Solved IEXPLORER.EXE process keeps growing (malware-related?)

DigiK · 2008/10/12

[Resolved] IEXPLORER.EXE process keeps growing (malware-related?)

Here are the logs. I start with a few comments, then the MbAm log, then the Rsit logs.

The actual reason for this post is:

http://www.windowsbbs.com/windows-xp/77764-iexplorer-exe-process-keeps-growing.html

That thread includes info about prior infections, removed by Spybot / AdAware. McAfee Security center has no positives. I have had no special requests for internet access from the firewall, except for this 'services.exe' which I removed, including the filedropper, the registry key to run the worm and the actual services.exe file. After that all scanners came up with clean status-reports.

That initial problem has been discussed in

http://forums.spybot.info/showthread.php?t=34978

but no malware analysis happened there. I'm not convinced it is a malware-related problem, but as it happened to almost coincide with the filedropper etc. it may be after all...

MY COMMENTS on the logs:

I see no immediate malware entries, but I only have a tiny bit of experience, so an extra opinion from more experienced malware fighters is welcome.

"Uniblue RegistryBooster 2009 "=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
- I did not actually Run this software to fix anything. Only had it scan the registry to notice that it was telling nonsens. I then uninstalled the program, so I was surprised to find it in the currentversion run section of the log.

Shortcut to MEMO.lnk - C:\Documents and Settings\master\Desktop\Koen\2007 FinalMoveP133\Disk10\Program Files\memo\MEMO.EXE
- This is safe. It's a calendar tool I use for over 6 years

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://users.pandora.be/koen.vervoort1/explorerlaunch.htm
- trusted... my homepage @ my provider.

Here's the MbAm log:

Malwarebytes' Anti-Malware 1.28
Database version: 1261
Windows 5.1.2600 Service Pack 2

13/10/2008 0:30:03
mbam-log-2008-10-13 (00-30-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 261919
Time elapsed: 2 hour(s), 9 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

======= ============= ============ ===========

Here's RSIT 'info.txt'.

info.txt logfile of random's system information tool 1.04 2008-10-13 00:04:14

======Uninstall list======

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57--> "C:\Program Files\7-Zip\Uninstall.exe "
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ABBYY FineReader OCR Engine -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}\setup.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Advanced Decoder Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46C73DE4-E96D-4F7C-8371-F28052183B12}\setup.exe" -l0x9
Andrea VoiceCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}\Setup.exe" -Remove
ATI Catalyst Control Center-->MsiExec.exe /I{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Canon iP4500 series User Registration-->C:\Program Files\Canon\IJEREG\iP4500 series\UNINST.EXE
Canon iP4500 series--> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CD-LabelPrint--> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}
Corel Snapfire Plus-->MsiExec.exe /I{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}
Creative Audio Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
DiscRECOVER-->C:\WINDOWS\unvise32.exe C:\Program Files\DiscRECOVER\uninstal.log
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
FLV Player--> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml "
Free DVD MP3 Ripper 1.12--> "C:\Program Files\Free DVD MP3 Ripper\unins000.exe "
FreeRIP v2.96--> "C:\Program Files\FreeRIP2\unins000.exe "
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB926239)--> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
ImageViewer 1.9--> "C:\Program Files\ImageViewer\unins000.exe "
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
InterVideo MediaOne Gallery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Medion Media Center for Medion-->C:\Program Files\InstallShield Installation Information\{23CE4550-F67C-4114-88DF-FE923BC13E7F}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NBA LIVE 07-->C:\Dirk\Games\EAUninstall.exe
Nero 7 Ultra Edition-->MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Ghost 10.0-->MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PhotoShow Deluxe 3--> "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\Uninstall.exe "
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RarZilla Free Unrar 2.12-->C:\Program Files\RarZilla Free Unrar\uninstall.exe
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
ScanWizard 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B08D262E-D902-11D5-9C28-0080C85A0C2D}\setup.exe"
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 6.4 (KB925398)--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe "
Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911927)--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
Security Update for Windows XP (KB913580)--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914389)--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917953)--> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918118)--> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918899)--> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920213)--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921503)--> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922819)--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923689)--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923694)--> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923980)--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924496)--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924667)--> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925902)--> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926255)--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926436)--> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927779)--> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927802)--> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928090)--> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928255)--> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928843)--> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
Security Update for Windows XP (KB929123)--> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
Security Update for Windows XP (KB929969)--> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe "
Security Update for Windows XP (KB930178)--> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931261)--> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931768)--> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931784)--> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
Security Update for Windows XP (KB932168)--> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
Security Update for Windows XP (KB933566)--> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe "
Security Update for Windows XP (KB933729)--> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935839)--> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935840)--> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
Security Update for Windows XP (KB936021)--> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
Security Update for Windows XP (KB937143)--> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe "
Security Update for Windows XP (KB937894)--> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938127)--> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938829)--> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
Security Update for Windows XP (KB939653)--> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941202)--> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941568)--> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941644)--> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941693)--> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe "
Security Update for Windows XP (KB942615)--> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943055)--> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943460)--> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943485)--> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944338)--> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944533)--> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944653)--> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
Security Update for Windows XP (KB945553)--> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946026)--> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB947864)--> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe "
Security Update for Windows XP (KB948590)--> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe "
Security Update for Windows XP (KB948881)--> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950749)--> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950759)--> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953838)--> "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster ADVANCED MB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB Product Registration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Starship Titanic-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\The Digital Village\Starship Titanic\Uninst.isu "
Streamripper Plugin 1.62.2 (Remove only)-->C:\Program Files\Winamp\streamripper_uninstall.exe
Ulead Photo Explorer 8.0 SE Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x9
Ulead PhotoImpact 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x9
Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
Update for Windows XP (KB900485)--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
Update for Windows XP (KB910437)--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
Update for Windows XP (KB911280)--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
Update for Windows XP (KB916595)--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
Update for Windows XP (KB920872)--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
Update for Windows XP (KB922582)--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
Update for Windows XP (KB927891)--> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
Update for Windows XP (KB929338)--> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe "
Update for Windows XP (KB930916)--> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
Update for Windows XP (KB931836)--> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe "
Update for Windows XP (KB933360)--> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe "
Update for Windows XP (KB936357)--> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe "
Update for Windows XP (KB938828)--> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
Update for Windows XP (KB942840)--> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe "
Update for Windows XP (KB946627)--> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe "
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Winamp--> "C:\Program Files\Winamp\UninstWA.exe "
Windows Imaging Component--> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Live Fotogalerij-->MsiExec.exe /X{9B51E404-E3E2-45EB-9956-8D164A6108BC}
Windows Live installer-->MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "

=====HijackThis Backups=====

O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION "=0f02
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"SonicCentral "=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

DigiK · 2008/10/13

And then the other log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by master at 2008-10-13 00:03:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 46 GB (31%) free of 149 GB
Total RAM: 1022 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:04:09, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\DOCUME~1\master\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\master\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\master.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row&channel=be&ibd=3070227
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.be/hws/sb/dell-row/en/side.html?channel=be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be/hws/sb/dell-row/en/side.html?channel=be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://users.pandora.be/koen.vervoort1/explorerlaunch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.be/hws/sb/dell-row/en/side.html?channel=be
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row&channel=be&ibd=3070227
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe "
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Startup: Shortcut to MEMO.lnk = C:\Documents and Settings\master\Desktop\Koen\2007 FinalMoveP133\Disk10\Program Files\memo\MEMO.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11591 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SigmatelSysTrayApp "=C:\WINDOWS\stsystra.exe [2006-07-24 282624]
"IAAnotif "=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"ATICCC "=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DMXLauncher "=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"CTSysVol "=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"MBMon "=Rundll32 CTMBHA.DLL []
"UpdReg "=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"VoiceCenter "=C:\Program Files\Creative\VoiceCenter\AndreaVC.exe [2006-02-16 1118208]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-12-13 58992]
"Norton Ghost 10.0 "=C:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-12-07 1537696]
"DLA "=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Google Desktop Search "=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-02-27 236544]
"Corel Photo Downloader "=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2006-08-14 462336]
"CTRegRun "=C:\WINDOWS\CTRegRun.EXE [1999-10-10 41984]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2007-04-08 282624]
"CanonSolutionMenu "=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-15 644696]
"CanonMyPrinter "=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-04 1603152]
"NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"mcagent_exe "=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI "=C:\WINDOWS\MIDIDef.exe [2004-12-22 24576]
"DellSupport "=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"PhotoShow Deluxe Media Manager "=C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe [2005-02-01 163840]
"Uniblue RegistryBooster 2009 "=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Scanner Finder.lnk - C:\Program Files\ScanWizard 5\ScannerFinder.exe

C:\Documents and Settings\master\Start Menu\Programs\Startup
Shortcut to MEMO.lnk - C:\Documents and Settings\master\Desktop\Koen\2007 FinalMoveP133\Disk10\Program Files\memo\MEMO.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe "= "C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Home Networking Application "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe "= "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

======List of files/folders created in the last 3 months======

2008-10-13 00:03:21 ----D---- C:\rsit
2008-10-12 22:03:20 ----D---- C:\Documents and Settings\master\Application Data\Malwarebytes
2008-10-12 22:03:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 22:03:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-04 16:12:33 ----D---- C:\Program Files\Lavasoft
2008-10-04 16:12:29 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-04 16:10:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-04 15:22:28 ----D---- C:\Documents and Settings\master\Application Data\Uniblue
2008-10-03 22:57:41 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-03 22:57:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-03 22:20:22 ----D---- C:\Program Files\Trend Micro
2008-09-22 21:00:03 ----D---- C:\Program Files\FLAC
2008-09-15 23:07:58 ----D---- C:\Program Files\IrfanView
2008-09-09 23:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 23:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-08-13 20:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-13 20:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-13 20:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 20:48:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-13 20:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 20:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-13 20:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-13 20:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-07-27 00:23:31 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-27 00:23:31 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-27 00:23:31 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 3 months======

