Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old May 3rd, 2009, 05:47 PM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
Computer runs slow -- really slow!

Hi All:

My computer CPU runs at 100% capacity with no aps open. The RAM usage is about 30%. A while back I installed IObit software (free trial download) to help speed things up, but the processing speed has now slowed right down. I have cleaned up the disks and defragged. I have deleted all unwanted software (as best I could) and minimized the startups by unselecting in msconfig.

Your expert help will be most welcome.

Below is an initial HJT log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:40, on 03/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.standbyservice.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.standbyservice.nl
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a01-b01.mypicturetown.com/P2P.../x/Upld_47.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\WINDOWS\System32\x10nets.exe
--
End of file - 8748 bytes


Thanks,

Graham.
Reply With Quote
  #2  
Old May 4th, 2009, 04:50 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Hallo Bonksie,

I don't see any malware in this view, but of course you have disabled some startups, so it isn't a complete list of those. Let's go ahead and check a bit further, before we decide it is some software problem you will need to address.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
Reply With Quote
  #3  
Old May 4th, 2009, 07:13 PM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
Hi Jintan:

Thanks for responding . . .

. . . here goes.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dad at 2009-05-04 19:59:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 79 GB (71%) free of 111 GB
Total RAM: 2047 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:32, on 04/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Dad\Bureaublad\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dad.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.standbyservice.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.standbyservice.nl
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a01-b01.mypicturetown.com/P2P.../x/Upld_47.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\WINDOWS\System32\x10nets.exe
--
End of file - 8834 bytes
Reply With Quote
  #4  
Old May 4th, 2009, 07:17 PM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"NVIDIA Remote Control Panel"=NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0 []
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-04-24 516440]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MS Config.exe [2008-04-14 172032]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-03-18 251240]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-02-22 2272592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-06-28 270648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2003-07-28 4841472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [2003-07-15 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-10-27 868352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-01-29 23975720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSCHEDULER]
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE [2003-07-10 139264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad^Menu Start^Programma's^Opstarten^OneNote-inhoudsopgave.onetoc2]
C:\Documents and Settings\Dad\Menu Start\Programma's\Opstarten\OneNote-inhoudsopgave.onetoc2 []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*isabled:Windows Media Player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\sys tem32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\sys tem32\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*isabled:Real Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\SetupST.exe"="D:\SetupST.exe:*:Enabled:SpeedTo uch Setup Wizard"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Ena bled:LimeWire swarmed installer"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7d5c4f6a-d28d-11dd-b49f-487444737531}]
shell\AutoRun\command - K:\InstallTomTomHOME.exe

======List of files/folders created in the last 1 months======
2009-05-04 19:59:44 ----D---- C:\rsit
2009-05-04 16:25:57 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-05-04 16:25:51 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-05-03 15:40:00 ----D---- C:\Program Files\Trend Micro
2009-05-03 14:14:46 ----D---- C:\Documents and Settings\Dad\Application Data\Malwarebytes
2009-05-03 14:14:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-03 14:14:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-03 14:04:22 ----D---- C:\Program Files\Windows Installer Clean Up
2009-05-03 14:03:05 ----D---- C:\Program Files\MSECACHE
2009-04-29 22:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-04-26 16:07:01 ----D---- C:\Program Files\Windows Live SkyDrive
2009-04-26 15:58:38 ----D---- C:\Program Files\Common Files\Windows Live
2009-04-16 22:45:45 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 22:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 22:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 22:37:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 22:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 22:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-12 13:57:22 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-04-12 13:57:22 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-04-12 13:57:21 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-04-12 13:57:21 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-04-12 13:57:21 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-04-12 13:57:21 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-04-12 13:57:21 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-04-12 13:57:21 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-04-12 13:57:21 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-04-12 13:57:21 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-04-12 13:57:21 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-04-12 13:57:20 ----N---- C:\WINDOWS\system32\px.dll
2009-04-11 14:31:54 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-11 14:31:54 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-11 14:31:54 ----A---- C:\WINDOWS\system32\java.exe
Reply With Quote
  #5  
Old May 4th, 2009, 07:19 PM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
======List of files/folders modified in the last 1 months======
2009-05-04 20:01:07 ----D---- C:\WINDOWS\Temp
2009-05-04 19:59:22 ----D---- C:\WINDOWS\Prefetch
2009-05-04 19:44:51 ----SH---- C:\boot.ini
2009-05-04 19:44:51 ----A---- C:\WINDOWS\win.ini
2009-05-04 19:44:51 ----A---- C:\WINDOWS\system.ini
2009-05-04 16:26:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-04 16:25:59 ----D---- C:\WINDOWS\system32
2009-05-04 16:25:57 ----D---- C:\WINDOWS\system32\drivers
2009-05-04 16:25:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-04 11:28:10 ----D---- C:\Program Files\Mozilla Thunderbird
2009-05-04 10:45:58 ----D---- C:\WINDOWS
2009-05-03 22:53:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-03 22:45:13 ----D---- C:\Program Files\xnews
2009-05-03 18:13:31 ----RD---- C:\Program Files
2009-05-03 14:10:33 ----SHD---- C:\WINDOWS\Installer
2009-05-03 14:04:27 ----D---- C:\Config.Msi
2009-05-03 12:27:00 ----D---- C:\Documents and Settings\Dad\Application Data\Skype
2009-05-03 12:05:43 ----D---- C:\WINDOWS\pss
2009-05-02 23:13:14 ----D---- C:\Documents and Settings\Dad\Application Data\skypePM
2009-05-01 08:46:04 ----D---- C:\WINDOWS\inf
2009-04-30 20:23:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-29 21:59:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-29 13:50:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-26 16:09:22 ----D---- C:\WINDOWS\WinSxS
2009-04-26 16:07:23 ----D---- C:\Program Files\Microsoft
2009-04-26 16:06:22 ----D---- C:\Program Files\Windows Live
2009-04-26 15:58:38 ----D---- C:\Program Files\Common Files
2009-04-26 15:58:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-24 19:54:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-24 19:53:26 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-23 08:22:26 ----D---- C:\Program Files\McAfee
2009-04-17 10:48:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 10:43:36 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 10:43:35 ----D---- C:\WINDOWS\AppPatch
2009-04-16 22:45:36 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 22:45:01 ----D---- C:\WINDOWS\system32\nl-nl
2009-04-16 22:45:01 ----D---- C:\Program Files\Internet Explorer
2009-04-12 17:59:33 ----A---- C:\WINDOWS\cdplayer.ini
2009-04-12 13:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-12 13:57:26 ----D---- C:\Documents and Settings\Dad\Application Data\Adobe
2009-04-12 13:56:02 ----D---- C:\Program Files\Adobe
2009-04-11 14:31:34 ----D---- C:\Program Files\Java
2009-04-06 16:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2009-02-10 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2009-02-10 9200]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-10-27 259712]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-10-27 146560]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-10-27 118409]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-10-27 213120]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-09-16 126352]
R2 nvTUNEP;nVidia WDM TVTuner; C:\WINDOWS\System32\DRIVERS\nvtunep.sys [2003-09-16 20580]
R2 nvtvSND;nVidia WDM TVAudio Crossbar; C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys [2003-09-16 22644]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-09-16 13330]
R3 Arp1394;1394 ARP-clientprotocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-10-27 21993]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 NIC1394;1394-stuurprogramma; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 P1120VID;Creative WebCam NX Ultra; C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2003-09-19 759050]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WDMWANMP;NDIS WAN miniport; C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys [2002-05-22 26112]
S1 P3;Stuurprogramma voor Intel PentiumIII-processor; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2005-04-27 120995]
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2005-04-29 26672]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CEUSBAUD;DigiTech USB MIDI Driver; C:\WINDOWS\System32\Drivers\CEUSBAUD.sys [2003-11-01 17920]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-10-27 22745]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;USB RNDIS-adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;DigiTech USB Audio 1-2 Driver; C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-24 953168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-03-18 92008]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-28 501048]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 x10nets;X10 Device Network Service; C:\WINDOWS\System32\x10nets.exe [2003-06-24 20480]
-----------------EOF-----------------
Reply With Quote
  #6  
Old May 4th, 2009, 07:29 PM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
info.txt logfile of random's system information tool 1.06 2009-05-04 20:01:58
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Aangifte inkomstenbelasting 2007-->C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Photoshop Lightroom 2.3-->MsiExec.exe /I{7CBD8A89-45F4-4203-9923-673F72603747}
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
ArcSoft Greeting Card Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{205EBC8B-3FAC-4A4C-80A4-D9D73248BDA6}\SETUP.exe" -l0x9 -uninst
ArcSoft Multimedia Email-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD54CF66-090B-43E7-97C1-110EF526474D}\SETUP.exe" -l0x9 -uninst
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2D201C4-92AF-4544-A5CC-1419F8D5618B}\SETUP.exe" -l0x9 -uninst
Beveiligingsupdate for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\ spuninst.exe"
Beveiligingsupdate for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\s puninst.exe"
Beveiligingsupdate voor Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\ spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\s puninst.exe"
Beveiligingsupdate voor Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spunin st.exe"
Beveiligingsupdate voor Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spunin st.exe"
Cabri-géomètre II-->C:\Cabri\UNINST C:\Cabri\INSTALL.LOG
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.in i"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.i ni"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini "
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Unin st.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Creative PC-CAM Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9 /remove
Creative WebCam Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9 /remove
Creative WebCam NX Ultra Driver (1.00.06.0919)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd1120.uns -unsext NT -plugin P1120Pin.dll -pluginres P1120Pin.crl
Creative WebCam NX Ultra User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam NX Ultra\Creative WebCam NX Ultra User's Guide\English\CTManual.isu"
Easy CD & DVD Creator 6-->MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
Reply With Quote
  #7  
Old May 4th, 2009, 07:31 PM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
. . . and finally,

Essentiële update voor Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\s puninst.exe"
GdiPlusDll-->MsiExec.exe /I{B32A35C7-1D9E-4D96-A3F4-25B34FB6A080}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunin st.exe"
Hotfix voor Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix voor Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spunin st.exe"
Hotfix voor Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe"
hp deskjet 5100 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 5100 series
Huur- en zorgtoeslag 2008-->C:\Program Files\Belastingdienst\Huur- en zorgtoeslag\2008\hz2008u.exe
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KB898458: Beveiligingsupdate voor Step by Step Interactive Training-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunin st.exe"
KB923723: Beveiligingsupdate voor Step by Step Interactive Training-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunin st.exe"
LG GSM PC Components-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\setup.exe" -l0x9
LG USB Modem Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Dutch Language Pack-->MsiExec.exe /X{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\sp uninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2007-->MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni nst.exe"
Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}\Setup.exe" -uninstall
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
NVRemote-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42C59DE7-38BB-4039-A341-EF5ED6C0AA72}\setup.exe"
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFF8A42A-0814-4864-92D7-52EFB3048ABD}\SETUP.exe" -l0x9
PowerDVD-->RunDll32 c:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
RAYMANM-->C:\WINDOWS\UbiSoft\SetupUbi.exe -uninstall RAYMANM
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x13
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUni nstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Unin stall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uni nstall.exe
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
TomTom HOME 2.6.1.1549-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Ulead DVD MovieFactory 2 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 0\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}\setup.exe" -l0x9
Ulead VideoStudio 7 SE DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 0\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update voor Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update voor Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe"
Update voor Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe"
Update voor Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spunin st.exe"
Update voor Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spunin st.exe"
USB Mass Storage Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2DD7B9B-4384-4131-A79C-804D6E0564BD}\Setup.exe" -l0x9
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vodafone 804SS USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUni nstall.exe
VU Leerling Bovenbouw-->MsiExec.exe /I{97A80FD4-8EEC-402F-ABFE-8D8A3ACDBE4E}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live aanmeldhulp-->MsiExec.exe /I{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}
Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3CDAFDF9-A993-4B64-8D9B-36253D9C0DC9}
Windows Live Messenger-->MsiExec.exe /X{1A38EBE5-08BD-4E0D-AAB9-0DFECACE108B}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spunin st.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuni nst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst. exe"
Windows Mobile Resources-->C:\Program Files\Windows Mobile Resources\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
======Security center information======
AV: McAfee VirusScan
======System event log======
Computer Name: GWJARDINE
Event Code: 7035
Message: De Verbindingsbeheer voor RAS-service is naar een Starten-besturingselement verzonden.
Record Number: 126151
Source Name: Service Control Manager
Time Written: 20090410134426.000000+120
Event Type: Gegevens
User: NT AUTHORITY\SYSTEM
Computer Name: GWJARDINE
Event Code: 7036
Message: De Telephony-service heeft nu de status Wordt uitgevoerd.
Record Number: 126150
Source Name: Service Control Manager
Time Written: 20090410134426.000000+120
Event Type: Gegevens
User:
Computer Name: GWJARDINE
Event Code: 7036
Message: De Network Location Awareness (NLA)-service heeft nu de status Wordt uitgevoerd.
Record Number: 126149
Source Name: Service Control Manager
Time Written: 20090410134426.000000+120
Event Type: Gegevens
User:
Computer Name: GWJARDINE
Event Code: 7035
Message: De Network Location Awareness (NLA)-service is naar een Starten-besturingselement verzonden.
Record Number: 126148
Source Name: Service Control Manager
Time Written: 20090410134426.000000+120
Event Type: Gegevens
User: NT AUTHORITY\SYSTEM
Computer Name: GWJARDINE
Event Code: 7036
Message: De Compatibiliteit voor Snelle gebruikerswisseling-service heeft nu de status Wordt uitgevoerd.
Record Number: 126147
Source Name: Service Control Manager
Time Written: 20090410134426.000000+120
Event Type: Gegevens
User:
=====Application event log=====
Computer Name: GWJARDINE
Event Code: 0
Message:
Record Number: 8397
Source Name: McAfee SiteAdvisor Service
Time Written: 20081108091005.000000+060
Event Type: Gegevens
User:
Computer Name: GWJARDINE
Event Code: 1517
Message: Windows heeft het register van gebruiker GWJARDINE\Joy opgeslagen hoewel een toepassing of service tijdens de afmelding van het register gebruikmaakte. Het geheugen voor het register is niet volledig beschikbaar. Het register wordt uit het register verwijderd wanneer het niet langer in gebruik is.

Dit wordt mogelijk veroorzaakt door services die als een gebruikersaccount actief zijn. Probeer om de services zodanig te configureren dat deze als LocalService- of NetworkService-account worden gestart.
Record Number: 8396
Source Name: Userenv
Time Written: 20081107181605.000000+060
Event Type: Waarschuwing
User: NT AUTHORITY\SYSTEM
Computer Name: GWJARDINE
Event Code: 302
Message: msnmsgr (2216) \\.\C:\Documents and Settings\Joy\Local Settings\Application Data\Microsoft\Messenger\heatherjoy@wanadoo.nl\Sha ringMetadata\Working\database_4CBC_F4C8_BCF4_AD98\ dfsr.db: De database-engine heeft de herstelstappen uitgevoerd.
Record Number: 8395
Source Name: ESENT
Time Written: 20081107162843.000000+060
Event Type: Gegevens
User:
Computer Name: GWJARDINE
Event Code: 301
Message: msnmsgr (2216) \\.\C:\Documents and Settings\Joy\Local Settings\Application Data\Microsoft\Messenger\heatherjoy@wanadoo.nl\Sha ringMetadata\Working\database_4CBC_F4C8_BCF4_AD98\ dfsr.db: De database-engine is begonnen met het opnieuw afspelen van logboekbestand \\.\C:\Documents and Settings\Joy\Local Settings\Application Data\Microsoft\Messenger\heatherjoy@wanadoo.nl\Sha ringMetadata\Working\database_4CBC_F4C8_BCF4_AD98\ fsr.log.
Record Number: 8394
Source Name: ESENT
Time Written: 20081107162842.000000+060
Event Type: Gegevens
User:
Computer Name: GWJARDINE
Event Code: 301
Message: msnmsgr (2216) \\.\C:\Documents and Settings\Joy\Local Settings\Application Data\Microsoft\Messenger\heatherjoy@wanadoo.nl\Sha ringMetadata\Working\database_4CBC_F4C8_BCF4_AD98\ dfsr.db: De database-engine is begonnen met het opnieuw afspelen van logboekbestand \\.\C:\Documents and Settings\Joy\Local Settings\Application Data\Microsoft\Messenger\heatherjoy@wanadoo.nl\Sha ringMetadata\Working\database_4CBC_F4C8_BCF4_AD98\ fsr00177.log.
Record Number: 8393
Source Name: ESENT
Time Written: 20081107162840.000000+060
Event Type: Gegevens
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Roxio Shared\DLLShared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------

Thanks,

Graham.
Reply With Quote
  #8  
Old May 5th, 2009, 03:03 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
No malware in that. The system has that Advanced SystemCare 3 sorta combination "reg cleaner"/defragger/antispyware/updater/error fixer software. Just checked their site:

Quote:
Enjoy That New PC Feeling Again New!
Whatever version of Windows you’re running, enjoy that “good as new” speed usually only experienced on a brand new PC.
So, are you enjoying that "New PC Feeling" again? In general I find in threads that Iobit softwares tend to cause problems, not solutions, but I am not sure how it might be involved in any current problems there.

We will do one in-depth check, and if nothing from that you will want to ask in the CTH XP forum for more ideas.


Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.

If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Reply With Quote
  #9  
Old May 6th, 2009, 06:46 AM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
Gmer part 1

Hi Jintan:

Yeah! Enjoy that new PC feeling again. Funny thing is, right after installation, there was a noticable improvement, but it gradually got worse -- and now this. I did notice some residue from a program called ErrorNuker which seemed to have been installed at the same time as IObit's software. I uninstalled it, but apparently not 100% successfully. Could this be a problem?

Here is the Gmer log. It took more than 4 hours to scan.


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-06 07:30:27
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF76C787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF76C7BFE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB098D4EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB098D498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB098D4AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB098D597]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB098D5C3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB098D631]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB098D61B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB098D52A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB098D65D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB098D56D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB098D470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB098D484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB098D4FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB098D699]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB098D605]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB098D5EF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB098D5AD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB098D685]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB098D671]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB098D4D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB098D4C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB098D559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB098D647]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB098D540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB098D514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 80515A6A 7 Bytes JMP B098D518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572BF4 5 Bytes JMP B098D571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80573037 7 Bytes JMP B098D5F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80578A14 7 Bytes JMP B098D69D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 7 Bytes JMP B098D635 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8057C328 5 Bytes JMP B098D4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8057CFC0 5 Bytes JMP B098D4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057DEF1 5 Bytes JMP B098D544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057E369 7 Bytes JMP B098D52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80581702 5 Bytes JMP B098D474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80581889 7 Bytes JMP B098D502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80587693 7 Bytes JMP B098D61F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP B098D4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058E695 5 Bytes JMP B098D55D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80591F8B 7 Bytes JMP B098D5C7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80593334 7 Bytes JMP B098D59B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B0470 5 Bytes JMP B098D49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 805E1939 5 Bytes JMP B098D488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805E218F 5 Bytes JMP B098D661 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 80635967 5 Bytes JMP B098D4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80654DD6 7 Bytes JMP B098D64B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 806556FC 7 Bytes JMP B098D609 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 80655B78 1 Byte [E9]
PAGE ntoskrnl.exe!ZwRenameKey 80655B78 7 Bytes JMP B098D5B1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8065606D 5 Bytes JMP B098D675 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 806564D8 5 Bytes JMP B098D689 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Reply With Quote
  #10  
Old May 6th, 2009, 06:48 AM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
Gmer part 2

---- User code sections - GMER 1.0.15 ----
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[260] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[260] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[312] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 001A0000
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 001A0080
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 001A0F8B
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 001A0065
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 001A0FB2
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 001A004A
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 001A0F5C
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 001A00A2
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 001A00C9
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 001A0109
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 001A0FC3
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 001A001B
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 001A0091
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 001A0FDE
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 001A0FEF
.text C:\Program Files\Messenger\msmsgs.exe[548] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 001A0F4B
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00290FAD
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00290FD2
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00290FE3
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!_open 77BFF566 5 Bytes JMP 0029000C
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00290038
.text C:\Program Files\Messenger\msmsgs.exe[548] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0029001D
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 002A0FCA
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 002A0FA5
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 002A001B
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 002A0FE5
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 002A0058
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 002A0000
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 002A0047
.text C:\Program Files\Messenger\msmsgs.exe[548] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 002A0036
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!socket 71A34211 5 Bytes JMP 002B0FE5
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\Program Files\Messenger\msmsgs.exe[548] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\Program Files\Messenger\msmsgs.exe[548] WININET.dll!InternetOpenA 445EC865 5 Bytes JMP 002C0000
.text C:\Program Files\Messenger\msmsgs.exe[548] WININET.dll!InternetOpenW 445ECE99 5 Bytes JMP 002C0FE5
.text C:\Program Files\Messenger\msmsgs.exe[548] WININET.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 002C001B
.text C:\Program Files\Messenger\msmsgs.exe[548] WININET.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 002C0FCA
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 00F50FE5
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00F5007D
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00F50058
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00F50F8A
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00F50047
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00F5002C
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00F5009F
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00F5008E
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 00F50F32
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 00F50F17
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00F50FA5
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 00F50000
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 00F50F6D
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 00F50FC0
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 00F50011
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 00F500B0
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 00F40069
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 00F40011
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00F40058
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00F40000
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 00F40047
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00F40036
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00F30031
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00F30F9C
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00F3000C
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00F30FAD
.text C:\WINDOWS\System32\svchost.exe[708] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00F30FDE
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!socket 71A34211 5 Bytes JMP 00F20FE5
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\svchost.exe[708] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\svchost.exe[708] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\System32\svchost.exe[708] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00F10FD4
.text C:\WINDOWS\System32\svchost.exe[708] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00F1000A
.text C:\WINDOWS\System32\svchost.exe[708] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00F1001B
.text C:\WINDOWS\system32\winlogon.exe[776] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\winlogon.exe[776] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\system32\winlogon.exe[776] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\system32\winlogon.exe[776] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\system32\winlogon.exe[776] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\system32\winlogon.exe[776] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00040F57
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00040F72
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00040040
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00040F83
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00040FB9
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00040082
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00040F3A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 000400C9
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 000400AE
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 000400DA
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00040F9E
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 00040067
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 00040093
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 00070F97
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 0007004A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00060064
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00060FCF
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0006002E
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 0006003F
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0006001D
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!socket 71A34211 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00FD0089
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00FD0078
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00FD0F9E
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00FD005B
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00FD0FB9
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00FD00CB
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00FD0F83
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 00FD00F7
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 00FD0F4D
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00FD0040
Reply With Quote
  #11  
Old May 6th, 2009, 06:50 AM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
Gmer part 3

