06-12-2008|17:01] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Garritan
[24-08-2007|06:26] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Google
[15-08-2008|16:50] C:\DOCUME~1\GEBRUI~1\APPLIC~1\GrabIt
[09-11-2008|12:23] C:\DOCUME~1\GEBRUI~1\APPLIC~1\GrabPro
[30-05-2007|19:33] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Help
[19-05-2008|19:01] C:\DOCUME~1\GEBRUI~1\APPLIC~1\HP
[02-01-2008|20:13] C:\DOCUME~1\GEBRUI~1\APPLIC~1\ICAClient
[08-05-2008|15:02] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Identities
[21-04-2008|15:55] C:\DOCUME~1\GEBRUI~1\APPLIC~1\LimeWire
[19-07-2007|10:34] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Macromedia
[25-07-2008|10:33] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Malwarebytes
[14-12-2008|11:39] C:\DOCUME~1\GEBRUI~1\APPLIC~1\MegauploadToolbar
[20-11-2008|20:24] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Microsoft
[11-08-2008|16:49] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Music Recognition
[01-04-2008|17:32] C:\DOCUME~1\GEBRUI~1\APPLIC~1\NCH Swift Sound
[15-08-2008|16:47] C:\DOCUME~1\GEBRUI~1\APPLIC~1\NewsLeecher
[19-05-2008|22:05] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Norman
[14-07-2007|08:54] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Opera
[14-12-2008|13:19] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Orbit
[22-07-2008|17:38] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Propellerhead Software
[05-12-2008|16:27] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Samsung
[15-07-2008|19:33] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Skype
[01-06-2007|17:34] C:\DOCUME~1\GEBRUI~1\APPLIC~1\SmartFTP
[13-06-2007|09:28] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Sun
[24-07-2008|17:41] C:\DOCUME~1\GEBRUI~1\APPLIC~1\SUPERAntiSpyware.com
[28-04-2008|13:56] C:\DOCUME~1\GEBRUI~1\APPLIC~1\teamspeak2
[17-11-2008|17:51] C:\DOCUME~1\GEBRUI~1\APPLIC~1\TeamViewer
[19-06-2007|15:58] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Ventrilo
[15-08-2008|16:50] C:\DOCUME~1\GEBRUI~1\APPLIC~1\WinRAR
[15-08-2008|16:49] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Xfire
[04-10-2007|09:03] C:\DOCUME~1\GEBRUI~1\APPLIC~1\XLAB ISL Plugins
[08-05-2008|15:02] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\GEBRUI~1\APPLIC~1\bytes
[43|map(pen)] C:\DOCUME~1\GEBRUI~1\APPLIC~1\bytes beschikbaar

[15-08-2008|16:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[11-08-2008|09:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[21-05-2007|15:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[5|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

[21-05-2007|15:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

--------------------\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

[05-11-2008 07:41][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14-12-2008 20:00][--a------] C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[15-12-2008 16:13][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02-03-2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Beschrijving van mappen in C:\Program Files

