Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iexplore.exe Process Opens Without Window Or Permission


  • This topic is locked This topic is locked
3 replies to this topic

#1 WildBamaBoy

WildBamaBoy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:05:03 AM

Posted 10 August 2008 - 07:37 PM

Hi, I'm new to these forums and I hope I'm doing everything correctly.

I was infected a few weeks ago by a file called MSUDF.exe. Which was a trojan downloader. McAfee did not identify it but alerted me that it was attempting to access the internet. So after googling it and finding that it was a trojan, it was deleted...Maybe not fast enough. I think it succeeded in downloading more trojans.

Starting about 3 days ago, the process iexplore.exe began suddenly opening up under the username "SYSTEM". No window comes up but the process stays there. It uses 25,000kb to 75,000kb of memory. After about a minute, the process will terminate. If I open Internet Explorer during that time, I have TWO instances of IEXPLORE.EXE running.

I have scanned my computer several times with Spybot S&D, McAfee STINGER, McAfee Internet Security Suite, SUPERAntiSpyware, Kaspersky Online Scanner, and Trojan Hunter in safe mode. All of them found a few nasties and promptly removed them. *I manually removed all but one that only Kaspersky detected. You will see the one I did not delete when I post the Kaspersky scan log.* But IEXPLORE.EXE still randomly appears in the task manager. I can always tell when it opens because of a clicking sound. Open up any folder...that sound. I know this is not normal and it is beginning to worry me.

Does anyone see any more nasties floating around?

Deckard's System Scanner v20071014.68
Run by Dusty Alexander on 2008-08-10 23:00:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
8: 2008-08-11 01:03:17 UTC - RP272 - Deckard's System Scanner Restore Point
7: 2008-08-10 19:41:24 UTC - RP271 - Software Distribution Service 3.0
6: 2008-08-10 19:19:57 UTC - RP270 - Installed Windows Internet Explorer 7.
5: 2008-08-10 19:19:33 UTC - RP269 - Installed Windows IDNMitigationAPIs.
4: 2008-08-10 19:18:51 UTC - RP268 - Installed Windows NLSDownlevelMapping.


-- First Restore Point --
1: 2008-08-09 03:24:50 UTC - RP265 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Dusty Alexander.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:44 PM, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Dusty Alexander\desktop\dss.exe
C:\DOCUME~1\DUSTYA~1\Desktop\Dusty Alexander.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.urisp.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.urisp.net"); (C:\Documents and Settings\DUSTY ALEXANDER\Application Data\Mozilla\Profiles\default\v91vqb8z.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DUSTY ALEXANDER\Application Data\Mozilla\Profiles\default\v91vqb8z.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.urisp.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1198281786765
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Microsoft Windows Voice Device Services (msjlksd) - Unknown owner - C:\WINDOWS\system32\msjlks.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Microsoft Network Message Service (msmsnkd) - Unknown owner - C:\WINDOWS\system32\msmsn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

--
End of file - 8558 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 LxrSII1d (Secure II Driver) - c:\windows\system32\drivers\lxrsii1d.sys
R3 cmuda3 (Xtreme Sound PCI Audio Interface) - c:\windows\system32\drivers\cmuda3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>

S3 CA561 (ICatch (VI) PC Camera) - c:\windows\system32\drivers\spca561.sys (file missing)
S3 cmpci (C-Media PCI Audio Driver (WDM)) - c:\windows\system32\drivers\cmaudio.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys (file missing)
S3 gbalink (GBA Link Driver (gbalink.sys)) - c:\windows\system32\drivers\gbalink.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 naecd - c:\docume~1\dustya~1\locals~1\temp\naecd.sys (file missing)
S3 PL-40R (CASIO USB MIDI) - c:\windows\system32\drivers\pl40rwdm.sys <Not Verified; CASIO COMPUTER CO., LTD.; LK USB MIDI>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 msmsnkd (Microsoft Network Message Service) - c:\windows\system32\msmsn.exe (file missing)
S2 perfmons - c:\windows\system32\perfs.exe (file missing)
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 LxrSII1s (Lexar Secure II) - lxrsii1s.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel® 82845G/GL/GE/PE/GV Graphics Controller
Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel® 82845G/GL/GE/PE/GV Graphics Controller
PNP Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
Service: ialm


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\SYSTEM32\winlogon.exe (pid 616)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\explorer.exe (pid 1496)
2008-05-13 10:13:36 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2007-02-27 12:39:26 61440 --a------ C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Context Menu Extension>
2007-09-20 18:34:58 129024 --a------ C:\Program Files\WinRAR\RarExt.dll
2008-03-25 19:58:06 408064 --a------ C:\Program Files\TrojanHunter 5.0\contmenu.dll
2007-06-02 17:35:20 98304 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

C:\WINDOWS\SYSTEM32\rundll32.exe (pid 1812)
2005-12-06 10:11:28 2834432 --a------ C:\WINDOWS\SYSTEM\CMICNFG3.CPL <Not Verified; C-Media Corporation; CmiCnfg Dynamic Link Library>
2005-12-06 10:12:10 32768 --a------ C:\WINDOWS\SYSTEM32\UDAPROP3.DLL <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>


-- Scheduled Tasks -------------------------------------------------------------

2008-08-10 02:20:53 424 --ah----- C:\WINDOWS\Tasks\MSK_ABImport_Daily_Dusty Alexander.job
2008-08-01 01:00:01 334 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-07-15 01:12:18 370 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-10-14 12:21:46 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 16:22:45 0 dr-h----- C:\Documents and Settings\Dusty Alexander\Recent
2008-08-10 02:53:25 0 d-------- C:\Documents and Settings\Dusty Alexander\Application Data\TrojanHunter
2008-08-10 02:49:42 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-08-10 02:44:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 02:05:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-10 02:05:06 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-10 02:05:06 0 d-------- C:\Documents and Settings\Dusty Alexander\Application Data\SUPERAntiSpyware.com
2008-08-10 02:04:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-09 20:53:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-02 18:34:10 0 d-------- C:\Documents and Settings\Dusty Alexander\Application Data\Sibelius Software
2008-08-02 18:33:39 0 d-------- C:\Program Files\Sibelius Software
2008-08-01 20:33:52 0 d-------- C:\Program Files\Finale PrintMusic 2008
2008-07-30 17:32:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-30 17:31:55 0 d-------- C:\Program Files\Sonic
2008-07-30 17:31:52 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-07-27 17:28:30 0 d-------- C:\Program Files\Python25
2008-07-23 11:58:25 0 d-------- C:\Program Files\Finale NotePad 2008
2008-07-17 22:49:50 0 d-------- C:\Program Files\Auslogics
2008-07-16 02:15:56 0 d-------- C:\Documents and Settings\Dusty Alexander\Application Data\Music Recognition


-- Find3M Report ---------------------------------------------------------------

2008-08-10 20:57:49 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-08-10 16:40:50 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-10 02:04:46 0 d-a------ C:\Program Files\Common Files
2008-08-08 20:23:57 0 d-------- C:\Program Files\McAfee
2008-08-06 20:25:06 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-08-02 18:25:39 0 d-------- C:\Program Files\Musicnotes
2008-08-02 18:20:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-30 17:33:00 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-07-28 21:26:34 0 d-------- C:\Program Files\Morrowind Enchanted Editor
2008-07-19 05:05:30 0 d-------- C:\Program Files\DOSBox-0.70
2008-07-17 22:37:28 0 d-------- C:\Program Files\Java
2008-07-17 22:33:16 0 d-------- C:\Program Files\CCleaner
2008-07-07 20:05:46 0 d-------- C:\Documents and Settings\Dusty Alexander\Application Data\Auslogics
2008-06-24 04:56:18 0 d-------- C:\Documents and Settings\Dusty Alexander\Application Data\Leadertech
2008-06-24 04:54:14 0 d-------- C:\Program Files\Roxio
2008-06-21 16:29:35 0 d-------- C:\Program Files\EA GAMES
2008-06-18 03:47:45 0 d-------- C:\Documents and Settings\Dusty Alexander\Application Data\Mozilla
2008-05-31 15:12:54 3359 --a----c- C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [08/19/2003 05:43 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 03:50 AM]
"CmPCIaudio"="CMICNFG3.CPL" []
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [06/29/2006 06:54 PM]
"VX1000"="C:\WINDOWS\vVX1000.exe" [06/29/2006 06:42 PM]
"nwiz"="nwiz.exe" [10/29/2004 04:50 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/29/2004 04:50 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/29/2004 04:50 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 05:40 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Dusty Alexander\Start Menu\Programs\Startup\
DESKTOP.INI [7/7/2007 1:24:49 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [7/7/2007 1:24:49 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"GreyMSIAds"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CyberBuddy.lnk]
backup=C:\WINDOWS\pss\CyberBuddy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZNXP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
C:\Program Files\McAfee\MBK\LogOnHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
"C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
C:\WINDOWS\NCLAUNCH.EXe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"C:\Program Files\TrojanHunter 5.0\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
"C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StyleXPService"=2 (0x2)
"LxrSII1s"=2 (0x2)
"AOL ACS"=2 (0x2)
"SNDSrvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"LiveUpdate"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"WmiApSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"xmlprov"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Netlogon"=2 (0x2)
"SwPrv"=3 (0x3)
"HTTPFilter"=3 (0x3)
"MSDTC"=3 (0x3)
"aspnet_state"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"PDEngine"=3 (0x3)
"aswUpdSv"=3 (0x3)
"aawservice"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=3 (0x3)
"Emproxy"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-10 23:02:23 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 766 MiB / 455.86 MiB
Pagefile Memory (total/avail): 1873.81 MiB / 1416.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1872.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 8.71 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75FJA1 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dusty Alexander\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DIM2400
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dusty Alexander
LANG=C
LOGONSERVER=\\DIM2400
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DUSTYA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DUSTYA~1\LOCALS~1\Temp
USERDOMAIN=DIM2400
USERNAME=Dusty Alexander
USERPROFILE=C:\Documents and Settings\Dusty Alexander
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dusty Alexander (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Amazing Slow Downer (remove only) --> "C:\Program Files\Roni Music\Amazing Slow Downer EE\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AusLogics Registry Defrag --> "C:\Program Files\Auslogics\AusLogics Registry Defrag\unins000.exe"
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Celtic Kings --> C:\PROGRA~1\STRATE~1\CELTIC~1\UNWISE.EXE C:\PROGRA~1\STRATE~1\CELTIC~1\INSTALL.LOG
Christmas Penguin March Screen Saver --> C:\WINDOWS\system32\Christmas Penguin March.scr /u
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Crash Analysis Tool --> MsiExec.exe /X{D5F881C2-B134-474E-AA60-B25DD218AE0D}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support 5.0.0 (734) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
DellConnect --> MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Finale NotePad 2008 --> C:\Program Files\Finale NotePad 2008\uninstallNP.exe
Finale PrintMusic 2008 --> C:\Program Files\Finale PrintMusic 2008\uninstallPM.exe
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Dusty Alexander\Desktop\HijackThis.exe" /uninstall
Icewind Dale II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{588C135F-0B15-4A02-8F2D-04697BE2904E}\setup.exe" -l0x9
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jagged Alliance 2 Gold --> C:\PROGRA~1\JAGGED~1\UNWISE.EXE C:\PROGRA~1\JAGGED~1\INSTALL.LOG
Jagged Alliance 2 v1.13 - Interfaces [2.0.0.0] --> "C:\Program Files\Jagged Alliance 2 Gold\Data-1.13\unins000.exe"
Jagged Alliance 2 v1.13 (EN) [1.0.0.2085] --> "C:\Program Files\Jagged Alliance 2 Gold\unins000.exe"
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark Skin: Helix --> C:\PROGRA~1\LEXMAR~2\Skin1\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin1\INSTALL.LOG
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft LifeCam --> MsiExec.exe /X{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Morrowind --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\setup.exe" -l0x9
Morrowind Enchanted Editor --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Morrowind Enchanted Editor\ST6UNST.LOG"
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.16) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Wal-Mart Digital Photo Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}\setup.exe" -l0x9 -removeonly
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Netscape (7.1) --> C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)"
Netscape Navigator (9.0.0.3) --> C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
PCI Audio Driver --> cmuninst.exe
PhotoParade Player --> "C:\Program Files\PhotoParade\Uninstall PhotoParade Player.exe" "PhotoParade.exe"
Python 2.5 --> MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Python 2.5.1 --> MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
Q-Xpress Installer 1.1.9 --> C:\Program Files\ModTheSims2.com\Q-Xpress Installer\uninst.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88C023FB-E7F6-4415-ACEF-82372B8A05A8}\Setup.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sibelius Scorch (Firefox, Opera, Netscape only) --> MsiExec.exe /I{5F4B558D-8AEB-4DEE-AAB3-C00D1D9A86BA}
Sid Meier's SimGolf --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C4504A1-9280-11D5-9F7E-00902712427E}\setup.exe"
Sonic CinePlayer Decoder Pack --> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Speakonia --> "C:\Program Files\CFS-Technologies\Speakonia\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Wal-Mart Music Downloads Store --> MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
Wild Hogs Screensaver --> C:\WINDOWS\system32\Wild Hogs Screensaver.scr /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
wxPython 2.8.0.1 (ansi) for Python 2.5 --> "C:\Program Files\Python25\Lib\site-packages\wx-2.8-msw-ansi\unins000.exe"
Xtreme Sound PCI --> C:\WINDOWS\CmiPCIUninstall.exe C:\Program Files\Xtreme Sound PCI#C-Media PCI Audio#Xtreme Sound PCI#
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3851 / Error
Event Submitted/Written: 08/10/2008 09:56:42 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225620.