2008-10-13 00:03:35 ----D---- C:\WINDOWS\Temp
2008-10-13 00:03:23 ----D---- C:\WINDOWS\Prefetch
2008-10-12 22:04:10 ----D---- C:\WINDOWS\system32\drivers
2008-10-12 22:03:14 ----RD---- C:\Program Files
2008-10-12 18:42:21 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-10-12 18:30:25 ----A---- C:\WINDOWS\pex.INI
2008-10-12 18:01:07 ----SHD---- C:\WINDOWS\Installer
2008-10-12 17:37:11 ----A---- C:\WINDOWS\Ulead32.ini
2008-10-12 16:18:39 ----D---- C:\WINDOWS
2008-10-12 16:18:18 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-12 12:50:22 ----D---- C:\Documents and Settings\master\Application Data\Corel
2008-10-12 01:57:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-12 00:48:11 ----D---- C:\KOEN
2008-10-07 23:32:35 ----D---- C:\Program Files\McAfee
2008-10-06 19:43:59 ----D---- C:\WINDOWS\system32
2008-10-06 19:38:13 ----HD---- C:\WINDOWS\inf
2008-10-04 16:10:58 ----D---- C:\Program Files\Common Files
2008-10-04 01:56:36 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2008-10-03 22:45:56 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-30 20:49:26 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-29 20:45:17 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-22 21:07:50 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-09 23:52:26 ----D---- C:\WINDOWS\WinSxS
2008-09-09 23:52:21 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-09 23:52:13 ----D---- C:\Program Files\Microsoft Works
2008-09-09 23:51:28 ----A---- C:\WINDOWS\imsins.BAK
2008-08-29 21:33:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-08-26 22:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-19 00:12:45 ----D---- C:\WINDOWS\Help
2008-08-13 20:48:39 ----D---- C:\Program Files\Messenger
2008-08-13 20:46:40 ----D---- C:\Program Files\Internet Explorer
2008-07-27 00:23:30 ----D---- C:\Program Files\Java
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-14 13:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2005-12-07 14408]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-12-07 56240]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-08 1580544]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2006-08-02 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2006-08-02 158464]
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-07-26 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-08-02 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2006-08-02 106496]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2004-08-04 95360]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-04 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-08 409600]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-13 198256]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-13 165488]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2007-02-27 69632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-12-07 53248]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-02-19 83504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2007-02-27 86528]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-12-07 2066072]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-02-27 822424]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

DigiK · 2008/10/13

additionally, I ran a Kaspersky online scan, which came up with some stuff which seemed all quite harmless (in back-up files of old mailboxes etc. I kept them on my P133-win95 system, which I kept virusfree for 5 years without protection, until coolwebsearch took me by surprise), nothing active. It accused my cute3032 old cuteftp-installer to contain adware, as wel as my imageview.exe imageviewer-installer to contain a logger (C:\Documents and Settings\master\Desktop\Koen\Software\imgviewsetup.exe Infected: not-a-virus:Monitor.Win32.StarLogger.b), which is probably the module that asks for comments and user feedback...

So I'm still unsure if there's any malware active, or windows is just playing tricks. Is there a way to check if the Maximum Virtual Memory page file size has been altered recently?

noahdfear · 2008/10/15

Hi DigiK,

I don't see anything malware related either. Did you do something to change Internet Explorer, such as install and remove IE7, repair IE6, etc? I ask because the log shows something changed around 8-13, though I cannot know what. Have you tried repairing IE6?

DigiK · 2008/10/15

Thanks a lot for your opinion! really appreciate it!

I't 2AM over here, so I'm not sure if what I'm writing makes a lot of sense, but I did a search on creation date from August 13 till august 13. I can't find a way to export the result of the search function to a text file, but I am fairly convinced that it was either a important McAfee update or a windows autoupdate. There are auto-update logs that day, all starting with KB in front of the filename. I will do the search again tomorrow and take a closer look at these files. Some new .exe and .dll were installed, but nothing horrible at first sight. If I find extra info this week, I'll post it in this thread.

Thanks!

noahdfear · 2008/10/15

Updates would not surprize me, though I'm not sure what would have changed with IE if not IE7. I'll try to look into that.

The native search in XP does not have the ability to export the search results. You'd need a third party search toll such as Agent Ransack.

Will await your findings.

DigiK · 2008/10/16

Maybe one last shot...

Some update logs that may shine a light on the events of that 13th of august:

Windows XP Security Update for Windows XP (KB952954) 13 augustus 2008 Automatic Updates
Windows XP Security Update for Windows XP (KB946648) 13 augustus 2008 Automatic Updates
Windows XP Cumulative Security Update for ActiveX Killbits for Windows XP (KB953839) woensdag 13 augustus 2008 Automatic Updates
Windows XP Security Update for Windows XP (KB950974) 13 augustus 2008 Automatic Updates
Windows XP Windows Malicious Software Removal Tool - August 2008 (KB890830) 13 augustus 2008 Automatic Updates
Windows XP Update for Windows XP (KB951072) 13 augustus 2008 Automatic Updates

It changed a lot, amongst others:

C:\Program Files\Messenger (13/08/2008 20:48:39)
C:\Program Files\Common Files\System\msadc (13/08/2008 20:47:02)

and some others:

