Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove Downloader-IG.dll (logg.dll) Trojan


  • This topic is locked This topic is locked
4 replies to this topic

#1 KarstP91

KarstP91

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 20 December 2008 - 08:44 AM

Hi,
A few weeks ago I moved from F-Secure to the current version of McAfee. The Downloader-IG.dll Trojan was reported several times after that. It could be removed several times by McAfee itself but now it is reported as that it could not be removed anymore. My computer is very slow. I found the file logg.dll in the C:\Windows\system32 directory but was not able to remove it. In the registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows the AppInit_DLLs entry contains the string: C:\WINDOWS\System32\logg.dll, which is written back each time after I try to change or remove it. The logg.dll does not appear in the services list. I have tried to remove the trojan already a number of times but although it sometimes looks as if it has been removed (registry key is empty and file not visible anymore in system32 directory) it appears again later. I ran Kaspersky and rsit see below.
I hope that someone can help me to get rid of it

The contents of info.txt:

info.txt logfile of random's system information tool 1.05 2008-12-20 13:33:38

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0013
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0013
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0013
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0013
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0013
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0013
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0013
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0013
-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R /L:DUT
-->C:\WINDOWS\BWUnin-6.3.2.116-7681197L.exe -AppId 7681197
-->C:\WINDOWS\IsUninst.exe -fI:\WormsArmageddon\Uninst.isu
-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x13 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x13 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x13 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x13 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x13 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x13 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x13 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x13 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x13 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x13 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x13
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x13 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2.0-->"C:\Program Files\RMonitor\unins000.exe"
3D Modeltreinen-->C:\Program Files\Easy Computing\3D Modeltreinen\3Dmodeltrein.exe -Unregister
3Deep-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\3Deep\TDPunins.isu" -c"C:\PROGRA~1\E-Color\3Deep\tdpunins.dll" ProdName3Deep
Aangifte inkomstenbelasting 2007-->D:\Usr\Karst\Bdienst\2007\Aangifte inkomstenbelasting\2007\ib2007u.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 9 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A90000000001}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adult PDF Password Recovery v2.2.0-->"C:\Program Files\Adultpdf\DecryptPDF\unins000.exe"
Advanced PDF Password Recovery Pro-->C:\PROGRA~1\APDFPRP\UNWISE.EXE C:\PROGRA~1\APDFPRP\INSTALL.LOG
Albumprinter Pro Editor-->"C:\Program Files\Albumprinter Pro Editor\unins000.exe"
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ArcSoft Camera Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}\setup.exe" -l0x9 -uninst
AsfTools 3.1 (remove only)-->C:\Program Files\AsfTools 3.1\Uninst.exe
AusLogics Registry Defrag-->"C:\Program Files\Auslogics\AusLogics Registry Defrag\unins000.exe"
AVI/MPEG/ASF/WMV Splitter 2.31-->"C:\Program Files\AVI MPEG ASF WMV Splitter\unins000.exe"
AVIcodec (remove only)-->"C:\Program Files\AVIcodec\uninst.exe"
Battery Check-->I:\Battery Check\installed\UnInst.exe I:\Battery Check\installed\UnInst.j2
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{093625E3-7B87-49D3-AA53-AD0FCFABAF49}
Canon Internet Library for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B754C893-6177-4061-9B2F-88F58C1C5166}
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities File Viewer Utility 1.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Command & Conquer Red Alert 2-->i:\ra2\Uninstll.EXE
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ComponentOne Studio Enterprise™ -->MsiExec.exe /I{88DD0B6C-B174-40C9-84F4-531D414BC949}
Creative Beheer van verwijderbare schijf-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x13 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x13 /remove
Creative ZEN Vision M Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x13 /remove
Creative-systeeminformatie-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x13 /remove
CSDiff-->"C:\Program Files\ComponentSoftware\CSDiff\Uninstall.exe" "C:\Program Files\ComponentSoftware\CSDiff\install.log"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EA.com Matchup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x0 Uninstall
EA.com Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x0 Uninstall
Easy CD Creator 5 Platinum-->MsiExec.exe /I{8851E12C-0EF9-11D4-A788-009027ABA5D0}
Easy Duplicate Finder v. 2.1-->"C:\Program Files\Easy Duplicate Finder\unins000.exe"
EasyGPS-->"C:\Program Files\EasyGPS\unins000.exe"
EasyRecovery Professional-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1033
Ethereal 0.10.14-->"C:\Program Files\Ethereal\uninstall.exe"
FIFA 2001-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C640CAE0-8024-11D4-0090-B700902724B3}\setup.exe" -l0x13 Uninstall
Flo's Wolfenstein Editor-->C:\WINDOWS\uninst.exe -f"i:\wolfenstein 3d\wolf3d editor\DeIsL1.isu" -c"i:\wolfenstein 3d\wolf3d editor\_ISREG32.DLL"
Flux-->C:\WINDOWS\uninst.exe -fi:\flux\installed\DeIsL1.isu -ci:\flux\installed\_ISREG32.DLL
ForeHelp 2.97-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ForeHelp\FH297\DeIsL1.isu"
FrostWire 4.17.0-->D:\Program Files\FrostWire\Uninstall.exe
Game Maker 6.1-->J:\Gamemaker\Uninstal.exe
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GPS TrackManager-->MsiExec.exe /I{9AF69005-1700-4BF4-9E8B-9D6275B9164F}
Grand Theft Auto Vice City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HighMAT-uitbreiding voor de wizard Cd branden van Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix voor Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Precisionscan Pro 3.1-->MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Inline Search v1.5.0 for Internet Explorer (remove only)-->"D:\Program Files\IEForge\Inline Search\uninstall.exe"
InstantCopy-->MsiExec.exe /I{3ED585A4-C0F7-4125-8EC7-3056F9936A44}
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
IPSU-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cisco\IPSU\Uninst.isu"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java Runtime 1.5.0_03 for Borland COM APIs-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Borland\Java\Sun1.5.0_03\JavaRT1.5.0_03.isu"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
jetAudio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\Setup.exe" -l0x9
KickStart-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9D1EFB0-C2E0-40A9-9E50-C23E8188FD84}\setup.exe" -l0x9
LexarMedia ImageRescue Software-->MsiExec.exe /X{DE1A361F-31DC-4AC5-ABBA-2323BC505880}
Locomotion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77F45E76-E897-42CA-A9FE-5F56817D875C}\setup.exe" -l0x9
MapFactor OCX Controls 4.3.5-1-->"C:\Program Files\MapFactor_OCX4\unins000.exe"
MapSource - European MetroGuide v4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\MapSource\Garmin\Setup\EUROMG400\setup.exe" AddRemove
Master Rallye-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{906F2AFD-3555-427C-83A2-E95FE3F416A1}\setup.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MediaCoder 0.5.1-->C:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Dutch Language Pack-->MsiExec.exe /X{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Age of Empires-->I:\Empires\Uninstal.exe /uninstall
Microsoft AutoRoute v11.0-->MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790220}
Microsoft Baseline Security Analyzer 2.0-->MsiExec.exe /I{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Professional Editie 2003-->MsiExec.exe /I{91E30413-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510413-6000-11D3-8CFE-0150048383C9}
Microsoft Visio Viewer 2002-->MsiExec.exe /I{94F9723E-900A-43C5-8F4E-AD2D2ED09273}
Microsoft Visual SourceSafe V5.0-->C:\DevStudio\Vss\setup\setup.exe
Microsoft® Visual Studio® .NET Help Integration Kit 2003-->MsiExec.exe /I{D636E6AB-7B47-4933-A9AA-A4421AEE7737}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MusicMatch Jukebox 4-->C:\WINDOWS\IsUninst.exe -f"j:\musicmatch jukebox 4\Uninst.isu"
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NoLimits Coasters 1.55 (remove only)-->"I:\NoLimits\NoLimits Coasters v1.31\uninstall.EXE"
NSZM Screen Saver-->epuninstall.exe "NSZM Screen Saver"
NUnit 2.2-->MsiExec.exe /I{1AA69CCD-1078-473A-BD6E-11CE30A81C57}
Nuria 3.2-->"C:\Program Files\Nuria\unins000.exe"
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
OpenTTD 0.4.0.1-->I:\OTTD\installed 3\uninstall.exe
OziExplorer 3.95-->"C:\Program Files\OziExplorer\unins000.exe"
PC Connectivity Solution-->MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PCTrans-->MsiExec.exe /I{CD9403C4-0B53-11D7-AAC4-00104BC1C9ED}
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5437.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->D:\Program Files\PDFCreator\unins000.exe
PGP 8.0-->C:\PROGRA~1\PGPCOR~1\PGPFOR~1\PGPUNI~1\setup.exe PGP
Philips Photo Manager 1.1-->"C:\Program Files\Philips\Philips PhotoFrame\unins000.exe"
Philips Vesta Camera WebUpdate-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Philips Vesta Camera\VestaWeb.isu"
Picasa 3-->"D:\Program Files\Google\Picasa3\Uninstall.exe"
PlexTools Professional V2.11-->MsiExec.exe /X{437EE1C5-943A-4B11-8CBD-A61C2103B2AD}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest Drive Image 2002-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}
PowerQuest PartitionMagic 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\setup.exe"
QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Railroad Tycoon II-->C:\WINDOWS\uninst.exe -fi:\rrtycoon\DeIsL1.isu -ci:\rrtycoon\_ISREG32.DLL
Recuva (remove only)-->"J:\Recuva\uninst.exe"
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x13
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soldier of Fortune Platinum-->C:\WINDOWS\IsUninst.exe -fi:\sofplat.isu
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x13
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Studio Content CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C643986-DE3C-4737-8472-CCEC36CCC267}\Setup.exe" -l0x13
Tera Term Pro-->C:\WINDOWS\ttuninst.exe
Theme Hospital-->C:\WINDOWS\uninst.exe -f"i:\theme hospital\installed\DeIsL1.isu"
Timershot Powertoy for Windows XP-->MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
Total Commander (Remove or Repair)-->c:\Program Files\TotalCmd\tcuninst.exe
Trainz-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}\Setup.exe"
Transport Tycoon Deluxe-->C:\WINDOWS\UniFISH.exe Transport Tycoon Deluxe
Tweak UI-->"C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
UltraEdit-32 Uninstall-->C:\PROGRA~1\ULTRAE~2\UEDIT32.EXE /UNINSTALL
Unreal Tournament 2004 Demo-->I:\UT 2004 demo\installed\System\Setup.exe uninstall "UT2004-Demo"
Unreal-->C:\WINDOWS\IsUninst.exe -fi:\unreal\System\Uninst.isu
VideoLink Mail-->C:\Program Files\VideoLink Mail\Setup.exe
VideoLink-->C:\Program Files\VideoLink\Setup.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
Westwood Shared Internet Components-->I:\ra2\internet\UnstllAP.EXE
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 3.6.7-->"C:\Program Files\WinSCP3\unins000.exe"
WinTrack 6.0 3D-->"C:\Program Files\wintrack6\unins000.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wisdom-soft ScreenHunter 4.0 Free-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
Wise Owl Demeanor for .NET, Personal Edition-->MsiExec.exe /I{01E970F7-212F-4C07-87E9-5B48C52E247D}
Wise Registry Cleaner 3 Free 3.6-->"C:\Program Files\Wise Registry Cleaner 3\unins000.exe"
WM Recorder 9.0-->C:\WINDOWS\iun506.exe C:\Program Files\WM Recorder\irunin.ini
Worms2-->C:\WINDOWS\IsUninst.exe -fi:\worms2full\Uninst.isu
XMLSPY 5 Enterprise Edition-->MsiExec.exe /I{90DA9B18-B38A-48B9-91D2-4DCE4386ED29}
Xteq Systems X-Setup 6.3-->"C:\Program Files\X-Setup\unins000.exe"
Xteq-dotec X-Setup Pro 6.5.100.beta1-->"C:\Program Files\X-Setup Pro\unins000.exe"
ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0013

=====HijackThis Backups=====

O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe (file missing)
O23 - Service: FSMA - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)

======Hosts File======

127.0.0.1 localhost
82.95.93.33 homeipnew
192.168.1.254 router

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

System event log

Computer Name: CREMEBRULEE
Event Code: 26
Message: Toepassingspop-up: Windows - Geen schijf : Exception Processing Message c0000013 Parameters 75b0bf7c 4 75b0bf7c 75b0bf7c

Record Number: 465640
Source Name: Application Popup
Time Written: 20081217161128.000000+060
Event Type: Gegevens
User:

Computer Name: CREMEBRULEE
Event Code: 26
Message: Toepassingspop-up: Windows - Geen schijf : Exception Processing Message c0000013 Parameters 75b0bf7c 4 75b0bf7c 75b0bf7c

Record Number: 465639
Source Name: Application Popup
Time Written: 20081217161128.000000+060
Event Type: Gegevens
User:

Computer Name: CREMEBRULEE
Event Code: 26
Message: Toepassingspop-up: Windows - Geen schijf : Exception Processing Message c0000013 Parameters 75b0bf7c 4 75b0bf7c 75b0bf7c

Record Number: 465638
Source Name: Application Popup
Time Written: 20081217161127.000000+060
Event Type: Gegevens
User:

Computer Name: CREMEBRULEE
Event Code: 26
Message: Toepassingspop-up: Windows - Geen schijf : Exception Processing Message c0000013 Parameters 75b0bf7c 4 75b0bf7c 75b0bf7c

Record Number: 465637
Source Name: Application Popup
Time Written: 20081217161127.000000+060
Event Type: Gegevens
User:

Computer Name: CREMEBRULEE
Event Code: 26
Message: Toepassingspop-up: Windows - Geen schijf : Exception Processing Message c0000013 Parameters 75b0bf7c 4 75b0bf7c 75b0bf7c

Record Number: 465636
Source Name: Application Popup
Time Written: 20081217161127.000000+060
Event Type: Gegevens
User:

Application event log

Computer Name: CREMEBRULEE
Event Code: 103
Message:
Record Number: 47439
Source Name: F-Secure Anti-Virus
Time Written: 20081111112833.000000+060
Event Type: Fout
User:

Computer Name: CREMEBRULEE
Event Code: 103
Message:
Record Number: 47438
Source Name: F-Secure Anti-Virus
Time Written: 20081111112833.000000+060
Event Type: Fout
User:

Computer Name: CREMEBRULEE
Event Code: 103
Message:
Record Number: 47437
Source Name: F-Secure Anti-Virus
Time Written: 20081111112833.000000+060
Event Type: Fout
User:

Computer Name: CREMEBRULEE
Event Code: 103
Message:
Record Number: 47436
Source Name: F-Secure Anti-Virus
Time Written: 20081111112832.000000+060
Event Type: Fout
User:

Computer Name: CREMEBRULEE
Event Code: 1516
Message: Windows heeft het register van gebruiker CREMEBRULEE\Eigenaar uit het geheugen verwijderd als gevolg van het bericht dat geen andere toepassingen of services van het profiel gebruikmaken.

Record Number: 47435
Source Name: Userenv
Time Written: 20081111112751.000000+060
Event Type: Gegevens
User: NT AUTHORITY\SYSTEM

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Altova\xmlspy\XMLSpyInterface.jar;C:\Program Files\Java\j2re1.4.2_06\lib\ext\QTJava.zip;
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\PROGRA~1\ULTRAE~2;C:\PROGRA~1\Borland\Delphi6\Bin;C:\PROGRA~1\Borland\Delphi6\Projects\Bpl;C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\Program;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Borland\CaliberRM SDK 2005 R2\lib;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0207
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_06\lib\ext\QTJava.zip

-----------------EOF-----------------


The contents of log.txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Eigenaar at 2008-12-20 13:32:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (18%) free of 20 GB
Total RAM: 1023 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:35, on 2008-12-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Eigenaar.PEEK-9RPX6APEXF\Mijn documenten\Downloads\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Eigenaar.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buienradar.nl/h.aspx?jaar=-3&am...rt=voorspelling
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 82.95.93.33 homeipnew
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - D:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [1] Õ
O4 - HKCU\..\Run: [2] Õ
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\xmlspy\spy.htm
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {07246F83-6D48-4559-81EC-117CBAE54F1B} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab
O16 - DPF: {1059D2E2-EA3E-11D5-AF3C-0060085C9531} (CAX Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1....g/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141842952609
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Program Files\Easy Computing\3D Modeltreinen\monki.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\logg.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\System32\PGPsdkServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 12790 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2423872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-21 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6FFE2AE-4D12-451F-B457-FE6125FFB1CF}]
InlineSearchHandleHotKeys Class - D:\Program Files\IEForge\Inline Search\InlineSearch.dll [2007-05-05 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-10-13 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2423872]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-10-13 806912]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-16 136600]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NvMediaCenter"=C:\WINDOWS\System32\NVMCTRAY.DLL [2003-10-06 49152]
"1"=1305D507 []
"2"=1106D507 []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-29 68856]
"MtdAcqu"=C:\Program Files\Creative\MediaSource5\MtdAcqu.exe [2006-03-08 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\logg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-22 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"SpecifyDefaultButtons"=0
"Btn_Search"=0
"NoBandCustomize"=0
"NoFileUrl"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"I:\worms2full\frontend.exe"="I:\worms2full\frontend.exe:*:Enabled:Worms 2 Frontend"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"I:\UT 2004 demo\installed\System\UT2004.exe"="I:\UT 2004 demo\installed\System\UT2004.exe:*:Enabled:UT2004"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:FTP-bestandsoverdrachtprogramma"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Diet Kaza oud\DietK 2.0 RC1\DietKaza.exe"="C:\Program Files\Diet Kaza oud\DietK 2.0 RC1\DietKaza.exe:*:Disabled:DietKaza"
"C:\Program Files\Easy Computing\3D Modeltreinen\3Dmodeltrein.exe"="C:\Program Files\Easy Computing\3D Modeltreinen\3Dmodeltrein.exe:*:Enabled:3D Modeltreinen"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\StubInstaller.exe"="D:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\FileZilla Server\FileZilla Server.exe"="C:\Program Files\FileZilla Server\FileZilla Server.exe:*:Enabled:FileZilla Server.exe"
"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe:LocalSubNet:Enabled:FileZilla Server Interface"
"D:\Program Files\FrostWire\FrostWire.exe"="D:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe"="C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##nlsv0108#VisualStudio.NET2003$]
shell\AutoRun\command - Z:\autorun.exe


======List of files/folders created in the last 1 months======

2008-12-20 13:32:58 ----D---- C:\rsit
2008-12-18 23:13:12 ----SHD---- C:\RECYCLER
2008-12-18 22:42:25 ----A---- C:\log_ComboFix200812182242.txt
2008-12-18 22:35:30 ----A---- C:\ComboFix.txt
2008-12-16 18:20:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-16 18:20:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-16 18:20:02 ----A---- C:\WINDOWS\system32\java.exe
2008-12-16 18:20:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-15 12:55:35 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-12-11 19:00:11 ----D---- C:\Program Files\McAfee.com
2008-12-11 18:59:31 ----D---- C:\Program Files\Common Files\McAfee
2008-12-11 18:59:04 ----D---- C:\Program Files\McAfee
2008-12-11 18:53:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-12-06 15:29:39 ----A---- C:\Boot.bak
2008-12-06 15:29:25 ----RASHD---- C:\cmdcons
2008-12-06 15:24:56 ----A---- C:\WINDOWS\zip.exe
2008-12-06 15:24:56 ----A---- C:\WINDOWS\VFIND.exe
2008-12-06 15:24:56 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-06 15:24:56 ----A---- C:\WINDOWS\SWSC.exe
2008-12-06 15:24:56 ----A---- C:\WINDOWS\SWREG.exe
2008-12-06 15:24:56 ----A---- C:\WINDOWS\sed.exe
2008-12-06 15:24:56 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-06 15:24:56 ----A---- C:\WINDOWS\grep.exe
2008-12-06 15:24:56 ----A---- C:\WINDOWS\fdsv.exe
2008-12-06 15:23:29 ----D---- C:\WINDOWS\ERDNT
2008-12-06 15:23:29 ----D---- C:\Qoobox
2008-11-26 20:13:02 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor

======List of files/folders modified in the last 1 months======

2008-12-20 13:33:12 ----D---- C:\WINDOWS\Temp
2008-12-20 13:31:38 ----D---- C:\WINDOWS\Prefetch
2008-12-20 12:56:05 ----A---- C:\Log.txt
2008-12-20 12:54:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-19 16:09:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-12-19 15:38:21 ----D---- C:\WINDOWS
2008-12-19 08:15:29 ----D---- C:\Program Files\FileZilla Server
2008-12-18 23:39:19 ----A---- C:\WINDOWS\wincmd.ini
2008-12-18 23:31:38 ----AC---- C:\WINDOWS\UEDIT32.INI
2008-12-18 23:13:17 ----AD---- C:\Program Files
2008-12-18 22:58:46 ----SHD---- C:\System Volume Information
2008-12-18 22:58:46 ----D---- C:\WINDOWS\system32\Restore
2008-12-18 22:35:40 ----D---- C:\WINDOWS\system32
2008-12-18 22:33:34 ----A---- C:\WINDOWS\system.ini
2008-12-18 22:32:27 ----D---- C:\WINDOWS\system32\drivers
2008-12-18 22:32:26 ----D---- C:\WINDOWS\AppPatch
2008-12-18 22:32:26 ----D---- C:\Program Files\Common Files
2008-12-18 10:28:50 ----HD---- C:\WINDOWS\inf
2008-12-18 10:28:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 10:27:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 10:27:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-17 21:09:26 ----A---- C:\AUTOEXEC.BAT
2008-12-17 18:16:11 ----D---- C:\Documents and Settings
2008-12-16 18:25:50 ----SHD---- C:\WINDOWS\Installer
2008-12-16 18:21:04 ----D---- C:\Config.Msi
2008-12-16 18:19:15 ----D---- C:\Program Files\Java
2008-12-16 13:18:47 ----D---- C:\Program Files\IrfanView
2008-12-15 12:55:55 ----D---- C:\Program Files\Hitman Pro
2008-12-15 09:16:46 ----D---- C:\WINDOWS\Debug
2008-12-13 07:39:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 19:01:32 ----SD---- C:\WINDOWS\Tasks
2008-12-11 18:18:30 ----D---- C:\Documents and Settings\Eigenaar.PEEK-9RPX6APEXF\Application Data\Skype
2008-12-11 17:19:14 ----D---- C:\Documents and Settings\Eigenaar.PEEK-9RPX6APEXF\Application Data\skypePM
2008-12-10 20:35:14 ----D---- C:\WINDOWS\system32\wbem
2008-12-10 20:35:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-10 17:13:20 ----A---- C:\WINDOWS\win.ini
2008-12-10 17:11:02 ----D---- C:\Program Files\Internet Explorer
2008-12-10 17:10:52 ----D---- C:\WINDOWS\ie7updates
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-06 15:29:39 ----RASH---- C:\boot.ini
2008-12-03 11:07:52 ----D---- C:\WINDOWS\Help
2008-11-29 14:47:02 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-29 14:43:38 ----D---- C:\Program Files\Common Files\Real
2008-11-29 14:43:23 ----D---- C:\Documents and Settings\Eigenaar.PEEK-9RPX6APEXF\Application Data\Real
2008-11-29 14:41:54 ----D---- C:\Program Files\Windows Live Toolbar
2008-11-29 14:40:17 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-29 14:40:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-29 14:38:37 ----D---- C:\Program Files\Windows Live
2008-11-29 14:33:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-29 14:02:29 ----RSD---- C:\WINDOWS\assembly
2008-11-29 13:55:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-11-29 13:13:43 ----D---- C:\WINDOWS\WinSxS
2008-11-29 13:05:21 ----D---- C:\WINDOWS\system32\1033
2008-11-29 13:05:00 ----RSD---- C:\WINDOWS\Fonts
2008-11-29 13:03:49 ----D---- C:\Program Files\HTML Help Workshop
2008-11-29 13:02:47 ----AC---- C:\WINDOWS\ODBC.INI
2008-11-29 11:45:46 ----D---- C:\Program Files\Microsoft.NET
2008-11-29 11:37:19 ----D---- C:\WINDOWS\Registration
2008-11-29 11:33:37 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-11-27 20:21:16 ----A---- C:\xPos.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-05 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-05 2560]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-09-26 212968]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2001-12-04 3360]
R1 prodrv05;StarForce Protection Environment Driver v5; C:\WINDOWS\System32\drivers\prodrv05.sys [2002-11-13 53728]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-09 33248]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2008-04-08 15781]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 PGPdisk;PGPdisk; C:\WINDOWS\system32\drivers\PGPdisk.sys [2002-11-26 138720]
R2 PGPsdkDriver;PGPsdkDriver; C:\WINDOWS\System32\Drivers\PGPsdk.sys [2002-11-26 26624]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-14 100224]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2002-04-17 11264]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2002-06-12 284288]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2002-06-12 7424]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-09-29 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-09-29 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-09-29 21744]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 pfc;Padus ASPI Shell; \??\C:\WINDOWS\System32\drivers\pfc.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-09-07 5888]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2002-06-12 36992]
R3 SMBios;Intel ® System Management BIOS Service; C:\WINDOWS\System32\DRIVERS\SMBios.sys [2003-10-14 36484]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Stuurprogramma voor Microsoft USB Standaard-hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Common\FSfilter.sys []
S2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Common\fsgk.sys []
S2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Common\FSrec.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar; C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys []
S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-03-22 114944]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-03-22 835636]
S3 ctljystk;Creative SB Live!-spelpoort; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-03-22 11068]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-03-22 211724]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-03-22 156604]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-03-22 991656]
S3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 MODEMCSA;Unimodem Streaming-filterapparaat; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART-stuurprogramma; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Stuurprogramma voor Netwerkcontrole; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-03-22 195432]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 phil2vid;Philips USB VGA-camera; C:\WINDOWS\system32\DRIVERS\philcam2.sys [2001-08-17 173696]
S3 rtl8139;NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 sermouse;Stuurprogramma voor seriële muis; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-09-06 18176]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SODI;SODI; C:\WINDOWS\system32\DRIVERS\miniport.sys [2006-12-02 4059]
S3 sodiusb;Mini Display Device USB; C:\WINDOWS\System32\Drivers\Sam_Minimo_USB.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-07 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-21 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-16 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-10-10 792696]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-16 605512]
S2 BackWeb Client - 7681197;F-Secure Automatic Update; C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PGPsdkServ;PGPsdkService; C:\WINDOWS\System32\PGPsdkServ.exe [2002-11-26 77824]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S4 fsbwsys;fsbwsys; C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe []
S4 F-Secure Network Request Broker;F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE []
S4 FSMA;FSMA; C:\Program Files\F-Secure\Common\FSMA32.EXE []

-----------------EOF-----------------


Kasperky log critical areas:
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 19, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 19, 2008 13:46:35
Records in database: 1486841


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten
C:\Documents and Settings\Eigenaar.PEEK-9RPX6APEXF\Menu Start\Programma's\Opstarten
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 61143
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:27:02

No malware has been detected. The scan area is clean.
The selected area was scanned.

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 19, 2008 13:46:35
Records in database: 1486841


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Folder
C:\

Scan statistics
Files scanned 95899
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 02:06:31

No malware has been detected. The scan area is clean.
The selected area was scanned.

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 20, 2008 06:56:40
Records in database: 1490569


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Folder
D:\

Scan statistics
Files scanned 20976
Threat name 5
Infected objects 8
Suspicious objects 0
Duration of the scan 01:03:40

File name Threat name Threats count
D:\Downloads\DietKaza\dietk_3_0_8.exe Infected: not-a-virus:AdWare.Win32.Cydoor 1

D:\Downloads\snfr\a_msn_monitor.exe Infected: not-a-virus:Monitor.Win32.MsnChatMonitor.33 1

D:\Downloads\snfr\keygen.exe Infected: Packed.Win32.Krap.b 1

D:\Downloads\Vnc\vnc-3.3.7-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 2

D:\Downloads\Vnc\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3

The selected area was scanned.


I removed these the contents of these directories already.

BC AdBot (Login to Remove)

 


#2 KarstP91

KarstP91
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 23 December 2008 - 09:59 AM

Hi again,

I noticed some strange things with this logg.dll file. Although it is still present in the c:\windows\system32 directory (and loaded in memory when logged in normal) and also is contained in the AppInit_DLLs registry entry, it is not reported by McAfee anymore and neither by the on-line Kaspersky scan. Yet something wrong is going on I think because the AppInit_DLLs registry entry should be empty and not used!
Another thing is that the logg.dll file and the reference to it in the AppInit_DLLs entry is visible only when I log in in normal mode. When I log in safe mode it is not visible, neither as file nor as registry value. The explorer settings are such that hidden and system files are visible. Also the file is not shown with Total Commander.
It seems as if the trojan hides itself somehow. But where?
Because the file is active when logged in normal it cannot be moved, renamed or deleted, whereas it is not present in safe mode!

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:26 PM

Posted 28 December 2008 - 06:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 KarstP91

KarstP91
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 28 December 2008 - 08:07 AM

Hi,
Thanks for your reaction. Apologies accepted of course. I think I have been so lucky to be able to remove the Trojan myself fortunately. Two days ago I noticed a crash of one of the McAfee processes while being logged in normally. Don't know why. Then I looked at the AppInit_DLLs entry and found it empty. Refreshing the screen it remained empty. At the same time the logg.dll file was visible and present in the C:\Windows\system32 directory. I renamed it right away and moved it to my desktop. That succeeded this time!
After that I restarted the computer. The registry entry remained empty and the logg.dll did not appear in the system32 directory anymore. Then I let McAfee scan my computer and it found the file on my desktop and quarantined it.
After that, until now and hopefully from now to eternity, my computer is running fine (as it did before), surprisingly quicker and using much lesser memory than the last few months before. Noticing this difference in performance I'm almost sure that the Trojan has been active for months (if not longer). I am not sure about what it has done or what it let happen on my computer but in that I can only trust on the anti virus/malware SW I'm using.
I feel fine now. Of course I can run the DDS scan if you like and post the results if you want me to. Just tell me.
Otherwise: Thanks anyway.

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:26 PM

Posted 28 December 2008 - 08:23 AM

Thank you for telling us what you have done.

If you still have problems - please follow our instructions and start a new topic.

This thread is closed.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users