Event Record #/Type3850 / Error
Event Submitted/Written: 08/10/2008 09:56:42 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225620.

Event Record #/Type3847 / Warning
Event Submitted/Written: 08/10/2008 09:49:46 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type3846 / Warning
Event Submitted/Written: 08/10/2008 09:49:46 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type3841 / Error
Event Submitted/Written: 08/10/2008 06:39:32 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225620.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type101920 / Error
Event Submitted/Written: 08/10/2008 10:28:32 PM / 08/10/2008 10:28:33 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type101900 / Error
Event Submitted/Written: 08/10/2008 09:49:22 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service to connect.

Event Record #/Type101899 / Error
Event Submitted/Written: 08/10/2008 09:49:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The perfmons service failed to start due to the following error:
%%2

Event Record #/Type101894 / Error
Event Submitted/Written: 08/10/2008 09:43:26 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type101893 / Error
Event Submitted/Written: 08/10/2008 09:43:21 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}



-- End of Deckard's System Scanner: finished at 2008-08-10 23:02:23 ------------

Edited by WildBamaBoy, 10 August 2008 - 10:58 PM.

It's laughing at me I tell ya..

BC AdBot (Login to Remove)

 


m

#2 WildBamaBoy

WildBamaBoy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:05:03 AM

Posted 11 August 2008 - 05:36 PM

Here is the Kaspersky Online Scanner Log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 11, 2008 05:56:23
Records in database: 1081172
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 124583
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:34:40


File name / Threat name / Threats count
C:\Documents and Settings\Dusty Alexander\Application Data\Mozilla\Profiles\default\v91vqb8z.slt\Mail\mail.urisp-1.net\Inbox Infected: Trojan-Spy.HTML.Usbankfraud.p 1
C:\Documents and Settings\Dusty Alexander\Application Data\Thunderbird\Profiles\18rngsht.default\Mail\mail.urisp-1.net\Inbox Infected: Trojan-Spy.HTML.Usbankfraud.p 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0055243.exe Infected: Trojan.Win32.Slefdel.ask 1

The selected area was scanned.
It's laughing at me I tell ya..

#3 WildBamaBoy

WildBamaBoy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:05:03 AM

Posted 17 August 2008 - 12:53 PM

Did a little housekeeping of my own and it seems to have worked. Please close this topic.
It's laughing at me I tell ya..

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:03 AM

Posted 19 August 2008 - 09:47 AM

Since this issue has been resolved, this topic is closed.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users