Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

17pholmes1001186.exe, Mrofinu.exe.


  • This topic is locked This topic is locked
7 replies to this topic

#1 Hologram

Hologram

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 12 August 2008 - 10:18 AM

Yeah so recently, me ad my family came home from vacation, I turned the computer on and it was acting weird. Two new processes were in the process screen. 17Pholmes and mrofinu.exe <-prevx.
Right now i looked in processes and there is another new process. VRR35.tmp, i searched it on google and nothing came up... EDIT: NOW i have speedrunner.exe and skra.exe(virusses) and yaiksw.exe also unknown..(VRR35.tmp)
I'm taking it off the internet asap only will be on to check this.

Heres a few symptoms:
1. The computer randomly restarts twice and then it restarts again and a Bios rom checksum error comes up and i have to press the button to get it off.
2. Everything gets stuck and i have to manually reboot it and then it says : Critical system error solved.
3. The computer is slower like always, it used to be alot faster. Especially Firefox goes really slow sometimes. IE just crashes.
4. My virusscanner sees a few hundred files that are infected with Win32/VirutN. Im hoping its not true >_>(Virusfighter)

I dont know what to do and am posting a hjt log here, could anyone look at it and tell me what to do?

Heres my log(main.txt):

Deckard's System Scanner v20071014.68
Run by maandag on 2008-08-12 21:18:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 4 Restore Point(s) --
4: 2008-08-12 19:11:39 UTC - RP1402 - Deckard's System Scanner Restore Point
3: 2008-08-09 10:40:25 UTC - RP1401 - Removed Atlantica Online
2: 2008-08-09 10:37:59 UTC - RP1400 - Removed Project Powder.
1: 2008-08-09 10:01:03 UTC - RP1399 - Installed Project Powder.


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 10.48 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-12 21:24:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\VIRUSfighter\npm\bin\elogsvc.exe
C:\VIRUSfighter\npm\bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\VIRUSfighter\npm\bin\Zlh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skra\Skra.exe
C:\Documents and Settings\maandag\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\maandag\Application Data\Microsoft\Windows\yaiksxw.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\VIRUSfighter\npm\bin\Njeeves.exe
C:\Documents and Settings\maandag\Bureaublad\dss.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\VIRUSfighter\Nvc\Bin\Nip.exe
C:\VIRUSfighter\Nvc\Bin\Nvcsched.exe
C:\VIRUSfighter\Nvc\Bin\Nvcoas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my2.freeze.com/?AcquisitionID=c0847...amp;s=&ipc=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: bannerstyle browser optimizer - {3eb92dd6-366d-8533-39da-a7af51fbe7fa} - C:\WINDOWS\system32\ngkqfdwawophfp.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] "C:\VIRUSfighter\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{44341909-619d-cf55-f6f8-3b898b297073}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\ngkqfdwawophfp.dll" DllStart
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Skra] C:\Program Files\Skra\Skra.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\maandag\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\maandag\Application Data\Microsoft\Windows\yaiksxw.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Skra] C:\Program Files\Skra\Skra.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SpeedRunner] C:\Documents and Settings\maandag\Application Data\SpeedRunner\SpeedRunner.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6wIP] C:\Documents and Settings\maandag\Application Data\Microsoft\Windows\duxxim.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [GetPack20] "C:\Program Files\GetPack\GetPack20.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Skra] C:\Program Files\Skra\Skra.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SpeedRunner] C:\Documents and Settings\maandag\Application Data\SpeedRunner\SpeedRunner.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SfKg6wIP] C:\Documents and Settings\maandag\Application Data\Microsoft\Windows\duxxim.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [GetPack20] "C:\Program Files\GetPack\GetPack20.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe" (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\nicolaas boon\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: RaptisoftGameLoader () - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b...heckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {395D7112-EC28-42BC-93F7-F31062353153} (Pixamo Picture Uploader) - http://photography.pixamo.com/uploadapplets/uploader2.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} () - http://akamai.downloadv3.com/binaries/P2EC..._1041_EN_XP.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8103.1682407407
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} () - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} () - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Alerter - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Application Layer Gateway-service (ALG) - Unknown owner - C:\WINDOWS\system32\alg.exe
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Services voor cryptografie (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Unknown owner - C:\VIRUSfighter\npm\bin\elogsvc.exe
O23 - Service: Service voor het rapporteren van fouten (ERSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: COM+-gebeurtenissysteem (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Compatibiliteit voor Snelle gebruikerswisseling (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\VIRUSfighter\npm\bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\npm\bin\Zanda.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Unknown owner - C:\VIRUSfighter\Nse\Bin\Nsesvc.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\Bin\Nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\Bin\Nvcsched.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: User Privilege Service (usprserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Serienummerservice voor draagbare media (WmdmPmSN) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: WMI-prestatieadapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Automatische updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wireless Zero Configuration-service (WZCSVC) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\system32\svchost.exe


--
End of file - 23837 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - unable to read value
.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 PhTVTune (MEDION TV-TUNER 7134 MK2/3) - c:\windows\system32\drivers\phtvtune.sys <Not Verified; Philips Semiconductors; Philips TVTuner WDM Driver>

S3 BLADI - d:\winddk\driver cker bypassed ce\elmo.sys (file missing)
S3 CEDRIVER52 - c:\program files\cheat engine\dbk32.sys (file missing)
S3 DISK_DRIVE32 - d:\uce\uce\disk_1024.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 ESISTEMA53 - c:\program files\ruanengine\sistema32.sys (file missing)
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 sejt1 - c:\documents and settings\maandag\bureaublad\ex engine\akumaengine33\sejt.sys (file missing)
S3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
S3 TEMPLEVER - c:\documents and settings\costa boon\mijn documenten\co$t@'s file's\bypass engine\templery engine\damainzor.sys (file missing)
S3 Varken52 - d:\winddk\cheat engine delphi\boerderij.sys (file missing)
S3 VICHW00 - c:\windows\system32\drivers\vichw00.sys (file missing)
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)
S3 wandrv (WAN Network Driver) - c:\windows\system32\drivers\wandrv.sys <Not Verified; America Online, Inc.; WAN Network Driver>
S3 XDva004 - c:\windows\system32\xdva004.sys (file missing)
S3 XDva006 - c:\windows\system32\xdva006.sys (file missing)
S3 XDva009 - c:\windows\system32\xdva009.sys (file missing)
S3 XDva032 - c:\windows\system32\xdva032.sys (file missing)
S3 XDva035 - c:\windows\system32\xdva035.sys (file missing)
S3 XDva090 - c:\windows\system32\xdva090.sys (file missing)
S3 XDva189 - c:\windows\system32\xdva189.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S3 zenos1 - c:\documents and settings\algemeen\bureaublad\gunz shyt\zenosengine2.3\zenos.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe"
R2 eLoggerSvc6 (Norman eLogger service 6) - "c:\virusfighter\npm\bin\elogsvc.exe"
R2 Iprip (RIP-listener) - c:\windows\system32\svchost.exe -k netsvcs
R2 LogWatch (Event Log Watch) - c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe <Not Verified; Computer Associates; Computer Associates LogWatNT>
R2 Norman ZANDA - "c:\virusfighter\npm\bin\zanda.exe" <Not Verified; Norman ASA; Norman Product Manager>
R2 Planner voor Automatische LiveUpdate - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" <Not Verified; Symantec Corporation; LiveUpdate>
R2 PnkBstrA - c:\windows\system32\pnkbstra.exe
R2 SimpTcp (Eenvoudige TCP/IP-services) - c:\windows\system32\tcpsvcs.exe
R2 SNMP (SNMP-service) - c:\windows\system32\snmp.exe
R3 Norman NJeeves - c:\virusfighter\npm\bin\njeeves.exe
R3 nvcoas (Norman Virus Control on-access component) - "c:\virusfighter\nvc\bin\nvcoas.exe"
R3 NVCScheduler (Norman Virus Control Scheduler) - c:\virusfighter\nvc\bin\nvcsched.exe

S2 Avg7Alrt (AVG7 Alert Manager Server) - c:\progra~1\grisoft\avg7\avgamsvr.exe (file missing)
S2 Avg7UpdSvc (AVG7 Update Service) - c:\progra~1\grisoft\avg7\avgupsvc.exe (file missing)
S2 UleadBurningHelper (Ulead Burning Helper) - c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe (file missing)
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)
S3 CA_LIC_CLNT (CA License Client) - c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe <Not Verified; Computer Associates; Computer Associates lic98rmt>
S3 CA_LIC_SRVR (CA License Server) - c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe <Not Verified; Computer Associates; Computer Associates lic98rmtd>
S3 LPDSVC (TCP/IP Print Server) - c:\windows\system32\tcpsvcs.exe
S3 nsesvc (Norman Scanner Engine Service) - "c:\virusfighter\nse\bin\nsesvc.exe" -daemon
S3 p2pgasvc (Groepsverificatie van peer-netwerken) - c:\windows\system32\svchost.exe -k p2psvc
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing)
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
S3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe (file missing)
S4 Apache - "c:\program files\apache group\apache\apache.exe" --ntservice (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-12 21:00:00 282 --ah----- C:\WINDOWS\Tasks\AA420F4691FD8332.job
2008-07-08 17:57:19 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-24 09:00:00 386 --a------ C:\WINDOWS\Tasks\rpc.job


-- Files created between 2008-07-12 and 2008-08-12 -----------------------------

2008-09-10 20:36:56 0 d-------- C:\Netgame
2008-09-10 20:32:22 0 d-------- C:\Program Files\Netgame
2008-09-09 17:47:38 0 d-------- C:\WINDOWS\Logs
2008-09-09 17:39:37 0 d-------- C:\Program Files\Zemi Interactive
2008-08-12 18:00:37 0 d-------- C:\Program Files\Gpotato
2008-08-12 16:55:30 0 d-------- C:\Documents and Settings\maandag\Application Data\WinRAR
2008-08-12 00:54:07 0 d-------- C:\Program Files\VnrBlock
2008-08-12 00:54:07 0 d-------- C:\Program Files\BChanger
2008-08-09 11:49:09 0 d-------- C:\Program Files\Outspark
2008-08-08 22:05:45 0 d-------- C:\nDoors
2008-08-08 15:22:23 44544 --a------ C:\WINDOWS\mrofinu1001186.exe
2008-08-07 18:56:41 0 d-------- C:\WINDOWS\BDOSCAN8
2008-08-05 01:55:10 0 d-------- C:\VundoFix Backups
2008-08-04 21:13:29 64852 --a------ C:\WINDOWS\system32\gtblsqfzojbkltn.exe
2008-08-04 21:13:27 0 d-------- C:\Program Files\iCheck
2008-08-04 21:13:27 0 d-------- C:\Program Files\GetPack
2008-08-04 21:08:22 0 d-------- C:\Program Files\InetGet2
2008-08-04 21:08:22 0 d-------- C:\Documents and Settings\maandag\Application Data\SpeedRunner
2008-08-04 21:03:16 0 d-------- C:\Program Files\Skra
2008-08-04 20:58:12 0 d-------- C:\Program Files\Webtools
2008-08-04 20:53:19 0 d-------- C:\Program Files\Mjcore
2008-08-04 16:59:48 64512 --a------ C:\WINDOWS\b152.exe
2008-07-28 19:06:12 56832 --a------ C:\WINDOWS\b155.exe
2008-07-25 16:50:06 355840 --a------ C:\WINDOWS\b148.exe
2008-07-22 18:46:56 34816 --a------ C:\WINDOWS\b156.exe
2008-07-20 09:57:35 0 d-------- C:\ConverterOutput
2008-07-20 09:57:15 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-20 09:57:15 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-20 09:57:15 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-20 09:57:15 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-07-20 09:57:14 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-20 09:57:14 348160 --a------ C:\WINDOWS\system32\cdga.dll <Not Verified; ; Cucusoft Audio Transparent Filter>
2008-07-20 09:57:14 364544 --a------ C:\WINDOWS\system32\cdg.dll <Not Verified; Cucusoft Inc.; Cucusoft>
2008-07-20 09:57:14 14909 --a------ C:\WINDOWS\system32\A_reg.reg
2008-07-20 09:57:12 0 d-------- C:\Program Files\Cucusoft
2008-07-19 19:01:20 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-19 19:01:15 0 d-------- C:\Program Files\Video converter
2008-07-19 18:56:29 0 d-------- C:\Documents and Settings\jaap boon\Application Data\uTorrent
2008-07-19 17:38:30 0 d-------- C:\Documents and Settings\jaap boon\Application Data\Sun
2008-07-19 05:57:06 0 d-------- C:\Documents and Settings\donna mehos\Application Data\InstallShield
2008-07-17 21:29:53 0 d-------- C:\Documents and Settings\maandag\Application Data\Hamachi
2008-07-13 23:12:12 0 d-------- C:\Documents and Settings\jaap boon\Application Data\Nexon
2008-07-13 23:05:27 0 d-------- C:\Documents and Settings\jaap boon\Application Data\InstallShield
2008-07-13 22:36:03 0 d-------- C:\Program Files\GAMENAO


-- Find3M Report ---------------------------------------------------------------

2008-09-12 19:36:32 0 d-------- C:\Program Files\MAIET
2008-09-10 19:47:25 0 d-------- C:\Documents and Settings\maandag\Application Data\InstallShield
2008-08-12 21:25:30 293376 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-12 21:17:55 0 d-------- C:\Documents and Settings\maandag\Application Data\Free Download Manager
2008-08-12 20:22:37 440320 --a------ C:\WINDOWS\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-12 20:22:25 116224 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-12 17:09:08 101376 --a------ C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-12 17:09:08 135680 --a------ C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-12 17:09:03 144896 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-12 17:08:47 114688 --a------ C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-12 17:08:46 7680 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-08-12 17:08:46 36864 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-08-12 17:08:33 229376 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Beheer van logische schijven voor Windows NT>
2008-08-12 17:08:29 34816 --a------ C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-12 17:08:29 8704 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-12 16:47:34 346624 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-12 16:39:46 287744 --a------ C:\WINDOWS\winhlp32.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-11 16:59:52 16896 --a------ C:\WINDOWS\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-11 16:59:50 33792 --a------ C:\WINDOWS\system32\wupdmgr.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-11 16:59:48 217600 --a------ C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-11 16:59:48 73728 --a------ C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-11 16:59:47 52224 --a------ C:\WINDOWS\system32\utilman.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-11 16:59:46 146432 --a------ C:\WINDOWS\system32\mobsync.exe <Not Verified; Microsoft Corporation; Microsoft Synchronisatiebeheer>
2008-08-11 16:59:45 153088 --a------ C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-10 00:25:41 73728 --a------ C:\WINDOWS\system32\hpoipm07.exe <Not Verified; HP; HP PML>
2008-08-09 21:11:24 453632 --a------ C:\WINDOWS\mHotkey.exe
2008-08-09 21:11:22 36352 --a------ C:\WINDOWS\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 21:11:22 77824 --a------ C:\WINDOWS\Dit.exe
2008-08-09 21:11:16 1038848 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 21:09:50 25600 --a------ C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 20:50:11 35328 --a------ C:\WINDOWS\system32\rundll32.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 17:18:05 13312 --a------ C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-09 13:48:55 349184 --a------ C:\WINDOWS\system32\tourstart.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 13:48:53 515584 --a------ C:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 13:01:06 141824 --a------ C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 13:00:50 47104 --a------ C:\WINDOWS\system32\drwtsn32.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 12:50:39 402432 --a------ C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 12:41:31 52224 --a------ C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-09 12:40:27 413184 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 12:32:40 33792 --a------ C:\WINDOWS\system32\vssadmin.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 12:32:39 33792 --a------ C:\WINDOWS\system32\ntsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-09 12:06:36 70656 --a------ C:\WINDOWS\system32\notepad.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-08-09 11:48:38 79872 --a------ C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-08-08 22:05:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-07 21:06:21 0 d-------- C:\Program Files\TVAnts
2008-08-07 20:57:12 0 d-------- C:\Program Files\Microsoft Works
2008-08-07 20:49:15 0 d-------- C:\Program Files\GomPlayer
2008-08-07 20:48:54 503348 --a------ C:\WINDOWS\system32\perfh013.dat
2008-08-07 20:48:54 89528 --a------ C:\WINDOWS\system32\perfc013.dat
2008-08-07 19:02:39 0 d-------- C:\Program Files\MSN Messenger
2008-08-06 02:28:17 0 d-------- C:\Program Files\Acoustica Mixcraft
2008-07-18 17:55:43 0 d-------- C:\Documents and Settings\maandag\Application Data\Apple Computer
2008-07-11 15:47:12 158208 --a------ C:\WINDOWS\system32\ngkqfdwawophfp.dll
2008-07-08 20:51:24 0 d-------- C:\Program Files\iTunes
2008-07-08 20:47:14 0 d-------- C:\Program Files\Apple Software Update
2008-07-08 18:04:50 0 d-------- C:\Program Files\iPod
2008-07-08 18:03:33 0 d-------- C:\Program Files\QuickTime
2008-07-04 21:58:38 0 d-------- C:\Documents and Settings\maandag\Application Data\uTorrent
2008-07-04 11:43:05 0 d-------- C:\Program Files\Neffy
2008-06-24 23:08:22 0 d-------- C:\Program Files\Softnyx
2008-06-23 13:13:33 0 d-------- C:\Documents and Settings\maandag\Application Data\Xfire
2008-06-15 00:21:35 0 d-------- C:\Program Files\Smart ReName
2008-06-14 23:24:59 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-14 22:22:38 0 d-------- C:\Program Files\Microsoft.NET
2008-06-14 09:33:28 0 d-------- C:\Program Files\IAHGames
2008-06-14 09:27:03 0 d-------- C:\Program Files\FlashGet
2008-06-14 01:04:36 0 d-------- C:\Program Files\Free Download Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
12-08-2008 00:48 91648 --a------ C:\Program Files\Webtools\webtools.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3670A914-63C2-4E67-8C9B-370AE1922143}]
19-06-2008 16:21 36864 --a------ C:\Program Files\BChanger\bchanger.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3eb92dd6-366d-8533-39da-a7af51fbe7fa}]
11-07-2008 15:47 158208 --a------ C:\WINDOWS\system32\ngkqfdwawophfp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}]
12-08-2008 00:43 110080 --a------ C:\Program Files\Mjcore\Mjcore.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12-05-2005 00:34]
"nwiz"="nwiz.exe" [09-08-2008 21:11 C:\WINDOWS\system32\nwiz.exe]
"Dit"="Dit.exe" [09-08-2008 21:11 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [09-08-2008 21:11 C:\WINDOWS\mHotkey.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" []
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" []
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07-08-2008 20:50]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12-05-2005 00:34]
"Norman ZANDA"="C:\VIRUSfighter\Npm\bin\ZLH.exe" [11-08-2008 16:59]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [07-08-2008 20:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [06-02-2007 01:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-08-2008 21:03]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02-06-2008 11:13]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10-09-2006 22:56]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [12-08-2008 21:22]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"{44341909-619d-cf55-f6f8-3b898b297073}"="C:\WINDOWS\system32\ngkqfdwawophfp.dll" [11-07-2008 15:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11-08-2008 16:59]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10-09-2006 22:56]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10-09-2006 22:56]
"Skra"="C:\Program Files\Skra\Skra.exe" [12-08-2008 00:48]
"SpeedRunner"="C:\Documents and Settings\maandag\Application Data\SpeedRunner\SpeedRunner.exe" [12-08-2008 00:54]
"SfKg6wIP"="C:\Documents and Settings\maandag\Application Data\Microsoft\Windows\yaiksxw.exe" [12-08-2008 00:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Skra"=C:\Program Files\Skra\Skra.exe
"SpeedRunner"=C:\Documents and Settings\maandag\Application Data\SpeedRunner\SpeedRunner.exe
"SfKg6wIP"=C:\Documents and Settings\maandag\Application Data\Microsoft\Windows\duxxim.exe
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"GetPack20"="C:\Program Files\GetPack\GetPack20.exe"
"VnrBlock20"="C:\Program Files\VnrBlock\VnrBlock20.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"pmsngr.exe"=C:\Program Files\Video ActiveX Object\pmsngr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\Nail.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost
127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com
127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info


-- End of Deckard's System Scanner: finished at 2008-08-12 21:26:56 ------------

Extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1023.48 MiB / 454.82 MiB
Pagefile Memory (total/avail): 2460.28 MiB / 1972.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.33 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.21 GiB total, 10.48 GiB free.
D: is Fixed (NTFS) - 72.27 GiB total, 21.93 GiB free.
E: is Fixed (FAT32) - 2.56 GiB total, 0.64 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 74.21 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 74.83 GiB - D: - E:

\\.\PHYSICALDRIVE3 - Generic Card ReadeMMC/SD USB Device

\\.\PHYSICALDRIVE1 - Generic Card Reader CF USB Device

\\.\PHYSICALDRIVE2 - Generic Card Reader MS USB Device

\\.\PHYSICALDRIVE4 - Generic Card Reader SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: VIRUSfighter ver. 5.99 v5.99 (SPAMfighter ApS & Norman ASA) Outdated
AV: AVG Anti-Virus 7.0.322 v7.0.322 (GRISOFT) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\e-Games\\Battle Position\\Game.exe"="C:\\Program Files\\e-Games\\Battle Position\\Game.exe:*:Enabled:BattlePosition"
"C:\\Program Files\\Apache Group\\Apache\\Apache.exe"="C:\\Program Files\\Apache Group\\Apache\\Apache.exe:*:Enabled:Apache"
"C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"="C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\SpaceCowboy(ENG)\\Launcher.atm"="C:\\Program Files\\SpaceCowboy(ENG)\\Launcher.atm:*:Enabled:SCLauncher"
"C:\\Program Files\\WEMADE Entertainment\\Legend of Mir\\Mir2Patch.exe"="C:\\Program Files\\WEMADE Entertainment\\Legend of Mir\\Mir2Patch.exe:*:Enabled:Mir2Patch"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\gameflier\\TSOnline\\update.exe"="C:\\Program Files\\gameflier\\TSOnline\\update.exe:*:Disabled:update"
"C:\\Program Files\\MAIET\\Gunz\\BAReport.exe"="C:\\Program Files\\MAIET\\Gunz\\BAReport.exe:*:Enabled:BAReport MFC ?? ????"
"C:\\Documents and Settings\\algemeen\\Bureaublad\\GunzLauncher.exe"="C:\\Documents and Settings\\algemeen\\Bureaublad\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger (SM)"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\MAIET\\Gunz\\client.exe"="C:\\Program Files\\MAIET\\Gunz\\client.exe:*:Enabled:Gunz"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Documents and Settings\\algemeen\\Mijn documenten\\My Games\\Gunz\\GunzLauncher.exe"="C:\\Documents and Settings\\algemeen\\Mijn documenten\\My Games\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\GPotato\\SpaceCowboy\\SpaceCowboy.exe"="C:\\Program Files\\GPotato\\SpaceCowboy\\SpaceCowboy.exe:*:Enabled:SpaceCowboy"
"C:\\Program Files\\GPotato\\SpaceCowboy\\Launcher.atm"="C:\\Program Files\\GPotato\\SpaceCowboy\\Launcher.atm:*:Enabled:SCLauncher"
"C:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe"="C:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\GalaNet\\Flyff\\Flyff.exe"="C:\\Program Files\\GalaNet\\Flyff\\Flyff.exe:*:Enabled:Flyff"
"C:\\Documents and Settings\\costa boon\\Mijn documenten\\Co$T@'s FiLe's\\Empire Earth-MYTH RIP includes Music\\Empire Earth.exe"="C:\\Documents and Settings\\costa boon\\Mijn documenten\\Co$T@'s FiLe's\\Empire Earth-MYTH RIP includes Music\\Empire Earth.exe:*:Disabled:Empire Earth"
"C:\\Team17\\Worms2\\frontend.exe"="C:\\Team17\\Worms2\\frontend.exe:*:Disabled:Worms 2 Frontend"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Documents and Settings\\nicolaas boon\\Bureaublad\\GunzLauncher.exe"="C:\\Documents and Settings\\nicolaas boon\\Bureaublad\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Documents and Settings\\algemeen\\Mijn documenten\\My Games\\Gunz\\Gunz.exe"="C:\\Documents and Settings\\algemeen\\Mijn documenten\\My Games\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\LevelUpGames\\Gunz\\Gunz.exe"="C:\\Program Files\\LevelUpGames\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\LevelUpGames\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\LevelUpGames\\Gunz\\GunzLauncher.exe:*:Enabled:Gunz"
"C:\\Documents and Settings\\algemeen\\Mijn documenten\\My Games\\GunzIndia\\Gunz.exe"="C:\\Documents and Settings\\algemeen\\Mijn documenten\\My Games\\GunzIndia\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\ijji\\ENGLISH\\Gunster.exe"="C:\\ijji\\ENGLISH\\Gunster.exe:*:Enabled:Gunster"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\\VGO\\Clt.exe"="D:\\VGO\\Clt.exe:*:Enabled:21cnPPS"
"C:\\Program Files\\Gameforge4D\\AirRivals\\Launcher.atm"="C:\\Program Files\\Gameforge4D\\AirRivals\\Launcher.atm:Enabled:GameExe2"
"C:\\Program Files\\Gameforge4D\\AirRivals\\Res-Voip\\SCVoIP.exe"="C:\\Program Files\\Gameforge4D\\AirRivals\\Res-Voip\\SCVoIP.exe:Enabled:GameVoIP"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"D:\\Microsoft office 2007\\Office12\\OUTLOOK.EXE"="D:\\Microsoft office 2007\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"Game.exe"="Game.exe:*:Enabled:GostSoul"
"C:\\ijji\\ENGLISH\\u_gunz.exe"="C:\\ijji\\ENGLISH\\u_gunz.exe:*:Enabled:<ijji Downloader>"
"D:\\GameGuard\\GameGuard\\Run.exe"="D:\\GameGuard\\GameGuard\\Run.exe:*:Enabled:ProjectPowder"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\maandag\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JADOCONIC1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\maandag
LOGONSERVER=\\JADOCONIC1
NpmLib=C:\VIRUSfighter\Npm\Bin
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\System32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Diskeeper Corporation\Diskeeper;C:\Program Files\Samsung PC Studio 3;C:\VIRUSfighter\Npm\Bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\;;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 8, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0408
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\maandag\LOCALS~1\Temp
TMP=C:\DOCUME~1\maandag\LOCALS~1\Temp
USERDOMAIN=JADOCONIC1
USERNAME=maandag
USERPROFILE=C:\Documents and Settings\maandag
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

jaap (admin)
donna (admin)
costa (admin)
nicolaas
algemeen
maandag (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type22719 / Error
Event Submitted/Written: 08/12/2008 09:26:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: niu.exe, versie: 5.99.3.1, vastgelopen module: unknown, versie: 0.0.0.0, vastgelopen op: 0x00473000.
Verwerken van mediaspecifieke gebeurtenis voor [niu.exe!ws!]

Event Record #/Type22713 / Warning
Event Submitted/Written: 08/12/2008 09:14:18 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
Kan parameter TraceLevel niet vinden in het register.
Het gebruikte standaardtraceerniveau is 32.

Event Record #/Type22712 / Warning
Event Submitted/Written: 08/12/2008 09:14:18 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
Kan parameter TraceFileName niet vinden in het register.
Het gebruikte standaardtraceringsbestand is .

Event Record #/Type22708 / Error
Event Submitted/Written: 08/12/2008 08:41:48 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: niu.exe, versie: 5.99.3.1, vastgelopen module: unknown, versie: 0.0.0.0, vastgelopen op: 0x00473000.
Verwerken van mediaspecifieke gebeurtenis voor [niu.exe!ws!]

Event Record #/Type22707 / Error
Event Submitted/Written: 08/12/2008 07:40:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: niu.exe, versie: 5.99.3.1, vastgelopen module: unknown, versie: 0.0.0.0, vastgelopen op: 0x00473000.
Verwerken van mediaspecifieke gebeurtenis voor [niu.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type68737 / Error
Event Submitted/Written: 08/12/2008 09:19:57 PM
Event ID/Source: 10000 / DCOM
Event Description:
Kan geen DCOM-server starten: {0002DF01-0000-0000-C000-000000000046}.
Foutmelding
"%%2"
is opgetreden bij het uitvoeren van de opdracht
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding'

Event Record #/Type68721 / Error
Event Submitted/Written: 08/12/2008 09:17:49 PM
Event ID/Source: 10000 / DCOM
Event Description:
Kan geen DCOM-server starten: {AC746233-E9D3-49CD-862F-068F7B7CCCA4}.
Foutmelding
"%%2"
is opgetreden bij het uitvoeren van de opdracht
C:\Program Files\Internet Download Manager\IDMan.exe -Embedding'

Event Record #/Type68675 / Error
Event Submitted/Written: 08/12/2008 09:15:29 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
De volgende opstartstuurprogramma's zijn niet geladen:
Avg7Core
Avg7RsXP

Event Record #/Type68674 / Error
Event Submitted/Written: 08/12/2008 09:15:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
De Viewpoint Manager Service-service kan vanwege de volgende fout niet worden gestart:
%%2

Event Record #/Type68673 / Error
Event Submitted/Written: 08/12/2008 09:15:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
De Ulead Burning Helper-service kan vanwege de volgende fout niet worden gestart:
%%2



-- End of Deckard's System Scanner: finished at 2008-08-12 21:26:56 ------------

Edited by Hologram, 12 August 2008 - 03:42 PM.


BC AdBot (Login to Remove)

 


#2 Hologram

Hologram
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 12 August 2008 - 12:43 PM

Bump >__>
edit : Oops sorry about this bump, didnt read good enough >_<

Edited by Hologram, 12 August 2008 - 01:02 PM.


#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:39 PM

Posted 14 August 2008 - 08:18 AM

Hi,

I have bad news for you. This is a game over situation here since you are also dealing with a File infector which infected legitimate files. On top, you are dealing with A LOT of other random malware such as backdoors etc.

Actually this doesn't suprise me at all, because you disabled your Antivirus and second, it was way outdated. No wonder your system is so severly infected.

Please read the following articles:

http://miekiemoes.blogspot.com/2008/06/vir...again-sigh.html
http://miekiemoes.blogspot.com/2008/06/mal...-draw-line.html

I'm sorry, there's not much we can do here anymore. As I said, this is unfortunately a game over situation. Too much malware present + File infector on top. This computer is badly compromised and there's no way you can ever trust this computer anymore if you try to clean this up manually.
That's why, the fastest, and especially the SAFEST solution here is a format and reinstall.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Hologram

Hologram
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 14 August 2008 - 10:13 AM

Oh okay, i thought so. And i didnt disable the firewall... It must have been killed by a virus since it's been acting weird for a while now and it still says firewall is on, but clearly it's not o_o. And it was supposed to be updated but it was acting weird so it must've not worked. Thanks T__T
I was going to format it, but just wanted to check if this was possible, thank you.

Edited by Hologram, 14 August 2008 - 10:14 AM.


#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:39 PM

Posted 14 August 2008 - 10:20 AM

Hi,

I was talking about your Antivirus, not your Firewall. There's a difference between both of them.
Also, even though it was enabled, it won't make sense, since it was outdated as your log says:

AV: VIRUSfighter ver. 5.99 v5.99 (SPAMfighter ApS & Norman ASA) Outdated
AV: AVG Anti-Virus 7.0.322 v7.0.322 (GRISOFT) Outdated

So there's no way to prevent malware if you never update your Antivirus.

Anyway,

Please read my Prevention page with lots of info and tips how to prevent this in the future.
Because as I see your log, above prevention tips are really needed.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Hologram

Hologram
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 15 August 2008 - 02:42 AM

I'm sorry, my dad installed them. He thought virusfighter was a firewall/anti-virus... I guess not -_- could you reccomend me a firewall and anti-virus ?

Edited by Hologram, 15 August 2008 - 02:43 AM.


#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:39 PM

Posted 15 August 2008 - 03:22 AM

Yes, look in my signature below under Antivirusscanners and Firewalls for the ones I recommend. Keep in mind, only install 1 Antivirus and Firewall, because more than one are not compatible.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:39 PM

Posted 18 August 2008 - 02:13 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users