[16-08-2008|18:24] C:\Program Files\Acoustica Beatcraft
[03-10-2008|20:41] C:\Program Files\Acoustica Shared Effects
[15-10-2008|12:01] C:\Program Files\Activision
[20-11-2008|09:14] C:\Program Files\Adobe
[25-05-2007|18:02] C:\Program Files\Adobe Type Manager
[06-12-2008|18:22] C:\Program Files\AoA Audio Extractor
[30-05-2007|06:41] C:\Program Files\Apple Software Update
[12-01-2008|13:28] C:\Program Files\ASIO4ALL v2
[16-08-2008|18:00] C:\Program Files\Beatbox Demo
[08-05-2008|14:02] C:\Program Files\BFG
[15-08-2008|16:50] C:\Program Files\BitComet
[11-12-2008|15:48] C:\Program Files\BitLord
[01-07-2007|23:17] C:\Program Files\Canon
[02-01-2008|12:41] C:\Program Files\Citrix
[14-12-2008|12:28] C:\Program Files\Common Files
[21-05-2007|15:25] C:\Program Files\ComPlus Applications
[30-08-2008|22:00] C:\Program Files\Cucusoft
[22-05-2007|07:43] C:\Program Files\CyberLink
[17-08-2007|17:13] C:\Program Files\Datel
[15-08-2008|16:50] C:\Program Files\Davilex
[21-09-2008|18:35] C:\Program Files\DBP
[03-06-2007|06:14] C:\Program Files\directx
[15-08-2008|16:49] C:\Program Files\DiskInternals
[05-10-2007|17:34] C:\Program Files\DivX
[30-10-2008|17:26] C:\Program Files\Dropbox
[15-08-2008|16:49] C:\Program Files\Enterbrain
[15-08-2008|16:50] C:\Program Files\File Extension Changer
[06-12-2008|17:09] C:\Program Files\Finale 2009
[11-12-2008|16:21] C:\Program Files\FLV Converter
[06-12-2008|17:01] C:\Program Files\Garritan
[24-08-2007|06:25] C:\Program Files\Google
[05-09-2008|14:46] C:\Program Files\Guitar Pro 5
[03-12-2008|17:07] C:\Program Files\HotHotSoftware
[24-08-2008|20:47] C:\Program Files\HP
[25-09-2008|18:00] C:\Program Files\HyperCam
[15-08-2008|15:05] C:\Program Files\Image-Line
[10-09-2008|19:55] C:\Program Files\Install Creator Pro
[14-12-2008|12:30] C:\Program Files\InstallShield Installation Information
[21-05-2007|15:40] C:\Program Files\Intel
[12-12-2008|07:23] C:\Program Files\Internet Explorer
[30-05-2007|06:44] C:\Program Files\iPod
[01-04-2008|17:24] C:\Program Files\IrfanView
[14-12-2008|15:31] C:\Program Files\Java
[10-07-2008|12:27] C:\Program Files\Linksys
[11-01-2008|23:37] C:\Program Files\LizardTech
[15-08-2008|16:50] C:\Program Files\MagicISO
[24-09-2008|15:40] C:\Program Files\MAGIX
[16-11-2008|21:13] C:\Program Files\Malwarebytes' Anti-Malware
[19-09-2008|09:16] C:\Program Files\Messenger
[15-08-2008|16:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21-05-2007|15:27] C:\Program Files\microsoft frontpage
[03-10-2008|14:51] C:\Program Files\Microsoft Office
[01-06-2007|17:42] C:\Program Files\Microsoft Office Frontpage 2003
[25-05-2007|13:34] C:\Program Files\Microsoft Visual Studio
[02-11-2008|17:11] C:\Program Files\Microsoft Works
[01-06-2007|17:42] C:\Program Files\Microsoft.NET
[09-06-2008|19:57] C:\Program Files\MobilEdit
[09-10-2007|19:03] C:\Program Files\Movavi Flash Converter
[19-09-2008|09:12] C:\Program Files\Movie Maker
[15-08-2008|16:50] C:\Program Files\MP3 WAV WMA Converter
[22-05-2007|08:04] C:\Program Files\MSBuild
[03-10-2008|14:50] C:\Program Files\MSECache
[04-09-2008|14:28] C:\Program Files\MSN BackUp
[21-05-2007|15:24] C:\Program Files\MSN Gaming Zone
[21-05-2007|15:36] C:\Program Files\MSXML 4.0
[22-05-2007|08:06] C:\Program Files\MSXML 6.0
[07-03-2008|18:32] C:\Program Files\Multiverse Client
[07-03-2008|18:32] C:\Program Files\Multiverse Tools
[12-04-2008|19:58] C:\Program Files\NCH Software
[05-12-2008|19:35] C:\Program Files\NCH Swift Sound
[12-07-2008|22:13] C:\Program Files\Nero
[19-09-2008|09:10] C:\Program Files\NetMeeting
[15-08-2008|16:47] C:\Program Files\NewsBin
[19-05-2008|22:05] C:\Program Files\Norman
[21-05-2007|15:26] C:\Program Files\Online Services
[06-12-2008|19:39] C:\Program Files\OrbitDownloader
[19-09-2008|09:10] C:\Program Files\Outlook Express
[08-05-2008|14:18] C:\Program Files\Peggle
[06-12-2008|17:01] C:\Program Files\Plogue
[30-05-2007|06:43] C:\Program Files\QuickTime
[03-02-2008|19:15] C:\Program Files\Rapidown
[22-05-2007|08:01] C:\Program Files\Reference Assemblies
[28-08-2008|12:46] C:\Program Files\Ruby
[16-08-2008|18:14] C:\Program Files\SABnzbd
[05-12-2008|16:35] C:\Program Files\SAMSUNG
[25-05-2007|19:48] C:\Program Files\Serif
[21-05-2007|15:42] C:\Program Files\SigmaTel
[12-09-2007|22:24] C:\Program Files\Skype
[15-08-2008|16:48] C:\Program Files\SmartFTP Client
[22-05-2008|08:34] C:\Program Files\SpamWeed
[23-11-2008|10:38] C:\Program Files\Spybot - Search & Destroy
[24-07-2008|17:40] C:\Program Files\SUPERAntiSpyware
[05-10-2007|18:27] C:\Program Files\SWF2AVI
[16-07-2007|09:58] C:\Program Files\SystemRequirementsLab
[05-12-2008|19:31] C:\Program Files\TallStick
[17-11-2008|17:47] C:\Program Files\TeamViewer3
[10-01-2008|19:55] C:\Program Files\The Game Creators
[05-12-2008|20:11] C:\Program Files\Trend Micro
[16-08-2008|19:38] C:\Program Files\UltraGet Video Downloader
[21-05-2007|15:30] C:\Program Files\Uninstall Information
[05-12-2008|19:41] C:\Program Files\vanBasco's Karaoke Player
[03-08-2007|13:41] C:\Program Files\VentSrv
[16-02-2008|12:36] C:\Program Files\VstPlugins
[01-09-2008|19:51] C:\Program Files\Wamp
[25-05-2007|19:55] C:\Program Files\Web Publish
[13-12-2008|16:08] C:\Program Files\WebEx
[12-10-2008|17:54] C:\Program Files\Windows Live
[25-05-2007|12:01] C:\Program Files\Windows Media Connect 2
[19-09-2008|09:10] C:\Program Files\Windows Media Player
[19-09-2008|09:10] C:\Program Files\Windows NT
[21-05-2007|15:26] C:\Program Files\WindowsUpdate
[15-08-2008|16:49] C:\Program Files\Xampp
[21-05-2007|15:27] C:\Program Files\xerox
[08-04-2008|20:49] C:\Program Files\Xfire
[04-10-2007|15:38] C:\Program Files\XLAB ISL Boot
[08-05-2008|15:01] C:\Program Files\Zylom Games
[0|bestand(en)] C:\Program Files\bytes
[118|map(pen)] C:\Program Files\bytes beschikbaar

--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files

[20-11-2008|09:18] C:\Program Files\Common Files\Adobe
[02-11-2008|10:59] C:\Program Files\Common Files\Adobe AIR
[05-09-2008|16:08] C:\Program Files\Common Files\Adobe Systems Shared
[12-07-2008|22:21] C:\Program Files\Common Files\Ahead
[10-01-2008|20:08] C:\Program Files\Common Files\Bcgsoft
[25-05-2007|14:25] C:\Program Files\Common Files\Blizzard Entertainment
[01-07-2007|23:11] C:\Program Files\Common Files\Canon
[25-05-2007|13:34] C:\Program Files\Common Files\Designer
[26-06-2008|13:44] C:\Program Files\Common Files\Enterbrain
[25-05-2007|10:25] C:\Program Files\Common Files\Hewlett-Packard
[25-05-2007|10:30] C:\Program Files\Common Files\HP
[30-05-2008|22:43] C:\Program Files\Common Files\INCA Shared
[15-08-2008|14:52] C:\Program Files\Common Files\InstallShield
[24-05-2007|07:55] C:\Program Files\Common Files\LightScribe
[20-01-2008|07:49] C:\Program Files\Common Files\Macrovision Shared
[30-08-2007|11:55] C:\Program Files\Common Files\MAGIX Shared
[06-12-2008|16:58] C:\Program Files\Common Files\Microsoft Shared
[09-10-2007|19:03] C:\Program Files\Common Files\MOVAVI
[21-05-2007|15:25] C:\Program Files\Common Files\MSSoap
[21-05-2007|16:23] C:\Program Files\Common Files\Nero
[21-05-2007|23:20] C:\Program Files\Common Files\ODBC
[04-12-2007|07:29] C:\Program Files\Common Files\Previews
[10-07-2008|12:29] C:\Program Files\Common Files\Pure Networks Shared
[21-05-2007|15:25] C:\Program Files\Common Files\Services
[25-05-2007|10:31] C:\Program Files\Common Files\Sonic Shared
[21-05-2007|23:20] C:\Program Files\Common Files\SpeechEngines
[19-09-2008|09:10] C:\Program Files\Common Files\System
[25-08-2008|14:59] C:\Program Files\Common Files\Threeships Shared
[15-08-2008|16:50] C:\Program Files\Common Files\WindowsLiveInstaller
[24-07-2008|17:40] C:\Program Files\Common Files\Wise Installation Wizard
[0|bestand(en)] C:\Program Files\Common Files\bytes
[32|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

--------------------\\ Process

( 66 Processes )

iexplore.exe ~ [PID:1796]

--------------------\\ Zoeken met S_Lop

Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen

C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
C:\Program Files\OrbitDownloader
C:\Program Files\OrbitDownloader\addons
C:\Program Files\OrbitDownloader\banurl.ini
C:\Program Files\OrbitDownloader\changelog.txt
C:\Program Files\OrbitDownloader\download.dll
C:\Program Files\OrbitDownloader\Grab.exe
C:\Program Files\OrbitDownloader\GrabDll.dll
C:\Program Files\OrbitDownloader\GrabKernel.dll
C:\Program Files\OrbitDownloader\GrabPro.dll
C:\Program Files\OrbitDownloader\idht.dll
C:\Program Files\OrbitDownloader\Lang.ini
C:\Program Files\OrbitDownloader\language
C:\Program Files\OrbitDownloader\libeay32.dll
C:\Program Files\OrbitDownloader\orbitcth.dll
C:\Program Files\OrbitDownloader\orbitdm.exe
C:\Program Files\OrbitDownloader\orbitmxt.dll
C:\Program Files\OrbitDownloader\orbitnet.exe
C:\Program Files\OrbitDownloader\saction.dll
C:\Program Files\OrbitDownloader\siteinfo.ini
C:\Program Files\OrbitDownloader\ssleay32.dll
C:\Program Files\OrbitDownloader\unins000.dat
C:\Program Files\OrbitDownloader\unins000.exe
C:\Program Files\OrbitDownloader\update
C:\Program Files\OrbitDownloader\winfile.dll

--------------------\\ Zoeken doorheen het Register

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Nazicht van het Hosts bestand

Hosts bestand GEWIJZIGD

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 19:58:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 205

--------------------\\ Zoeken naar andere infecties

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica BeatCraft Keygen.rar
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobefireworkscs3keygenz.w.t.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobephotoshopcs2tryouttofullactivationkeygenoscaria.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Cleaning Lab 2008 Deluxe Crack.nzb
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\NewsLeecher crack.txt
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\[isoHunt]_Guitar_Pro_5.2_(FULL_with_Keygen)___RSE_Guitar___RSE_Basses___RSE_Drums!_Enjoy.torrent
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\Acoustica Beatcraft Installer.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\KEYGEN.EXE
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft v1.x Serial\keygen.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Adobe CS4\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\arobasmusicguitarprov5.0keygenbeat.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Earn Rapidshare Premium..txt
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Guitar Pro 5.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\BEAT.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\file_id.diz
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\KeyGen.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\keygen.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.zip
C:\DOCUME~1\GEBRUI~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\crack-rapidshare-time-delay-and-download-limit[1].htm
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\full-download-widi-3.3-crack-serial-torrent-keygen[1].htm
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\keygen[1].rar
C:\DOCUME~1\GEBRUI~1\Menu Start\Programma's\Image-Line\FL Studio 7\crack.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Cleaning Lab 2008 Deluxe Crack
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Finale 2009 ISO\keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.zip
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection.1\Wiej\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\[Dropbox]\My Dropbox\Public\rmxp-rmvx keygen.zip
C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\_NZB\Magix Music Maker 2006 v11.0.1.3 E-version Crack.nzb
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\arobasmusicguitarprov5.0keygenbeat.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 + crack.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 Keygen.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Magix Music Cleaning Lab 2008 Deluxe Crack.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinale2009keygenngen.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinalenotepad2009keygenedge.lnk
C:\DOCUME~1\ALLUSE~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url


[F:601][D:116]-> C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp
[F:75][D:0]-> C:\DOCUME~1\GEBRUI~1\Cookies
[F:11643][D:594]-> C:\DOCUME~1\GEBRUI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - ma 15-12-2008|20:01 - Option : [1]

--------------------\\ Scan voltooid om 20:01:31

And last, but not least, the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:52, on 15-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sttray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Frank en Rick\I-Tunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\SpamWeed\swengine.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\Nip.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Frank en Rick\I-Tunes\iTunes.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gebruiker\Menu Start\Programma's\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.ziggo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDownloader\GrabPro.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Frank en Rick\I-Tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Event Reminder.lnk = C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpamWeed.lnk = C:\Program Files\SpamWeed\swengine.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-U ... E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Xampp\apache\bin\apache.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 12836 bytes



Whew, big post. :P
Wazakindjes
Regular Member
 
Posts: 15
Joined: December 7th, 2008, 3:32 pm

Re: Keyboard Settings Keeps Changing

Unread postby jmw3 » December 16th, 2008, 7:00 pm

Illegal Software Detected
While going through your logs it has come to my attention that you have numerous cracked/illegal software & that it appears you are actively using it.
This forum's policy says we will not help people who use cracked or pirated software.

I draw your attention to this Forum's Policy on Cracked software & the User Rules:
Illegal Copies of Software
Our User Rules - Please Read
Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.
If you still want me to help you I suggest you purchase a legal copy of the software or remove the cracked software from your computer.
NOTE: If you give me advice that the software has been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are gonig to do & let me know.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Keyboard Settings Keeps Changing

Unread postby Wazakindjes » December 17th, 2008, 12:42 pm

I tried to delete as much as possible, but it's possible I missed something. Tell me if that is the case. And like an hour ago I've got a virus detected, don't remember where or what, I thought it was something with DNSChanger in it.
Wazakindjes
Regular Member
 
Posts: 15
Joined: December 7th, 2008, 3:32 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 493 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware