Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Some problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Some problems

Unread postby rangersoul » July 4th, 2009, 6:16 am

So i had some problems whit my adware. It keeps coming up even while i aint do nothing.
I also got a problem whit my internet. Sometimes it wont start.

Here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:06, on 4-7-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\msb.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
H:\WINDOWS\FixCamera.exe
H:\WINDOWS\vsnpstd3.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\Program Files\DNA\btdna.exe
H:\Program Files\Windows Media Player\WMPNSCFG.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\mkd25tray.exe
H:\Program Files\Sony\Vegas 7.0\vegas70.exe
H:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\D. Haak\Mijn documenten\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMS] H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [FixCamera] H:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] H:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "H:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Cognac] H:\DOCUME~1\D84C6~1.HAA\LOCALS~1\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - H:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7667 bytes
rangersoul
Active Member
 
Posts: 13
Joined: July 4th, 2009, 6:13 am
Advertisement
Register to Remove

Re: Some problems

Unread postby Shaba » July 6th, 2009, 4:33 am

Hi rangersoul

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Some problems

Unread postby rangersoul » July 6th, 2009, 6:48 am

Well here is the other log:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
AhnLab Online Security
AVG Free 8.5
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956390)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958215)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960714)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB970238)
Call of Duty
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Camtasia Studio 6
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Essentiële update voor Windows Media Player 11 (KB959772)
Fraps (remove only)
Free Studio version 4.1
Free YouTube to Mp3 Converter version 3.1
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
HyperCam 2
ijji - Gunz
ijji Auto Installer
Java(TM) 6 Update 14
MapleStory
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
MSXML 6.0 Parser (KB925673)
Nero 7 Ultra Edition
NVIDIA Drivers
Pando Media Booster
RealPlayer 7 Basic
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Sony Media Manager 2.2
Sony Vegas 7.0
SwiftKit
Trust Keyboard 15036
Trust Webcam 15082-02
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update voor Windows Internet Explorer 8 (KB971930)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB967715)
Windows Communication Foundation
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live aanmeldhulp
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR
XviD MPEG-4 Video Codec
rangersoul
Active Member
 
Posts: 13
Joined: July 4th, 2009, 6:13 am

Re: Some problems

Unread postby Shaba » July 6th, 2009, 8:36 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent DNA

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HijackThis log scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Some problems

Unread postby rangersoul » July 6th, 2009, 9:31 am

OMG im so sorry. The submit thing lagged i think. And thats why i pressed another 3 times on it.


Sorry
Last edited by rangersoul on July 6th, 2009, 9:34 am, edited 1 time in total.
rangersoul
Active Member
 
Posts: 13
Joined: July 4th, 2009, 6:13 am

Re: Some problems

Unread postby rangersoul » July 6th, 2009, 9:31 am

OMG im so sorry. The submit thing lagged i think. And thats why i pressed another 3 times on it.


Sorry
Last edited by rangersoul on July 6th, 2009, 9:35 am, edited 1 time in total.
rangersoul
Active Member
 
Posts: 13
Joined: July 4th, 2009, 6:13 am

Re: Some problems

Unread postby rangersoul » July 6th, 2009, 9:31 am

OMG im so sorry. The submit thing lagged i think. And thats why i pressed another 3 times on it.


Sorry

The 1 under me is the right 1 i think.

Again very sorry
Last edited by rangersoul on July 6th, 2009, 9:36 am, edited 1 time in total.
rangersoul
Active Member
 
Posts: 13
Joined: July 4th, 2009, 6:13 am

Re: Some problems

Unread postby rangersoul » July 6th, 2009, 9:31 am

I deleted Bittorent (Do i have to Delete DNA to?)
And here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:10, on 6-7-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
H:\WINDOWS\vsnpstd3.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\Program Files\DNA\btdna.exe
H:\Program Files\Windows Media Player\WMPNSCFG.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\ijji\ENGLISH\U_GUNZ.exe
H:\WINDOWS\system32\msiexec.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\D. Haak\Mijn documenten\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMS] H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [FixCamera] H:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] H:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "H:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Cognac] H:\DOCUME~1\D84C6~1.HAA\LOCALS~1\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - H:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7571 bytes
rangersoul
Active Member
 
Posts: 13
Joined: July 4th, 2009, 6:13 am

Re: Some problems

Unread postby Shaba » July 6th, 2009, 10:51 am

Yes that needs to deleted as well.

Please post a fresh HijackThis log afterwards.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Some problems

Unread postby rangersoul » July 7th, 2009, 7:12 am

I deleted DNA here is the log :albino:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:23, on 7-7-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
H:\WINDOWS\vsnpstd3.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\Program Files\Windows Media Player\WMPNSCFG.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
H:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
H:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\mkd25tray.exe
H:\Program Files\Java\jre6\bin\java.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\D. Haak\Mijn documenten\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMS] H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [FixCamera] H:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] H:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] H:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Cognac] H:\DOCUME~1\D84C6~1.HAA\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [AdobeUpdater] "H:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - H:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7943 bytes
rangersoul
Active Member
 
