kitchenbreak

Hi here are some of my issues:

My control panel is gone
My PC reboots by itself
I keep getting Runtime error 5A003CD1 while running the windows system update. Windows could not install all the updates.

DSS log

Deckard's System Scanner v20071014.68
Run by Czenobia on 2008-05-17 11:16:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2008-05-17 09:20:10 UTC - RP1137 - Deckard's System Scanner Restore Point
19: 2008-05-17 09:14:17 UTC - RP1136 - Windows XP KB917422 is geïnstalleerd.
18: 2008-05-17 09:10:37 UTC - RP1135 - Deckard's System Scanner Restore Point
17: 2008-05-17 09:08:11 UTC - RP1134 - Windows XP KB918899 is geïnstalleerd.
16: 2008-05-17 09:07:14 UTC - RP1133 - Windows XP KB920683 is geïnstalleerd.


-- First Restore Point --
1: 2008-02-06 21:39:00 UTC - RP1118 - Controlepunt van systeem


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 89% (more than 75%).


-- HijackThis (run as Czenobia.exe) --------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-17 11:22:05
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\stardock\SDMCP.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Logitech\iTouch\iTouch.exe
C:\Program Files\MouseWare\system\EM_EXEC.EXE
C:\APPS\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\System\vcsplay.exe
C:\Logitech\iTouch\KbdTray.exe
C:\APPS\ActivBoard\Traymon.exe
C:\APPS\ActivBoard\osd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\kdx\khost.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\APPS\ActivBoard\nhksrv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\system32\bgsmsnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\MRT.exe
C:\Documents and Settings\Czenobia\Bureaublad\dss.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O1 - Hosts: 213.219.251.81 astalavista.com
O1 - Hosts: 213.219.251.81 www.astalavista.com
O1 - Hosts: 213.219.251.81 cracks.com
O1 - Hosts: 213.219.251.81 www.cracks.com
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar5.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [KE68BLg.exe] C:\documents and settings\angelique\local settings\temp\KE68BLg.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\bgsmsnd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - HKCU\..\Run: [b9fc1fa9.exe] C:\Documents and Settings\Czenobia\Local Settings\Application Data\b9fc1fa9.exe
O4 - HKCU\..\Run: [9942c21d.exe] C:\Documents and Settings\Czenobia\Local Settings\Application Data\9942c21d.exe
O4 - HKCU\..\Run: [a6e10066.exe] C:\Documents and Settings\Czenobia\Local Settings\Application Data\a6e10066.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Windows Setup Manger] http://search.sendtobiz.info/index.p...sekeeping.+com
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\AdwareFilter.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Angelique\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\jhuqhnsqk.dll
O16 - DPF: FreedomAudio Recorder () - http://www.maroc.nl/recorder/efreedominstaller.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...n/content.html
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {2F29658D-FB92-4A4F-8FFF-0D1BC1BA52C5} (GlassRoomVoice Control) - http://195.169.149.206/~diversit/hva...sRoomVoice.cab
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.englishtown.com/EtownReso...rMe/hmvcfe.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_05) - http://java.sun.com/update/1.4.2/jin...ndows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {AEFD32B6-4815-11D2-98E4-00C04FCEFE77} (SnCAX Class) - http://www.pilmo.com/clients/dialer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
O22 - SharedTaskScheduler: Fdjskie8 jf8e - {8D5849A2-93F3-429D-FF34-260A2068897C} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\APPS\ActivBoard\nhksrv.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 17839 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R1 vcsmpdrv - c:\windows\system32\drivers\vcsmpdrv.sys <Not Verified; H+H Software GmbH; Virtual CD>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>

S2 AVWEBCAM (AV WebCam, WDM Video Capture) - c:\windows\system32\drivers\avwebcam.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S2 WebCamHelper - c:\progra~1\avwebc~2\webcamhelper.sys (file missing)
S2 windev-29bf-6d87 - c:\windows\system32\windev-29bf-6d87.sys (file missing)
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20040213.016\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20040213.016\navex15.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; NetGroup - Politecnico di Torino; WinPcap Netgroup Packet Filter Driver>
S3 ntldr.sys - c:\ntldr.sys (file missing)
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 nhksrv (Netropa NHK Server) - c:\apps\activboard\nhksrv.exe
R2 VCSSecS (Virtual CD v4 Security service (SDK - Version)) - c:\program files\virtual cd v4 sdk\system\vcssecs.exe <Not Verified; H+H Software GmbH; Virtual CD>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 InstallShield Licensing Service - "c:\program files\common files\installshield shared\service\installshield licensing service.exe" <Not Verified; Macrovision; FLEXnet Authentication Service>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; NetGroup - Politecnico di Torino; Remote Packet Capture Daemon>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-17 11:15:40 388 --a------ C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job
2008-01-10 17:09:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-04-17 21:21:15 370 --a------ C:\WINDOWS\Tasks\McAfee AntiSpyware.job
2006-04-17 20:55:44 308 --a------ C:\WINDOWS\Tasks\XoftSpy.job
2004-05-14 16:34:15 276 --a------ C:\WINDOWS\Tasks\TV ON-OFF.job
2003-12-23 21:20:00 258 --a------ C:\WINDOWS\Tasks\Herinnering voor registratie 3.job
2003-12-16 23:05:00 258 --a------ C:\WINDOWS\Tasks\Herinnering voor registratie 2.job
2003-12-09 16:04:36 258 --a------ C:\WINDOWS\Tasks\Herinnering voor registratie 1.job


-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2065-06-18 09:05:43 94208 --a------ C:\WINDOWS\System32\VBPNG1.DLL <Not Verified; ; LibPNG>
2008-05-17 11:13:19 0 d-------- C:\Program Files\Trend Micro
2008-05-04 15:38:45 0 d-------- C:\Program Files\Panda Security
2008-04-29 16:51:38 86016 --a------ C:\WINDOWS\System32\custmon32.dll
2008-04-29 16:51:19 0 d-------- C:\Program Files\Capsoft
2008-04-29 16:51:14 53248 --a------ C:\Documents and Settings\Czenobia\unInstpw.exe
2008-04-29 16:51:14 53248 --a------ C:\Documents and Settings\Czenobia\Setup.exe <Not Verified; Acro Software Inc.; Setup Application>
2008-04-29 16:51:14 32768 --a------ C:\Documents and Settings\Czenobia\Preferences.exe <Not Verified; Acro Software Inc.; PDF Writer Application>
2008-04-29 16:51:14 28672 --a------ C:\Documents and Settings\Czenobia\pdfwriter64.exe <Not Verified; Acro Software Inc.; PDF Writer Application>
2008-04-29 16:51:14 28672 --a------ C:\Documents and Settings\Czenobia\pdfwriter.exe <Not Verified; Acro Software Inc.; PDF Writer Application>
2008-04-29 16:51:14 28672 --a------ C:\Documents and Settings\Czenobia\CuteEncrypt.exe <Not Verified; Acro Software Inc.; PDF Writer Application>
2008-04-29 16:51:14 87040 --a------ C:\Documents and Settings\Czenobia\custmon64.dll
2008-04-29 16:51:14 86016 --a------ C:\Documents and Settings\Czenobia\custmon32.dll
2008-04-29 16:51:14 77824 --a------ C:\Documents and Settings\Czenobia\CUSTMON.DLL
2008-04-29 16:51:14 28672 --a------ C:\Documents and Settings\Czenobia\CustExt.exe <Not Verified; Acro Software Inc.; PDF Writer Application>
2008-04-29 16:51:12 0 d-------- C:\Documents and Settings\Czenobia\GNUGS
2008-04-29 16:51:12 0 d-------- C:\Documents and Settings\Czenobia\Driver
2008-04-29 16:51:11 23040 --a------ C:\Documents and Settings\Czenobia\unInstpw64.exe <Not Verified; Acro Software Inc.; Setup Application>
2008-04-29 16:51:11 1380352 --a------ C:\Documents and Settings\Czenobia\iSEDQuickPDFSL.dll <Not Verified; SEDTech (Pty) Ltd.; iSEDQuickPDF>
2008-04-28 09:01:19 0 d-------- C:\WINDOWS\PrimoPDF4


-- Find3M Report ---------------------------------------------------------------

2008-05-17 11:15:42 5121 --a------ C:\WINDOWS\System32\dgnej.dat
2008-05-17 11:15:42 74337 --a------ C:\WINDOWS\System32\cabibet.dat
2008-05-17 11:15:41 298060 --a------ C:\WINDOWS\System32\wiavijeo.dat
2008-05-17 11:13:30 0 d-------- C:\Program Files\Common Files
2008-05-17 11:00:44 0 d-------- C:\Program Files\SpywareBlaster
2008-05-14 22:24:56 0 d-------- C:\Program Files\Spyware Doctor
2008-05-04 16:17:54 12529 --a------ C:\WINDOWS\mozver.dat
2008-04-28 09:01:22 0 d-------- C:\Program Files\activePDF
2008-04-01 18:57:46 444378 --a------ C:\WINDOWS\System32\perfh013.dat
2008-04-01 18:57:46 70632 --a------ C:\WINDOWS\System32\perfc013.dat
2008-03-20 19:48:52 0 d-------- C:\Documents and Settings\Czenobia\Application Data\ICAClient
2008-03-20 19:03:33 0 d-------- C:\Program Files\Citrix
2008-03-19 19:34:43 0 d-------- C:\Program Files\Belastingdienst


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Logitech\iTouch\iTouch.exe" [25-09-2001 02:59]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [24-08-2001 10:40]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [21-04-2004 21:10]
"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [03-05-2001 19:41]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [07-06-2002 13:34]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [15-07-2003 15:56]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [15-07-2003 15:50]
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [01-07-2002 05:05]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [03-06-2004 22:05]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [20-01-2004 11:45]
"KE68BLg.exe"="C:\documents and settings\angelique\local settings\temp\KE68BLg.exe" []
"vmlib"="vmlib.exe" [05-11-2005 20:40 C:\WINDOWS\system32\vmlib.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06-06-2005 23:46]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [21-06-2006 19:14]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12-01-2006 17:40]
"SoundMan"="SOUNDMAN.EXE" [15-08-2003 01:34 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29-06-2007 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15-08-2007 20:15]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [14-11-2007 23:04]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [10-11-2007 17:24]
"bgsmsnd.exe"="C:\WINDOWS\System32\bgsmsnd.exe" [19-11-2007 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [31-08-2005 20:27]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [11-09-2002 13:00]
"ClearCookies"="C:\WINDOWS\cc.exe" [25-11-2005 10:49]
"AlexaToolbar"="C:\WINDOWS\alt.exe" []
"b9fc1fa9.exe"="C:\Documents and Settings\Czenobia\Local Settings\Application Data\b9fc1fa9.exe" []
"9942c21d.exe"="C:\Documents and Settings\Czenobia\Local Settings\Application Data\9942c21d.exe" []
"a6e10066.exe"="C:\Documents and Settings\Czenobia\Local Settings\Application Data\a6e10066.exe" []
"MessengerDiscovery"="C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe" [13-12-2004 19:22]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [20-08-2005 18:48]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [09-10-2006 12:28]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30-03-2006 16:45]
"Windows Setup Manger"="http://search.sendtobiz.info/index.php?q=goodhousekeeping.+com" []
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [08-09-2005 23:08]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 22:05:26]
AdwareFilter Background Protection.lnk - C:\Program Files\AdwareFilter\AdwareFilter.exe [4-11-2004 16:50:35]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [10-2-2005 15:13:38]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [23-12-2004 11:07:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 25-08-2003 11:25 139264 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"




-- Hosts -----------------------------------------------------------------------

213.219.251.81 astalavista.com
213.219.251.81 www.astalavista.com
213.219.251.81 cracks.com
213.219.251.81 www.cracks.com
213.219.251.80 go.com
213.219.251.80 www.go.com
127.0.0.1 www.freeincest.info
127.0.0.1 www.free-incest.info
127.0.0.1 www.free-incest-pics.com
127.0.0.1 www.free-incest-stories.com

32 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-17 11:25:34 ------------

Attached Files

	ActiveScan.txt (18.7 KB, 1 views)
	extra.txt (31.9 KB, 3 views)

kitchenbreak

Bumping (Past 72 hours).

tetonbob

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix) We'll use this later.