C:\WINDOWS\$NtUninstallKB946648$ (13/08/2008 20:48:37)
C:\WINDOWS\$NtUninstallKB950974$ (13/08/2008 20:48:27)
C:\WINDOWS\$NtUninstallKB951066$ (13/08/2008 20:46:55)
C:\WINDOWS\$NtUninstallKB951072-v2$ (13/08/2008 20:47:07)
C:\WINDOWS\$NtUninstallKB952287$ (13/08/2008 20:47:00)
C:\WINDOWS\$NtUninstallKB952954$ (13/08/2008 20:48:42)
C:\WINDOWS\$NtUninstallKB953838$ (13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953839$ (13/08/2008 20:48:32)
C:\WINDOWS\KB946648.log (14 KB, 13/08/2008 20:48:40)
C:\WINDOWS\KB950974.log (21 KB, 13/08/2008 20:48:30)
C:\WINDOWS\KB951066.log (14 KB, 13/08/2008 20:46:58)
C:\WINDOWS\KB951072-v2.log (34 KB, 13/08/2008 20:47:10)
C:\WINDOWS\KB952287.log (14 KB, 13/08/2008 20:47:03)
C:\WINDOWS\KB952954.log (21 KB, 13/08/2008 20:48:44)
C:\WINDOWS\KB953838.log (42 KB, 13/08/2008 20:46:52)
C:\WINDOWS\KB953839.log (13 KB, 13/08/2008 20:48:35)
C:\WINDOWS\$hf_mig$\KB946648 (13/08/2008 20:48:39)
C:\WINDOWS\$hf_mig$\KB950974 (13/08/2008 20:48:29)
C:\WINDOWS\$hf_mig$\KB951066 (13/08/2008 20:46:57)
C:\WINDOWS\$hf_mig$\KB951072-v2 (13/08/2008 20:47:09)
C:\WINDOWS\$hf_mig$\KB952287 (13/08/2008 20:47:02)
C:\WINDOWS\$hf_mig$\KB952954 (13/08/2008 20:48:44)
C:\WINDOWS\$hf_mig$\KB953838 (13/08/2008 20:46:42)
C:\WINDOWS\$hf_mig$\KB953839 (13/08/2008 20:48:33)
C:\WINDOWS\$hf_mig$\KB946648\SP2QFE (13/08/2008 20:48:39)
C:\WINDOWS\$hf_mig$\KB946648\SP3GDR (13/08/2008 20:48:39)
C:\WINDOWS\$hf_mig$\KB946648\SP3QFE (13/08/2008 20:48:39)
C:\WINDOWS\$hf_mig$\KB946648\update (13/08/2008 20:48:39)
C:\WINDOWS\$hf_mig$\KB950974\SP2QFE (13/08/2008 20:48:29)
C:\WINDOWS\$hf_mig$\KB950974\SP3GDR (13/08/2008 20:48:29)
C:\WINDOWS\$hf_mig$\KB950974\SP3QFE (13/08/2008 20:48:29)
C:\WINDOWS\$hf_mig$\KB950974\update (13/08/2008 20:48:29)
C:\WINDOWS\$hf_mig$\KB951066\SP2QFE (13/08/2008 20:46:57)
C:\WINDOWS\$hf_mig$\KB951066\SP3GDR (13/08/2008 20:46:57)
C:\WINDOWS\$hf_mig$\KB951066\SP3QFE (13/08/2008 20:46:57)
C:\WINDOWS\$hf_mig$\KB951066\update (13/08/2008 20:46:57)
C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE (13/08/2008 20:47:09)
C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR (13/08/2008 20:47:09)
C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE (13/08/2008 20:47:09)
C:\WINDOWS\$hf_mig$\KB951072-v2\update (13/08/2008 20:47:09)
C:\WINDOWS\$hf_mig$\KB952287\SP2QFE (13/08/2008 20:47:02)
C:\WINDOWS\$hf_mig$\KB952287\SP3GDR (13/08/2008 20:47:02)
C:\WINDOWS\$hf_mig$\KB952287\SP3QFE (13/08/2008 20:47:02)
C:\WINDOWS\$hf_mig$\KB952287\update (13/08/2008 20:47:02)
C:\WINDOWS\$hf_mig$\KB952954\SP2QFE (13/08/2008 20:48:44)
C:\WINDOWS\$hf_mig$\KB952954\SP3GDR (13/08/2008 20:48:44)
C:\WINDOWS\$hf_mig$\KB952954\SP3QFE (13/08/2008 20:48:44)
C:\WINDOWS\$hf_mig$\KB952954\update (13/08/2008 20:48:43)
C:\WINDOWS\$hf_mig$\KB953838\SP3GDR (13/08/2008 20:46:42)
C:\WINDOWS\$hf_mig$\KB953838\SP3QFE (13/08/2008 20:46:42)
C:\WINDOWS\$hf_mig$\KB953838\update (13/08/2008 20:46:39)
C:\WINDOWS\$hf_mig$\KB953839\update (13/08/2008 20:48:33)
C:\WINDOWS\$NtUninstallKB946648$\spuninst (13/08/2008 20:48:38)
C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.inf (13 KB, 13/08/2008 20:48:40)
C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:48:38)
C:\WINDOWS\$NtUninstallKB950974$\spuninst (13/08/2008 20:48:29)
C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.inf (13 KB, 13/08/2008 20:48:30)
C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:48:29)
C:\WINDOWS\$NtUninstallKB951066$\spuninst (13/08/2008 20:46:56)
C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.inf (13 KB, 13/08/2008 20:46:58)
C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:46:56)
C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst (13/08/2008 20:47:08)
C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.inf (14 KB, 13/08/2008 20:47:10)
C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:47:08)
C:\WINDOWS\$NtUninstallKB952287$\spuninst (13/08/2008 20:47:01)
C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.inf (13 KB, 13/08/2008 20:47:03)
C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:47:01)
C:\WINDOWS\$NtUninstallKB952954$\spuninst (13/08/2008 20:48:43)
C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.inf (13 KB, 13/08/2008 20:48:44)
C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:48:43)
C:\WINDOWS\$NtUninstallKB953838$\reg00002 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00003 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00004 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00005 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00006 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00007 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00008 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00009 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00010 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00011 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00012 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00013 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00014 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00015 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00016 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00017 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00018 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00019 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00020 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00021 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00022 (12 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00023 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00024 (8 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\reg00025 (88 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\spuninst (13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.inf (20 KB, 13/08/2008 20:46:52)
C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.txt (5 KB, 13/08/2008 20:46:38)
C:\WINDOWS\$NtUninstallKB953839$\reg00001 (88 KB, 13/08/2008 20:48:33)
C:\WINDOWS\$NtUninstallKB953839$\spuninst (13/08/2008 20:48:33)
C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.inf (12 KB, 13/08/2008 20:48:35)
C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.txt (1 KB, 13/08/2008 20:48:33)
C:\WINDOWS\inf\accessor.PNF (48 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\communic.PNF (18 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\comnt5.PNF (132 KB, 13/08/2008 20:46:45)
C:\WINDOWS\inf\dtcnt5.PNF (10 KB, 13/08/2008 20:46:45)
C:\WINDOWS\inf\fp40ext.PNF (18 KB, 13/08/2008 20:46:47)
C:\WINDOWS\inf\fxsocm.PNF (55 KB, 13/08/2008 20:46:44)
C:\WINDOWS\inf\games.PNF (15 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\ieaccess.PNF (5 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\igames.PNF (13 KB, 13/08/2008 20:46:49)
C:\WINDOWS\inf\iis.PNF (949 KB, 13/08/2008 20:46:44)
C:\WINDOWS\inf\ims.PNF (103 KB, 13/08/2008 20:46:47)
C:\WINDOWS\inf\medctroc.PNF (105 KB, 13/08/2008 20:46:50)
C:\WINDOWS\inf\msmqocm.PNF (14 KB, 13/08/2008 20:46:46)
C:\WINDOWS\inf\msmsgs.PNF (86 KB, 13/08/2008 20:46:47)
C:\WINDOWS\inf\msnmsn.PNF (10 KB, 13/08/2008 20:46:50)
C:\WINDOWS\inf\multimed.PNF (12 KB, 13/08/2008 20:46:49)
C:\WINDOWS\inf\netbeac.PNF (4 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\netfxocm.PNF (171 KB, 13/08/2008 20:46:50)
C:\WINDOWS\inf\netiprip.PNF (7 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\netlpd.PNF (11 KB, 13/08/2008 20:46:52)
C:\WINDOWS\inf\netoc.PNF (17 KB, 13/08/2008 20:46:44)
C:\WINDOWS\inf\netsnmp.PNF (20 KB, 13/08/2008 20:46:50)
C:\WINDOWS\inf\nettpsmp.PNF (11 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\netupnp.PNF (4 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\oeaccess.PNF (5 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\optional.PNF (22 KB, 13/08/2008 20:46:49)
C:\WINDOWS\inf\p2p.PNF (14 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\pinball.PNF (13 KB, 13/08/2008 20:46:49)
C:\WINDOWS\inf\rootau.PNF (4 KB, 13/08/2008 20:46:47)
C:\WINDOWS\inf\setupqry.PNF (41 KB, 13/08/2008 20:46:46)
C:\WINDOWS\inf\sysoc.PNF (8 KB, 13/08/2008 20:46:43)
C:\WINDOWS\inf\tabletpc.PNF (546 KB, 13/08/2008 20:46:50)
C:\WINDOWS\inf\tsoc.PNF (120 KB, 13/08/2008 20:46:46)
C:\WINDOWS\inf\wbemoc.PNF (14 KB, 13/08/2008 20:46:44)
C:\WINDOWS\inf\wbemsnmp.PNF (7 KB, 13/08/2008 20:46:51)
C:\WINDOWS\inf\wmaccess.PNF (4 KB, 13/08/2008 20:46:47)
C:\WINDOWS\inf\wmpocm.PNF (5 KB, 13/08/2008 20:46:48)
C:\WINDOWS\inf\wordpad.PNF (17 KB, 13/08/2008 20:46:49)
C:\WINDOWS\system32\TZLog.log (595 KB, 13/08/2008 20:47:07)
C:\WINDOWS\Temp\MCE0003b (13/08/2008 20:57:28)

I suppose the active x updater could have played with the Internet explorer? I still use IE6 6.0.2900.2180 service pack 2 (service pack 3 update failed on the 19th of august, I just noticed this on the update server from Microsoft). Maybe upgrading to IE7 can fix my problem. (started approx. around second of october). So to be honest: I noticed the problem only much later than august 13th... . Does malware exists that makes permanent changes to memory behaviour / page file settings and stuff? Even after cleaning?

I stayed with IE6, because it ran extremely well without unexpected quits... My other option is to by some more ram or switch to firefox. Or... to hope to find the glitch. I saw an error pop-up earlier today mentioning there was a socket error in G assert or something. I accidently hit the return key, before I could read it properly. It could be something quite different

Any suggestions are welcome. I appreciate your help and feel already a bit guilty that I'm taking up some of your time you could spend on people with really serious malware acute infections. Mine were removed (I've had 2 malware issues recently (Virtumonde and win32.joleee.k). They were removed successfully by Spybot / AdAware.), and I'm actually beginning to think that my problem is not related to these, and it may be just a coincidence that I noticed the new problem at the same time (1 or 2 days before I noticed a filedropper / dropped file) on my desktop...

It did occur at pretty much the same time...

dale456654 · 2008/10/18

August 13th is my birthday

Could you not use another browser such as firefox www.firefox.com ?

DigiK · 2008/10/18

I did write about switching to Firefox, or adding RAM as a possible solution.

Meanwhile, I also took care of the Uniblue registry entry. I think it's a nice peace of sarcasm to make a registry cleaner, and then, when you choose to unintall, leave your own dirt behind in there... It's like a real life cleaning crew leaving mud traces on their way out

noahdfear · 2008/10/19

http://support.microsoft.com/kb/318378

Method 4: Reinstall Internet Explorer 6 by using the Ie.inf file
If you already have Windows XP Service Pack 2 installed, and you do not want to install Internet Explorer 7, you may be able to resolve problems with Internet Explorer 6 by using the Ie.inf file to reinstall Internet Explorer 6. To do this, follow these steps:
Click to expand...

Let's see re-installing IE6 will help.

Click Start>Run and type (or copy and paste) %systemroot%\inf, then press Enter

Locate the Ie.inf file

Right-click the Ie.inf file, then select Install

If prompted for the XP installation cd, insert it to the cd-rom drive and click OK, or click Browse and navigate to and select the i386 folder on your drive (you may want to do a search for this ahead of time .... usually in C: or C:\Windows) then click OK

Restart the computer when the file copy process is complete

See if Internet Explorer is working properly now

DigiK · 2008/10/20

Thanks!

I did the IE6 fix. I will monitor the memory problems, and come back to you to let you know if it makes any difference!

Regards,

Koen

DigiK · 2008/10/21

I need to thank you for this great hint!

I'm not sure that I won't be bothered any longer from the memory problem yet BUT it looks very promising:

- internet explorer launch is faster now
- navigating / saving files is faster
- shutting down windows in global is faster

- Today, 24 hours after I did the IE6 fix, I got a new automatic update offer for Windows service pack 3. It downloaded and installed succesfully this time.

just guessing: something prevented internet explorer to unload temp data it kept in the process, to the actual temporary files folder. access to this folder is much faster also since the IE6 fixing procedure.

So thanks again. Unless I run into strange RAM-related error messages / behaviour again during the next day, I think looks a bit like a 'resolved' issue...

Thanks again for your help!

stelliger · 2008/10/21

Without being nearly as complete as digik, let me just toss in the fact that I've had a problem with the iexplore process growing out of control, too.

It seems like every hour or so I have to kill the process because my ram usage will inflate to over 1GB if I don't start over.

I also find that I have a lot of delays in response and clicking.

I run ad-aware on a regular basis in addition to using McAfee AV but I never seem to have any malware; just tracking cookies.

DigiK · 2008/10/29

The problem does not seem to be solved after all... There is one difference though, I now get to see an error when trying to save images: 8007fff

:-(

noahdfear · 2008/10/29

Lets make sure we rule out any rootkits, since your logs didn't show signs of malware. Download GMER

Right click and extract it to it's own folder on the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "˜Show Allâ€™.
Click on Scan.
When the scan has completed, click Copy and paste the results (if any) into this topic.

DigiK · 2008/10/30

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-30 23:36:57
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA30C9AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAA30CA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA30C958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA30C96C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA30CA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA30CA81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA30CAEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA30CAD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA30C9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA30CB1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA30CA2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA30C930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA30C944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA30C9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA30CB57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA30CAC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA30CAAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA30CA6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA30CB43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA30CB2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA30C996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA30C982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAA30CA97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA30CA19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA30CB05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA30CA00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA30C9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP AA30C9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP AA30C9AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP AA30C9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP AA30CA04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP AA30C9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP AA30C934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP AA30C948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP AA30C986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP AA30C970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP AA30C95C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP AA30C99A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP AA30CA1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP AA30CAB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP AA30CA9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP AA30CB09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP AA30CAC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP AA30CA6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP AA30CA45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP AA30CA59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP AA30CA85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP AA30CAF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP AA30CADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP AA30CA31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP AA30CB5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP AA30CB33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP AA30CB47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP AA30CB1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01370000
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01370069
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01370058
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01370F80
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01370F91
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01370022
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01370090
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01370F3E
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013700C6
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013700B5
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01370F12
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01370033
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01370FDB
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01370F4F
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01370FC0
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01370011
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01370F2D
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01360FB2
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01360F50
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01360FC3
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01360FD4
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01360F6B
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01360FE5
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01360F7C
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 56, 89 ]
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01360F97
.text C:\WINDOWS\system32\services.exe[844] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F8000A
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F8006C
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F80051
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80F83
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80036
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80F9E
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F3F
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80F50
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80F09
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F800A2
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F80EF8
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F80025
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F8007D
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F80FC3
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F80FDE
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F80F24
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F7001B
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F70F72
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F70FCA
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F70F8D
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F70F9E
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 17, 89 ]
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F70FAF
.text C:\WINDOWS\system32\lsass.exe[856] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02560000
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02560F72
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02560067
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02560040
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02560F83
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0256002F
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02560082
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02560F3A
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025600D3
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025600C2
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 025600E4
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02560FA8
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02560FEF
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02560F57
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02560FC3
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02560FDE
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0256009D
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02550FB9
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02550040
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02550000
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02550FCA
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0255001B
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02550FE5
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02550F79
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 75, 8A ]
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02550F9E
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02530FEF
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F6A
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70069
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F7004E
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F7003D
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7002C
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70090
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F48
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70F15
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F26
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F70EF0
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F70FA5
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F70F59
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F7001B
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F7000A
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F70F37
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CE0033
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CE0F91
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CE0022
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CE004E
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CE0FAC
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ EE, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 1 Byte [ E9 ]
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA + 2 77DFBCC5 3 Bytes [ 52, EE, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0000
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03490FEF
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0349005D
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03490F68
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03490036
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03490F83
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03490014
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 034900B0
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03490089
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03490F39
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 034900D2
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 034900F7
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03490025
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03490FD4
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03490078
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03490FA8
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 03490FC3
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 034900C1
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 03480036
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 03480098
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0348001B
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 03480FE5
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0348007D
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 03480000
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0348006C
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 03480051
.text C:\WINDOWS\System32\svchost.exe[1292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 027E0FE5
.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 02C00FCA
.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 02C00FE5
.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 02C00FAD
.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 02C00F9C
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008F0F46
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008F0F57
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008F0031
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008F000A
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008F0F83
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008F005D
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008F0F15
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008F0EF0
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008F0089
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 008F0EDF
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 008F0F72
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 008F0FD4
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 008F004C
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 008F0F94
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 008F0FAF

DigiK · 2008/10/30

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 008F0078
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 008E0FCA
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 008E0FAF
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 008E0FDB
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 008E0011
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 008E006C
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 008E0051
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 008E0040
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00880000
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D9005A
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D90F6F
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D90F80
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D9003D
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D90FA5
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D90F23
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D9006B
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D90F12
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D900AB
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D90EF7
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D9002C
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D90F40
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D90011
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D90FC0
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D90086
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D80047
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D80F9E
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D8002C
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D8001B
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D80FAF
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D80FC0
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F8, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D80FD1
.text C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00D60011
.text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00D60FCF
.text C:\WINDOWS\system32\svchost.exe[1508] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00D60022
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0026009A
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0026007F
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F9B
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260058
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0026002C
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F48
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600BF
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F26
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00260F0B
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00260047
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00260F80
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00260011
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00260FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00260F37
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00360FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00360F79
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00360F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0036002C
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00360FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 0038000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00380FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00380FAD
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003D0000
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02FA0FE5
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02FA0F80
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02FA007F
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02FA0FA5
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02FA0062
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02FA0036
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02FA00D2
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02FA00AB
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02FA0F39
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02FA0F5E
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02FA0F28
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02FA0047
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02FA000A
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02FA009A
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02FA001B
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02FA0FCA
.text C:\WINDOWS\Explorer.EXE[1868] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02FA0F6F
.text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CF0025
.text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CF0F9E
.text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CF005B
.text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CF000A
.text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CF0FB9
.text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ EF, 88 ]
.text C:\WINDOWS\Explorer.EXE[1868] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CF0040
.text C:\WINDOWS\Explorer.EXE[1868] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 00CD001B
.text C:\WINDOWS\Explorer.EXE[1868] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 00CD000A
.text C:\WINDOWS\Explorer.EXE[1868] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\Explorer.EXE[1868] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 00CD0FC8
.text C:\WINDOWS\Explorer.EXE[1868] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F99
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0084
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0FAA
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0073
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00B0
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B009F
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00F7
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00E6
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B0F43
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0FD1
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B0F7E
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B0051
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[2328] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B00CB
.text C:\WINDOWS\system32\wuauclt.exe[2328] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B001E
.text C:\WINDOWS\system32\wuauclt.exe[2328] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B0F94
.text C:\WINDOWS\system32\wuauclt.exe[2328] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B0FCD
.text C:\WINDOWS\system32\wuauclt.exe[2328] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2328] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B0051
.text C:\WINDOWS\system32\wuauclt.exe[2328] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2328] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002B0040
.text C:\WINDOWS\system32\wuauclt.exe[2328] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B002F
.text C:\WINDOWS\system32\wuauclt.exe[2328] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003C0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2428] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC0070
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC005F
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC004E
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0F91
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0033
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC00B7
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC009C
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC00F4
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC00E3
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CC0F40
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CC0FAC
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CC0011
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CC008B
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CC0022
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CC0FDB
.text C:\WINDOWS\system32\svchost.exe[2844] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CC00D2
.text C:\WINDOWS\system32\svchost.exe[2844] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CB0FA5
.text C:\WINDOWS\system32\svchost.exe[2844] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CB0F5E
.text C:\WINDOWS\system32\svchost.exe[2844] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CB0FCA
.text C:\WINDOWS\system32\svchost.exe[2844] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CB0FDB
.text C:\WINDOWS\system32\svchost.exe[2844] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CB0F6F
.text C:\WINDOWS\system32\svchost.exe[2844] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[2844] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CB0F80
.text C:\WINDOWS\system32\svchost.exe[2844] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ EB, 88 ]
.text C:\WINDOWS\system32\svchost.exe[2844] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CB0011
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014E0000
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014E0F88
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 014E007D
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 014E0FA3
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 014E0FC0
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 014E0FDB
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014E0F63
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 014E00AB
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014E00E1
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014E00C6
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 014E00F2
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 014E0062
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 014E0011
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 014E008E
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 014E0051
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 014E0036
.text C:\WINDOWS\system32\svchost.exe[2980] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 014E0F48
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 014D001B
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 014D0047
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 014D000A
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 014D0FD4
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 014D002C
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 014D0FEF
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 014D0F8A
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 6D, 89 ]
.text C:\WINDOWS\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 014D0FA5
.text C:\WINDOWS\system32\svchost.exe[2980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 014B0000
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0064
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0049
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F6F
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F80
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00A1
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0086
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F23
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00BC
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00D7
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0022
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0075
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[3604] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F3E
.text C:\WINDOWS\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FDB
.text C:\WINDOWS\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0029006C
.text C:\WINDOWS\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0029002C
.text C:\WINDOWS\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290011
.text C:\WINDOWS\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290FA5
.text C:\WINDOWS\System32\svchost.exe[3604] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290FC0
.text C:\WINDOWS\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\System32\svchost.exe[3604] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290047
.text C:\WINDOWS\System32\svchost.exe[3604] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB000A

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37C9B186-901E-DBD5-15BF-BF277D75A4CD}

---- Files - GMER 1.0.14 ----

File C:\Temporary Internet Files\Content.IE5\41K0DZJW\CAPO5KH3.jsp 0 bytes

---- EOF - GMER 1.0.14 ----

noahdfear · 2008/10/30

I'm going to have to think on this before trying anything else. Just letting you know so you don't think I've forgotten about ya.

DigiK · 2008/10/31

I'm not in a hurry. My computer is working flawless except for that annoying little RAM thing in internet explorer.

When I noticed that most of the found items in Gmer were part of McAfee, I started thinking that maybe McAfee keeps some open images or files under control in the iexplore process and prevents them from being flushed or written to the temporary internet folder. It could be that this sounds like the biggest nonsens you ever heard. I was just brainstorming, and yes... the stress is on storm... not on brain. I am not even sure that such a thing is possible at all. I do think that firewalls and virus scanners can go quite deep into the system... However... I should have read more reports about this, when a McAfee update would cause such a thing...

noahdfear · 2008/11/02

While the gmer log does appear clean, it shows that McAfee is certainly putting a load on the system. It might well be worth your time to Uninstall, reboot, run ATF Cleaner to clean out temp, reboot again and re-install McAfee. Instructions for ATF Cleaner follow.

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Log in or Sign up

Solved IEXPLORER.EXE process keeps growing (malware-related?)

DigiK Inactive Thread Starter

DigiK Inactive Thread Starter

DigiK Inactive Thread Starter

noahdfear Inactive

DigiK Inactive Thread Starter

noahdfear Inactive

DigiK Inactive Thread Starter

dale456654 Inactive

DigiK Inactive Thread Starter

noahdfear Inactive

DigiK Inactive Thread Starter

DigiK Inactive Thread Starter

stelliger Well-Known Member

DigiK Inactive Thread Starter

noahdfear Inactive

DigiK Inactive Thread Starter

DigiK Inactive Thread Starter

noahdfear Inactive

DigiK Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved IEXPLORER.EXE process keeps growing (malware-related?)

DigiK Inactive Thread Starter

DigiK Inactive Thread Starter

DigiK Inactive Thread Starter

noahdfear Inactive

DigiK Inactive Thread Starter

noahdfear Inactive

DigiK Inactive Thread Starter

dale456654 Inactive

DigiK Inactive Thread Starter

noahdfear Inactive

DigiK Inactive Thread Starter

DigiK Inactive Thread Starter

stelliger Well-Known Member

DigiK Inactive Thread Starter

noahdfear Inactive

DigiK Inactive Thread Starter

DigiK Inactive Thread Starter

noahdfear Inactive

DigiK Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches