Free Malware Removal Forum

[jmw3]

Delete RSIT from your desktop & download it again as it's just been updated: RSIT

Once the new version has been downloaded run it following the instructions below:

• Ensure rsit.exe is on your desktop
• Click the Windows Start then Run
• Copy/paste the following into the run box & click OK

Code: Select all

"%userprofile%\desktop\rsit.exe" /info

• Click Continue at the disclaimer screen
• Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
• Copy & paste the contents of both logs in your next reply

[Wazakindjes]

log.txt:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Gebruiker at 2008-12-19 12:21:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 173 GB (57%) free of 305 GB
Total RAM: 2045 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:25, on 19-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Frank en Rick\I-Tunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpamWeed\swengine.exe
C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Norman\nse\bin\NSESVC.EXE
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Frank en Rick\I-Tunes\iTunes.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Gebruiker\bureaublad\rsit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Gebruiker\Menu Start\Programma's\HijackThis\Gebruiker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.ziggo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDownloader\GrabPro.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Frank en Rick\I-Tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Event Reminder.lnk = C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpamWeed.lnk = C:\Program Files\SpamWeed\swengine.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-U ... E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Xampp\apache\bin\apache.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 12858 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\OrbitDownloader\orbitcth.dll [2008-11-24 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17FDB9F8-DCC4-4F6A-AE07-B16018A48469}]
ThreeShips IE Helper - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll [2007-02-13 562808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-07 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\OrbitDownloader\GrabPro.dll [2008-11-24 445560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-23 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-06-23 86016]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-06-23 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Photo Downloader"=C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-16 57344]
"Norman ZANDA"=C:\Norman\Npm\Bin\ZLH.EXE [2008-06-02 277616]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"iTunesHelper"=C:\Frank en Rick\I-Tunes\iTunesHelper.exe [2007-05-26 257088]
"Ad-Aware"=C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe [2007-09-27 1162240]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-01-08 451896]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AWMON"=C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe [2007-09-26 516608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Event Reminder.lnk - C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Linksys EasyLink Advisor.lnk - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
SpamWeed.lnk - C:\Program Files\SpamWeed\swengine.exe

C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Dropbox.lnk - C:\Program Files\Dropbox\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-23 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\496FGTEB\Norman_Repair_Center[1].exe"="C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\496FGTEB\Norman_Repair_Center[1].exe:*:Enabled:Norman_Repair_Center[1]"
"C:\Frank en Rick\I-Tunes\iTunes.exe"="C:\Frank en Rick\I-Tunes\iTunes.exe:*:Enabled:iTunes"
"C:\Frank en Rick\LimeWire Pro\LimeWire.exe"="C:\Frank en Rick\LimeWire Pro\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\VentSrv\ventrilo_srv.exe"="C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Documents and Settings\Gebruiker\Bureaublad\Spelletjes\Downloads\Ventrilo Server v2.1.0\ventrilo_srv.exe"="C:\Documents and Settings\Gebruiker\Bureaublad\Spelletjes\Downloads\Ventrilo Server v2.1.0\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Frank en Rick\World of Warcraft\BackgroundDownloader.exe"="C:\Frank en Rick\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe"="C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\Program Files\Multiverse Client\bin\MultiverseClient.exe"="C:\Program Files\Multiverse Client\bin\MultiverseClient.exe:*:Enabled:Multiverse World Browser"
"C:\Program Files\SmartFTP Client 3.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 3.0\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Frank en Rick\Eclipse Evolution 2.5\Server\Eclipse_Evolution_Server.exe"="C:\Frank en Rick\Eclipse Evolution 2.5\Server\Eclipse_Evolution_Server.exe:*:Enabled:Eclipse Server Program"
"C:\Frank en Rick\Eclipse Evolution 1.0\Server\Server.exe"="C:\Frank en Rick\Eclipse Evolution 1.0\Server\Server.exe:*:Enabled:Server"
"C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Jelle\Jelle\Net Rmxp Online Server 2.1.7\Server.exe"="C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Jelle\Jelle\Net Rmxp Online Server 2.1.7\Server.exe:*:Enabled:Server"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\dmremote.exe"="C:\WINDOWS\system32\dmremote.exe:*:Enabled:dmremote"
"C:\Program Files\Xampp\apache\bin\apache.exe"="C:\Program Files\Xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
"C:\Program Files\MSN BackUp\MSNBackup.exe"="C:\Program Files\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Wamp\bin\apache\apache2.2.6\bin\httpd.exe"="C:\Program Files\Wamp\bin\apache\apache2.2.6\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Ruby\bin\ruby.exe"="C:\Program Files\Ruby\bin\ruby.exe:*:Enabled:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]"
"C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Net RMXP Online\Net Rmxp Online Server 2.0\ServerNonXP.exe"="C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Net RMXP Online\Net Rmxp Online Server 2.0\ServerNonXP.exe:*:Enabled:ServerNonXP"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\OrbitDownloader\orbitdm.exe"="C:\Program Files\OrbitDownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\OrbitDownloader\orbitnet.exe"="C:\Program Files\OrbitDownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer – beheer van externe computers"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-17 17:49:53 ----A---- C:\WINDOWS\CleaningLab.INI
2008-12-15 19:56:19 ----A---- C:\lopR.txt
2008-12-15 19:55:56 ----D---- C:\Lop SD
2008-12-15 19:51:14 ----RASHD---- C:\autorun.inf
2008-12-14 15:31:57 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-14 15:31:57 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-14 15:31:57 ----A---- C:\WINDOWS\system32\java.exe
2008-12-14 11:39:36 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-12-14 11:39:36 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-12-14 11:39:35 ----D---- C:\Documents and Settings\Gebruiker\Application Data\MegauploadToolbar
2008-12-11 16:21:28 ----D---- C:\Program Files\FLV Converter
2008-12-10 07:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 07:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 07:19:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 07:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 18:29:18 ----A---- C:\WINDOWS\19609.exe
2008-12-06 18:22:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-06 18:21:55 ----D---- C:\Program Files\AoA Audio Extractor
2008-12-06 17:20:53 ----A---- C:\WINDOWS\demdata.txt
2008-12-06 17:01:32 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Garritan
2008-12-06 17:01:29 ----D---- C:\Program Files\Plogue
2008-12-06 17:01:29 ----D---- C:\Program Files\Garritan
2008-12-06 16:58:26 ----D---- C:\Program Files\Finale 2009
2008-12-05 20:27:33 ----D---- C:\rsit
2008-12-05 20:11:59 ----D---- C:\Program Files\Trend Micro
2008-12-05 19:29:50 ----D---- C:\Program Files\vanBasco's Karaoke Player
2008-12-05 19:24:30 ----D---- C:\Program Files\TallStick
2008-12-05 16:27:37 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Samsung
2008-12-05 16:08:51 ----A---- C:\WINDOWS\system32\framedyn.dll
2008-12-05 16:08:33 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-12-03 17:07:36 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-12-03 17:07:35 ----D---- C:\Program Files\HotHotSoftware
2008-12-01 15:25:42 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-24 16:20:56 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-22 18:29:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-22 18:29:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2008-12-19 12:21:23 ----D---- C:\WINDOWS\Prefetch
2008-12-19 12:20:35 ----D---- C:\WINDOWS\Temp
2008-12-19 12:15:57 ----D---- C:\WINDOWS
2008-12-19 09:54:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-19 09:46:54 ----D---- C:\WINDOWS\system32\drivers
2008-12-19 09:45:07 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Dropbox
2008-12-19 09:44:36 ----D---- C:\Norman
2008-12-18 21:43:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-18 16:54:50 ----A---- C:\WINDOWS\MusicMaker.INI
2008-12-18 15:48:46 ----D---- C:\WINDOWS\system32
2008-12-18 11:59:57 ----HD---- C:\WINDOWS\inf
2008-12-18 11:59:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 11:59:52 ----D---- C:\WINDOWS\ie7updates
2008-12-18 11:58:31 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 11:58:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-17 18:52:24 ----A---- C:\WINDOWS\win.ini
2008-12-17 17:48:56 ----A---- C:\WINDOWS\mgxoschk.ini
2008-12-17 17:48:55 ----D---- C:\WINDOWS\system32\MAGIX
2008-12-17 17:45:46 ----D---- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-12-17 17:45:36 ----D---- C:\Program Files\MAGIX
2008-12-16 18:54:22 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Orbit
2008-12-15 06:53:52 ----HD---- C:\Config.Msi
2008-12-14 20:46:59 ----D---- C:\Temp
2008-12-14 15:31:59 ----SHD---- C:\WINDOWS\Installer
2008-12-14 15:31:55 ----D---- C:\Program Files\Java
2008-12-14 12:31:01 ----RD---- C:\Program Files
2008-12-14 12:30:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 12:30:30 ----A---- C:\WINDOWS\MegaManager.INI
2008-12-14 12:28:28 ----D---- C:\Program Files\Common Files
2008-12-14 12:23:24 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 16:08:22 ----D---- C:\Program Files\WebEx
2008-12-13 07:39:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 16:46:00 ----D---- C:\Frank en Rick
2008-12-12 07:23:52 ----D---- C:\Program Files\Internet Explorer
2008-12-11 17:02:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-11 16:13:16 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-11 15:48:11 ----D---- C:\Program Files\BitLord
2008-12-10 11:15:49 ----D---- C:\WINDOWS\system32\config
2008-12-10 11:15:29 ----D---- C:\WINDOWS\system32\wbem
2008-12-10 11:15:29 ----D---- C:\WINDOWS\Registration
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 07:46:04 ----D---- C:\WINDOWS\system32\Macromed
2008-12-07 14:07:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-06 19:39:19 ----D---- C:\Program Files\OrbitDownloader
2008-12-06 17:57:44 ----D---- C:\Downloads
2008-12-06 16:59:06 ----D---- C:\PSFONTS
2008-12-06 16:59:05 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 16:58:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-06 16:58:47 ----D---- C:\WINDOWS\WinSxS
2008-12-06 10:21:12 ----RSD---- C:\WINDOWS\assembly
2008-12-06 10:19:28 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-06 07:14:26 ----D---- C:\WINDOWS\system32\en-us
2008-12-06 07:14:24 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-05 19:35:16 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-12-05 19:35:15 ----D---- C:\Program Files\NCH Swift Sound
2008-12-05 19:33:14 ----D---- C:\WINDOWS\Help
2008-12-05 16:35:25 ----D---- C:\Program Files\SAMSUNG
2008-11-20 20:24:35 ----SD---- C:\Documents and Settings\Gebruiker\Application Data\Microsoft
2008-11-20 09:18:43 ----D---- C:\Program Files\Common Files\Adobe
2008-11-20 09:16:52 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Adobe
2008-11-20 09:14:31 ----D---- C:\Program Files\Adobe
2008-11-20 09:07:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-05 5632]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 Ndiskio;Ndiskio; \??\C:\Norman\Nse\bin\NDISKIO.SYS []
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-01-08 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-01-08 25272]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys []
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S2 CDRPDACC;Arrowkey Device Access; \??\C:\Mam\321Studios\Shared\CDRPDACC.SYS []
S3 dsreader;MaxDrive Driver (dsreader.sys); C:\WINDOWS\System32\Drivers\dsreader.sys [2001-01-02 19677]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-06-23 1095680]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SliceDisk5;SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-10-03 102400]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Norman\Npm\bin\ELOGSVC.EXE [2007-11-21 150584]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-03-31 204800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-01-08 451896]
R2 Norman ZANDA;Norman ZANDA; C:\Norman\Npm\Bin\zanda.exe [2008-04-24 429176]
R2 NVOY;Norman's Very Own supplY of resources; C:\Norman\npm\bin\nvoy.exe [2008-02-07 121912]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-15 66872]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2006-05-26 86016]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2007-05-26 501312]
R3 Norman NJeeves;Norman NJeeves; C:\Norman\Npm\Bin\Njeeves.exe [2008-05-13 203896]
R3 nsesvc;Norman Scanner Engine Service; C:\Norman\nse\bin\NSESVC.EXE [2008-06-19 322616]
R3 nvcoas;Norman Virus Control on-access component; C:\Norman\Nvc\bin\nvcoas.exe [2008-04-30 191544]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Norman\Npm\Bin\Nvcsched.exe [2007-09-18 154680]
R3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Apache2.2;Apache2.2; C:\Program Files\Xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-05 72704]
S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-02 655624]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------

info.txt:
info.txt logfile of random's system information tool 1.05 2008-12-19 12:21:28