---------------------------------------------------------------------------------------------

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post the log from ComboFix (C:\ComboFix.txt) at the end of this fix.

---------------------------------------------------------------------------------------------

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Post that log in your next reply.

---------------------------------------------------------------------------------------------

Run DSS once again, and post it's log, main.txt

---------------------------------------------------------------------------------------------

Please post the logs from:

ComboFix (C:\ComboFix.txt)
SDFix (C:\SDFix\report.txt)
DSS (main.txt)


If you have any questions along the way, STOP and ask them before proceeding.

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

kitchenbreak

Hi here is my Combofix log:

ComboFix 08-05-21.3 - Czenobia 2008-05-23 12:18:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1043.18.148 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Czenobia\Bureaublad\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2.tmp
C:\3.tmp
C:\4.tmp
C:\5.tmp
C:\6.tmp
C:\7.tmp
C:\8.tmp
C:\9.tmp
C:\A.tmp
C:\B.tmp
C:\C.tmp
C:\D.tmp
C:\Documents and Settings\2\Application Data\spoolsvc.dll
C:\Documents and Settings\2\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\2\Application Data\WinAntiVirus Pro 2007\CookieList.dat
C:\Documents and Settings\2\Application Data\WinAntiVirus Pro 2007\history.db
C:\Documents and Settings\2\Application Data\WinAntiVirus Pro 2007\Logs\update.log
C:\Documents and Settings\2\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\Documents and Settings\2\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
C:\Documents and Settings\2\Application Data\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\2\err.log
C:\Documents and Settings\2\Menu Start\Programma's\Opstarten\system.exe
C:\Documents and Settings\2\ResErrors.log
C:\Documents and Settings\Czenobia\Application Data\DriveCleaner 2006 Free
C:\Documents and Settings\Czenobia\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\Documents and Settings\Czenobia\Application Data\drvcleaner.exe
C:\Documents and Settings\Czenobia\Application Data\ultra
C:\Documents and Settings\Czenobia\Application Data\ultra\uninstall.bat
C:\Documents and Settings\Czenobia\err.log
C:\Documents and Settings\Czenobia\ResErrors.log
C:\Documents and Settings\Gast\Application Data\DriveCleaner 2006 Free
C:\Documents and Settings\Gast\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\Documents and Settings\Gast\Application Data\Install.dat
C:\Documents and Settings\Gast\Application Data\mcrupdate.exe
C:\Documents and Settings\Gast\Application Data\spoolsvc.dll
C:\Documents and Settings\Gast\Application Data\ultra
C:\Documents and Settings\Gast\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\Gast\Application Data\WinAntiVirus Pro 2007\CookieList.dat
C:\Documents and Settings\Gast\Application Data\WinAntiVirus Pro 2007\history.db
C:\Documents and Settings\Gast\Application Data\WinAntiVirus Pro 2007\Logs\update.log
C:\Documents and Settings\Gast\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\Documents and Settings\Gast\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
C:\Documents and Settings\Gast\Application Data\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\Gast\err.log
C:\Documents and Settings\Gast\Menu Start\Programma's\Opstarten\system.exe
C:\Documents and Settings\Gast\ResErrors.log
C:\Documents and Settings\Gast\us0004.exe
C:\Documents and Settings\Gast\wn0004.exe
C:\Documents and Settings\Ivaar\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\E.tmp
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\CompWiz.xml
C:\Program Files\Common Files\windows
C:\Program Files\outlook
C:\qqd.sys
C:\RECYCLER\desktopA.sys
C:\WINDOWS\Casino.ico
C:\WINDOWS\f.exe
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\keyboard111.dat
C:\WINDOWS\mraerea.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\lzx32.sys
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\sony.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xlibgfl254.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_NPF
-------\Legacy_NTLDR.SYS
-------\Legacy_POOF
-------\Legacy_WINCOM32
-------\Legacy_WINDEV-29BF-6D87
-------\Service_NPF
-------\Service_ntldr.sys
-------\Service_windev-29bf-6d87


(((((((((((((((((((( Bestanden Gemaakt van 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))
.

2065-06-18 09:05 . 2001-01-12 03:52 94,208 --a------ C:\WINDOWS\system32\VBPNG1.DLL
2008-05-23 11:41 . 2008-05-23 03:54 <DIR> d-------- C:\SDFix
2008-05-17 11:13 . 2008-05-17 11:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 11:09 . 2008-05-17 11:09 <DIR> d-------- C:\Deckard
2008-05-17 11:06 . 2008-05-17 11:06 612 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-04 15:38 . 2008-05-04 15:55 <DIR> d-------- C:\Program Files\Panda Security
2008-04-29 16:51 . 2008-04-29 16:51 <DIR> d-------- C:\Program Files\Capsoft
2008-04-29 16:51 . 2007-12-15 11:06 <DIR> d-------- C:\Documents and Settings\Czenobia\GNUGS
2008-04-29 16:51 . 2007-12-15 11:06 <DIR> d-------- C:\Documents and Settings\Czenobia\Driver
2008-04-29 16:51 . 2007-12-15 11:06 1,380,352 --a------ C:\Documents and Settings\Czenobia\iSEDQuickPDFSL.dll
2008-04-29 16:51 . 2006-11-30 17:41 87,040 --a------ C:\Documents and Settings\Czenobia\custmon64.dll
2008-04-29 16:51 . 2006-11-30 16:24 86,016 --a------ C:\WINDOWS\system32\custmon32.dll
2008-04-29 16:51 . 2006-11-30 16:24 86,016 --a------ C:\Documents and Settings\Czenobia\custmon32.dll
2008-04-29 16:51 . 2006-11-30 16:24 77,824 --a------ C:\Documents and Settings\Czenobia\CUSTMON.DLL
2008-04-29 16:51 . 2006-11-30 17:43 53,248 --a------ C:\Documents and Settings\Czenobia\unInstpw.exe
2008-04-29 16:51 . 2007-04-23 15:31 53,248 --a------ C:\Documents and Settings\Czenobia\Setup.exe
2008-04-29 16:51 . 2006-11-27 10:45 32,768 --a------ C:\Documents and Settings\Czenobia\Preferences.exe
2008-04-29 16:51 . 2006-12-01 17:31 28,672 --a------ C:\Documents and Settings\Czenobia\pdfwriter64.exe
2008-04-29 16:51 . 2006-12-01 17:00 28,672 --a------ C:\Documents and Settings\Czenobia\pdfwriter.exe
2008-04-29 16:51 . 2006-11-27 10:45 28,672 --a------ C:\Documents and Settings\Czenobia\CuteEncrypt.exe
2008-04-29 16:51 . 2006-11-27 12:05 28,672 --a------ C:\Documents and Settings\Czenobia\CustExt.exe
2008-04-29 16:51 . 2006-11-30 17:41 23,040 --a------ C:\Documents and Settings\Czenobia\unInstpw64.exe
2008-04-28 09:01 . 2008-04-28 09:01 <DIR> d-------- C:\WINDOWS\PrimoPDF4
2008-04-28 08:49 . 2007-11-19 10:36 160,136 --a------ C:\WINDOWS\system32\bgsmsnd.exe
2008-04-28 08:49 . 2007-11-19 10:36 74,120 --a------ C:\WINDOWS\system32\bgsresen.dll
2008-04-28 08:49 . 2007-11-19 10:36 70,024 --a------ C:\WINDOWS\system32\bgsresfr.dll
2008-04-28 08:49 . 2007-11-19 10:36 70,024 --a------ C:\WINDOWS\system32\bgsreses.dll
2008-04-28 08:49 . 2007-11-19 10:36 70,024 --a------ C:\WINDOWS\system32\bgsresde.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 10:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-22 14:18 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-17 09:00 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-28 07:01 --------- d-----w C:\Program Files\activePDF
2007-10-06 11:41 59,904 ----a-w C:\Documents and Settings\Gast\wn224.exe
2007-09-21 18:17 59,904 ----a-w C:\Documents and Settings\2\wn224(2).exe
2007-09-21 17:39 59,904 ----a-w C:\Documents and Settings\2\wn224.exe
2007-09-04 17:35 59,904 ----a-w C:\Documents and Settings\Gast\wn221.exe
2007-08-22 19:02 11,413 ----a-w C:\Documents and Settings\Czenobia\wn221.exe
2007-08-07 17:37 62,976 ----a-w C:\Documents and Settings\Gast\wn135.exe
2007-07-27 12:06 61,440 ----a-w C:\Documents and Settings\Czenobia & Bjorn\wn135.exe
2007-05-21 19:46 29,184 ----a-w C:\Documents and Settings\Gast\us00info.exe
2007-05-21 19:46 25,600 ----a-w C:\Documents and Settings\Gast\us00.exe
2007-05-06 10:24 29,184 ----a-w C:\Documents and Settings\Czenobia\us00info.exe
2007-02-13 19:28 95,696 ----a-w C:\Documents and Settings\Czenobia\Application Data\sysdoctor.exe
2007-02-01 14:51 91,856 ----a-w C:\Documents and Settings\Czenobia\Application Data\GDIPFONTCACHEV1.DAT
2006-09-09 10:32 35,840 ----a-w C:\Documents and Settings\Gast\vhdwdbhs.exe
2006-09-07 16:56 35,840 ----a-w C:\Documents and Settings\Czenobia\vfiuulwx.exe
2006-08-29 17:52 35,840 ----a-w C:\Documents and Settings\Czenobia\cnrwqbth.exe
2003-12-13 15:04 812 ----a-w C:\Program Files\INSTALL.LOG
.

------- Sigcheck -------

2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\2536a548b4a83b6c7a416e0d99691bf7\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ndis.sys
md5deep: C:\WINDOWS\system32\drivers\ndis.sys: Permission denied

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\2536a548b4a83b6c7a416e0d99691bf7\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\msrecrb0]
@={1886D4D2-D352-A620-891B-971E9D25D189}

[HKEY_CLASSES_ROOT\CLSID\{1886D4D2-D352-A620-891B-971E9D25D189}]
2002-09-11 13:00 72192 --a------ C:\WINDOWS\System32\msrecrb0.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-08-31 20:27 1658592]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-11 13:00 13312]
"ClearCookies"="C:\WINDOWS\cc.exe" [2005-11-25 10:49 52736]
"b9fc1fa9.exe"="C:\Documents and Settings\Czenobia\Local Settings\Application Data\b9fc1fa9.exe" [ ]
"9942c21d.exe"="C:\Documents and Settings\Czenobia\Local Settings\Application Data\9942c21d.exe" [ ]
"a6e10066.exe"="C:\Documents and Settings\Czenobia\Local Settings\Application Data\a6e10066.exe" [ ]
"MessengerDiscovery"="C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe" [2004-12-13 19:22 2510848]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2005-08-20 18:48 122368]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Windows Setup Manger"="http://search.sendtobiz.info/index.php?q=goodhousekeeping.+com" []
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2005-09-08 23:08 3878912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Logitech\iTouch\iTouch.exe" [2001-09-25 02:59 200704]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-08-24 10:40 35328]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 21:10 335872]
"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2001-05-03 19:41 159744]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 13:34 299008]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-07-15 15:56 57984]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-07-15 15:50 58608]
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe" [ ]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 05:05 74752]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05 32881]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2004-01-20 11:45 1757184]
"KE68BLg.exe"="C:\documents and settings\angelique\local settings\temp\KE68BLg.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 19:14 35328]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 01:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2007-11-10 17:24 1212632]
"bgsmsnd.exe"="C:\WINDOWS\System32\bgsmsnd.exe" [2007-11-19 10:36 160136]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-14 23:04 1065800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-11 13:00 13312]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AdwareFilter Background Protection.lnk - C:\Program Files\AdwareFilter\AdwareFilter.exe [2004-11-04 16:50:35 2961408]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 15:13:38 479232]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 11:07:30 569405]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2003-08-25 11:25 139264 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\dvacm.acm

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2000-10-03 16:18]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2002-06-07 13:38]
R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe [2000-09-13 17:18]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 13:17]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 23:38]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\System32\drivers\lccfltr.sys [2001-08-20 10:40]
S2 AVWEBCAM;AV WebCam, WDM Video Capture;C:\WINDOWS\System32\DRIVERS\avwebcam.sys [2005-11-22 09:28]
S2 WebCamHelper;WebCamHelper;C:\PROGRA~1\AVWEBC~2\WebCamHelper.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 02:50]
S3 V90drv;v90drv;C:\WINDOWS\System32\DRIVERS\v90drv.sys [2001-11-29 17:09]

.
Inhoud van de 'Gedeelde Taken' map
"2008-05-22 14:09:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-12-09 14:04:36 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-12-16 21:05:00 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-12-23 19:20:00 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2006-04-17 19:21:15 C:\WINDOWS\Tasks\McAfee AntiSpyware.job"
- c:\progra~1\mcafee\MCAFEE~1\MASCon.exe
"2008-05-23 10:30:49 C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe.-PSmartDrawTrial -V7 -SSDN.ini -A -T -N -L -X
"2004-05-14 14:34:15 C:\WINDOWS\Tasks\TV ON-OFF.job"
- C:\ATITEC~1\ATICON~1\atiptaxx.exe
"2006-04-17 18:55:44 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 12:31:36
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\System32\jhuqhnsqk.dll
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\System32\msrecrb0.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\COMMON~1\stardock\SDMCP.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Logitech\iTouch\KbdTray.exe
C:\APPS\ActivBoard\Traymon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\APPS\ActivBoard\osd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-23 12:42:25 - machine was rebooted [Czenobia]
ComboFix-quarantined-files.txt 2008-05-23 10:42:12

Pre-Run: 79,559,774,208 bytes beschikbaar
Post-Run: 80,415,731,712 bytes beschikbaar

290 --- E O F --- 2008-05-17 10:57:23

kitchenbreak

SDFix log

SDFix: Version 1.185
Run by Czenobia on vr 23-05-2008 at 13:22

Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix

Checking Services :

ndis.sys Infected!

Patched File copied to Backups Folder
Attempting to replace ndis.sys with original version

Unable To Replace Patched File!


Restoring Windows Registry Values
Restoring Windows Default Hosts File

kitchenbreak

DSS log

Deckard's System Scanner v20071014.68
Run by Czenobia on 2008-05-23 16:00:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 81% (more than 75%).


-- HijackThis (run as Czenobia.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:54, on 23-5-2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Logitech\iTouch\kbdtray.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\System32\bgsmsnd.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Czenobia\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Czenobia.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\System32\bgstb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\System32\bgstb.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [KE68BLg.exe] C:\documents and settings\angelique\local settings\temp\KE68BLg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\bgsmsnd.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [b9fc1fa9.exe] C:\Documents and Settings\Czenobia\Local Settings\Application Data\b9fc1fa9.exe
O4 - HKCU\..\Run: [9942c21d.exe] C:\Documents and Settings\Czenobia\Local Settings\Application Data\9942c21d.exe
O4 - HKCU\..\Run: [a6e10066.exe] C:\Documents and Settings\Czenobia\Local Settings\Application Data\a6e10066.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Windows Setup Manger] http://search.sendtobiz.info/index.p...sekeeping.+com
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\AdwareFilter.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Angelique\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\jhuqhnsqk.dll
O16 - DPF: FreedomAudio Recorder - http://www.maroc.nl/recorder/efreedominstaller.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...n/content.html
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2F29658D-FB92-4A4F-8FFF-0D1BC1BA52C5} (Gla