Posts: 13
Joined: July 4th, 2009, 6:13 am

Re: Some problems

Unread postby Shaba » July 7th, 2009, 7:39 am

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Some problems

Unread postby rangersoul » July 9th, 2009, 2:44 am

This is the log file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by D. Haak at 2009-07-09 08:43:09
Microsoft Windows XP Home Edition Service Pack 3
System drive H: has 503 GB (70%) free of 715 GB
Total RAM: 3007 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:19, on 9-7-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
H:\WINDOWS\FixCamera.exe
H:\WINDOWS\vsnpstd3.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\Program Files\Windows Media Player\WMPNSCFG.exe
H:\Program Files\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\D. Haak\Bureaublad\RSIT.exe
H:\Documents and Settings\D. Haak\Mijn documenten\D. Haak.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMS] H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [FixCamera] H:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] H:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] H:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Cognac] H:\DOCUME~1\D84C6~1.HAA\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - H:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7717 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
H:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - H:\Program Files\AVG\AVG8\avgssie.dll [2009-05-20 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-03-26 16859136]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AVG8_TRAY"=H:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-26 1948440]
"NeroFilterCheck"=H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"GrooveMonitor"=H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"LVCOMS"=H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE [2003-09-04 135214]
"RealTray"=H:\Program Files\Real\RealPlayer\RealPlay.exe [2009-02-19 20480]
"FixCamera"=H:\WINDOWS\FixCamera.exe [2007-02-10 20480]
"snpstd3"=H:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"tsnpstd3"=H:\WINDOWS\tsnpstd3.exe [2007-03-10 270336]
"NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2009-03-28 86016]
"SunJavaUpdateSched"=H:\Program Files\Java\jre6\bin\jusched.exe [2009-06-21 148888]
"WireLessKeyboard"=H:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe [2005-11-30 94208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]
"Cognac"=H:\DOCUME~1\D84C6~1.HAA\LOCALS~1\Temp\b.exe []
"WMPNSCFG"=H:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
H:\WINDOWS\system32\avgrsstx.dll [2009-06-26 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\AVG\AVG8\avgemc.exe"="H:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"H:\Program Files\AVG\AVG8\avgupd.exe"="H:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"H:\Program Files\LimeWire\LimeWire.exe"="H:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"H:\ijji\ENGLISH\u_gunz.exe"="H:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"H:\Documents and Settings\D. Haak\Mijn documenten\Dune 2000\DUNE2000.DAT"="H:\Documents and Settings\D. Haak\Mijn documenten\Dune 2000\DUNE2000.DAT:*:Enabled:Dune2000"
"H:\Documents and Settings\D. Haak\Mijn documenten\Bittorent\BitTorrent\bittorrent.exe"="H:\Documents and Settings\D. Haak\Mijn documenten\Bittorent\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"H:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="H:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"H:\Documents and Settings\D. Haak\Mijn documenten\Cabal Online\CabalTemp\ESTSetupLoader.exe"="H:\Documents and Settings\D. Haak\Mijn documenten\Cabal Online\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"H:\Documents and Settings\D. Haak\Mijn documenten\conqueor\Conquer_v5069_BC.exe"="H:\Documents and Settings\D. Haak\Mijn documenten\conqueor\Conquer_v5069_BC.exe:*:Enabled:BitCometLite"
"H:\Program Files\Java\jre6\bin\java.exe"="H:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\Program Files\Java\jre6\bin\javaw.exe"="H:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\Program Files\Call of Duty\CoDMP.exe"="H:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"H:\Documents and Settings\D. Haak\Bureaublad\Games\Gunz\Gunz.exe"="H:\Documents and Settings\D. Haak\Bureaublad\Games\Gunz\Gunz.exe:*:Enabled:Gunz"
"H:\Program Files\Xfire\Xfire.exe"="H:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="H:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"H:\Program Files\Softnyx\WolfTeam\Wolfteam.bin"="H:\Program Files\Softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"H:\Program Files\Freestyle GunZ\svchost.exe"="H:\Program Files\Freestyle GunZ\svchost.exe:*:Disabled:Hailboys3 & McSic"
"H:\ijji\ENGLISH\Gunz\Gunz.exe"="H:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="H:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"H:\Program Files\Anigunz\theduel.exe"="H:\Program Files\Anigunz\theduel.exe:*:Enabled:theduel"
"H:\ijji\ENGLISH\Gunz(2)\Gunz\Gunz.exe"="H:\ijji\ENGLISH\Gunz(2)\Gunz\Gunz.exe:*:Enabled:Gunz"
"H:\Program Files\BitTorrent\bittorrent.exe"="H:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"H:\Program Files\Pando Networks\Media Booster\PMB.exe"="H:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"H:\Documents and Settings\D. Haak\Local Settings\Temp\Rar$EX04.094\RollerCoaster Tycoon [Geedunk]\NO-CD CRACK\rct.exe"="H:\Documents and Settings\D. Haak\Local Settings\Temp\Rar$EX04.094\RollerCoaster Tycoon [Geedunk]\NO-CD CRACK\rct.exe:*:Enabled:rct"
"H:\Nexon\MapleStory\AxedMS v62.exe"="H:\Nexon\MapleStory\AxedMS v62.exe:*:Enabled:MapleStory"
"H:\Nexon\MapleStory\AkatsukiMs Most Stable New Client Removed Damge Cap No DC.exe"="H:\Nexon\MapleStory\AkatsukiMs Most Stable New Client Removed Damge Cap No DC.exe:*:Enabled:MapleStory"
"H:\WINDOWS\system32\PnkBstrA.exe"="H:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"H:\WINDOWS\system32\PnkBstrB.exe"="H:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"H:\Program Files\Mozilla Firefox\firefox.exe"="H:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"H:\Program Files\mIRC\mirc.exe"="H:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"H:\Documents and Settings\D. Haak\Bureaublad\Dune 2000 Mousa Issa\DUNE2000.DAT"="H:\Documents and Settings\D. Haak\Bureaublad\Dune 2000 Mousa Issa\DUNE2000.DAT:*:Enabled:Dune2000"
"H:\Documents and Settings\D. Haak\Bureaublad\Nieuwe map\Dune 2000 Mousa Issa\DUNE2000.DAT"="H:\Documents and Settings\D. Haak\Bureaublad\Nieuwe map\Dune 2000 Mousa Issa\DUNE2000.DAT:*:Enabled:Dune2000"
"H:\Documents and Settings\D. Haak\Application Data\U3\2243000F1700555F\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe"="H:\Documents and Settings\D. Haak\Application Data\U3\2243000F1700555F\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:skype"
"H:\Program Files\TeamViewer\Version4\TeamViewer.exe"="H:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer – beheer van externe computers"
"H:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="H:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"H:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="H:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9fafd17-b668-11dd-9c93-0021859396e4}]
shell\AutoRun\command - I:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-07-09 08:43:09 ----D---- H:\rsit
2009-07-07 13:01:09 ----A---- H:\WINDOWS\system32\msexcr.ini
2009-07-07 10:30:50 ----D---- H:\Nexon
2009-07-07 10:19:42 ----D---- H:\Program Files\Trust
2009-07-06 13:55:25 ----D---- H:\download
2009-07-06 13:55:19 ----A---- H:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
2009-07-06 11:37:40 ----D---- H:\maplestory
2009-07-06 10:41:17 ----D---- H:\WINDOWS\Downloaded Installations
2009-07-06 10:39:48 ----A---- H:\WINDOWS\system32\hidserv.dll
2009-07-03 19:00:06 ----HDC---- H:\WINDOWS\ie8
2009-07-01 17:03:04 ----A---- H:\WINDOWS\system32\msxml71.dll
2009-06-27 16:01:11 ----HDC---- H:\WINDOWS\$NtUninstallKB941569$
2009-06-27 16:01:02 ----HDC---- H:\WINDOWS\$NtUninstallKB929399$
2009-06-27 16:00:54 ----HDC---- H:\WINDOWS\$NtUninstallKB939683$
2009-06-27 16:00:43 ----HDC---- H:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-27 16:00:40 ----HDC---- H:\WINDOWS\$NtUninstallKB954154_WM11$
2009-06-27 16:00:31 ----HDC---- H:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-06-27 14:34:48 ----D---- H:\Documents and Settings\D. Haak\Application Data\skypePM
2009-06-26 17:02:49 ----A---- H:\WINDOWS\system32\D3DX9_41.dll
2009-06-26 17:02:49 ----A---- H:\WINDOWS\system32\d3dx10_41.dll
2009-06-26 17:02:49 ----A---- H:\WINDOWS\system32\D3DCompiler_41.dll
2009-06-26 17:02:48 ----A---- H:\WINDOWS\system32\XAudio2_4.dll
2009-06-26 17:02:48 ----A---- H:\WINDOWS\system32\XAPOFX1_3.dll
2009-06-26 17:02:48 ----A---- H:\WINDOWS\system32\xactengine3_4.dll
2009-06-26 17:02:47 ----A---- H:\WINDOWS\system32\X3DAudio1_6.dll
2009-06-26 17:02:47 ----A---- H:\WINDOWS\system32\d3dx10_40.dll
2009-06-26 17:02:47 ----A---- H:\WINDOWS\system32\D3DCompiler_40.dll
2009-06-26 17:02:46 ----A---- H:\WINDOWS\system32\XAudio2_3.dll
2009-06-26 17:02:46 ----A---- H:\WINDOWS\system32\XAPOFX1_2.dll
2009-06-26 17:02:46 ----A---- H:\WINDOWS\system32\D3DX9_40.dll
2009-06-26 17:02:45 ----A---- H:\WINDOWS\system32\XAudio2_2.dll
2009-06-26 17:02:45 ----A---- H:\WINDOWS\system32\XAPOFX1_1.dll
2009-06-26 17:02:45 ----A---- H:\WINDOWS\system32\xactengine3_3.dll
2009-06-26 17:02:45 ----A---- H:\WINDOWS\system32\X3DAudio1_5.dll
2009-06-26 17:02:44 ----A---- H:\WINDOWS\system32\xactengine3_2.dll
2009-06-26 17:02:44 ----A---- H:\WINDOWS\system32\d3dx10_39.dll
2009-06-26 17:02:44 ----A---- H:\WINDOWS\system32\D3DCompiler_39.dll
2009-06-26 17:02:43 ----A---- H:\WINDOWS\system32\XAudio2_1.dll
2009-06-26 17:02:43 ----A---- H:\WINDOWS\system32\XAPOFX1_0.dll
2009-06-26 17:02:43 ----A---- H:\WINDOWS\system32\D3DX9_39.dll
2009-06-26 17:02:42 ----A---- H:\WINDOWS\system32\xactengine3_1.dll
2009-06-26 17:02:42 ----A---- H:\WINDOWS\system32\X3DAudio1_4.dll
2009-06-26 17:02:41 ----A---- H:\WINDOWS\system32\D3DX9_38.dll
2009-06-26 17:02:41 ----A---- H:\WINDOWS\system32\d3dx10_38.dll
2009-06-26 17:02:41 ----A---- H:\WINDOWS\system32\D3DCompiler_38.dll
2009-06-26 17:01:55 ----D---- H:\WINDOWS\Logs
2009-06-26 17:01:53 ----HD---- H:\WINDOWS\msdownld.tmp
2009-06-26 16:34:42 ----D---- H:\l4d
2009-06-26 16:32:21 ----D---- H:\Documents and Settings\D. Haak\Application Data\TeamViewer
2009-06-26 16:32:14 ----D---- H:\Program Files\TeamViewer
2009-06-26 16:03:51 ----D---- H:\Program Files\Activision
2009-06-26 15:46:43 ----D---- H:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-06-26 15:42:29 ----N---- H:\WINDOWS\system32\spmsg.dll
2009-06-26 15:42:28 ----HDC---- H:\WINDOWS\$NtUninstallMSCompPackV1$
2009-06-26 15:42:18 ----D---- H:\Program Files\Windows Media Connect 2
2009-06-26 15:42:07 ----HDC---- H:\WINDOWS\$NtUninstallwmp11$
2009-06-26 15:41:36 ----HDC---- H:\WINDOWS\$NtUninstallWMFDist11$
2009-06-26 15:41:22 ----D---- H:\cff3f20edccf7813c2bf48e6f480e20e
2009-06-26 15:41:10 ----HDC---- H:\WINDOWS\$NtUninstallWudf01000$
2009-06-26 15:40:46 ----D---- H:\2af05180def4b588f723f3
2009-06-23 17:05:30 ----HDC---- H:\WINDOWS\ie7
2009-06-23 16:55:48 ----HDC---- H:\WINDOWS\$NtUninstallKB915865$
2009-06-23 14:10:15 ----D---- H:\Documents and Settings\D. Haak\Application Data\Opera
2009-06-23 14:10:05 ----D---- H:\Program Files\Opera
2009-06-21 17:31:41 ----A---- H:\WINDOWS\system32\javaws.exe
2009-06-21 17:31:41 ----A---- H:\WINDOWS\system32\javaw.exe
2009-06-21 17:31:41 ----A---- H:\WINDOWS\system32\java.exe
2009-06-21 17:31:29 ----D---- H:\Program Files\Java
2009-06-18 15:58:45 ----D---- H:\WINDOWS\ie8updates
2009-06-12 16:03:25 ----HDC---- H:\WINDOWS\$NtUninstallKB961501$
2009-06-12 16:03:21 ----HDC---- H:\WINDOWS\$NtUninstallKB969898$
2009-06-12 16:01:20 ----HDC---- H:\WINDOWS\$NtUninstallKB970238$
2009-06-12 16:00:57 ----HDC---- H:\WINDOWS\$NtUninstallKB968537$
2009-06-10 18:44:25 ----A---- H:\WINDOWS\PhotoSnapViewer.INI

======List of files/folders modified in the last 1 months======

2009-07-09 08:41:01 ----D---- H:\WINDOWS\Temp
2009-07-09 08:39:53 ----D---- H:\WINDOWS\system32\CatRoot2
2009-07-08 19:12:50 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-07-07 14:22:36 ----SHD---- H:\WINDOWS\Installer
2009-07-07 14:22:22 ----D---- H:\WINDOWS\system32
2009-07-07 14:18:50 ----A---- H:\WINDOWS\system32\PnkBstrB.exe
2009-07-07 13:12:08 ----RD---- H:\Program Files
2009-07-07 13:01:09 ----D---- H:\WINDOWS\system32\drivers
2009-07-07 10:50:05 ----SD---- H:\Documents and Settings\D. Haak\Application Data\Microsoft
2009-07-07 10:50:05 ----D---- H:\Config.Msi
2009-07-07 10:22:21 ----D---- H:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-06 14:09:03 ----D---- H:\WINDOWS
2009-07-06 13:15:36 ----A---- H:\WINDOWS\GunzLauncher.INI
2009-07-06 13:12:56 ----D---- H:\Program Files\Anigunz
2009-07-06 13:12:35 ----D---- H:\Program Files\Freestyle GunZ
2009-07-06 10:41:16 ----D---- H:\Program Files\Common Files\InstallShield
2009-07-06 10:39:54 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-07-06 10:39:33 ----HD---- H:\WINDOWS\inf
2009-07-05 09:45:32 ----D---- H:\WINDOWS\Prefetch
2009-07-04 13:18:08 ----RSD---- H:\WINDOWS\Fonts
2009-07-04 13:17:04 ----D---- H:\Documents and Settings\All Users\Application Data\TechSmith
2009-07-04 13:10:47 ----A---- H:\WINDOWS\NeroDigital.ini
2009-07-04 11:45:01 ----AD---- H:\Documents and Settings\All Users\Application Data\TEMP
2009-07-04 11:00:00 ----SD---- H:\WINDOWS\Tasks
2009-07-04 09:27:13 ----A---- H:\WINDOWS\win.ini
2009-07-03 19:04:04 ----D---- H:\WINDOWS\system32\nl-nl
2009-07-03 19:04:03 ----D---- H:\WINDOWS\Media
2009-07-03 19:04:03 ----D---- H:\WINDOWS\Help
2009-07-03 19:04:03 ----D---- H:\Program Files\Internet Explorer
2009-07-03 19:02:36 ----HD---- H:\WINDOWS\$hf_mig$
2009-07-03 19:02:34 ----A---- H:\WINDOWS\imsins.BAK
2009-07-03 19:02:33 ----D---- H:\WINDOWS\system32\CatRoot
2009-07-01 17:21:22 ----D---- H:\WINDOWS\system32\QuickTime
2009-07-01 16:56:18 ----D---- H:\Program Files\WinRAR
2009-06-30 19:13:38 ----D---- H:\Program Files\SwiftKit
2009-06-27 14:37:14 ----D---- H:\Program Files\Common Files
2009-06-27 14:33:29 ----D---- H:\Documents and Settings\All Users\Application Data\Skype
2009-06-26 17:57:40 ----A---- H:\WINDOWS\system32\PnkBstrA.exe
2009-06-26 17:02:50 ----D---- H:\WINDOWS\system32\DirectX
2009-06-26 16:15:43 ----RSD---- H:\WINDOWS\assembly
2009-06-26 16:13:48 ----A---- H:\WINDOWS\game.ini
2009-06-26 15:44:13 ----D---- H:\Program Files\Windows Media Player
2009-06-26 15:41:17 ----D---- H:\WINDOWS\system32\LogFiles
2009-06-26 14:50:00 ----D---- H:\WINDOWS\security
2009-06-26 14:49:33 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2009-06-26 11:01:12 ----A---- H:\WINDOWS\system32\avgrsstx.dll
2009-06-24 12:51:20 ----D---- H:\Documents and Settings\D. Haak\Application Data\U3
2009-06-23 17:06:37 ----D---- H:\WINDOWS\WBEM
2009-06-23 16:59:48 ----D---- H:\WINDOWS\ie7updates
2009-06-21 17:31:32 ----A---- H:\WINDOWS\system32\deploytk.dll
2009-06-16 16:13:53 ----D---- H:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; H:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-26 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; H:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; H:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-20 108552]
R1 intelppm;Intel GV3-processorstuurprogramma; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 Tcpip6;Microsoft IPv6-protocolstuurprogramma; H:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-compatibel transportprotocol; H:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; H:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-02 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-protocol; H:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-02 55936]
R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-stuurprogramma; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-26 4713472]
R3 Mkd2Nadr;Mkd2Nadr; H:\WINDOWS\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]
R3 mouhid;Stuurprogramma voor muis-HID; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; H:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-11-17 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; H:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-11-17 22016]
R3 nvsmu;nvsmu; H:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; H:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 SNPSTD3;USB PC Camera (SNPSTD3); H:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-26 10252544]
R3 tunmp;Stuurprogramma voor Microsoft Tun Minipoort-adapter; H:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; H:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Stuurprogramma voor USB-massaopslag; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 npkcrypt;npkcrypt; \??\H:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys []
S3 CCDECODE;Closed Caption-decoder; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\H:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53; \??\H:\DOCUME~1\D84C6~1.HAA\LOCALS~1\Temp\Rar$EX04.078\IlvMoney1196.sys []
S3 KEYBOARDWDFilter;KEYBOARDWDFilter; \??\H:\WINDOWS\System32\Drivers\KEYBOARDWD.SYS []
S3 Mkd2kfNt;Mkd2kfNt; H:\WINDOWS\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]
S3 MSICPL;MSICPL; \??\G:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; H:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video-verbinding; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Stuurprogramma voor Netwerkcontrole; H:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 PID_0920;Logitech QuickCam Express(PID_0920); H:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\G:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;World Standard Teletext-codec; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6-hulpservice; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 avg8emc;AVG Free8 E-mail Scanner; H:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-26 906520]
R2 avg8wd;AVG Free8 WatchDog; H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-26 298776]
R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-06-21 152984]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]
R2 NwSapAgent;SAP Agent; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; H:\WINDOWS\system32\PnkBstrA.exe [2009-06-26 75064]
R2 PnkBstrB;PnkBstrB; H:\WINDOWS\system32\PnkBstrB.exe [2009-07-07 189072]
R2 WMPNetworkSvc;Windows Media Player Network Sharing-service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S2 npkcmsvc;npkcmsvc; H:\Nexon\MapleStory\npkcmsvc.exe []
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; h:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; H:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 npggsvc;nProtect GameGuard Service; H:\WINDOWS\system32\GameMon.des [2009-02-17 2741114]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; H:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; H:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; H:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; H:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------








And thi is the info file



info.txt logfile of random's system information tool 1.06 2009-07-09 08:43:21

======Uninstall list======

-->H:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->H:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->H:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->H:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->H:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->H:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->H:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
Adobe Acrobat 5.0-->H:\WINDOWS\ISUNINST.EXE -f"H:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"H:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->H:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->H:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AhnLab Online Security-->H:\Program Files\AhnLab\ASP\Common\aosremove.exe
AVG Free 8.5-->H:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Beveiligingsupdate for Windows XP (KB941569)-->"H:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)-->"H:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)-->"H:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)-->"H:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player (KB952069)-->"H:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB936782)-->"H:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB954154)-->"H:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923561)-->"H:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938464)-->"H:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938464-v2)-->"H:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946648)-->"H:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950762)-->"H:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950974)-->"H:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951066)-->"H:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376-v2)-->"H:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951698)-->"H:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951748)-->"H:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB952004)-->"H:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB952954)-->"H:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954211)-->"H:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954459)-->"H:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954600)-->"H:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB955069)-->"H:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956390)-->"H:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956391)-->"H:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956572)-->"H:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956802)-->"H:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956803)-->"H:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956841)-->"H:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB957095)-->"H:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB957097)-->"H:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958215)-->"H:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958644)-->"H:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958687)-->"H:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958690)-->"H:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB959426)-->"H:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960225)-->"H:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960714)-->"H:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960715)-->"H:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960803)-->"H:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB961373)-->"H:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB961501)-->"H:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB968537)-->"H:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB969898)-->"H:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB970238)-->"H:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->H:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->H:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty-->H:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u H:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Camtasia Studio 6-->MsiExec.exe /I{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}
DivX Codec-->H:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->H:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->H:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->H:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Essentiële update voor Windows Media Player 11 (KB959772)-->"H:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EuropeMapleStory-->MsiExec.exe /I{D17D8B97-F937-432F-88BD-382727D34441}
Fraps (remove only)-->"H:\Fraps\uninstall.exe"
Free Studio version 4.1-->"H:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"H:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
High Definition Audio Driver Package - KB888111-->"H:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"H:\Documents and Settings\D. Haak\Mijn documenten\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"H:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"H:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix voor Windows Media Player 11 (KB939683)-->"H:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB952287)-->"H:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HyperCam 2-->h:\\UnHyCam2.exe
ijji - Gunz-->H:\ijji\ENGLISH\Gunz(2)\Gunz\Uninstall.exe
ijji Auto Installer-->"H:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Messenger Plus! Live-->"H:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->h:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"H:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"H:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft MPEG-4 VKI Video Codec V1/V2/V3-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\mpg4c32.inf
Microsoft National Language Support Downlevel APIs-->"H:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"H:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office Groove MUI (Dutch) 2007-->MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2007-->MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"H:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 7 Ultra Edition-->MsiExec.exe /I{8C30E1DC-D83E-4A90-AD02-1A275FC71043}
NVIDIA Drivers-->H:\WINDOWS\system32\nvuninst.exe UninstallGUI
Pando Media Booster-->H:\Program Files\Pando Networks\Media Booster\uninst.exe
RealPlayer 7 Basic-->H:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Sony Media Manager 2.2-->MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Sony Vegas 7.0-->MsiExec.exe /X{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}
SwiftKit-->H:\Program Files\SwiftKit\Uninstall.exe
Trust Keyboard 15036-->H:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64824474-AE1E-4BA9-AF44-F110272D10FE}
Trust Webcam 15082-02-->H:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0013 -removeonly
Uninstall 1.0.0.1-->"H:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update voor Windows Internet Explorer 8 (KB971930)-->"H:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update voor Windows XP (KB951072-v2)-->"H:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update voor Windows XP (KB951978)-->"H:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update voor Windows XP (KB955839)-->"H:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update voor Windows XP (KB967715)-->"H:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 7-->"H:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"H:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live aanmeldhulp-->MsiExec.exe /I{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}
Windows Live installer-->MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger-->MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
Windows Media Format 11 runtime-->"H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"H:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"H:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"H:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->H:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec-->H:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 H:\WINDOWS\INF\xvid.inf

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: DAMIEN
Event Code: 7036
Message: De Application Management-service heeft nu de status Beëindigd.

Record Number: 35073
Source Name: Service Control Manager
Time Written: 20090627143723.000000+120
Event Type: Gegevens
User:

Computer Name: DAMIEN
Event Code: 7035
Message: De Application Management-service is naar een Starten-besturingselement verzonden.

Record Number: 35072
Source Name: Service Control Manager
Time Written: 20090627143723.000000+120
Event Type: Gegevens
User: DAMIEN\D. Haak

Computer Name: DAMIEN
Event Code: 7023
Message: De Application Management-service is gestopt met de volgende foutcode:
Kan opgegeven module niet vinden.
.

Record Number: 35071
Source Name: Service Control Manager
Time Written: 20090627143723.000000+120
Event Type: Fout
User:

Computer Name: DAMIEN
Event Code: 7036
Message: De Application Management-service heeft nu de status Beëindigd.

Record Number: 35070
Source Name: Service Control Manager
Time Written: 20090627143723.000000+120
Event Type: Gegevens
User:

Computer Name: DAMIEN
Event Code: 7035
Message: De Application Management-service is naar een Starten-besturingselement verzonden.

Record Number: 35069
Source Name: Service Control Manager
Time Written: 20090627143723.000000+120
Event Type: Gegevens
User: DAMIEN\D. Haak

=====Application event log=====

Computer Name: DAMIEN
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 4052
Source Name: .NET Runtime Optimization Service
Time Written: 20090511163144.000000+120
Event Type: Gegevens
User:

Computer Name: DAMIEN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Speech, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35


Record Number: 4051
Source Name: .NET Runtime Optimization Service
Time Written: 20090511163144.000000+120
Event Type:
User:

Computer Name: DAMIEN
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.Speech, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35


Record Number: 4050
Source Name: .NET Runtime Optimization Service
Time Written: 20090511163142.000000+120
Event Type: Gegevens
User:

Computer Name: DAMIEN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089


Record Number: 4049
Source Name: .NET Runtime Optimization Service
Time Written: 20090511163142.000000+120
Event Type:
User:

Computer Name: DAMIEN
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089


Record Number: 4048
Source Name: .NET Runtime Optimization Service
Time Written: 20090511163142.000000+120
Event Type: Gegevens
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;H:\Program Files\Microsoft SQL Server\80\Tools\Binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
rangersoul
Active Member
 
Posts: 13
Joined: July 4th, 2009, 6:13 am

Re: Some problems

Unread postby Shaba » July 9th, 2009, 3:37 am

  • Please use the following link to download ERUNT
  • Use the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERDNT.exe

Download OTMoveIt by Old Timer and save it to your Desktop.
  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:files
H:\Program Files\LimeWire
H:\Documents and Settings\D. Haak\Mijn documenten\Bittorent
H:\Program Files\BitTorrent
H:\WINDOWS\system32\msxml71.dll

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Cognac"=-

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"H:\Program Files\LimeWire\LimeWire.exe"=-
"H:\Documents and Settings\D. Haak\Mijn documenten\Bittorent\BitTorrent\bittorrent.exe"=-
"H:\Program Files\BitTorrent\bittorrent.exe"=-
"H:\Program Files\Pando Networks\Media Booster\PMB.exe"=-


  • Return to OTMoveIt, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Post:

- otmoveit3 log
- a fresh rsit log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Some problems

Unread postby rangersoul » July 9th, 2009, 7:08 am

This is 1 thingy



========== FILES ==========
H:\Program Files\LimeWire\root\magnet10 moved successfully.
H:\Program Files\LimeWire\root moved successfully.
H:\Program Files\LimeWire\lib moved successfully.
H:\Program Files\LimeWire moved successfully.
H:\Documents and Settings\D. Haak\Mijn documenten\Bittorent moved successfully.
File/Folder H:\Program Files\BitTorrent not found.
LoadLibrary failed for H:\WINDOWS\system32\msxml71.dll
H:\WINDOWS\system32\msxml71.dll NOT unregistered.
H:\WINDOWS\system32\msxml71.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Cognac deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Documents and Settings\D. Haak\Mijn documenten\Bittorent\BitTorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Program Files\Pando Networks\Media Booster\PMB.exe deleted successfully.

OTM by OldTimer - Version 3.0.0.4 log created on 07092009_130725






THis is the rsit thingy:




Logfile of random's system information tool 1.06 (written by random/random)
Run by D. Haak at 2009-07-09 13:08:12
Microsoft Windows XP Home Edition Service Pack 3
System drive H: has 503 GB (70%) free of 715 GB
Total RAM: 3007 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:18, on 9-7-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
H:\WINDOWS\FixCamera.exe
H:\WINDOWS\vsnpstd3.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\Program Files\Windows Media Player\WMPNSCFG.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\D. Haak\Bureaublad\RSIT.exe
H:\Documents and Settings\D. Haak\Mijn documenten\D. Haak.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMS] H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [FixCamera] H:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] H:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] H:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = H:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - H:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7592 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
H:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - H:\Program Files\AVG\AVG8\avgssie.dll [2009-05-20 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-03-26 16859136]
"AVG8_TRAY"=H:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-26 1948440]
"NeroFilterCheck"=H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"GrooveMonitor"=H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"LVCOMS"=H:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE [2003-09-04 135214]
"RealTray"=H:\Program Files\Real\RealPlayer\RealPlay.exe [2009-02-19 20480]
"FixCamera"=H:\WINDOWS\FixCamera.exe [2007-02-10 20480]
"snpstd3"=H:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"tsnpstd3"=H:\WINDOWS\tsnpstd3.exe [2007-03-10 270336]
"NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2009-03-28 86016]
"SunJavaUpdateSched"=H:\Program Files\Java\jre6\bin\jusched.exe [2009-06-21 148888]
"WireLessKeyboard"=H:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe [2005-11-30 94208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]
"WMPNSCFG"=H:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 204288]

H:\Documents and Settings\D. Haak\Menu Start\Programma's\Opstarten
ERUNT AutoBackup.lnk - H:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
H:\WINDOWS\system32\avgrsstx.dll [2009-06-26 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\AVG\AVG8\avgemc.exe"="H:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"H:\Program Files\AVG\AVG8\avgupd.exe"="H:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"H:\ijji\ENGLISH\u_gunz.exe"="H:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"H:\Documents and Settings\D. Haak\Mijn documenten\Dune 2000\DUNE2000.DAT"="H:\Documents and Settings\D. Haak\Mijn documenten\Dune 2000\DUNE2000.DAT:*:Enabled:Dune2000"
"H:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="H:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"H:\Documents and Settings\D. Haak\Mijn documenten\Cabal Online\CabalTemp\ESTSetupLoader.exe"="H:\Documents and Settings\D. Haak\Mijn documenten\Cabal Online\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"H:\Documents and Settings\D. Haak\Mijn documenten\conqueor\Conquer_v5069_BC.exe"="H:\Documents and Settings\D. Haak\Mijn documenten\conqueor\Conquer_v5069_BC.exe:*:Enabled:BitCometLite"
"H:\Program Files\Java\jre6\bin\java.exe"="H:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\Program Files\Java\jre6\bin\javaw.exe"="H:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\Program Files\Call of Duty\CoDMP.exe"="H:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"H:\Documents and Settings\D. Haak\Bureaublad\Games\Gunz\Gunz.exe"="H:\Documents and Settings\D. Haak\Bureaublad\Games\Gunz\Gunz.exe:*:Enabled:Gunz"
"H:\Program Files\Xfire\Xfire.exe"="H:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="H:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"H:\Program Files\Softnyx\WolfTeam\Wolfteam.bin"="H:\Program Files\Softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"H:\Program Files\Freestyle GunZ\svchost.exe"="H:\Program Files\Freestyle GunZ\svchost.exe:*:Disabled:Hailboys3 & McSic"
"H:\ijji\ENGLISH\Gunz\Gunz.exe"="H:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="H:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"H:\Program Files\Anigunz\theduel.exe"="H:\Program Files\Anigunz\theduel.exe:*:Enabled:theduel"
"H:\ijji\ENGLISH\Gunz(2)\Gunz\Gunz.exe"="H:\ijji\ENGLISH\Gunz(2)\Gunz\Gunz.exe:*:Enabled:Gunz"
"H:\Documents and Settings\D. Haak\Local Settings\Temp\Rar$EX04.094\RollerCoaster Tycoon [Geedunk]\NO-CD CRACK\rct.exe"="H:\Documents and Settings\D. Haak\Local Settings\Temp\Rar$EX04.094\RollerCoaster Tycoon [Geedunk]\NO-CD CRACK\rct.exe:*:Enabled:rct"
"H:\Nexon\MapleStory\AxedMS v62.exe"="H:\Nexon\MapleStory\AxedMS v62.exe:*:Enabled:MapleStory"
"H:\Nexon\MapleStory\AkatsukiMs Most Stable New Client Removed Damge Cap No DC.exe"="H:\Nexon\MapleStory\AkatsukiMs Most Stable New Client Removed Damge Cap No DC.exe:*:Enabled:MapleStory"
"H:\WINDOWS\system32\PnkBstrA.exe"="H:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"H:\WINDOWS\system32\PnkBstrB.exe"="H:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"H:\Program Files\Mozilla Firefox\firefox.exe"="H:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"H:\Program Files\mIRC\mirc.exe"="H:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"H:\Documents and Settings\D. Haak\Bureaublad\Dune 2000 Mousa Issa\DUNE2000.DAT"="H:\Documents and Settings\D. Haak\Bureaublad\Dune 2000 Mousa Issa\DUNE2000.DAT:*:Enabled:Dune2000"
"H:\Documents and Settings\D. Haak\Bureaublad\Nieuwe map\Dune 2000 Mousa Issa\DUNE2000.DAT"="H:\Documents and Settings\D. Haak\Bureaublad\Nieuwe map\Dune 2000 Mousa Issa\DUNE2000.DAT:*:Enabled:Dune2000"
"H:\Documents and Settings\D. Haak\Application Data\U3\2243000F1700555F\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe"="H:\Documents and Settings\D. Haak\Application Data\U3\2243000F1700555F\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:skype"
"H:\Program Files\TeamViewer\Version4\TeamViewer.exe"="H:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer – beheer van externe computers"
"H:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="H:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"H:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="H:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9fafd17-b668-11dd-9c93-0021859396e4}]
shell\AutoRun\command - I:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-07-09 13:07:25 ----D---- H:\_OTM
2009-07-09 13:06:53 ----D---- H:\WINDOWS\ERDNT
2009-07-09 13:06:13 ----D---- H:\Program Files\ERUNT
2009-07-09 08:43:09 ----D---- H:\rsit
2009-07-07 13:01:09 ----A---- H:\WINDOWS\system32\msexcr.ini
2009-07-07 10:30:50 ----D---- H:\Nexon
2009-07-07 10:19:42 ----D---- H:\Program Files\Trust
2009-07-06 13:55:25 ----D---- H:\download
2009-07-06 13:55:19 ----A---- H:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
2009-07-06 11:37:40 ----D---- H:\maplestory
2009-07-06 10:41:17 ----D---- H:\WINDOWS\Downloaded Installations
2009-07-06 10:39:48 ----A---- H:\WINDOWS\system32\hidserv.dll
2009-07-03 19:00:06 ----HDC---- H:\WINDOWS\ie8
2009-06-27 16:01:11 ----HDC---- H:\WINDOWS\$NtUninstallKB941569$
2009-06-27 16:01:02 ----HDC---- H:\WINDOWS\$NtUninstallKB929399$
2009-06-27 16:00:54 ----HDC---- H:\WINDOWS\$NtUninstallKB939683$
2009-06-27 16:00:43 ----HDC---- H:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-27 16:00:40 ----HDC---- H:\WINDOWS\$NtUninstallKB954154_WM11$
2009-06-27 16:00:31 ----HDC---- H:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-06-27 14:34:48 ----D---- H:\Documents and Settings\D. Haak\Application Data\skypePM
2009-06-26 17:02:49 ----A---- H:\WINDOWS\system32\D3DX9_41.dll
2009-06-26 17:02:49 ----A---- H:\WINDOWS\system32\d3dx10_41.dll
2009-06-26 17:02:49 ----A---- H:\WINDOWS\system32\D3DCompiler_41.dll
2009-06-26 17:02:48 ----A---- H:\WINDOWS\system32\XAudio2_4.dll
2009-06-26 17:02:48 ----A---- H:\WINDOWS\system32\XAPOFX1_3.dll
2009-06-26 17:02:48 ----A---- H:\WINDOWS\system32\xactengine3_4.dll
2009-06-26 17:02:47 ----A---- H:\WINDOWS\system32\X3DAudio1_6.dll
2009-06-26 17:02:47 ----A---- H:\WINDOWS\system32\d3dx10_40.dll
2009-06-26 17:02:47 ----A---- H:\WINDOWS\system32\D3DCompiler_40.dll
2009-06-26 17:02:46 ----A---- H:\WINDOWS\system32\XAudio2_3.dll
2009-06-26 17:02:46 ----A---- H:\WINDOWS\system32\XAPOFX1_2.dll
2009-06-26 17:02:46 ----A---- H:\WINDOWS\system32\D3DX9_40.dll
2009-06-26 17:02:45 ----A---- H:\WINDOWS\system32\XAudio2_2.dll
2009-06-26 17:02:45 ----A---- H:\WINDOWS\system32\XAPOFX1_1.dll
2009-06-26 17:02:45 ----A---- H:\WINDOWS\system32\xactengine3_3.dll
2009-06-26 17:02:45 ----A---- H:\WINDOWS\system32\X3DAudio1_5.dll
2009-06-26 17:02:44 ----A---- H:\WINDOWS\system32\xactengine3_2.dll
2009-06-26 17:02:44 ----A---- H:\WINDOWS\system32\d3dx10_39.dll
2009-06-26 17:02:44 ----A---- H:\WINDOWS\system32\D3DCompiler_39.dll
2009-06-26 17:02:43 ----A---- H:\WINDOWS\system32\XAudio2_1.dll
2009-06-26 17:02:43 ----A---- H:\WINDOWS\system32\XAPOFX1_0.dll
2009-06-26 17:02:43 ----A---- H:\WINDOWS\system32\D3DX9_39.dll
2009-06-26 17:02:42 ----A---- H:\WINDOWS\system32\xactengine3_1.dll
2009-06-26 17:02:42 ----A---- H:\WINDOWS\system32\X3DAudio1_4.dll
2009-06-26 17:02:41 ----A---- H:\WINDOWS\system32\D3DX9_38.dll
2009-06-26 17:02:41 ----A---- H:\WINDOWS\system32\d3dx10_38.dll
2009-06-26 17:02:41 ----A---- H:\WINDOWS\system32\D3DCompiler_38.dll
2009-06-26 17:01:55 ----D---- H:\WINDOWS\Logs
2009-06-26 17:01:53 ----HD---- H:\WINDOWS\msdownld.tmp
2009-06-26 16:34:42 ----D---- H:\l4d
2009-06-26 16:32:21 ----D---- H:\Documents and Settings\D. Haak\Application Data\TeamViewer
2009-06-26 16:32:14 ----D---- H:\Program Files\TeamViewer
2009-06-26 16:03:51 ----D---- H:\Program Files\Activision
2009-06-26 15:46:43 ----D---- H:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-06-26 15:42:29 ----N---- H:\WINDOWS\system32\spmsg.dll
2009-06-26 15:42:28 ----HDC---- H:\WINDOWS\$NtUninstallMSCompPackV1$
2009-06-26 15:42:18 ----D---- H:\Program Files\Windows Media Connect 2
2009-06-26 15:42:07 ----HDC---- H:\WINDOWS\$NtUninstallwmp11$
2009-06-26 15:41:36 ----HDC---- H:\WINDOWS\$NtUninstallWMFDist11$
2009-06-26 15:41:22 ----D---- H:\cff3f20edccf7813c2bf48e6f480e20e
2009-06-26 15:41:10 ----HDC---- H:\WINDOWS\$NtUninstallWudf01000$
2009-06-26 15:40:46 ----D---- H:\2af05180def4b588f723f3
2009-06-23 17:05:30 ----HDC---- H:\WINDOWS\ie7
2009-06-23 16:55:48 ----HDC---- H:\WINDOWS\$NtUninstallKB915865$
2009-06-23 14:10:15 ----D---- H:\Documents and Settings\D. Haak\Application Data\Opera
2009-06-23 14:10:05 ----D---- H:\Program Files\Opera
2009-06-21 17:31:41 ----A---- H:\WINDOWS\system32\javaws.exe
2009-06-21 17:31:41 ----A---- H:\WINDOWS\system32\javaw.exe
2009-06-21 17:31:41 ----A---- H:\WINDOWS\system32\java.exe
2009-06-21 17:31:29 ----D---- H:\Program Files\Java
2009-06-18 15:58:45 ----D---- H:\WINDOWS\ie8updates
2009-06-12 16:03:25 ----HDC---- H:\WINDOWS\$NtUninstallKB961501$
2009-06-12 16:03:21 ----HDC---- H:\WINDOWS\$NtUninstallKB969898$
2009-06-12 16:01:20 ----HDC---- H:\WINDOWS\$NtUninstallKB970238$
2009-06-12 16:00:57 ----HDC---- H:\WINDOWS\$NtUninstallKB968537$
2009-06-10 18:44:25 ----A---- H:\WINDOWS\PhotoSnapViewer.INI

======List of files/folders modified in the last 1 months======

2009-07-09 13:07:28 ----D---- H:\WINDOWS\system32
2009-07-09 13:07:25 ----RD---- H:\Program Files
2009-07-09 13:06:53 ----D---- H:\WINDOWS
2009-07-09 13:02:04 ----D---- H:\WINDOWS\Temp
2009-07-09 13:02:03 ----D---- H:\WINDOWS\system32\CatRoot2
2009-07-09 10:30:55 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-07-07 14:22:36 ----SHD---- H:\WINDOWS\Installer
2009-07-07 14:18:50 ----A---- H:\WINDOWS\system32\PnkBstrB.exe
2009-07-07 13:01:09 ----D---- H:\WINDOWS\system32\drivers
2009-07-07 10:50:05 ----SD---- H:\Documents and Settings\D. Haak\Application Data\Microsoft
2009-07-07 10:50:05 ----D---- H:\Config.Msi
2009-07-07 10:22:21 ----D---- H:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-06 13:15:36 ----A---- H:\WINDOWS\GunzLauncher.INI
2009-07-06 13:12:56 ----D---- H:\Program Files\Anigunz
2009-07-06 13:12:35 ----D---- H:\Program Files\Freestyle GunZ
2009-07-06 10:41:16 ----D---- H:\Program Files\Common Files\InstallShield
2009-07-06 10:39:54 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-07-06 10:39:33 ----HD---- H:\WINDOWS\inf
2009-07-05 09:45:32 ----D---- H:\WINDOWS\Prefetch
2009-07-04 13:18:08 ----RSD---- H:\WINDOWS\Fonts
2009-07-04 13:17:04 ----D---- H:\Documents and Settings\All Users\Application Data\TechSmith
2009-07-04 13:10:47 ----A---- H:\WINDOWS\NeroDigital.ini
2009-07-04 11:45:01 ----AD---- H:\Documents and Settings\All Users\Application Data\TEMP
2009-07-04 11:00:00 ----SD---- H:\WINDOWS\Tasks
2009-07-04 09:27:13 ----A---- H:\WINDOWS\win.ini
2009-07-03 19:04:04 ----D---- H:\WINDOWS\system32\nl-nl
2009-07-03 19:04:03 ----D---- H:\WINDOWS\Media
2009-07-03 19:04:03 ----D---- H:\WINDOWS\Help
2009-07-03 19:04:03 ----D---- H:\Program Files\Internet Explorer
2009-07-03 19:02:36 ----HD---- H:\WINDOWS\$hf_mig$
2009-07-03 19:02:34 ----A---- H:\WINDOWS\imsins.BAK
2009-07-03 19:02:33 ----D---- H:\WINDOWS\system32\CatRoot
2009-07-01 17:21:22 ----D---- H:\WINDOWS\system32\QuickTime
2009-07-01 16:56:18 ----D---- H:\Program Files\WinRAR
2009-06-30 19:13:38 ----D---- H:\Program Files\SwiftKit
2009-06-27 14:37:14 ----D---- H:\Program Files\Common Files
2009-06-27 14:33:29 ----D---- H:\Documents and Settings\All Users\Application Data\Skype
2009-06-26 17:57:40 ----A---- H:\WINDOWS\system32\PnkBstrA.exe
2009-06-26 17:02:50 ----D---- H:\WINDOWS\system32\DirectX
2009-06-26 16:15:43 ----RSD---- H:\WINDOWS\assembly
2009-06-26 16:13:48 ----A---- H:\WINDOWS\game.ini
2009-06-26 15:44:13 ----D---- H:\Program Files\Windows Media Player
2009-06-26 15:41:17 ----D---- H:\WINDOWS\system32\LogFiles
2009-06-26 14:50:00 ----D---- H:\WINDOWS\security
2009-06-26 14:49:33 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2009-06-26 11:01:12 ----A---- H:\WINDOWS\system32\avgrsstx.dll
2009-06-24 12:51:20 ----D---- H:\Documents and Settings\D. Haak\Application Data\U3
2009-06-23 17:06:37 ----D---- H:\WINDOWS\WBEM
2009-06-23 16:59:48 ----D---- H:\WINDOWS\ie7updates
2009-06-21 17:31:32 ----A---- H:\WINDOWS\system32\deploytk.dll
2009-06-16 16:13:53 ----D---- H:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; H:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-26 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; H:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; H:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-20 108552]
R1 intelppm;Intel GV3-processorstuurprogramma; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 Tcpip6;Microsoft IPv6-protocolstuurprogramma; H:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-compatibel transportprotocol; H:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; H:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-02 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-protocol; H:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-02 55936]
R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-stuurprogramma; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-26 4713472]
R3 Mkd2Nadr;Mkd2Nadr; H:\WINDOWS\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]
R3 mouhid;Stuurprogramma voor muis-HID; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; H:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-11-17 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; H:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-11-17 22016]
R3 nvsmu;nvsmu; H:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; H:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 SNPSTD3;USB PC Camera (SNPSTD3); H:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-26 10252544]
R3 tunmp;Stuurprogramma voor Microsoft Tun Minipoort-adapter; H:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; H:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Stuurprogramma voor USB-massaopslag; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 npkcrypt;npkcrypt; \??\H:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys []
S3 CCDECODE;Closed Caption-decoder; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\H:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53; \??\H:\DOCUME~1\D84C6~1.HAA\LOCALS~1\Temp\Rar$EX04.078\IlvMoney1196.sys []
S3 KEYBOARDWDFilter;KEYBOARDWDFilter; \??\H:\WINDOWS\System32\Drivers\KEYBOARDWD.SYS []
S3 Mkd2kfNt;Mkd2kfNt; H:\WINDOWS\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]
S3 MSICPL;MSICPL; \??\G:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; H:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video-verbinding; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Stuurprogramma voor Netwerkcontrole; H:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 PID_0920;Logitech QuickCam Express(PID_0920); H:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\G:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;World Standard Teletext-codec; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6-hulpservice; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 avg8emc;AVG Free8 E-mail Scanner; H:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-26 906520]
R2 avg8wd;AVG Free8 WatchDog; H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-26 298776]
R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-06-21 152984]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]
R2 NwSapAgent;SAP Agent; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; H:\WINDOWS\system32\PnkBstrA.exe [2009-06-26 75064]
R2 PnkBstrB;PnkBstrB; H:\WINDOWS\system32\PnkBstrB.exe [2009-07-07 189072]
R2 WMPNetworkSvc;Windows Media Player Network Sharing-service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S2 npkcmsvc;npkcmsvc; H:\Nexon\MapleStory\npkcmsvc.exe []
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; h:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; H:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 npggsvc;nProtect GameGuard Service; H:\WINDOWS\system32\GameMon.des [2009-02-17 2741114]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; H:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; H:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; H:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; H:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
rangersoul
Active Member
 
Posts: 13
Joined: July 4th, 2009, 6:13 am

Re: Some problems

Unread postby Shaba » July 9th, 2009, 7:39 am

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware