[Resolved] IEXPLORER.EXE process keeps growing (malware-related?)

DigiK · 12th October 2008

Here are the logs. I start with a few comments, then the MbAm log, then the Rsit logs.

The actual reason for this post is:

IEXPLORER.EXE process keeps growing

That thread includes info about prior infections, removed by Spybot / AdAware. McAfee Security center has no positives. I have had no special requests for internet access from the firewall, except for this 'services.exe' which I removed, including the filedropper, the registry key to run the worm and the actual services.exe file. After that all scanners came up with clean status-reports.

That initial problem has been discussed in

http://forums.spybot.info/showthread.php?t=34978

but no malware analysis happened there. I'm not convinced it is a malware-related problem, but as it happened to almost coincide with the filedropper etc. it may be after all...

MY COMMENTS on the logs:

I see no immediate malware entries, but I only have a tiny bit of experience, so an extra opinion from more experienced malware fighters is welcome.

"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
- I did not actually Run this software to fix anything. Only had it scan the registry to notice that it was telling nonsens. I then uninstalled the program, so I was surprised to find it in the currentversion run section of the log.

Shortcut to MEMO.lnk - C:\Documents and Settings\master\Desktop\Koen\2007 FinalMoveP133\Disk10\Program Files\memo\MEMO.EXE
- This is safe. It's a calendar tool I use for over 6 years

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://users.pandora.be/koen.vervoor...orerlaunch.htm
- trusted... my homepage @ my provider.

Here's the MbAm log:

Malwarebytes' Anti-Malware 1.28
Database version: 1261
Windows 5.1.2600 Service Pack 2

13/10/2008 0:30:03
mbam-log-2008-10-13 (00-30-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 261919
Time elapsed: 2 hour(s), 9 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

======= ============= ============ ===========

Here's RSIT 'info.txt'.

info.txt logfile of random's system information tool 1.04 2008-10-13 00:04:14

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ABBYY FineReader OCR Engine -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}\setup.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Advanced Decoder Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46C73DE4-E96D-4F7C-8371-F28052183B12}\setup.exe" -l0x9
Andrea VoiceCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}\Setup.exe" -Remove
ATI Catalyst Control Center-->MsiExec.exe /I{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
Canon iP4500 series User Registration-->C:\Program Files\Canon\IJEREG\iP4500 series\UNINST.EXE
Canon iP4500 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}
Corel Snapfire Plus-->MsiExec.exe /I{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}
Creative Audio Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
DiscRECOVER-->C:\WINDOWS\unvise32.exe C:\Program Files\DiscRECOVER\uninstal.log
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Free DVD MP3 Ripper 1.12-->"C:\Program Files\Free DVD MP3 Ripper\unins000.exe"
FreeRIP v2.96-->"C:\Program Files\FreeRIP2\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImageViewer 1.9-->"C:\Program Files\ImageViewer\unins000.exe"
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
InterVideo MediaOne Gallery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Medion Media Center for Medion-->C:\Program Files\InstallShield Installation Information\{23CE4550-F67C-4114-88DF-FE923BC13E7F}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninst all.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NBA LIVE 07-->C:\Dirk\Games\EAUninstall.exe
Nero 7 Ultra Edition-->MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Ghost 10.0-->MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PhotoShow Deluxe 3-->"C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\Uninstall.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RarZilla Free Unrar 2.12-->C:\Program Files\RarZilla Free Unrar\uninstall.exe
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
ScanWizard 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B08D262E-D902-11D5-9C28-0080C85A0C2D}\setup.exe"
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster ADVANCED MB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB Product Registration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starship Titanic-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Digital Village\Starship Titanic\Uninst.isu"
Streamripper Plugin 1.62.2 (Remove only)-->C:\Program Files\Winamp\streamripper_uninstall.exe
Ulead Photo Explorer 8.0 SE Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x9
Ulead PhotoImpact 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x9
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Fotogalerij-->MsiExec.exe /X{9B51E404-E3E2-45EB-9956-8D164A6108BC}
Windows Live installer-->MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Pro gram Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

DigiK · 13th October 2008

And then the other log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by master at 2008-10-13 00:03:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 46 GB (31%) free of 149 GB
Total RAM: 1022 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:04:09, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\DOCUME~1\master\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\master\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\master.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be/ig/dell?hl=en&c...be&ibd=3070227
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.be/hws/sb/dell-row...tml?channel=be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be/hws/sb/dell-row...tml?channel=be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://users.pandora.be/koen.vervoor...orerlaunch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/de...=be&l=nl&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/de...=be&l=nl&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.be/hws/sb/dell-row...tml?channel=be
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.be/ig/dell?hl=en&c...be&ibd=3070227
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Startup: Shortcut to MEMO.lnk = C:\Documents and Settings\master\Desktop\Koen\2007 FinalMoveP133\Disk10\Program Files\memo\MEMO.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata...SUploader4.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11591 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-24 282624]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"MBMon"=Rundll32 CTMBHA.DLL []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"VoiceCenter"=C:\Program Files\Creative\VoiceCenter\AndreaVC.exe [2006-02-16 1118208]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-12-13 58992]
"Norton Ghost 10.0"=C:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-12-07 1537696]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-02-27 236544]
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2006-08-14 462336]
"CTRegRun"=C:\WINDOWS\CTRegRun.EXE [1999-10-10 41984]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-08 282624]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-15 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-04 1603152]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2004-12-22 24576]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe [2005-02-01 163840]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Scanner Finder.lnk - C:\Program Files\ScanWizard 5\ScannerFinder.exe

C:\Documents and Settings\master\Start Menu\Programs\Startup
Shortcut to MEMO.lnk - C:\Documents and Settings\master\Desktop\Koen\2007 FinalMoveP133\Disk10\Program Files\memo\MEMO.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawser vice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscs vc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfSer vice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Home Networking Application"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2008-10-13 00:03:21 ----D---- C:\rsit
2008-10-12 22:03:20 ----D---- C:\Documents and Settings\master\Application Data\Malwarebytes
2008-10-12 22:03:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 22:03:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-04 16:12:33 ----D---- C:\Program Files\Lavasoft
2008-10-04 16:12:29 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-04 16:10:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-04 15:22:28 ----D---- C:\Documents and Settings\master\Application Data\Uniblue
2008-10-03 22:57:41 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-03 22:57:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-03 22:20:22 ----D---- C:\Program Files\Trend Micro
2008-09-22 21:00:03 ----D---- C:\Program Files\FLAC
2008-09-15 23:07:58 ----D---- C:\Program Files\IrfanView
2008-09-09 23:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 23:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-08-13 20:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-13 20:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-13 20:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 20:48:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-13 20:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 20:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-13 20:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-13 20:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-07-27 00:23:31 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-27 00:23:31 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-27 00:23:31 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 3 months======

2008-10-13 00:03:35 ----D---- C:\WINDOWS\Temp
2008-10-13 00:03:23 ----D---- C:\WINDOWS\Prefetch
2008-10-12 22:04:10 ----D---- C:\WINDOWS\system32\drivers
2008-10-12 22:03:14 ----RD---- C:\Program Files
2008-10-12 18:42:21 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-10-12 18:30:25 ----A---- C:\WINDOWS\pex.INI
2008-10-12 18:01:07 ----SHD---- C:\WINDOWS\Installer
2008-10-12 17:37:11 ----A---- C:\WINDOWS\Ulead32.ini
2008-10-12 16:18:39 ----D---- C:\WINDOWS
2008-10-12 16:18:18 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-12 12:50:22 ----D---- C:\Documents and Settings\master\Application Data\Corel
2008-10-12 01:57:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-12 00:48:11 ----D---- C:\KOEN
2008-10-07 23:32:35 ----D---- C:\Program Files\McAfee
2008-10-06 19:43:59 ----D---- C:\WINDOWS\system32
2008-10-06 19:38:13 ----HD---- C:\WINDOWS\inf
2008-10-04 16:10:58 ----D---- C:\Program Files\Common Files
2008-10-04 01:56:36 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2008-10-03 22:45:56 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-30 20:49:26 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-29 20:45:17 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-22 21:07:50 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-09 23:52:26 ----D---- C:\WINDOWS\WinSxS
2008-09-09 23:52:21 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-09 23:52:13 ----D---- C:\Program Files\Microsoft Works
2008-09-09 23:51:28 ----A---- C:\WINDOWS\imsins.BAK
2008-08-29 21:33:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-08-26 22:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-19 00:12:45 ----D---- C:\WINDOWS\Help
2008-08-13 20:48:39 ----D---- C:\Program Files\Messenger
2008-08-13 20:46:40 ----D---- C:\Program Files\Internet Explorer
2008-07-27 00:23:30 ----D---- C:\Program Files\Java
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-14 13:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2005-12-07 14408]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-12-07 56240]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-08 1580544]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2006-08-02 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2006-08-02 158464]
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-07-26 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-08-02 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2006-08-02 106496]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2004-08-04 95360]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-04 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-08 409600]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-13 198256]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-13 165488]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2007-02-27 69632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-12-07 53248]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-02-19 83504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2007-02-27 86528]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-12-07 2066072]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-02-27 822424]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

DigiK · 13th October 2008

additionally, I ran a Kaspersky online scan, which came up with some stuff which seemed all quite harmless (in back-up files of old mailboxes etc. I kept them on my P133-win95 system, which I kept virusfree for 5 years without protection, until coolwebsearch took me by surprise), nothing active. It accused my cute3032 old cuteftp-installer to contain adware, as wel as my imageview.exe imageviewer-installer to contain a logger (C:\Documents and Settings\master\Desktop\Koen\Software\imgviewsetup.exe Infected: not-a-virus:Monitor.Win32.StarLogger.b), which is probably the module that asks for comments and user feedback...

So I'm still unsure if there's any malware active, or windows is just playing tricks. Is there a way to check if the Maximum Virtual Memory page file size has been altered recently?

**noahdfear** · 15th October 2008

Hi DigiK,

I don't see anything malware related either. Did you do something to change Internet Explorer, such as install and remove IE7, repair IE6, etc? I ask because the log shows something changed around 8-13, though I cannot know what. Have you tried repairing IE6?

DigiK · 16th October 2008

Thanks a lot for your opinion! really appreciate it!

I't 2AM over here, so I'm not sure if what I'm writing makes a lot of sense, but I did a search on creation date from August 13 till august 13. I can't find a way to export the result of the search function to a text file, but I am fairly convinced that it was either a important McAfee update or a windows autoupdate. There are auto-update logs that day, all starting with KB in front of the filename. I will do the search again tomorrow and take a closer look at these files. Some new .exe and .dll were installed, but nothing horrible at first sight. If I find extra info this week, I'll post it in this thread.

Thanks!

**noahdfear** · 16th October 2008

Updates would not surprize me, though I'm not sure what would have changed with IE if not IE7. I'll try to look into that.

The native search in XP does not have the ability to export the search results. You'd need a third party search toll such as Agent Ransack.

Will await your findings.

DigiK · 17th October 2008

Maybe one last shot...

Some update logs that may shine a light on the events of that 13th of august:

Windows XP Security Update for Windows XP (KB952954) 13 augustus 2008 Automatic Updates
Windows XP Security Update for Windows XP (KB946648) 13 augustus 2008 Automatic Updates
Windows XP Cumulative Security Update for ActiveX Killbits for Windows XP (KB953839) woensdag 13 augustus 2008 Automatic Updates
Windows XP Security Update for Windows XP (KB950974) 13 augustus 2008 Automatic Updates
Windows XP Windows Malicious Software Removal Tool - August 2008 (KB890830) 13 augustus 2008 Automatic Updates
Windows XP Update for Windows XP (KB951072) 13 augustus 2008 Automatic Updates

It changed a lot, amongst others:

C:\Program Files\Messenger (13/08/2008 20:48:39)
C:\Program Files\Common Files\System\msadc (13/08/2008 20:47:02)

and some others:

C:\WINDOWS\$NtUninstallKB946648$ (13/08/2008 20:48:37)
C:\WINDOWS\$NtUninstallKB950974$ (13/08/2008 20:48:27)
C:\WINDOWS\$NtUninstallKB951066$ (13/08/2008 20:46:55)
C:\WINDOWS\$NtUninstallKB951072-v2$ (13/08/2008 20:47:07)
C:\WINDOWS\$NtUninstallKB952287$ (13/08/2008 20:47:00)
C:\WINDOWS\$NtUninstallKB952954$ (13/08/2008 20:48:42)
C:\WINDOWS\$NtUninstallKB953838$ (13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953839$ (13/08/2008 20:48:32)
C:\WINDOWS\KB946648.log (14 KB, 13/08/2008 20:48:40)
C:\WINDOWS\KB950974.log (21 KB, 13/08/2008 20:48:30)
C:\WINDOWS\KB951066.log (14 KB, 13/08/2008 20:46:58)
C:\WINDOWS\KB951072-v2.log (34 KB, 13/08/2008 20:47:10)
C:\WINDOWS\KB952287.log (14 KB, 13/08/2008 20:47:03)
C:\WINDOWS\KB952954.log (21 KB, 13/08/2008 20:48:44)
C:\WINDOWS\KB953838.log (42 KB, 13/08/2008 20:46:52)
C:\WINDOWS\KB953839.log (13 KB, 13/08/2008 20:48:35)
C:\WINDOWS\$hf_mig$\KB946648 (13/08/2008 20:48:39)
C:\WINDOWS\$hf_mig$\KB950974 (13/08/2008 20:48:29)
C:\WINDOWS\$hf_mig$\KB951066 (13/08/2008 20:46:57)
C:\WINDOWS\$hf_mig$\KB951072-v2 (13/08/2008 20:47:09)
C:\WINDOWS\$hf_mig$\KB952287 (13/08/2008 20:47:02)
C:\WINDOWS\$hf_mig$\KB952954 (13/08/2008 20:48:44)
C:\WINDOWS\$hf_mig$\KB953838 (13/08/2008 20:46:42)
C:\WINDOWS\$hf_mig$\KB953839 (13/08/2008 20:48:33)
C:\WINDOWS\$hf_mig$\KB946648\SP2QFE (13/08/2008 20:48:39)
C:\WINDOWS\$hf_mig$\KB946648\SP3GDR (13/08/2008 20:48:39)
C:\WINDOWS\$hf_mig$\KB946648\SP3QFE (13/08/2008 20:48:39)
C:\WINDOWS\$hf_mig$\KB946648\update (13/08/2008 20:48:39)
C:\WINDOWS\$hf_mig$\KB950974\SP2QFE (13/08/2008 20:48:29)
C:\WINDOWS\$hf_mig$\KB950974\SP3GDR (13/08/2008 20:48:29)
C:\WINDOWS\$hf_mig$\KB950974\SP3QFE (13/08/2008 20:48:29)
C:\WINDOWS\$hf_mig$\KB950974\update (13/08/2008 20:48:29)
C:\WINDOWS\$hf_mig$\KB951066\SP2QFE (13/08/2008 20:46:57)
C:\WINDOWS\$hf_mig$\KB951066\SP3GDR (13/08/2008 20:46:57)
C:\WINDOWS\$hf_mig$\KB951066\SP3QFE (13/08/2008 20:46:57)
C:\WINDOWS\$hf_mig$\KB951066\update (13/08/2008 20:46:57)
C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE (13/08/2008 20:47:09)
C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR (13/08/2008 20:47:09)
C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE (13/08/2008 20:47:09)
C:\WINDOWS\$hf_mig$\KB951072-v2\update (13/08/2008 20:47:09)
C:\WINDOWS\$hf_mig$\KB952287\SP2QFE (13/08/2008 20:47:02)
C:\WINDOWS\$hf_mig$\KB952287\SP3GDR (13/08/2008 20:47:02)
C:\WINDOWS\$hf_mig$\KB952287\SP3QFE (13/08/2008 20:47:02)
C:\WINDOWS\$hf_mig$\KB952287\update (13/08/2008 20:47:02)
C:\WINDOWS\$hf_mig$\KB952954\SP2QFE (13/08/2008 20:48:44)
C:\WINDOWS\$hf_mig$\KB952954\SP3GDR (13/08/2008 20:48:44)
C:\WINDOWS\$hf_mig$\KB952954\SP3QFE (13/08/2008 20:48:44)
C:\WINDOWS\$hf_mig$\KB952954\update (13/08/2008 20:48:43)
C:\WINDOWS\$hf_mig$\KB953838\SP3GDR (13/08/2008 20:46:42)
C:\WINDOWS\$hf_mig$\KB953838\SP3QFE (13/08/2008 20:46:42)
C:\WINDOWS\$hf_mig$\KB953838\update (13/08/2008 20:46:39)
C:\WINDOWS\$hf_mig$\KB953839\update (13/08/2008 20:48:33)
C:\WINDOWS\$NtUninstallKB946648$\spuninst (13/08/2008 20:48:38)
C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.inf (13 KB, 13/08/2008 20:48:40)
C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:48:38)
C:\WINDOWS\$NtUninstallKB950974$\spuninst (13/08/2008 20:48:29)
C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.inf (13 KB, 13/08/2008 20:48:30)
C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:48:29)
C:\WINDOWS\$NtUninstallKB951066$\spuninst (13/08/2008 20:46:56)
C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.inf (13 KB, 13/08/2008 20:46:58)
C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:46:56)
C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst (13/08/2008 20:47:08)
C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.inf (14 KB, 13/08/2008 20:47:10)
C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:47:08)
C:\WINDOWS\$NtUninstallKB952287$\spuninst (13/08/2008 20:47:01)
C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.inf (13 KB, 13/08/2008 20:47:03)
C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:47:01)
C:\WINDOWS\$NtUninstallKB952954$\spuninst (13/08/2008 20:48:43)
C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.inf (13 KB, 13/08/2008 20:48:44)
C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:48:43)
C:\WINDOWS\$NtUninstallKB953838$\reg00002 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00003 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00004 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00005 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00006 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00007 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00008 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00009 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00010 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00011 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00012 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00013 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00014 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00015 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00016 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00017 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00018 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00019 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00020 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00021 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00022 (12 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00023 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00024 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00025 (88 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\spuninst (13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.inf (20 KB, 13/08/2008 20:46:52)
C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.txt (5 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953839$\reg00001 (88 KB, 13/08/2008 20:48:33)
C:\WINDOWS\$NtUninstallKB953839$\spuninst (13/08/2008 20:48:33)
C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.inf (12 KB, 13/08/2008 20:48:35)
C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:48:33)
C:\WINDOWS\inf\accessor.PNF (48 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\communic.PNF (18 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\comnt5.PNF (132 KB, 13/08/2008 20:46:45)
C:\WINDOWS\inf\dtcnt5.PNF (10 KB, 13/08/2008 20:46:45)
C:\WINDOWS\inf\fp40ext.PNF (18 KB, 13/08/2008 20:46:47)
C:\WINDOWS\inf\fxsocm.PNF (55 KB, 13/08/2008 20:46:44)
C:\WINDOWS\inf\games.PNF (15 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\ieaccess.PNF (5 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\igames.PNF (13 KB, 13/08/2008 20:46:49)
C:\WINDOWS\inf\iis.PNF (949 KB, 13/08/2008 20:46:44)
C:\WINDOWS\inf\ims.PNF (103 KB, 13/08/2008 20:46:47)
C:\WINDOWS\inf\medctroc.PNF (105 KB, 13/08/2008 20:46:50)
C:\WINDOWS\inf\msmqocm.PNF (14 KB, 13/08/2008 20:46:46)
C:\WINDOWS\inf\msmsgs.PNF (86 KB, 13/08/2008 20:46:47)
C:\WINDOWS\inf\msnmsn.PNF (10 KB, 13/08/2008 20:46:50)
C:\WINDOWS\inf\multimed.PNF (12 KB, 13/08/2008 20:46:49)
C:\WINDOWS\inf\netbeac.PNF (4 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\netfxocm.PNF (171 KB, 13/08/2008 20:46:50)
C:\WINDOWS\inf\netiprip.PNF (7 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\netlpd.PNF (11 KB, 13/08/2008 20:46:52)
C:\WINDOWS\inf\netoc.PNF (17 KB, 13/08/2008 20:46:44)
C:\WINDOWS\inf\netsnmp.PNF (20 KB, 13/08/2008 20:46:50)
C:\WINDOWS\inf\nettpsmp.PNF (11 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\netupnp.PNF (4 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\oeaccess.PNF (5 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\optional.PNF (22 KB, 13/08/2008 20:46:49)
C:\WINDOWS\inf\p2p.PNF (14 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\pinball.PNF (13 KB, 13/08/2008 20:46:49)
C:\WINDOWS\inf\rootau.PNF (4 KB, 13/08/2008 20:46:47)
C:\WINDOWS\inf\setupqry.PNF (41 KB, 13/08/2008 20:46:46)
C:\WINDOWS\inf\sysoc.PNF (8 KB, 13/08/2008 20:46:43)
C:\WINDOWS\inf\tabletpc.PNF (546 KB, 13/08/2008 20:46:50)
C:\WINDOWS\inf\tsoc.PNF (120 KB, 13/08/2008 20:46:46)
C:\WINDOWS\inf\wbemoc.PNF (14 KB, 13/08/2008 20:46:44)
C:\WINDOWS\inf\wbemsnmp.PNF (7 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\wmaccess.PNF (4 KB, 13/08/2008 20:46:47)
C:\WINDOWS\inf\wmpocm.PNF (5 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\wordpad.PNF (17 KB, 13/08/2008 20:46:49)
C:\WINDOWS\system32\TZLog.log (595 KB, 13/08/2008 20:47:07)
C:\WINDOWS\Temp\MCE0003b (13/08/2008 20:57:28)