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNIN0413.EXE -f"C:\Mam\PhotoDeluxe BE 1.0\DeIsL1.isu"
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Beatcraft-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 8.1.3 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Type Manager 4.0-->C:\WINDOWS\unin0413.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AoA Audio Extractor 1.0-->"C:\Program Files\AoA Audio Extractor\unins000.exe"
AoA MP4 Converter-->"C:\Program Files\AoA MP4 Converter\unins000.exe"
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Beveiligingsupdate for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Beveiligingsupdate voor Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Mam\Canon\ZoomBrowser EX\Program\Uninst.ini"
Citrix ICA Web Client-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Common RTP 1.0-->C:\WINDOWS\iun506.exe C:\Program Files\Enterbrain\RPG2003\RTP\\irunin.ini
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Davi-Tuin 3D DeLuxe 3-->C:\Program Files\Davilex\Shared\UNINST32.EXE C:\Mam\Davilex\DAVI-T~1\Install.log
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dropbox-->"C:\Program Files\Dropbox\uninstall.exe"
Finale 2009-->C:\Program Files\Finale 2009\uninstallFinale.exe
Firebird SQL Server - MAGIX Edition (NL)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
Garritan Instruments for Finale 2009-->"C:\Program Files\Garritan\Instruments for Finale 2009\unins000.exe"
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix voor Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix voor Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HyperCam 2-->"C:\Program Files\HyperCam\UnHyCam2.exe"
Install Creator Pro-->C:\Program Files\Install Creator Pro\Uninstal.exe
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections-->MsiExec.exe /I{F6B23E59-1240-4C20-AE0B-70658A91976A}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{6E93572D-F31E-496F-8B2F-F400B3A2BC4E}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Jewel Quest Deluxe-->"C:\Program Files\Zylom Games\Jewel Quest Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Linksys EasyLink Advisor-->"C:\Program Files\InstallShield Installation Information\{3B0819D0-501C-47A1-8122-84800ACD5F41}\setup.exe" -runfromtemp -l0x0413 -removeonly
Linksys EasyLink Advisor-->MsiExec.exe /I{3B0819D0-501C-47A1-8122-84800ACD5F41}
MAGIX Audio Cleaning Lab 14 Download version 9.0.2.0 (US)-->C:\Program Files\MAGIX\ACLab14\unwise.exe
MAGIX Music Maker 2007 (NL)-->C:\Program Files\MAGIX\MAGIX Music Maker 2007\instslct.exe
MAGIX Screenshare 4.3.6.1987 (US)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"
Microsoft .NET Framework 1.1 Dutch Language Pack-->MsiExec.exe /X{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - NLD-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - NLD\install.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Dutch Language Pack-->MsiExec.exe /X{64371D22-A18B-436E-863B-2E12DA8042FF}
Microsoft .NET Framework 3.0 Nederlands taalpakket-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Dutch Language Pack\setup.exe
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170413-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Standard Voor leerlingen, studenten en docenten-->MsiExec.exe /I{913D0413-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
MOBILedit! 2.8-->RunDll32 C:\PROGRA~1\MOBILE~1\MOBILE~1\Setup\Setup.dll,RemoveOnly
Movavi Flash Converter-->MsiExec.exe /I{ED3DA206-194C-4061-B55E-8E27170BE621}
MSN BackUp 1.3.3-->C:\Program Files\MSN BackUp\uninst.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Nero 7 Essentials-->MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1043}
Nintendo DS - GBA Max Drive-->"C:\Program Files\Datel\GBA Max Drive\unins000.exe"
Norman Ad-Aware SE Plus-->C:\PROGRA~1\Norman\NORMAN~1\UNWISE.EXE C:\PROGRA~1\Norman\NORMAN~1\INSTALL.LOG
Norman Virus Control-->C:\Norman\npm\bin\DelNvc5.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OLYMPUS CAMEDIA Master 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
Orbit Downloader-->"C:\Program Files\OrbitDownloader\unins000.exe"
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Peggle (remove only)-->C:\Program Files\Peggle\Uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PrintMaster® Platina 8.0-->C:\WINDOWS\UNIN0413.EXE -f"C:\Mam\TLCDOM~1\PRINTM~1\DeIsL1.isu" -c"C:\Mam\TLCDOM~1\PRINTM~1\psfinst.dll"
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RahJongg - The Curse of Ra-->C:\WINDOWS\uninst.exe -f"C:\Mam\Game Master\RahJongg\DeIsL1.isu" -c"C:\Mam\Game Master\RahJongg\_ISREG32.DLL"
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPG Maker 2003-->C:\WINDOWS\iun6002.exe "C:\Program Files\Enterbrain\RPG2003\irunin.ini"
RPG Maker VX RTP-->"C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe"
RPG Maker VX-->"C:\Program Files\Enterbrain\RPGVX\unins000.exe"
RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Ruby-186-26-->C:\Program Files\Ruby\uninstall.exe
SABnzbd (remove only)-->"C:\Program Files\SABnzbd\uninstall.exe"
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x13 -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0013 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Serif DrawPlus 3.0-->C:\WINDOWS\IsUn0413.exe -fC:\Spelletjes\Serif\dp30\DrawPlus_uninst.isu
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x13 -remove -removeonly
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpamWeed 2.5 rev. 366-->"C:\Program Files\SpamWeed\unins000.exe"
SpamWeed 2.7 rev. 599-->"C:\Program Files\SpamWeed\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
swf2avi 0.3-->"C:\Program Files\SWF2AVI\unins000.exe"
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
The legend of El Dorado Deluxe-->"C:\Program Files\Zylom Games\The legend of El Dorado Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Three Ships Browser Plugin-->MsiExec.exe /I{D4A2957D-5113-4722-A0A3-E7D0BF85D5D4}
Update voor Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update voor Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update voor Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VentriloMIX-->C:\FRANK EN RICK\Vent mix\Uninstal.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live aanmeldhulp-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer-->MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger-->MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (NLD)-->MsiExec.exe /X{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation NL Language Pack-->MsiExec.exe /I{A06BD059-8EDE-41F3-B91A-73C2C6811187}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Frank en Rick\Winrar\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Youtube-Download-Convert-Toolbar-->regsvr32 /u /s "C:\Program Files\Quicknation\YouTubeDownload-Convert.dll"
Zuma Deluxe-->"C:\Program Files\Zylom Games\Zuma Deluxe\GameInstaller.exe" --uninstall UnInstall.log

=====HijackThis Backups=====

O15 - Trusted Zone: http://www.download.com
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O2 - BHO: TBSB02678 Class - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - C:\PROGRA~1\QUICKN~1\YOUTUB~1.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O15 - Trusted Zone: http://www.rpgcross.nl
O20 - Winlogon Notify: byXOgggg - byXOgggg.dll (file missing)

======Hosts File======

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

======Security center information======

AV: Norman Security Suite ver. 7.00

System event log

Computer Name: CP103267-A
Event Code: 10005
Message: DCOM kreeg foutmelding '%1058' bij het starten van de NMIndexingService-service met de argumenten ''
om de server
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

Record Number: 959299
Source Name: DCOM
Time Written: 20081218162128.000000+060
Event Type: Fout
User: CP103267-A\Gebruiker

Computer Name: CP103267-A
Event Code: 10005
Message: DCOM kreeg foutmelding '%1058' bij het starten van de NMIndexingService-service met de argumenten ''
om de server
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

Record Number: 959298
Source Name: DCOM
Time Written: 20081218162108.000000+060
Event Type: Fout
User: CP103267-A\Gebruiker

Computer Name: CP103267-A
Event Code: 7036
Message: De Pml Driver HPZ12-service heeft nu de status Beëindigd.

Record Number: 959297
Source Name: Service Control Manager
Time Written: 20081218162107.000000+060
Event Type: Gegevens
User:

Computer Name: CP103267-A
Event Code: 7035
Message: De Pml Driver HPZ12-service is naar een Starten-besturingselement verzonden.

Record Number: 959296
Source Name: Service Control Manager
Time Written: 20081218162107.000000+060
Event Type: Gegevens
User: CP103267-A\Gebruiker

Computer Name: CP103267-A
Event Code: 7036
Message: De Pml Driver HPZ12-service heeft nu de status Wordt uitgevoerd.

Record Number: 959295
Source Name: Service Control Manager
Time Written: 20081218162107.000000+060
Event Type: Gegevens
User:

Application event log

Computer Name: CP103267-A
Event Code: 2570
Message: De service Adobe Active File Monitor is gestart.

Record Number: 12884
Source Name: Adobe Active File Monitor 4.0
Time Written: 20081028161421.000000+060
Event Type:
User:

Computer Name: CP103267-A
Event Code: 101
Message: msnmsgr (1800) De database-engine is gestopt.

Record Number: 12883
Source Name: ESENT
Time Written: 20081027190948.000000+060
Event Type: Gegevens
User:

Computer Name: CP103267-A
Event Code: 103
Message: msnmsgr (1800) \\.\C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Messenger\wazakindjes@hotmail.com\SharingMetadata\Working\database_5620_54C9_2054_B22B\dfsr.db: De database-engine heeft een nieuwe sessie (0) stopgezet.

Record Number: 12882
Source Name: ESENT
Time Written: 20081027190948.000000+060
Event Type: Gegevens
User:

Computer Name: CP103267-A
Event Code: 302
Message: msnmsgr (1800) \\.\C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Messenger\wazakindjes@hotmail.com\SharingMetadata\Working\database_5620_54C9_2054_B22B\dfsr.db: De database-engine heeft de herstelstappen uitgevoerd.

Record Number: 12881
Source Name: ESENT
Time Written: 20081027143458.000000+060
Event Type: Gegevens
User:

Computer Name: CP103267-A
Event Code: 301
Message: msnmsgr (1800) \\.\C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Messenger\wazakindjes@hotmail.com\SharingMetadata\Working\database_5620_54C9_2054_B22B\dfsr.db: De database-engine is begonnen met het opnieuw afspelen van logboekbestand \\.\C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Messenger\wazakindjes@hotmail.com\SharingMetadata\Working\database_5620_54C9_2054_B22B\fsr.log.

Record Number: 12880
Source Name: ESENT
Time Written: 20081027143458.000000+060
Event Type: Gegevens
User:

Security event log

Computer Name: CP103267-A
Event Code: 528
Message: Aanmelding is voltooid:

Gebruikersnaam: Lokale service

Domein: NT AUTHORITY

Aanmeldings-ID: (0x0,0x3E5)

Aanmeldingstype: 5

Aanmeldingsproces: Advapi

Verificatiepakket: Negotiate

Naam van werkstation:

Groeps-id voor aanmelden: -

Record Number: 109142
Source Name: Security
Time Written: 20081213065906.000000+060
Event Type: Controle geslaagde poging
User: NT AUTHORITY\Lokale service

Computer Name: CP103267-A
Event Code: 806
Message: Gebruikerscontrolebeleid is ververst.

Aantal elementen: 0

Beleids-id: (0x0,0x17B60)


Record Number: 109141
Source Name: Security
Time Written: 20081213065858.000000+060
Event Type: Controle geslaagde poging
User: NT AUTHORITY\SYSTEM

Computer Name: CP103267-A
Event Code: 515
Message: Er is een vertrouwd aanmeldingsproces in de LSA geregistreerd.
Dit aanmeldingsproces wordt vertrouwd om aanmeldingsaanvragen te doen.




De naam van het aanmeldingsproces is: KSecDD

Record Number: 109140
Source Name: Security
Time Written: 20081213065856.000000+060
Event Type: Controle geslaagde poging
User: NT AUTHORITY\SYSTEM

Computer Name: CP103267-A
Event Code: 515
Message: Er is een vertrouwd aanmeldingsproces in de LSA geregistreerd.
Dit aanmeldingsproces wordt vertrouwd om aanmeldingsaanvragen te doen.




De naam van het aanmeldingsproces is: LAN Manager Workstation Service

Record Number: 109139
Source Name: Security
Time Written: 20081213065856.000000+060
Event Type: Controle geslaagde poging
User: NT AUTHORITY\SYSTEM

Computer Name: CP103267-A
Event Code: 515
Message: Er is een vertrouwd aanmeldingsproces in de LSA geregistreerd.
Dit aanmeldingsproces wordt vertrouwd om aanmeldingsaanvragen te doen.




De naam van het aanmeldingsproces is: CHAP

Record Number: 109138
Source Name: Security
Time Written: 20081213065856.000000+060
Event Type: Controle geslaagde poging
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Ruby\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;%NpmLib%;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;C:\Frank en Rick\Samsung
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.RB;.RBW
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"NpmLib"=C:\Norman\Npm\Bin
"RUBYOPT"=-rubygems
"INPUTRC"=C:\Program Files\Ruby\bin\inputrc.euro

-----------------EOF-----------------

[jmw3]

LopScript
Highlight the contents of the Code Box below by clicking Select All then right-click and choose Copy

Code: Select all

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
C:\DOCUME~1\GEBRUI~1\APPLIC~1\Adobe
C:\DOCUME~1\GEBRUI~1\APPLIC~1\LimeWire
C:\DOCUME~1\GEBRUI~1\APPLIC~1\NewsLeecher
C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
C:\Program Files\Acoustica Beatcraft
C:\Program Files\Acoustica Shared Effects
C:\Program Files\Adobe
C:\Program Files\Adobe Type Manager
C:\Program Files\BitComet
C:\Program Files\BitLord
C:\Program Files\Finale 2009
C:\Program Files\Guitar Pro 5
C:\Program Files\Common Files\Adobe
C:\Program Files\Common Files\Adobe AIR
C:\Program Files\Common Files\Adobe Systems Shared
C:\Program Files\Common Files\MAGIX Shared
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica BeatCraft Keygen.rar
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobefireworkscs3keygenz.w.t.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobephotoshopcs2tryouttofullactivationkeygenoscaria.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Cleaning Lab 2008 Deluxe Crack.nzb
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\NewsLeecher crack.txt
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\[isoHunt]_Guitar_Pro_5.2_(FULL_with_Keygen)___RSE_Guitar___RSE_Basses___RSE_Drums!_Enjoy.torrent
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\Acoustica Beatcraft Installer.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\KEYGEN.EXE
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft v1.x Serial\keygen.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Adobe CS4\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\arobasmusicguitarprov5.0keygenbeat.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Earn Rapidshare Premium..txt
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Guitar Pro 5.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\BEAT.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\file_id.diz
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\KeyGen.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\keygen.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.zip
C:\DOCUME~1\GEBRUI~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\crack-rapidshare-time-delay-and-download-limit[1].htm
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\full-download-widi-3.3-crack-serial-torrent-keygen[1].htm
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\keygen[1].rar
C:\DOCUME~1\GEBRUI~1\Menu Start\Programma's\Image-Line\FL Studio 7\crack.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Cleaning Lab 2008 Deluxe Crack
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Finale 2009 ISO\keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.zip
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection.1\Wiej\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\[Dropbox]\My Dropbox\Public\rmxp-rmvx keygen.zip
C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\_NZB\Magix Music Maker 2006 v11.0.1.3 E-version Crack.nzb
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\arobasmusicguitarprov5.0keygenbeat.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 + crack.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 Keygen.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Magix Music Cleaning Lab 2008 Deluxe Crack.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinale2009keygenngen.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinalenotepad2009keygenedge.lnk
C:\DOCUME~1\ALLUSE~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url

Double click LopSD.exe to start the program

• Choose the language by typing the corresponding letter and press Enter
• Click OK at the informative window
• Type 4 to choose Option 4 (LopScript), then press Enter
• A blank page will open, right-click in it & choose Paste
• Close the page, you'll be asked to save it, click Save
• Don't close the window during suppression!
• Wait until the end of the scan
• A report will be generated, post the contents of it in your next reply

(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

To post in next reply:
Lop SD log
New HijackThis log
Let me know how the computer is running

[Wazakindjes]

LopSD log:

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.20GHz )
BIOS : Default System BIOS
USER : Gebruiker ( Administrator )
BOOT : Normal boot
Antivirus : Norman Security Suite ver. 7.00 7.00 (Activated)
C:\ (Local Disk) - NTFS - Total:298 Go (Free:186 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [4] ( za 20-12-2008|21:22 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
C:\DOCUME~1\GEBRUI~1\APPLIC~1\Adobe
C:\DOCUME~1\GEBRUI~1\APPLIC~1\LimeWire
C:\DOCUME~1\GEBRUI~1\APPLIC~1\NewsLeecher
C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
C:\Program Files\Acoustica Beatcraft
C:\Program Files\Acoustica Shared Effects
C:\Program Files\Adobe
C:\Program Files\Adobe Type Manager
C:\Program Files\BitComet
C:\Program Files\BitLord
C:\Program Files\Finale 2009
C:\Program Files\Guitar Pro 5
C:\Program Files\Common Files\Adobe
C:\Program Files\Common Files\Adobe AIR
C:\Program Files\Common Files\Adobe Systems Shared
C:\Program Files\Common Files\MAGIX Shared
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica BeatCraft Keygen.rar
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobefireworkscs3keygenz.w.t.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobephotoshopcs2tryouttofullactivationkeygenoscaria.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Cleaning Lab 2008 Deluxe Crack.nzb
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\NewsLeecher crack.txt
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\[isoHunt]_Guitar_Pro_5.2_(FULL_with_Keygen)___RSE_Guitar___RSE_Basses___RSE_Drums!_Enjoy.torrent
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\Acoustica Beatcraft Installer.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\KEYGEN.EXE
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft v1.x Serial\keygen.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Adobe CS4\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\arobasmusicguitarprov5.0keygenbeat.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Earn Rapidshare Premium..txt
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Guitar Pro 5.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\BEAT.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\file_id.diz
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\KeyGen.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\keygen.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.zip
C:\DOCUME~1\GEBRUI~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\crack-rapidshare-time-delay-and-download-limit[1].htm
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\full-download-widi-3.3-crack-serial-torrent-keygen[1].htm
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\keygen[1].rar
C:\DOCUME~1\GEBRUI~1\Menu Start\Programma's\Image-Line\FL Studio 7\crack.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Cleaning Lab 2008 Deluxe Crack
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Finale 2009 ISO\keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.zip
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection.1\Wiej\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\[Dropbox]\My Dropbox\Public\rmxp-rmvx keygen.zip
C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\_NZB\Magix Music Maker 2006 v11.0.1.3 E-version Crack.nzb
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\arobasmusicguitarprov5.0keygenbeat.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 + crack.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 Keygen.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Magix Music Cleaning Lab 2008 Deluxe Crack.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinale2009keygenngen.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinalenotepad2009keygenedge.lnk
C:\DOCUME~1\ALLUSE~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ HERSTEL

... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica BeatCraft Keygen.rar -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobefireworkscs3keygenz.w.t.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobephotoshopcs2tryouttofullactivationkeygenoscaria.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Cleaning Lab 2008 Deluxe Crack.nzb -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\NewsLeecher crack.txt -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\[isoHunt]_Guitar_Pro_5.2_(FULL_with_Keygen)___RSE_Guitar___RSE_Basses___RSE_Drums!_Enjoy.torrent -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\Acoustica Beatcraft Installer.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\KEYGEN.EXE -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft v1.x Serial\keygen.nfo -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Adobe CS4\Adobe CS4 Master Collection Keygen.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\arobasmusicguitarprov5.0keygenbeat.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Earn Rapidshare Premium..txt -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Guitar Pro 5.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\BEAT.nfo -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\file_id.diz -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\KeyGen.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\keygen.nfo -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url -> bestaat niet !
Verwijderd ! - C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\crack-rapidshare-time-delay-and-download-limit[1].htm
Verwijderd ! - C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\full-download-widi-3.3-crack-serial-torrent-keygen[1].htm
... C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\keygen[1].rar -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Menu Start\Programma's\Image-Line\FL Studio 7\crack.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Finale 2009 ISO\keygen.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection.1\Wiej\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\[Dropbox]\My Dropbox\Public\rmxp-rmvx keygen.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\_NZB\Magix Music Maker 2006 v11.0.1.3 E-version Crack.nzb -> bestaat niet !
Verwijderd ! - C:\DOCUME~1\GEBRUI~1\Onlangs geopend\arobasmusicguitarprov5.0keygenbeat.lnk
Verwijderd ! - C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 + crack.lnk
Verwijderd ! - C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 Keygen.lnk
Verwijderd ! - C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Magix Music Cleaning Lab 2008 Deluxe Crack.lnk
... C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinale2009keygenngen.lnk -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinalenotepad2009keygenedge.lnk -> bestaat niet !
... C:\DOCUME~1\ALLUSE~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url -> bestaat niet !
Mislukt ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
Verwijderd ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
Verwijderd ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
Verwijderd ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
Mislukt ! - C:\DOCUME~1\GEBRUI~1\APPLIC~1\Adobe
Verwijderd ! - C:\DOCUME~1\GEBRUI~1\APPLIC~1\LimeWire
Verwijderd ! - C:\DOCUME~1\GEBRUI~1\APPLIC~1\NewsLeecher
Verwijderd ! - C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
Verwijderd ! - C:\Program Files\Acoustica Beatcraft
Verwijderd ! - C:\Program Files\Acoustica Shared Effects
Verwijderd ! - C:\Program Files\Adobe
Verwijderd ! - C:\Program Files\Adobe Type Manager
Verwijderd ! - C:\Program Files\BitComet
Verwijderd ! - C:\Program Files\BitLord
Verwijderd ! - C:\Program Files\Finale 2009
Verwijderd ! - C:\Program Files\Guitar Pro 5
Mislukt ! - C:\Program Files\Common Files\Adobe
Verwijderd ! - C:\Program Files\Common Files\Adobe AIR
Verwijderd ! - C:\Program Files\Common Files\Adobe Systems Shared
Verwijderd ! - C:\Program Files\Common Files\MAGIX Shared
Verwijderd ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
Verwijderd ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Cleaning Lab 2008 Deluxe Crack -> bestaat niet !
Verwijderd ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4
Verwijderd ! - C:\Program Files\OrbitDownloader\addons
Verwijderd ! - C:\Program Files\OrbitDownloader\banurl.ini
Verwijderd ! - C:\Program Files\OrbitDownloader\changelog.txt
Verwijderd ! - C:\Program Files\OrbitDownloader\download.dll
Verwijderd ! - C:\Program Files\OrbitDownloader\Grab.exe
Verwijderd ! - C:\Program Files\OrbitDownloader\GrabDll.dll
Verwijderd ! - C:\Program Files\OrbitDownloader\GrabKernel.dll
Verwijderd ! - C:\Program Files\OrbitDownloader\GrabPro.dll
Verwijderd ! - C:\Program Files\OrbitDownloader\idht.dll
Verwijderd ! - C:\Program Files\OrbitDownloader\Lang.ini
Verwijderd ! - C:\Program Files\OrbitDownloader\language
Verwijderd ! - C:\Program Files\OrbitDownloader\libeay32.dll
Verwijderd ! - C:\Program Files\OrbitDownloader\orbitcth.dll
Verwijderd ! - C:\Program Files\OrbitDownloader\orbitdm.exe
Verwijderd ! - C:\Program Files\OrbitDownloader\orbitmxt.dll
Verwijderd ! - C:\Program Files\OrbitDownloader\orbitnet.exe
Verwijderd ! - C:\Program Files\OrbitDownloader\saction.dll
Verwijderd ! - C:\Program Files\OrbitDownloader\siteinfo.ini
Verwijderd ! - C:\Program Files\OrbitDownloader\ssleay32.dll
Verwijderd ! - C:\Program Files\OrbitDownloader\unins000.dat
Verwijderd ! - C:\Program Files\OrbitDownloader\unins000.exe
Verwijderd ! - C:\Program Files\OrbitDownloader\update
Verwijderd ! - C:\Program Files\OrbitDownloader\winfile.dll
Verwijderd ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
Verwijderd ! - C:\Program Files\OrbitDownloader
-
[ Hosts bestand ] .. Hersteld !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ TWEEDE NAZICHT

... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica BeatCraft Keygen.rar -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobefireworkscs3keygenz.w.t.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobephotoshopcs2tryouttofullactivationkeygenoscaria.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Cleaning Lab 2008 Deluxe Crack.nzb -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\NewsLeecher crack.txt -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\[isoHunt]_Guitar_Pro_5.2_(FULL_with_Keygen)___RSE_Guitar___RSE_Basses___RSE_Drums!_Enjoy.torrent -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\Acoustica Beatcraft Installer.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\KEYGEN.EXE -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft v1.x Serial\keygen.nfo -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Adobe CS4\Adobe CS4 Master Collection Keygen.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\arobasmusicguitarprov5.0keygenbeat.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Earn Rapidshare Premium..txt -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Guitar Pro 5.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\BEAT.nfo -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\file_id.diz -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\KeyGen.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\keygen.nfo -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\crack-rapidshare-time-delay-and-download-limit[1].htm -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\full-download-widi-3.3-crack-serial-torrent-keygen[1].htm -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\keygen[1].rar -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Menu Start\Programma's\Image-Line\FL Studio 7\crack.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Finale 2009 ISO\keygen.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection.1\Wiej\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\[Dropbox]\My Dropbox\Public\rmxp-rmvx keygen.zip -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\_NZB\Magix Music Maker 2006 v11.0.1.3 E-version Crack.nzb -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Onlangs geopend\arobasmusicguitarprov5.0keygenbeat.lnk -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 + crack.lnk -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 Keygen.lnk -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Magix Music Cleaning Lab 2008 Deluxe Crack.lnk -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinale2009keygenngen.lnk -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinalenotepad2009keygenedge.lnk -> bestaat niet !
... C:\DOCUME~1\ALLUSE~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url -> bestaat niet !
Mislukt ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems -> bestaat niet !
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX -> bestaat niet !
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! -> bestaat niet !
Mislukt ! - C:\DOCUME~1\GEBRUI~1\APPLIC~1\Adobe
... C:\DOCUME~1\GEBRUI~1\APPLIC~1\LimeWire -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\APPLIC~1\NewsLeecher -> bestaat niet !
... C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe -> bestaat niet !
... C:\Program Files\Acoustica Beatcraft -> bestaat niet !
... C:\Program Files\Acoustica Shared Effects -> bestaat niet !
... C:\Program Files\Adobe -> bestaat niet !
... C:\Program Files\Adobe Type Manager -> bestaat niet !
... C:\Program Files\BitComet -> bestaat niet !
... C:\Program Files\BitLord -> bestaat niet !
... C:\Program Files\Finale 2009 -> bestaat niet !
... C:\Program Files\Guitar Pro 5 -> bestaat niet !
Mislukt ! - C:\Program Files\Common Files\Adobe
... C:\Program Files\Common Files\Adobe AIR -> bestaat niet !
... C:\Program Files\Common Files\Adobe Systems Shared -> bestaat niet !
... C:\Program Files\Common Files\MAGIX Shared -> bestaat niet !
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch -> bestaat niet !
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack -> bestaat niet !
... C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Cleaning Lab 2008 Deluxe Crack -> bestaat niet !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Beschrijving van mappen in APPLIC~1

[20-12-2008|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[21-05-2007|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[25-05-2007|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15-10-2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[22-05-2007|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[14-12-2008|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EmailNotifier
[02-11-2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[20-12-2008|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[25-05-2007|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[24-11-2008|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[10-07-2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Linksys
[25-07-2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14-12-2008|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Megaupload
[23-08-2008|05:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12-04-2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[05-12-2008|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[12-07-2008|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[15-08-2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NewsBin
[25-05-2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NPF
[25-05-2007|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[15-08-2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[05-01-2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[23-06-2007|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OLYMPUS
[22-07-2008|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[10-07-2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
[12-09-2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25-05-2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[22-11-2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[24-07-2008|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[11-12-2008|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[08-05-2008|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[21-05-2007|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14-08-2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[26-05-2007|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[36|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar

[11-02-2008|19:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[21-05-2007|15:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[14-12-2008|15:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[5|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

[20-12-2008|21:23] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Adobe
[12-07-2008|22:25] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Ahead
[25-05-2007|14:50] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Apple Computer
[24-05-2007|07:57] C:\DOCUME~1\GEBRUI~1\APPLIC~1\CyberLink
[16-07-2007|14:07] C:\DOCUME~1\GEBRUI~1\APPLIC~1\DivX
[20-12-2008|21:03] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Dropbox
[22-06-2007|00:28] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Eyeblaster
[30-08-2008|22:10] C:\DOCUME~1\GEBRUI~1\APPLIC~1\FLV Extract
[30-07-2008|15:44] C:\DOCUME~1\GEBRUI~1\APPLIC~1\fretsonfire
[06-12-2008|17:01] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Garritan
[24-08-2007|06:26] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Google
[15-08-2008|16:50] C:\DOCUME~1\GEBRUI~1\APPLIC~1\GrabIt
[09-11-2008|12:23] C:\DOCUME~1\GEBRUI~1\APPLIC~1\GrabPro
[30-05-2007|19:33] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Help
[19-05-2008|19:01] C:\DOCUME~1\GEBRUI~1\APPLIC~1\HP
[02-01-2008|20:13] C:\DOCUME~1\GEBRUI~1\APPLIC~1\ICAClient
[08-05-2008|15:02] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Identities
[19-07-2007|10:34] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Macromedia
[25-07-2008|10:33] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Malwarebytes
[14-12-2008|11:39] C:\DOCUME~1\GEBRUI~1\APPLIC~1\MegauploadToolbar
[20-11-2008|20:24] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Microsoft
[11-08-2008|16:49] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Music Recognition
[01-04-2008|17:32] C:\DOCUME~1\GEBRUI~1\APPLIC~1\NCH Swift Sound
[19-05-2008|22:05] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Norman
[14-07-2007|08:54] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Opera
[16-12-2008|18:54] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Orbit
[22-07-2008|17:38] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Propellerhead Software
[05-12-2008|16:27] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Samsung
[15-07-2008|19:33] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Skype
[01-06-2007|17:34] C:\DOCUME~1\GEBRUI~1\APPLIC~1\SmartFTP
[13-06-2007|09:28] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Sun
[24-07-2008|17:41] C:\DOCUME~1\GEBRUI~1\APPLIC~1\SUPERAntiSpyware.com
[28-04-2008|13:56] C:\DOCUME~1\GEBRUI~1\APPLIC~1\teamspeak2
[17-11-2008|17:51] C:\DOCUME~1\GEBRUI~1\APPLIC~1\TeamViewer
[19-06-2007|15:58] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Ventrilo
[15-08-2008|16:50] C:\DOCUME~1\GEBRUI~1\APPLIC~1\WinRAR
[15-08-2008|16:49] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Xfire
[04-10-2007|09:03] C:\DOCUME~1\GEBRUI~1\APPLIC~1\XLAB ISL Plugins
[08-05-2008|15:02] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\GEBRUI~1\APPLIC~1\bytes
[41|map(pen)] C:\DOCUME~1\GEBRUI~1\APPLIC~1\bytes beschikbaar

[11-08-2008|09:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[21-05-2007|15:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[4|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

[21-05-2007|15:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

--------------------\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

[05-11-2008 07:41][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[20-12-2008 16:00][--a------] C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[20-12-2008 21:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02-03-2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Beschrijving van mappen in C:\Program Files

[06-12-2008|18:22] C:\Program Files\AoA Audio Extractor
[30-05-2007|06:41] C:\Program Files\Apple Software Update
[12-01-2008|13:28] C:\Program Files\ASIO4ALL v2
[16-08-2008|18:00] C:\Program Files\Beatbox Demo
[08-05-2008|14:02] C:\Program Files\BFG
[01-07-2007|23:17] C:\Program Files\Canon
[02-01-2008|12:41] C:\Program Files\Citrix
[20-12-2008|21:26] C:\Program Files\Common Files
[21-05-2007|15:25] C:\Program Files\ComPlus Applications
[30-08-2008|22:00] C:\Program Files\Cucusoft
[22-05-2007|07:43] C:\Program Files\CyberLink
[17-08-2007|17:13] C:\Program Files\Datel
[15-08-2008|16:50] C:\Program Files\Davilex
[21-09-2008|18:35] C:\Program Files\DBP
[03-06-2007|06:14] C:\Program Files\directx
[15-08-2008|16:49] C:\Program Files\DiskInternals
[05-10-2007|17:34] C:\Program Files\DivX
[30-10-2008|17:26] C:\Program Files\Dropbox
[15-08-2008|16:49] C:\Program Files\Enterbrain
[15-08-2008|16:50] C:\Program Files\File Extension Changer
[11-12-2008|16:21] C:\Program Files\FLV Converter
[06-12-2008|17:01] C:\Program Files\Garritan
[24-08-2007|06:25] C:\Program Files\Google
[03-12-2008|17:07] C:\Program Files\HotHotSoftware
[24-08-2008|20:47] C:\Program Files\HP
[25-09-2008|18:00] C:\Program Files\HyperCam
[15-08-2008|15:05] C:\Program Files\Image-Line
[10-09-2008|19:55] C:\Program Files\Install Creator Pro
[14-12-2008|12:30] C:\Program Files\InstallShield Installation Information
[21-05-2007|15:40] C:\Program Files\Intel
[12-12-2008|07:23] C:\Program Files\Internet Explorer
[30-05-2007|06:44] C:\Program Files\iPod
[01-04-2008|17:24] C:\Program Files\IrfanView
[14-12-2008|15:31] C:\Program Files\Java
[10-07-2008|12:27] C:\Program Files\Linksys
[11-01-2008|23:37] C:\Program Files\LizardTech
[15-08-2008|16:50] C:\Program Files\MagicISO
[17-12-2008|17:45] C:\Program Files\MAGIX
[16-11-2008|21:13] C:\Program Files\Malwarebytes' Anti-Malware
[19-09-2008|09:16] C:\Program Files\Messenger
[15-08-2008|16:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21-05-2007|15:27] C:\Program Files\microsoft frontpage
[03-10-2008|14:51] C:\Program Files\Microsoft Office
[01-06-2007|17:42] C:\Program Files\Microsoft Office Frontpage 2003
[25-05-2007|13:34] C:\Program Files\Microsoft Visual Studio
[02-11-2008|17:11] C:\Program Files\Microsoft Works
[01-06-2007|17:42] C:\Program Files\Microsoft.NET
[09-06-2008|19:57] C:\Program Files\MobilEdit
[09-10-2007|19:03] C:\Program Files\Movavi Flash Converter
[19-09-2008|09:12] C:\Program Files\Movie Maker
[15-08-2008|16:50] C:\Program Files\MP3 WAV WMA Converter
[22-05-2007|08:04] C:\Program Files\MSBuild
[03-10-2008|14:50] C:\Program Files\MSECache
[04-09-2008|14:28] C:\Program Files\MSN BackUp
[21-05-2007|15:24] C:\Program Files\MSN Gaming Zone
[21-05-2007|15:36] C:\Program Files\MSXML 4.0
[22-05-2007|08:06] C:\Program Files\MSXML 6.0
[07-03-2008|18:32] C:\Program Files\Multiverse Client
[07-03-2008|18:32] C:\Program Files\Multiverse Tools
[12-04-2008|19:58] C:\Program Files\NCH Software
[05-12-2008|19:35] C:\Program Files\NCH Swift Sound
[12-07-2008|22:13] C:\Program Files\Nero
[19-09-2008|09:10] C:\Program Files\NetMeeting
[15-08-2008|16:47] C:\Program Files\NewsBin
[19-05-2008|22:05] C:\Program Files\Norman
[21-05-2007|15:26] C:\Program Files\Online Services
[19-09-2008|09:10] C:\Program Files\Outlook Express
[08-05-2008|14:18] C:\Program Files\Peggle
[06-12-2008|17:01] C:\Program Files\Plogue
[30-05-2007|06:43] C:\Program Files\QuickTime
[03-02-2008|19:15] C:\Program Files\Rapidown
[22-05-2007|08:01] C:\Program Files\Reference Assemblies
[28-08-2008|12:46] C:\Program Files\Ruby
[16-08-2008|18:14] C:\Program Files\SABnzbd
[05-12-2008|16:35] C:\Program Files\SAMSUNG
[25-05-2007|19:48] C:\Program Files\Serif
[21-05-2007|15:42] C:\Program Files\SigmaTel
[12-09-2007|22:24] C:\Program Files\Skype
[15-08-2008|16:48] C:\Program Files\SmartFTP Client
[22-05-2008|08:34] C:\Program Files\SpamWeed
[23-11-2008|10:38] C:\Program Files\Spybot - Search & Destroy
[24-07-2008|17:40] C:\Program Files\SUPERAntiSpyware
[05-10-2007|18:27] C:\Program Files\SWF2AVI
[16-07-2007|09:58] C:\Program Files\SystemRequirementsLab
[05-12-2008|19:31] C:\Program Files\TallStick
[17-11-2008|17:47] C:\Program Files\TeamViewer3
[10-01-2008|19:55] C:\Program Files\The Game Creators
[05-12-2008|20:11] C:\Program Files\Trend Micro
[16-08-2008|19:38] C:\Program Files\UltraGet Video Downloader
[21-05-2007|15:30] C:\Program Files\Uninstall Information
[05-12-2008|19:41] C:\Program Files\vanBasco's Karaoke Player
[03-08-2007|13:41] C:\Program Files\VentSrv
[16-02-2008|12:36] C:\Program Files\VstPlugins
[01-09-2008|19:51] C:\Program Files\Wamp
[25-05-2007|19:55] C:\Program Files\Web Publish
[13-12-2008|16:08] C:\Program Files\WebEx
[12-10-2008|17:54] C:\Program Files\Windows Live
[25-05-2007|12:01] C:\Program Files\Windows Media Connect 2
[19-09-2008|09:10] C:\Program Files\Windows Media Player
[19-09-2008|09:10] C:\Program Files\Windows NT
[21-05-2007|15:26] C:\Program Files\WindowsUpdate
[15-08-2008|16:49] C:\Program Files\Xampp
[21-05-2007|15:27] C:\Program Files\xerox
[08-04-2008|20:49] C:\Program Files\Xfire
[04-10-2007|15:38] C:\Program Files\XLAB ISL Boot
[08-05-2008|15:01] C:\Program Files\Zylom Games
[0|bestand(en)] C:\Program Files\bytes
[108|map(pen)] C:\Program Files\bytes beschikbaar

--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files

[20-12-2008|21:26] C:\Program Files\Common Files\Adobe
[12-07-2008|22:21] C:\Program Files\Common Files\Ahead
[10-01-2008|20:08] C:\Program Files\Common Files\Bcgsoft
[01-07-2007|23:11] C:\Program Files\Common Files\Canon
[25-05-2007|13:34] C:\Program Files\Common Files\Designer
[26-06-2008|13:44] C:\Program Files\Common Files\Enterbrain
[25-05-2007|10:25] C:\Program Files\Common Files\Hewlett-Packard
[25-05-2007|10:30] C:\Program Files\Common Files\HP
[30-05-2008|22:43] C:\Program Files\Common Files\INCA Shared
[15-08-2008|14:52] C:\Program Files\Common Files\InstallShield
[24-05-2007|07:55] C:\Program Files\Common Files\LightScribe
[20-01-2008|07:49] C:\Program Files\Common Files\Macrovision Shared
[06-12-2008|16:58] C:\Program Files\Common Files\Microsoft Shared
[09-10-2007|19:03] C:\Program Files\Common Files\MOVAVI
[21-05-2007|15:25] C:\Program Files\Common Files\MSSoap
[21-05-2007|16:23] C:\Program Files\Common Files\Nero
[21-05-2007|23:20] C:\Program Files\Common Files\ODBC
[04-12-2007|07:29] C:\Program Files\Common Files\Previews
[10-07-2008|12:29] C:\Program Files\Common Files\Pure Networks Shared
[21-05-2007|15:25] C:\Program Files\Common Files\Services
[25-05-2007|10:31] C:\Program Files\Common Files\Sonic Shared
[21-05-2007|23:20] C:\Program Files\Common Files\SpeechEngines
[19-09-2008|09:10] C:\Program Files\Common Files\System
[25-08-2008|14:59] C:\Program Files\Common Files\Threeships Shared
[15-08-2008|16:50] C:\Program Files\Common Files\WindowsLiveInstaller
[24-07-2008|17:40] C:\Program Files\Common Files\Wise Installation Wizard
[0|bestand(en)] C:\Program Files\Common Files\bytes
[28|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

--------------------\\ Process

( 64 Processes )

... OK !

--------------------\\ Zoeken met S_Lop

Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen

Geen Lop mappen gevonden !

--------------------\\ Zoeken doorheen het Register

..... OK !

--------------------\\ Nazicht van het Hosts bestand

Hosts bestand IN ORDE


--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 21:28:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 205

--------------------\\ Zoeken naar andere infecties

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ALLUSE~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ. http://WWW.C.url


[F:889][D:120]-> C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp
[F:156][D:0]-> C:\DOCUME~1\GEBRUI~1\Cookies
[F:10259][D:594]-> C:\DOCUME~1\GEBRUI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - ma 15-12-2008|20:01 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - za 20-12-2008|21:31 - Option : [4]

--------------------\\ Scan voltooid om 21:31:19


HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:29, on 20-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Frank en Rick\I-Tunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpamWeed\swengine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Frank en Rick\I-Tunes\iTunes.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Gebruiker\Menu Start\Programma's\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.ziggo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDownloader\orbitcth.dll (file missing)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDownloader\GrabPro.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Frank en Rick\I-Tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Event Reminder.lnk = C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpamWeed.lnk = C:\Program Files\SpamWeed\swengine.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-U ... E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Xampp\apache\bin\apache.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 12914 bytes

How the computer is running:
Yesterday the repeat-speed changed again, so it's still there. No other virus reports.

EDIT: Couldn't you say it would remove my programs?

[jmw3]

EDIT: Couldn't you say it would remove my programs?

I refer you back to my post regarding cracked / illegal software. No apologies for removing those programs.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program
up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 11.
JavaRa
Download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program
• From the drop-down menu, choose English and click on Select
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK
• A logfile will pop up. Save it to a convenient location
• Click on Additional Tasks then tick Remove Useless JRE Files
• Click Go then OK when prompted & close the program.

Update Java Runtime

• Go to http://java.sun.com/javase/downloads/index.jsp
• Scroll down to Java Runtime Environment (JRE) 6 Update 11 and click on the Download button
• In the Platform box choose Windows
• Check the box to Accept License Agreement and click Continue
• Click on Windows Offline Installation, click on the link under it which says "jre-6u11-windows-i586-p.exe" and save the downloaded file to your desktop
• Install the new version by running the downloaded file with the Java icon & follow the on-screen instructions
• Reboot your computer

Random's System Information Tool (RSIT)

• Double click on RSIT.exe to run the tool
• Click Continue at the disclaimer screen
• Once it has finished, post the contents of log.txt in your next reply

Kaspersky Online Scan
Please use Internet Explorer for this scan
Do an online scan with >Kaspersky Online Scanner<

• Read through the requirements and privacy statement and click on Accept button
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
• When the downloads have finished, click on Settings
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan
• Once the scan is complete, it will display the results. Click on View Scan Report
• You will see a list of infected items there. Click on Save Report As...
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
• Please post this log in your next reply

To post in next reply:
RSIT log (just log.txt)
Kaspersky scan log

[Wazakindjes]

RSIT log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Gebruiker at 2008-12-21 17:17:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 202 GB (66%) free of 305 GB
Total RAM: 2045 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:25, on 21-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Frank en Rick\I-Tunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\SpamWeed\swengine.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Frank en Rick\I-Tunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Gebruiker\Bureaublad\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Gebruiker\Menu Start\Programma's\HijackThis\Gebruiker.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.ziggo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDownloader\orbitcth.dll (file missing)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDownloader\GrabPro.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Frank en Rick\I-Tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Event Reminder.lnk = C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpamWeed.lnk = C:\Program Files\SpamWeed\swengine.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-U ... E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Xampp\apache\bin\apache.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 12986 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\OrbitDownloader\orbitcth.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17FDB9F8-DCC4-4F6A-AE07-B16018A48469}]
ThreeShips IE Helper - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll [2007-02-13 562808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-07 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\OrbitDownloader\GrabPro.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-23 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-06-23 86016]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-06-23 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Photo Downloader"=C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-16 57344]
"Norman ZANDA"=C:\Norman\Npm\Bin\ZLH.EXE [2008-06-02 277616]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"iTunesHelper"=C:\Frank en Rick\I-Tunes\iTunesHelper.exe [2007-05-26 257088]
"Ad-Aware"=C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe [2007-09-27 1162240]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-01-08 451896]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AWMON"=C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe [2007-09-26 516608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Event Reminder.lnk - C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Linksys EasyLink Advisor.lnk - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
SpamWeed.lnk - C:\Program Files\SpamWeed\swengine.exe

C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Dropbox.lnk - C:\Program Files\Dropbox\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-23 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\496FGTEB\Norman_Repair_Center[1].exe"="C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\496FGTEB\Norman_Repair_Center[1].exe:*:Enabled:Norman_Repair_Center[1]"
"C:\Frank en Rick\I-Tunes\iTunes.exe"="C:\Frank en Rick\I-Tunes\iTunes.exe:*:Enabled:iTunes"
"C:\Frank en Rick\LimeWire Pro\LimeWire.exe"="C:\Frank en Rick\LimeWire Pro\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\VentSrv\ventrilo_srv.exe"="C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Documents and Settings\Gebruiker\Bureaublad\Spelletjes\Downloads\Ventrilo Server v2.1.0\ventrilo_srv.exe"="C:\Documents and Settings\Gebruiker\Bureaublad\Spelletjes\Downloads\Ventrilo Server v2.1.0\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Frank en Rick\World of Warcraft\BackgroundDownloader.exe"="C:\Frank en Rick\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe"="C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\Program Files\Multiverse Client\bin\MultiverseClient.exe"="C:\Program Files\Multiverse Client\bin\MultiverseClient.exe:*:Enabled:Multiverse World Browser"
"C:\Program Files\SmartFTP Client 3.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 3.0\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Frank en Rick\Eclipse Evolution 2.5\Server\Eclipse_Evolution_Server.exe"="C:\Frank en Rick\Eclipse Evolution 2.5\Server\Eclipse_Evolution_Server.exe:*:Enabled:Eclipse Server Program"
"C:\Frank en Rick\Eclipse Evolution 1.0\Server\Server.exe"="C:\Frank en Rick\Eclipse Evolution 1.0\Server\Server.exe:*:Enabled:Server"
"C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Jelle\Jelle\Net Rmxp Online Server 2.1.7\Server.exe"="C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Jelle\Jelle\Net Rmxp Online Server 2.1.7\Server.exe:*:Enabled:Server"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\dmremote.exe"="C:\WINDOWS\system32\dmremote.exe:*:Enabled:dmremote"
"C:\Program Files\Xampp\apache\bin\apache.exe"="C:\Program Files\Xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
"C:\Program Files\MSN BackUp\MSNBackup.exe"="C:\Program Files\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Wamp\bin\apache\apache2.2.6\bin\httpd.exe"="C:\Program Files\Wamp\bin\apache\apache2.2.6\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Ruby\bin\ruby.exe"="C:\Program Files\Ruby\bin\ruby.exe:*:Enabled:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]"
"C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Net RMXP Online\Net Rmxp Online Server 2.0\ServerNonXP.exe"="C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Net RMXP Online\Net Rmxp Online Server 2.0\ServerNonXP.exe:*:Enabled:ServerNonXP"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\OrbitDownloader\orbitdm.exe"="C:\Program Files\OrbitDownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\OrbitDownloader\orbitnet.exe"="C:\Program Files\OrbitDownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer – beheer van externe computers"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-17 17:49:53 ----A---- C:\WINDOWS\CleaningLab.INI
2008-12-15 19:56:19 ----A---- C:\lopR.txt
2008-12-15 19:55:56 ----D---- C:\Lop SD
2008-12-15 19:51:14 ----RASHD---- C:\autorun.inf
2008-12-14 15:31:57 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-14 15:31:57 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-14 15:31:57 ----A---- C:\WINDOWS\system32\java.exe
2008-12-14 11:39:36 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-12-14 11:39:36 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-12-14 11:39:35 ----D---- C:\Documents and Settings\Gebruiker\Application Data\MegauploadToolbar
2008-12-11 16:21:28 ----D---- C:\Program Files\FLV Converter
2008-12-10 07:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 07:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 07:19:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 07:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 18:29:18 ----A---- C:\WINDOWS\19609.exe
2008-12-06 18:22:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-06 18:21:55 ----D---- C:\Program Files\AoA Audio Extractor
2008-12-06 17:20:53 ----A---- C:\WINDOWS\demdata.txt
2008-12-06 17:01:32 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Garritan
2008-12-06 17:01:29 ----D---- C:\Program Files\Plogue
2008-12-06 17:01:29 ----D---- C:\Program Files\Garritan
2008-12-05 20:27:33 ----D---- C:\rsit
2008-12-05 20:11:59 ----D---- C:\Program Files\Trend Micro
2008-12-05 19:29:50 ----D---- C:\Program Files\vanBasco's Karaoke Player
2008-12-05 19:24:30 ----D---- C:\Program Files\TallStick
2008-12-05 16:27:37 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Samsung
2008-12-05 16:08:51 ----A---- C:\WINDOWS\system32\framedyn.dll
2008-12-05 16:08:33 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-12-03 17:07:36 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-12-03 17:07:35 ----D---- C:\Program Files\HotHotSoftware
2008-12-01 15:25:42 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-24 16:20:56 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-22 18:29:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-22 18:29:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2008-12-21 17:17:22 ----D---- C:\WINDOWS\Prefetch
2008-12-21 17:16:50 ----D---- C:\WINDOWS\Temp
2008-12-21 17:14:52 ----SHD---- C:\WINDOWS\Installer
2008-12-21 17:12:18 ----D---- C:\WINDOWS\system32
2008-12-21 17:11:34 ----D---- C:\Program Files\Java
2008-12-21 16:01:28 ----D---- C:\WINDOWS
2008-12-21 13:15:44 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-21 10:51:48 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 10:50:35 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Dropbox
2008-12-21 10:49:40 ----D---- C:\Norman
2008-12-20 23:02:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 21:28:52 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Adobe
2008-12-20 21:26:24 ----RD---- C:\Program Files
2008-12-20 21:26:14 ----D---- C:\Program Files\Common Files
2008-12-20 21:26:13 ----D---- C:\Program Files\Common Files\Adobe
2008-12-20 21:22:56 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-19 21:56:32 ----HD---- C:\Config.Msi
2008-12-18 16:54:50 ----A---- C:\WINDOWS\MusicMaker.INI
2008-12-18 11:59:57 ----HD---- C:\WINDOWS\inf
2008-12-18 11:59:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 11:59:52 ----D---- C:\WINDOWS\ie7updates
2008-12-18 11:58:31 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 11:58:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-17 18:52:24 ----A---- C:\WINDOWS\win.ini
2008-12-17 17:48:56 ----A---- C:\WINDOWS\mgxoschk.ini
2008-12-17 17:48:55 ----D---- C:\WINDOWS\system32\MAGIX
2008-12-17 17:45:36 ----D---- C:\Program Files\MAGIX
2008-12-16 18:54:22 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Orbit
2008-12-14 20:46:59 ----D---- C:\Temp
2008-12-14 12:30:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 12:30:30 ----A---- C:\WINDOWS\MegaManager.INI
2008-12-14 12:23:24 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 16:08:22 ----D---- C:\Program Files\WebEx
2008-12-13 07:39:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 16:46:00 ----D---- C:\Frank en Rick
2008-12-12 07:23:52 ----D---- C:\Program Files\Internet Explorer
2008-12-11 17:02:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-11 16:13:16 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-10 11:15:49 ----D---- C:\WINDOWS\system32\config
2008-12-10 11:15:29 ----D---- C:\WINDOWS\system32\wbem
2008-12-10 11:15:29 ----D---- C:\WINDOWS\Registration
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 07:46:04 ----D---- C:\WINDOWS\system32\Macromed
2008-12-07 14:07:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-06 17:57:44 ----D---- C:\Downloads
2008-12-06 16:59:06 ----D---- C:\PSFONTS
2008-12-06 16:59:05 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 16:58:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-06 16:58:47 ----D---- C:\WINDOWS\WinSxS
2008-12-06 10:21:12 ----RSD---- C:\WINDOWS\assembly
2008-12-06 10:19:28 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-06 07:14:26 ----D---- C:\WINDOWS\system32\en-us
2008-12-06 07:14:24 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-05 19:35:16 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-12-05 19:35:15 ----D---- C:\Program Files\NCH Swift Sound
2008-12-05 19:33:14 ----D---- C:\WINDOWS\Help
2008-12-05 16:35:25 ----D---- C:\Program Files\SAMSUNG

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-05 5632]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 Ndiskio;Ndiskio; \??\C:\Norman\Nse\bin\NDISKIO.SYS []
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-01-08 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-01-08 25272]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys []
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S2 CDRPDACC;Arrowkey Device Access; \??\C:\Mam\321Studios\Shared\CDRPDACC.SYS []
S3 dsreader;MaxDrive Driver (dsreader.sys); C:\WINDOWS\System32\Drivers\dsreader.sys [2001-01-02 19677]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-06-23 1095680]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SliceDisk5;SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-10-03 102400]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Norman\Npm\bin\ELOGSVC.EXE [2007-11-21 150584]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-03-31 204800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-01-08 451896]
R2 Norman ZANDA;Norman ZANDA; C:\Norman\Npm\Bin\zanda.exe [2008-04-24 429176]
R2 NVOY;Norman's Very Own supplY of resources; C:\Norman\npm\bin\nvoy.exe [2008-02-07 121912]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-15 66872]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2006-05-26 86016]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2007-05-26 501312]
R3 Norman NJeeves;Norman NJeeves; C:\Norman\Npm\Bin\Njeeves.exe [2008-05-13 203896]
R3 nsesvc;Norman Scanner Engine Service; C:\Norman\nse\bin\NSESVC.EXE [2008-06-19 322616]
R3 nvcoas;Norman Virus Control on-access component; C:\Norman\Nvc\bin\nvcoas.exe [2008-04-30 191544]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Norman\Npm\Bin\Nvcsched.exe [2007-09-18 154680]
R3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Apache2.2;Apache2.2; C:\Program Files\Xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe []
S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-02 655624]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------


Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 22, 2008 08:51:34
Records in database: 1499353
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 244558
Threat name: 9
Infected objects: 25
Suspicious objects: 1
Duration of the scan: 04:15:24


File name / Threat name / Threats count
C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16511 Infected: Trojan.Win32.Agent.uvi 1
C:\Documents and Settings\Gebruiker\Local Settings\Temp\tmp163.tmp Suspicious: Trojan.Win32.Patched.dy 1
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Audio\BGM\Battle BGM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Audio\ME\Game Over.mp3 Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Audio\ME\Victory.mp3 Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Matthijs9005.rar Infected: Trojan-Downloader.WMA.GetCodec.b 3
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002.zip Infected: Trojan-Downloader.WMA.GetCodec.b 3
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006\Audio\BGM\Field Theme.mp3 Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006\Audio\ME\Game Over.mp3 Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006\Audio\ME\Victory.mp3 Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006.rar Infected: Trojan-Downloader.WMA.GetCodec.b 3
C:\Documents and Settings\Gebruiker\Mijn documenten\SpamWeedData\1\3C3031633931376261243237373336363830246337633331313434406B696C7067646F78613E.11.DEL.TXT Infected: Worm.Win32.AutoRun.nof 1
C:\Documents and Settings\Gebruiker\Mijn documenten\SpamWeedData\1\3C30316339313862352437653131396230302434643235396635364065666E766B3E.11.DEL.TXT Infected: Trojan.Win32.Agent.adyf 1
C:\Frank en Rick\Downloads Limewire\10000 bc jungle.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Frank en Rick\Downloads Limewire\Frank\New\New\Bullet For My Valentine - End of Days.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Frank en Rick\Downloads Limewire\marc allen awakening 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Frank en Rick\Downloads Limewire\marc allen awakening.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Frank en Rick\Downloads Limewire\rage technoboy.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Frank en Rick\Incomplete\T-3545425-tiesto presents alone in the d.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\WINDOWS\system32\nfg\shrtcTB75.exe Infected: Trojan-Clicker.Win32.Agent.bik 1

The selected area was scanned.

[jmw3]

Warning: Please note that this fix is specific for this poster & should not be used by anyone else.

Backup Your Registry with ERUNT

• Download ERUNT from here & follow the installation prompts
• Uncheck Create NTREGOPT desktop icon at the Additional Tasks screen. Click No when prompted to create an ERUNT entry in the startup folder.
• Double click the Erunt icon on your desktop to open the program then click OK at the prompt
• Use the default settings unless there is more than one user account. (If more the one user account tick Other open user registries in Backup Options)
• Click OK

The following instruction should only be carried out if you need to restore the registry backup:
Navigate to the folder where the backup is saved
Double click on ERDNT.exe then OK
When the program opens click OK

OTMoveIt3
Download OTMoveIt3.exe by OldTimer and save it to your desktop.

• Double click on OTMoveIt3.exe to run it
• Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved

Note: Do not type it out to minimize the risk of typo error

Code: Select all

:Files
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Audio\BGM\Battle BGM.mp3
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Audio\ME\Game Over.mp3
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Audio\ME\Victory.mp3
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Matthijs9005.rar
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002.zip
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006\Audio\BGM\Field Theme.mp3
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006\Audio\ME\Game Over.mp3
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006\Audio\ME\Victory.mp3
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006.rar
C:\Documents and Settings\Gebruiker\Mijn documenten\SpamWeedData\1\3C3031633931376261243237373336363830246337633331313434406B696C7067646F78613E.11.DEL.TXT
C:\Documents and Settings\Gebruiker\Mijn documenten\SpamWeedData\1\3C30316339313862352437653131396230302434643235396635364065666E766B3E.11.DEL.TXT
C:\Frank en Rick\Downloads Limewire\10000 bc jungle.mp3
C:\Frank en Rick\Downloads Limewire\Frank\New\New\Bullet For My Valentine - End of Days.mp3
C:\Frank en Rick\Downloads Limewire\marc allen awakening 192kb.mp3
C:\Frank en Rick\Downloads Limewire\marc allen awakening.mp3
C:\Frank en Rick\Downloads Limewire\rage technoboy.mp3
C:\Frank en Rick\Incomplete\T-3545425-tiesto presents alone in the d.mp3
C:\WINDOWS\system32\nfg

:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Frank en Rick\LimeWire Pro\LimeWire.exe"=-
"C:\Program Files\BitDownload\BitDownload.exe"=-
"C:\Program Files\BitLord\BitLord.exe"=-
"C:\Program Files\BitComet\BitComet.exe"=-

:Commands
[Purity]
[EmptyTemp]
[Reboot]

• Click on MoveIt!
• When done, click on Exit

Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

Open Malwarebytes Anti-Malware, click the Quarantine tab then Delete All. close the program.

To post in next reply:
OTMoveIt log
New RSIT log
How's the computer running now? Still problems?

[Wazakindjes]

OTMoveIt log:
========== FILES ==========
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Audio\BGM\Battle BGM.mp3 moved successfully.
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Audio\ME\Game Over.mp3 moved successfully.
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Audio\ME\Victory.mp3 moved successfully.
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002\Matthijs9005.rar moved successfully.
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9002.zip moved successfully.
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006\Audio\BGM\Field Theme.mp3 moved successfully.
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006\Audio\ME\Game Over.mp3 moved successfully.
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006\Audio\ME\Victory.mp3 moved successfully.
C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Matthijs9006.rar moved successfully.
C:\Documents and Settings\Gebruiker\Mijn documenten\SpamWeedData\1\3C3031633931376261243237373336363830246337633331313434406B696C7067646F78613E.11.DEL.TXT moved successfully.
C:\Documents and Settings\Gebruiker\Mijn documenten\SpamWeedData\1\3C30316339313862352437653131396230302434643235396635364065666E766B3E.11.DEL.TXT moved successfully.
C:\Frank en Rick\Downloads Limewire\10000 bc jungle.mp3 moved successfully.
C:\Frank en Rick\Downloads Limewire\Frank\New\New\Bullet For My Valentine - End of Days.mp3 moved successfully.
C:\Frank en Rick\Downloads Limewire\marc allen awakening 192kb.mp3 moved successfully.
C:\Frank en Rick\Downloads Limewire\marc allen awakening.mp3 moved successfully.
C:\Frank en Rick\Downloads Limewire\rage technoboy.mp3 moved successfully.
C:\Frank en Rick\Incomplete\T-3545425-tiesto presents alone in the d.mp3 moved successfully.
C:\WINDOWS\system32\nfg moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Frank en Rick\LimeWire Pro\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitDownload\BitDownload.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitLord\BitLord.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitComet\BitComet.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\~DF66F6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\~DF671A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\~DF77F0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\~DF78C6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\~DFC688.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\nvcbin.def.D661A3E8.TMP scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\1528 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_79c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12232008_134314


RSIT log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Gebruiker at 2008-12-23 13:48:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 203 GB (66%) free of 305 GB
Total RAM: 2045 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:55, on 23-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sttray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Frank en Rick\I-Tunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpamWeed\swengine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Frank en Rick\I-Tunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Gebruiker\Bureaublad\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Gebruiker\Menu Start\Programma's\HijackThis\Gebruiker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.ziggo.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDownloader\orbitcth.dll (file missing)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDownloader\GrabPro.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Frank en Rick\I-Tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\Gebruiker\Bureaublad\OTMoveIt3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Event Reminder.lnk = C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpamWeed.lnk = C:\Program Files\SpamWeed\swengine.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-U ... E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Xampp\apache\bin\apache.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 12925 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\OrbitDownloader\orbitcth.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17FDB9F8-DCC4-4F6A-AE07-B16018A48469}]
ThreeShips IE Helper - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll [2007-02-13 562808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-07 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\OrbitDownloader\GrabPro.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-23 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-06-23 86016]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-06-23 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Photo Downloader"=C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-16 57344]
"Norman ZANDA"=C:\Norman\Npm\Bin\ZLH.EXE [2008-06-02 277616]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"iTunesHelper"=C:\Frank en Rick\I-Tunes\iTunesHelper.exe [2007-05-26 257088]
"Ad-Aware"=C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe [2007-09-27 1162240]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-01-08 451896]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OTMoveIt"=C:\Documents and Settings\Gebruiker\Bureaublad\OTMoveIt3.exe [2008-12-23 1033216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AWMON"=C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe [2007-09-26 516608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Event Reminder.lnk - C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Linksys EasyLink Advisor.lnk - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
SpamWeed.lnk - C:\Program Files\SpamWeed\swengine.exe

C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Dropbox.lnk - C:\Program Files\Dropbox\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-23 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\496FGTEB\Norman_Repair_Center[1].exe"="C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\496FGTEB\Norman_Repair_Center[1].exe:*:Enabled:Norman_Repair_Center[1]"
"C:\Frank en Rick\I-Tunes\iTunes.exe"="C:\Frank en Rick\I-Tunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\VentSrv\ventrilo_srv.exe"="C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Documents and Settings\Gebruiker\Bureaublad\Spelletjes\Downloads\Ventrilo Server v2.1.0\ventrilo_srv.exe"="C:\Documents and Settings\Gebruiker\Bureaublad\Spelletjes\Downloads\Ventrilo Server v2.1.0\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Frank en Rick\World of Warcraft\BackgroundDownloader.exe"="C:\Frank en Rick\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe"="C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\Program Files\Multiverse Client\bin\MultiverseClient.exe"="C:\Program Files\Multiverse Client\bin\MultiverseClient.exe:*:Enabled:Multiverse World Browser"
"C:\Program Files\SmartFTP Client 3.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 3.0\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Frank en Rick\Eclipse Evolution 2.5\Server\Eclipse_Evolution_Server.exe"="C:\Frank en Rick\Eclipse Evolution 2.5\Server\Eclipse_Evolution_Server.exe:*:Enabled:Eclipse Server Program"
"C:\Frank en Rick\Eclipse Evolution 1.0\Server\Server.exe"="C:\Frank en Rick\Eclipse Evolution 1.0\Server\Server.exe:*:Enabled:Server"
"C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Jelle\Jelle\Net Rmxp Online Server 2.1.7\Server.exe"="C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Jelle\Jelle\Net Rmxp Online Server 2.1.7\Server.exe:*:Enabled:Server"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\dmremote.exe"="C:\WINDOWS\system32\dmremote.exe:*:Enabled:dmremote"
"C:\Program Files\Xampp\apache\bin\apache.exe"="C:\Program Files\Xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
"C:\Program Files\MSN BackUp\MSNBackup.exe"="C:\Program Files\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Wamp\bin\apache\apache2.2.6\bin\httpd.exe"="C:\Program Files\Wamp\bin\apache\apache2.2.6\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Ruby\bin\ruby.exe"="C:\Program Files\Ruby\bin\ruby.exe:*:Enabled:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]"
"C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Net RMXP Online\Net Rmxp Online Server 2.0\ServerNonXP.exe"="C:\Documents and Settings\Gebruiker\Mijn documenten\Mijn Chatlogs\Net RMXP Online\Net Rmxp Online Server 2.0\ServerNonXP.exe:*:Enabled:ServerNonXP"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\OrbitDownloader\orbitdm.exe"="C:\Program Files\OrbitDownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\OrbitDownloader\orbitnet.exe"="C:\Program Files\OrbitDownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer – beheer van externe computers"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-23 13:43:14 ----D---- C:\_OTMoveIt
2008-12-23 13:38:16 ----D---- C:\Program Files\ERUNT
2008-12-17 17:49:53 ----A---- C:\WINDOWS\CleaningLab.INI
2008-12-15 19:56:19 ----A---- C:\lopR.txt
2008-12-15 19:55:56 ----D---- C:\Lop SD
2008-12-15 19:51:14 ----RASHD---- C:\autorun.inf
2008-12-14 15:31:57 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-14 15:31:57 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-14 15:31:57 ----A---- C:\WINDOWS\system32\java.exe
2008-12-14 11:39:36 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-12-14 11:39:36 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-12-14 11:39:35 ----D---- C:\Documents and Settings\Gebruiker\Application Data\MegauploadToolbar
2008-12-11 16:21:28 ----D---- C:\Program Files\FLV Converter
2008-12-10 07:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 07:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 07:19:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 07:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 18:29:18 ----A---- C:\WINDOWS\19609.exe
2008-12-06 18:22:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-06 18:21:55 ----D---- C:\Program Files\AoA Audio Extractor
2008-12-06 17:20:53 ----A---- C:\WINDOWS\demdata.txt
2008-12-06 17:01:32 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Garritan
2008-12-06 17:01:29 ----D---- C:\Program Files\Plogue
2008-12-06 17:01:29 ----D---- C:\Program Files\Garritan
2008-12-05 20:27:33 ----D---- C:\rsit
2008-12-05 20:11:59 ----D---- C:\Program Files\Trend Micro
2008-12-05 19:29:50 ----D---- C:\Program Files\vanBasco's Karaoke Player
2008-12-05 19:24:30 ----D---- C:\Program Files\TallStick
2008-12-05 16:27:37 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Samsung
2008-12-05 16:08:51 ----A---- C:\WINDOWS\system32\framedyn.dll
2008-12-05 16:08:33 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-12-03 17:07:36 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-12-03 17:07:35 ----D---- C:\Program Files\HotHotSoftware
2008-12-01 15:25:42 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-24 16:20:56 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

======List of files/folders modified in the last 1 months======

2008-12-23 13:48:32 ----D---- C:\WINDOWS\Prefetch
2008-12-23 13:48:25 ----D---- C:\WINDOWS\Temp
2008-12-23 13:43:15 ----D---- C:\WINDOWS\system32
2008-12-23 13:38:16 ----RD---- C:\Program Files
2008-12-23 13:10:45 ----D---- C:\WINDOWS
2008-12-23 09:09:32 ----D---- C:\WINDOWS\system32\drivers
2008-12-23 09:08:08 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Dropbox
2008-12-23 09:07:31 ----D---- C:\Norman
2008-12-22 20:58:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-22 17:49:58 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-22 12:54:40 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-22 11:09:17 ----A---- C:\WINDOWS\MusicMaker.INI
2008-12-21 17:14:52 ----SHD---- C:\WINDOWS\Installer
2008-12-21 17:11:34 ----D---- C:\Program Files\Java
2008-12-20 21:28:52 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Adobe
2008-12-20 21:26:14 ----D---- C:\Program Files\Common Files
2008-12-20 21:26:13 ----D---- C:\Program Files\Common Files\Adobe
2008-12-20 21:22:56 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-19 21:56:32 ----HD---- C:\Config.Msi
2008-12-18 11:59:57 ----HD---- C:\WINDOWS\inf
2008-12-18 11:59:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 11:59:52 ----D---- C:\WINDOWS\ie7updates
2008-12-18 11:58:31 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 18:52:24 ----A---- C:\WINDOWS\win.ini
2008-12-17 17:48:56 ----A---- C:\WINDOWS\mgxoschk.ini
2008-12-17 17:48:55 ----D---- C:\WINDOWS\system32\MAGIX
2008-12-17 17:45:36 ----D---- C:\Program Files\MAGIX
2008-12-16 18:54:22 ----D---- C:\Documents and Settings\Gebruiker\Application Data\Orbit
2008-12-14 20:46:59 ----D---- C:\Temp
2008-12-14 12:30:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 12:30:30 ----A---- C:\WINDOWS\MegaManager.INI
2008-12-14 12:23:24 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 16:08:22 ----D---- C:\Program Files\WebEx
2008-12-13 07:39:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 16:46:00 ----D---- C:\Frank en Rick
2008-12-12 07:23:52 ----D---- C:\Program Files\Internet Explorer
2008-12-11 17:02:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-11 16:13:16 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-10 11:15:49 ----D---- C:\WINDOWS\system32\config
2008-12-10 11:15:29 ----D---- C:\WINDOWS\system32\wbem
2008-12-10 11:15:29 ----D---- C:\WINDOWS\Registration
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 07:46:04 ----D---- C:\WINDOWS\system32\Macromed
2008-12-07 14:07:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-06 17:57:44 ----D---- C:\Downloads
2008-12-06 16:59:06 ----D---- C:\PSFONTS
2008-12-06 16:59:05 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 16:58:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-06 16:58:47 ----D---- C:\WINDOWS\WinSxS
2008-12-06 10:21:12 ----RSD---- C:\WINDOWS\assembly
2008-12-06 10:19:28 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-06 07:14:26 ----D---- C:\WINDOWS\system32\en-us
2008-12-06 07:14:24 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-05 19:35:16 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-12-05 19:35:15 ----D---- C:\Program Files\NCH Swift Sound
2008-12-05 19:33:14 ----D---- C:\WINDOWS\Help
2008-12-05 16:35:25 ----D---- C:\Program Files\SAMSUNG

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-05 5632]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 Ndiskio;Ndiskio; \??\C:\Norman\Nse\bin\NDISKIO.SYS []
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-01-08 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-01-08 25272]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys []
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S2 CDRPDACC;Arrowkey Device Access; \??\C:\Mam\321Studios\Shared\CDRPDACC.SYS []
S3 dsreader;MaxDrive Driver (dsreader.sys); C:\WINDOWS\System32\Drivers\dsreader.sys [2001-01-02 19677]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-06-23 1095680]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SliceDisk5;SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-10-03 102400]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Norman\Npm\bin\ELOGSVC.EXE [2007-11-21 150584]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-03-31 204800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-01-08 451896]
R2 Norman ZANDA;Norman ZANDA; C:\Norman\Npm\Bin\zanda.exe [2008-04-24 429176]
R2 NVOY;Norman's Very Own supplY of resources; C:\Norman\npm\bin\nvoy.exe [2008-02-07 121912]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-15 66872]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2006-05-26 86016]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2007-05-26 501312]
R3 Norman NJeeves;Norman NJeeves; C:\Norman\Npm\Bin\Njeeves.exe [2008-05-13 203896]
R3 nsesvc;Norman Scanner Engine Service; C:\Norman\nse\bin\NSESVC.EXE [2008-06-19 322616]
R3 nvcoas;Norman Virus Control on-access component; C:\Norman\Nvc\bin\nvcoas.exe [2008-04-30 191544]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Norman\Npm\Bin\Nvcsched.exe [2007-09-18 154680]
R3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Apache2.2;Apache2.2; C:\Program Files\Xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe []
S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-02 655624]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------


How the computer's running:
Well, yesterday I've had 2 more changes, so it's still there.

[jmw3]

Hello Wazakindjes
I don't believe the keyboard problem is malware related. Is the keyboard wireless? If so have you checked the batteries lately? Might sound simple but trying to rule out the obvious.

[Wazakindjes]

Hehe, the first thing I've tried. The settings change, but I can't spot it with RegMon.

But um... all the malware is off the computer now? And can I restore my registry?

[jmw3]

But um... all the malware is off the computer now? And can I restore my registry?

Yes your computer is clean. Is there some reason you need to restore your registry? I only had you back it up as the last instruction fixed some registry keys that were corrupted & the backup was made in case something went wrong.

Let's try this for your keyboard. This will set the Keyboard to the default values:

OTMoveIt3

• Double click on OTMoveIt3.exe to run it
• Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved

Note: Do not type it out to minimize the risk of typo error

Code: Select all

:Reg
[HKEY_CURRENT_USER\Control Panel\Keyboard]
"InitialKeyboardIndicators"="2"
"KeyboardDelay"="1"
"KeyboardSpeed"="31"

:Commands
[Reboot]

• Click on MoveIt!
• When done, click on Exit

Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

• Double-click OTMoveIt3.exe
• Click the CleanUp! button
• Select Yes when the Begin cleanup Process? prompt appears
• If you are prompted to Reboot during the cleanup, select Yes
• The tool will delete itself once it finishes, if not delete it yourself

You can also delete/remove rsit.exe & LopSD.exe, JavaRa.exe from your desktop. Delete the following folders (if still present):
C:\rsit
C:\LopSD
C:\_OTMoveIt
Any logs left on your desktop.
Let me know how you get on with the keyboard.

[Wazakindjes]

The log:
========== REGISTRY ==========
HKEY_CURRENT_USER\Control Panel\Keyboard\\"InitialKeyboardIndicators"|"2" /E : value set successfully!
HKEY_CURRENT_USER\Control Panel\Keyboard\\"KeyboardDelay"|"1" /E : value set successfully!
HKEY_CURRENT_USER\Control Panel\Keyboard\\"KeyboardSpeed"|"31" /E : value set successfully!
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12242008_141244



This afternoon and like 30 mins ago, I've experienced it again. Here is a screenshot of the control panel settings when it happens:

However, I've looked at the registry keys, and they look normal. It's very strange. Also I've noticed sometimes I see the extensions of files, is that because of OTMoveIt?

[jmw3]

Hello Wazakindjes
As our expertise at this website lies in Malware Removal, I'm going to recommend some dedicated tech support sites that may be able to assist with your keyboard problem:
Bleeping Computer
TechSupportGuy
What the Tech
GeeksToGo
Hopefully one of these sites can help you.

All Clean
Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way.
Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.

Set Correct Settings For Files That Should Be Hidden In Windows XP

• Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab
• Under Hidden files and folders if necessary select Do not show hidden files and folders
• If unchecked, checkHide protected operating system files (Recommended)
• If necessary check Display content of system folders
• If necessary Uncheck Hide file extensions for known file types
• Click OK

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here.

SpywareBlaster
Download and install Javacools SpywareBlaster from here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work):

• A short distance down the page in the centre, click on the Download button
• Agree to the license
• On the next page, to the right side of where it says Download Estimates, right click on the underlined word Hosts Manager choose Save Target As and download the installer Hosts20setup.exe to your desktop
• Double click the Installer on your desktop and let it Install the Hosts Manager
• After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
• When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
• Click Disable DNS Service. This is important
• In the Left Pane, click Download
• It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save

You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. You can download a free firewall from one of these excellent vendors:

1)Webroot Desktop Firewall (Registration is needed to download the firewall)
2)PC Tools Firewall Plus
3)Netchina S3 2008
4) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

If there are any other questions then feel free to ask or in future do not hesitate to contact us here at The Malware Removal Forums

[Blade81]

Since malware related problem seems to be resolved this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.