.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 00FD00A4
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 00FD0025
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 00FD00DC
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 01020FD4
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 0102004A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 01020FEF
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 01020025
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 01020F8D
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 0102000A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyW 77F6BA55 2 Bytes JMP 01020F9E
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyW + 3 77F6BA58 2 Bytes [0B, 89]
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 01020FB9
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 0101003F
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!system 77BF93C7 5 Bytes JMP 0101002E
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 01010FC8
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_open 77BFF566 5 Bytes JMP 01010FEF
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 0101001D
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 01010000
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!socket 71A34211 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\system32\lsass.exe[832] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\lsass.exe[832] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00FE0025
.text C:\WINDOWS\system32\lsass.exe[832] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00FE0036
.text C:\WINDOWS\system32\lsass.exe[832] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00FE0051
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 7C7D1A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00CC0065
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00CC0F70
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00CC0F97
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00CC0054
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00CC0F3F
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00CC0087
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 00CC00BD
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 00CC0F1D
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00CC0FB2
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 00CC0076
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 00CC00A2
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 00D60FB9
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 00D6005B
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 00D6000A
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00D60040
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 77F6BA55 2 Bytes JMP 00D60F9E
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW + 3 77F6BA58 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00D60025
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00D50FAD
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00D50FBE
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00D50FD9
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00D5000C
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00D5002E
.text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00D5001D
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!socket 71A34211 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\system32\svchost.exe[1008] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\system32\svchost.exe[1008] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00D30000
.text C:\WINDOWS\system32\svchost.exe[1008] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00D30FC0
.text C:\WINDOWS\system32\svchost.exe[1008] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00D30FA5
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00E80F83
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00E80F9E
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00E80082
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00E80065
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00E8002F
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00E80F3A
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00E80F57
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 00E800AE
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 00E800DA
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00E8004A
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 00E80F68
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 00E80FC3
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 00E80FD4
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 00E80093
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 00E70FC0
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 00E70F9B
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 00E7001B
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00E70058
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00E70FE5
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 00E70047
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00E70036
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00E60FA1
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00E60FB2
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00E60FDE
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00E6000C
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00E60FCD
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\svchost.exe[1120] ws2_32.dll!socket 71A34211 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[1120] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\system32\svchost.exe[1120] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\system32\svchost.exe[1120] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\system32\svchost.exe[1120] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\system32\svchost.exe[1120] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\system32\svchost.exe[1120] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\svchost.exe[1120] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00E40FDE
.text C:\WINDOWS\system32\svchost.exe[1120] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00E4001E
.text C:\WINDOWS\system32\svchost.exe[1120] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00E40FCD
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 036E0FEF
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 036E007D
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 036E006C
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 036E0051
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 036E0040
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 036E0025
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 036E009A
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 036E0F52
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 036E00C6
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 036E00F2
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 036E0F9E
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 036E000A
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 036E0F6D
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 036E0FC3
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 036E0FD4
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 036E00B5
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 036D0040
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 036D0073
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 036D0025
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 036D0FEF
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 036D0FC0
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 036D0000
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 036D0062
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 036D0051
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 036C0062
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!system 77BF93C7 5 Bytes JMP 036C0FD7
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 036C0022
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_open 77BFF566 5 Bytes JMP 036C0000
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 036C003D
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 036C0011
.text C:\WINDOWS\System32\svchost.exe[1224] ws2_32.dll!socket 71A34211 5 Bytes JMP 03530FEF
.text C:\WINDOWS\System32\svchost.exe[1224] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\svchost.exe[1224] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\svchost.exe[1224] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\svchost.exe[1224] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\svchost.exe[1224] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\svchost.exe[1224] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 03090FEF
.text C:\WINDOWS\System32\svchost.exe[1224] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 03090014
.text C:\WINDOWS\System32\svchost.exe[1224] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 0309002F
.text C:\WINDOWS\System32\svchost.exe[1224] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 03090FDE
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00AC0078
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00AC0067
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00AC0F83
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00AC0F94
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00AC0FC0
Reply With Quote
  #12  
Old May 6th, 2009, 06:53 AM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
Gmer part 4

.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00AC009D
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00AC0F55
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 00AC0F33
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 00AC00DD
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00AC0FA5
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 00AC001B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 00AC0F72
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 00AC0FDB
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 00AC002C
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 00AC0F44
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 00860FC3
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 00860062
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 00860FD4
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 0086000A
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00860051
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00860FEF
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 00860040
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 0086002F
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00850FB7
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00850FC8
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00850FE3
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00850000
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00850038
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00850011
.text C:\WINDOWS\system32\svchost.exe[1268] ws2_32.dll!socket 71A34211 5 Bytes JMP 00840000
.text C:\WINDOWS\system32\svchost.exe[1268] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\system32\svchost.exe[1268] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\system32\svchost.exe[1268] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\system32\svchost.exe[1268] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\system32\svchost.exe[1268] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\system32\svchost.exe[1268] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00830000
.text C:\WINDOWS\system32\svchost.exe[1268] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00830025
.text C:\WINDOWS\system32\svchost.exe[1268] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00830FEF
.text C:\WINDOWS\system32\svchost.exe[1268] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00830040
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 00980FEF
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00980F57
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00980F72
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00980040
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00980F83
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00980FAF
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00980F3A
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00980082
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 00980F29
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 00980EF3
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00980F94
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 00980067
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 00980FCA
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 0098001B
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 009800A7
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 0097002C
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 00970F8A
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 00970FDB
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 00970011
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00970051
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00970000
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77F6BA55 2 Bytes JMP 00970FA5
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW + 3 77F6BA58 2 Bytes [A0, 88]
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00970FB6
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00960FAD
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00960042
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00960FC8
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00960FEF
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00960027
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00960000
.text C:\WINDOWS\System32\svchost.exe[1400] ws2_32.dll!socket 71A34211 5 Bytes JMP 00950FEF
.text C:\WINDOWS\System32\svchost.exe[1400] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\svchost.exe[1400] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\svchost.exe[1400] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\svchost.exe[1400] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\svchost.exe[1400] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\svchost.exe[1400] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00940FEF
.text C:\WINDOWS\System32\svchost.exe[1400] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 0094000A
.text C:\WINDOWS\System32\svchost.exe[1400] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00940FCA
.text C:\WINDOWS\System32\svchost.exe[1400] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00940025
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 010A0FE5
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 010A0F5F
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 010A0054
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 010A0F7C
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 010A0039
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 010A0FB2
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 010A0F3A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 010A008C
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 010A0F18
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 010A00C2
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 010A0F97
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileW 7C7E0800 3 Bytes JMP 010A0000
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileW + 4 7C7E0804 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreatePipe 7C7ED83F 3 Bytes JMP 010A006F
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreatePipe + 4 7C7ED843 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 010A0FC3
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 010A0FD4
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 010A0F29
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 01090FC3
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 0109006F
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 01090FD4
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 01090FE5
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 01090054
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 01090000
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW 77F6BA55 2 Bytes JMP 01090FB2
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW + 3 77F6BA58 2 Bytes [12, 89]
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 0109002F
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00FF0036
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00FF0FAB
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00FF0FC6
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00FF0000
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00FF001B
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00FF0FD7
.text C:\WINDOWS\System32\svchost.exe[1424] ws2_32.dll!socket 71A34211 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\System32\svchost.exe[1424] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\svchost.exe[1424] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\svchost.exe[1424] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\svchost.exe[1424] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\svchost.exe[1424] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\svchost.exe[1424] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\System32\svchost.exe[1424] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\System32\svchost.exe[1424] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00FD000A
.text C:\WINDOWS\System32\svchost.exe[1424] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00FD0025
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\spoolsv.exe[1620] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\system32\spoolsv.exe[1620] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\system32\spoolsv.exe[1620] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\system32\spoolsv.exe[1620] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\system32\spoolsv.exe[1620] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\system32\ctfmon.exe[1652] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\ctfmon.exe[1652] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\system32\ctfmon.exe[1652] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\system32\ctfmon.exe[1652] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\system32\ctfmon.exe[1652] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\system32\ctfmon.exe[1652] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 00C50000
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 00C50081
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 00C50066
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 00C50055
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 00C50FA2
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 00C50FC7
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 00C500AF
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 00C5009E
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 00C500CA
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 00C50100
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 00C50044
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 00C50011
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 00C50F67
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 00C50033
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 00C50022
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 00C50F4C
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 00B40025
Reply With Quote
  #13  
Old May 6th, 2009, 06:54 AM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
Gmer part 5

.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 00B4006C
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 00B4000A
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 00B40FD4
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00B4005B
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00B40FE5
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW 77F6BA55 2 Bytes JMP 00B40FB9
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW + 3 77F6BA58 2 Bytes [BD, 88]
.text C:\WINDOWS\System32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00B40036
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00B30F9C
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00B30FB7
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00B30FE3
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00B3000C
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00B30FC8
.text C:\WINDOWS\System32\svchost.exe[1780] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00B3001D
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!socket 71A34211 5 Bytes JMP 00B20000
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\svchost.exe[1780] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\svchost.exe[1780] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00B10FE5
.text C:\WINDOWS\System32\svchost.exe[1780] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00B10000
.text C:\WINDOWS\System32\svchost.exe[1780] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00B10FC0
.text C:\WINDOWS\System32\svchost.exe[1780] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00B1001B
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 01020000
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 0102007F
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 0102005A
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 0102003D
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 01020F80
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 01020FB6
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 010200BC
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 010200AB
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 010200E8
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 01020F34
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 01020F9B
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 01020FDB
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 01020090
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 01020022
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 01020011
.text C:\WINDOWS\System32\svchost.exe[1892] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 010200D7
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 01010011
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 0101006C
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 01010FC0
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 01010000
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 01010047
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 01010FE5
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 01010036
.text C:\WINDOWS\System32\svchost.exe[1892] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 01010FA5
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00FF0031
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00FF0FA6
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00FF0FC1
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00FF0016
.text C:\WINDOWS\System32\svchost.exe[1892] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!socket 71A34211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\svchost.exe[1892] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\svchost.exe[1892] wininet.dll!InternetOpenA 445EC865 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\System32\svchost.exe[1892] wininet.dll!InternetOpenW 445ECE99 5 Bytes JMP 00FD0FCA
.text C:\WINDOWS\System32\svchost.exe[1892] wininet.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 00FD0FAF
.text C:\WINDOWS\System32\svchost.exe[1892] wininet.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 00FD0F9E
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1948] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100639A0
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100638CC
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] WS2_32.dll!send 71A34C27 5 Bytes JMP 10063004
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10062734
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100626AC
.text c:\PROGRA~1\mcafee\msc\mcupdmgr.exe[2736] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10063894
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateFileA 7C7D1A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!VirtualProtectEx 7C7D1A61 5 Bytes JMP 001A0F94
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!VirtualProtect 7C7D1AD4 5 Bytes JMP 001A0093
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!LoadLibraryExW 7C7D1AF5 5 Bytes JMP 001A0078
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!LoadLibraryExA 7C7D1D53 5 Bytes JMP 001A0051
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!LoadLibraryA 7C7D1D7B 5 Bytes JMP 001A0025
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!GetStartupInfoW 7C7D1E54 5 Bytes JMP 001A0F4B
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!GetStartupInfoA 7C7D1EF2 5 Bytes JMP 001A0F68
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateProcessA 7C7D236B 5 Bytes JMP 001A0F1F
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!GetProcAddress 7C7DAE40 5 Bytes JMP 001A00C9
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!LoadLibraryW 7C7DAEEB 5 Bytes JMP 001A0040
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateFileW 7C7E0800 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreatePipe 7C7ED83F 5 Bytes JMP 001A0F83
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateNamedPipeW 7C7FF0DD 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateNamedPipeA 7C830CDC 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!WinExec 7C83250D 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegOpenKeyExW 77F46AAF 5 Bytes JMP 00290051
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegCreateKeyExW 77F4776C 5 Bytes JMP 002900A2
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegOpenKeyExA 77F47852 5 Bytes JMP 0029002C
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegOpenKeyW 77F47946 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegCreateKeyExA 77F4E9F4 5 Bytes JMP 00290087
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegOpenKeyA 77F4EFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegCreateKeyW 77F6BA55 5 Bytes JMP 00290076
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!RegCreateKeyA 77F6BCF3 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!system 77BF93C7 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 002A0044
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!_open 77BFF566 5 Bytes JMP 002A000C
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 002A0055
.text C:\WINDOWS\Explorer.EXE[3008] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 002A0029
.text C:\WINDOWS\Explorer.EXE[3008] WININET.dll!InternetOpenA 445EC865 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[3008] WININET.dll!InternetOpenW 445ECE99 5 Bytes JMP 002C0FDB
.text C:\WINDOWS\Explorer.EXE[3008] WININET.dll!InternetOpenUrlA 445F0BCA 5 Bytes JMP 002C0FCA
.text C:\WINDOWS\Explorer.EXE[3008] WININET.dll!InternetOpenUrlW 4463AF69 5 Bytes JMP 002C0025
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!socket 71A34211 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\Explorer.EXE[3008] ws2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\WINDOWS\System32\alg.exe[3324] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\alg.exe[3324] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100038CC
.text C:\WINDOWS\System32\alg.exe[3324] WS2_32.dll!send 71A34C27 5 Bytes JMP 10003004
.text C:\WINDOWS\System32\alg.exe[3324] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10002734
.text C:\WINDOWS\System32\alg.exe[3324] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100026AC
.text C:\WINDOWS\System32\alg.exe[3324] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10003894
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] kernel32.dll!CreateProcessW 7C7D2336 5 Bytes JMP 100239A0
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] WS2_32.dll!connect 71A34A07 5 Bytes JMP 100238CC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] WS2_32.dll!send 71A34C27 5 Bytes JMP 10023004
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 10022734
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] WS2_32.dll!recv 71A3676F 5 Bytes JMP 100226AC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3940] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 10023894
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \FileSystem\Fastfat \Fat AE68BD20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----


Regards,
Graham.
Reply With Quote
  #14  
Old May 7th, 2009, 01:57 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
A lot of McAfee in that, but a bad item as well hooking an important file and sending/receiving traffic.


Download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe). Then click the downloaded file to run the scan (a window will open briefly, then close). The scan will create a mbr.log on your C drive folder - please copy/paste those contents in your next reply.



Open Gmer again. This time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Reply With Quote
  #15  
Old May 7th, 2009, 06:46 PM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
mbr.log and Gmer.log (non MS files)

Hi Jintan:

First, here is the mbr.log -

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

=============================

- and here is the secong Gmer scan with _Only MS files_ selected . . .


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-07 19:33:19
Windows 5.1.2600 Service Pack 3

---- Modules - GMER 1.0.15 ----
Module aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) F798B000-F798D000 (8192 bytes)
Module cmdide.sys (CMD PCI IDE-busstuurprogramma/CMD Technology, Inc.) F798D000-F798F000 (8192 bytes)
Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F7991000-F7993000 (8192 bytes)
Module sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) F7717000-F771C000 (20480 bytes)
Module symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) F78A3000-F78A7000 (16384 bytes)
Module asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) F771F000-F7726000 (28672 bytes)
Module asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) F78AF000-F78B3000 (16384 bytes)
Module mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) F7727000-F772C000 (20480 bytes)
Module symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) F7737000-F773F000 (32768 bytes)
Module sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) F773F000-F7746000 (28672 bytes)
Module sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) F7747000-F774F000 (32768 bytes)
Module ultra.sys (Promise ULTRA66 Minipoort Driver/Promise Technology, Inc.) F7667000-F7670000 (36864 bytes)
Module ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7677000-F7681000 (40960 bytes)
Module ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7687000-F7693000 (49152 bytes)
Module ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7697000-F76A3000 (49152 bytes)
Module dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) F7852000-F787E000 (180224 bytes)
Module Lbd.sys (Boot Driver/Lavasoft AB) F76C7000-F76D6000 (61440 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F76D7000-F76E0000 (36864 bytes)
Module WDMCAPI.sys BAF70000-BB000000 (589824 bytes)
Module viasraid.sys (VIA Serial ATA RAID MINIPORT DRIVER FOR WINXP/VIA Technologies inc,.ltd) BAF5D000-BAF70000 (77824 bytes)
Module viaidexp.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) F7999000-F799B000 (8192 bytes)
Module ulsata.sys (Promise Ultra/Sata Series Driver for WinXP/Promise Technology, Inc.) F76F7000-F7707000 (65536 bytes)
Module siside.sys (SiS PCI Mini IDE Driver/Silicon Integrated Systems Corp.) F799B000-F799D000 (8192 bytes)
Module sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) F7586000-F7590000 (40960 bytes)
Module amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) F7536000-F7541000 (45056 bytes)
Module \SystemRoot\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.23 /NVIDIA Corporation) B9B1E000-B9C56000 (1277952 bytes)
Module \SystemRoot\System32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) B9AC2000-B9AE6000 (147456 bytes)
Module \SystemRoot\system32\drivers\pfc.sys (Padus(R) ASPI Shell/Padus, Inc.) BAE37000-BAE3A000 (12288 bytes)
Module \SystemRoot\System32\Drivers\pwd_2k.SYS (Win2000 Framework for Packet Write Driver/Roxio) B9A6E000-B9A8B000 (118784 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD/DVD Class Filter Driver/GEAR Software Inc.) F7797000-F779E000 (28672 bytes)
Module \SystemRoot\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) B9920000-B9A6E000 (1368064 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F77A7000-F77AC000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\wdmwanmp.sys F77BF000-F77C6000 (28672 bytes)
Module \SystemRoot\System32\Drivers\dvd_2K.SYS (DVD-RAM AddOn Driver/Roxio) F77C7000-F77CD000 (24576 bytes)
Module \SystemRoot\System32\Drivers\Cdr4_xp.SYS (CDR4 CD and DVD Place Holder Driver (see PxHelp)/Sonic Solutions) BA9CF000-BA9D0000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Cdralw2k.SYS (CDRAL Place Holder Driver (see PxHelp)/Sonic Solutions) BA9CE000-BA9CF000 (4096 bytes)
Module \SystemRoot\System32\Drivers\cdudf_xp.SYS (CD-UDF NT Filesystem Driver/Roxio) B068E000-B06CE000 (262144 bytes)
Module \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS (DVDVR XP Filesystem Reader Driver/Roxio) B0630000-B0654000 (147456 bytes)
Module \SystemRoot\System32\Drivers\UdfReadr_xp.SYS (CD-UDF NT Filesystem Reader Driver/Roxio) B05C1000-B05F6000 (217088 bytes)
Module \SystemRoot\System32\Drivers\Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) B051C000-B0543000 (159744 bytes)
Module \SystemRoot\System32\Drivers\UimFIO.SYS F79EB000-F79ED000 (8192 bytes)
Module \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) B0316000-B0349000 (208896 bytes)
Module \SystemRoot\system32\DRIVERS\P1120Vid.sys (Video Streaming and Capture Device Driver/Creative Technology Ltd.) B025D000-B0316000 (757760 bytes)
Module \SystemRoot\System32\DRIVERS\nvtvsnd.sys (NVIDIA WDM TV Sound/NVIDIA Corporation) B985E000-B9863000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\nvtunep.sys (NVIDIA WDM TVTuner/NVIDIA Corporation) B9856000-B985B000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\NVxbar.sys (NVIDIA WDM A/V Crossbar/NVIDIA Corporation) B0508000-B050B000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\nvcap.sys AFE72000-AFE8F000 (118784 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 45.23 /NVIDIA Corporation) BF9D5000-BFD8E000 (3903488 bytes)
Module \SystemRoot\system32\drivers\mfebopk.sys (Buffer Overflow Protection Driver/McAfee, Inc.) B0215000-B021C000 (28672 bytes)
Module \SystemRoot\system32\drivers\mfeavfk.sys (Anti-Virus File System Filter Driver/McAfee, Inc.) AF12C000-AF13E000 (73728 bytes)
Module \SystemRoot\system32\drivers\mfesmfk.sys (System Monitor Filter Driver/McAfee, Inc.) AEB6C000-AEB75000 (36864 bytes)
Module \??\C:\DOCUME~1\Dad\LOCALS~1\Temp\mbr.sys AF0E8000-AF0EB000 (12288 bytes)
Module \??\C:\DOCUME~1\Dad\LOCALS~1\Temp\aujasnkj.sys (GMER) AE98D000-AE9A1000 (81920 bytes)
---- Processes - GMER 1.0.15 ----
Process C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) 180
Library C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) 0x00400000
Library c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\Mc Util.dll (McAfee Utility DLL/McAfee, Inc.) 0x62600000
Library C:\PROGRA~1\McAfee\MSC\McRes.dll (McAfee Non-Localized Resource DLL/McAfee, Inc.) 0x67200000
Library C:\PROGRA~1\McAfee\MSC\1043\McLocRes.dll (McAfee Localized Resource DLL/McAfee, Inc.) 0x66500000
Library C:\PROGRA~1\McAfee\MSC\Mccobres.dll (McAfee Co-Branded Resource DLL/McAfee, Inc.) 0x66400000
Library C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll (Sqlite3 Database Module/McAfee, Inc.) 0x62800000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll (McAfee Core Proxy Stub/McAfee, Inc.) 0x62A00000
Library c:\PROGRA~1\mcafee\msc\mcshllps.dll (McAfee McShell Proxy Stub DLL/McAfee, Inc.) 0x67300000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll (McAfee VirusScan Application Information/McAfee, Inc.) 0x60F00000
Library C:\PROGRA~1\McAfee\VIRUSS~1\1043\vscobres.dll (McAfee Application Information Provider/McAfee, Inc.) 0x6C100000
Library c:\PROGRA~1\mcafee\msc\mcmispps.dll (McAfee MISP Proxy Stub DLL/McAfee, Inc.) 0x66A00000
Library c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr. dll (McAfee Subscription manager module/McAfee, Inc.) 0x67500000
Library c:\PROGRA~1\mcafee\msc\mcmscver.dll (McMSCVer/McAfee, Inc.) 0x66D00000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll (McAfee VirusScan Protection Provider/McAfee, Inc.) 0x60B00000
Library c:\PROGRA~1\mcafee\msc\mcprotpv.dll (MISP Default Protection Provider/McAfee, Inc.) 0x66F00000
Library c:\PROGRA~1\mcafee\msc\mcnmcprv.dll (McAfee NMC Provider/McAfee, Inc.) 0x6B280000
Library c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL (McAfee Network Agent Proxy/Stub/McAfee, Inc.) 0x6B600000
Library c:\PROGRA~1\mcafee\msc\mcnmcsps.dll (McAfee NMC Server Proxy Stub/McAfee, Inc.) 0x6B380000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll (McAfee Configuration Object Tool/McAfee, Inc.) 0x61000000
Library c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll (McAfee VirusScan Announcer Proxy Stub dll/McAfee, Inc.) 0x61A00000
Library c:\PROGRA~1\mcafee\msc\mcregobj\9_3_13~1\mcregobj. dll (MISP Registration Component/McAfee, Inc.) 0x67100000
Library C:\PROGRA~1\McAfee\MSC\McProHlp.dll (Mc Security Index/McAfee, Inc.) 0x66E00000
Library c:\PROGRA~1\mcafee\msc\mcdemenu.dll (Default Menu Provider/McAfee, Inc.) 0x66900000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvscp.dll (McAfee VirusScan - Configuration Provider/McAfee, Inc.) 0x61100000
Library c:\PROGRA~1\mcafee\msc\mcuicfg.dll (McAfee Integrated Security Platform/McAfee, Inc.) 0x67600000
Library c:\PROGRA~1\mcafee\msc\mccfgpv.dll (MISP Default Configuration Provider/McAfee, Inc.) 0x66300000
Process c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent/McAfee, Inc.) 232
Library c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent/McAfee, Inc.) 0x00400000
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
computer runs slow dnfrei Malware Removal 68 September 26th, 2007 04:13 AM
I need help my computer runs so slow alice42c Malware Removal 4 October 22nd, 2005 06:07 PM
HJT log Computer runs really slow.. Albo Malware Removal 1 September 22nd, 2005 03:31 AM
Computer is slow to start up and runs slow too mlpjd Windows XP 6 October 8th, 2004 08:09 PM
Computer runs slow DW22 Windows XP 7 December 15th, 2002 03:07 PM


All times are GMT +1. The time now is 02:04 PM.