I suppose the active x updater could have played with the Internet explorer? I still use IE6 6.0.2900.2180 service pack 2 (service pack 3 update failed on the 19th of august, I just noticed this on the update server from Microsoft). Maybe upgrading to IE7 can fix my problem. (started approx. around second of october). So to be honest: I noticed the problem only much later than august 13th... . Does malware exists that makes permanent changes to memory behaviour / page file settings and stuff? Even after cleaning?

I stayed with IE6, because it ran extremely well without unexpected quits... My other option is to by some more ram or switch to firefox. :-) Or... to hope to find the glitch. I saw an error pop-up earlier today mentioning there was a socket error in G assert or something. I accidently hit the return key, before I could read it properly. It could be something quite different :-)

Any suggestions are welcome. I appreciate your help and feel already a bit guilty that I'm taking up some of your time you could spend on people with really serious malware acute infections. Mine were removed (I've had 2 malware issues recently (Virtumonde and win32.joleee.k). They were removed successfully by Spybot / AdAware.), and I'm actually beginning to think that my problem is not related to these, and it may be just a coincidence that I noticed the new problem at the same time (1 or 2 days before I noticed a filedropper / dropped file) on my desktop...

It did occur at pretty much the same time...

dale456654 · 18th October 2008

August 13th is my birthday

Could you not use another browser such as firefox www.firefox.com ?

DigiK · 18th October 2008

I did write about switching to Firefox, or adding RAM as a possible solution.

Meanwhile, I also took care of the Uniblue registry entry. I think it's a nice peace of sarcasm to make a registry cleaner, and then, when you choose to unintall, leave your own dirt behind in there... It's like a real life cleaning crew leaving mud traces on their way out :-)

**noahdfear** · 19th October 2008

Quote:

http://support.microsoft.com/kb/318378

Method 4: Reinstall Internet Explorer 6 by using the Ie.inf file
If you already have Windows XP Service Pack 2 installed, and you do not want to install Internet Explorer 7, you may be able to resolve problems with Internet Explorer 6 by using the Ie.inf file to reinstall Internet Explorer 6. To do this, follow these steps:

Let's see re-installing IE6 will help.

Click Start>Run and type (or copy and paste) %systemroot%\inf, then press Enter
Locate the Ie.inf file
Right-click the Ie.inf file, then select Install
If prompted for the XP installation cd, insert it to the cd-rom drive and click OK, or click Browse and navigate to and select the i386 folder on your drive (you may want to do a search for this ahead of time .... usually in C: or C:\Windows) then click OK
Restart the computer when the file copy process is complete
See if Internet Explorer is working properly now

DigiK · 20th October 2008

Thanks!

I did the IE6 fix. I will monitor the memory problems, and come back to you to let you know if it makes any difference!

Regards,

Koen

DigiK · 21st October 2008

I need to thank you for this great hint!

I'm not sure that I won't be bothered any longer from the memory problem yet BUT it looks very promising:

- internet explorer launch is faster now
- navigating / saving files is faster
- shutting down windows in global is faster

- Today, 24 hours after I did the IE6 fix, I got a new automatic update offer for Windows service pack 3. It downloaded and installed succesfully this time.

just guessing: something prevented internet explorer to unload temp data it kept in the process, to the actual temporary files folder. access to this folder is much faster also since the IE6 fixing procedure.

So thanks again. Unless I run into strange RAM-related error messages / behaviour again during the next day, I think looks a bit like a 'resolved' issue...

Thanks again for your help!

stelliger · 21st October 2008

Without being nearly as complete as digik, let me just toss in the fact that I've had a problem with the iexplore process growing out of control, too.

It seems like every hour or so I have to kill the process because my ram usage will inflate to over 1GB if I don't start over.

I also find that I have a lot of delays in response and clicking.

I run ad-aware on a regular basis in addition to using McAfee AV but I never seem to have any malware; just tracking cookies.

DigiK · 30th October 2008

The problem does not seem to be solved after all... There is one difference though, I now get to see an error when trying to save images: 8007fff

:-(

**noahdfear** · 30th October 2008

Lets make sure we rule out any rootkits, since your logs didn't show signs of malware. Download GMER

Right click and extract it to it's own folder on the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has completed, click Copy and paste the results (if any) into this topic.