Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] uacinit.dll

Started by D_Piddy89 , Jun 23 2009 09:44 PM

  • This topic is locked This topic is locked
8 replies to this topic

#1 D_Piddy89

D_Piddy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 23 June 2009 - 09:44 PM

here is my hjt log. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:32 PM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fulldotfi...p?aid=88&sid=17
F3 - REG:win.ini: load=C:\WINDOWS\system32\mstjvl.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msliza.exe
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\antuv23.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msghrri.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: cvjser5usjfyigsfhjhswybn4wgss80 - Unknown owner - C:\WINDOWS\cvjser5usjfyigsfhjhswybn4wgss81.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5883 bytes

    Advertisements

Register to Remove

#2 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 24 June 2009 - 02:15 AM

Hi,

Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

We need to disable one or more of your security programs so that they do not interfere with ComboFix.

Disable McAfee via the System Tray icon, if possible.

Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  • ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#3 D_Piddy89

D_Piddy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 25 June 2009 - 12:04 AM

ok I ran that program and things seem to be going alot better. here is what I got

COMBOFIX LOG

ComboFix 09-06-23.01 - Jenna 06/25/2009 0:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.728 [GMT -5:00]
Running from: c:\documents and settings\Administrator.BAHJEN\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\windows\dll
c:\windows\system32\drivers\3578c39d.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\UACknawqrprjlwlnkk.sys
c:\windows\system32\install.log
c:\windows\system32\mscffx.exe
c:\windows\system32\mscgd.exe
c:\windows\system32\mschda.exe
c:\windows\system32\mschv.exe
c:\windows\system32\mscibgf.exe
c:\windows\system32\mscjdfhz.exe
c:\windows\system32\mscjx.exe
c:\windows\system32\msckaob.exe
c:\windows\system32\mscmjyc.exe
c:\windows\system32\mscmwy.exe
c:\windows\system32\mscmxrad.exe
c:\windows\system32\mscnye.exe
c:\windows\system32\mscojor.exe
c:\windows\system32\mscoxs.exe
c:\windows\system32\mscpiis.exe
c:\windows\system32\mscqe.exe
c:\windows\system32\mscri.exe
c:\windows\system32\mscrz.exe
c:\windows\system32\mscsm.exe
c:\windows\system32\mscthx.exe
c:\windows\system32\mscubvpl.exe
c:\windows\system32\mscvinye.exe
c:\windows\system32\mscvtp.exe
c:\windows\system32\mscvx.exe
c:\windows\system32\mscwkt.exe
c:\windows\system32\mscwn.exe
c:\windows\system32\msdal.exe
c:\windows\system32\msdba.exe
c:\windows\system32\msdcps.exe
c:\windows\system32\msdcrhn.exe
c:\windows\system32\msdcwfcd.exe
c:\windows\system32\msddncne.exe
c:\windows\system32\msddz.exe
c:\windows\system32\msdeb.exe
c:\windows\system32\msdee.exe
c:\windows\system32\msdfc.exe
c:\windows\system32\msdgck.exe
c:\windows\system32\msdgjg.exe
c:\windows\system32\msdgy.exe
c:\windows\system32\msdhhouf.exe
c:\windows\system32\msdhjfgo.exe
c:\windows\system32\msdhp.exe
c:\windows\system32\msdjaby.exe
c:\windows\system32\msdkfxsc.exe
c:\windows\system32\msdksuyz.exe
c:\windows\system32\msdmiaq.exe
c:\windows\system32\msdndeyv.exe
c:\windows\system32\msdoazbe.exe
c:\windows\system32\msdpykjo.exe
c:\windows\system32\msdtifvu.exe
c:\windows\system32\msdtsfr.exe
c:\windows\system32\msdvhs.exe
c:\windows\system32\msdxd.exe
c:\windows\system32\msebrwj.exe
c:\windows\system32\msebwhcn.exe
c:\windows\system32\mseccqg.exe
c:\windows\system32\msedcmgi.exe
c:\windows\system32\mseemtkk.exe
c:\windows\system32\msefui.exe
c:\windows\system32\mseggu.exe
c:\windows\system32\msegye.exe
c:\windows\system32\msehjuqc.exe
c:\windows\system32\msehul.exe
c:\windows\system32\msehzit.exe
c:\windows\system32\mseixb.exe
c:\windows\system32\msekrp.exe
c:\windows\system32\msemd.exe
c:\windows\system32\msemfrdo.exe
c:\windows\system32\msenvypa.exe
c:\windows\system32\mseorifc.exe
c:\windows\system32\mseraa.exe
c:\windows\system32\mserqiuc.exe
c:\windows\system32\mseuemqs.exe
c:\windows\system32\msewaxq.exe
c:\windows\system32\msewje.exe
c:\windows\system32\msewp.exe
c:\windows\system32\msexfz.exe
c:\windows\system32\mseyefk.exe
c:\windows\system32\msezmw.exe
c:\windows\system32\msezqsst.exe
c:\windows\system32\msfblfyt.exe
c:\windows\system32\msfciu.exe
c:\windows\system32\msfciyh.exe
c:\windows\system32\msfduh.exe
c:\windows\system32\msfebl.exe
c:\windows\system32\msfer.exe
c:\windows\system32\msfgdj.exe
c:\windows\system32\msfgfr.exe
c:\windows\system32\msfghu.exe
c:\windows\system32\msfimj.exe
c:\windows\system32\msfjcz.exe
c:\windows\system32\msfka.exe
c:\windows\system32\msfkfls.exe
c:\windows\system32\msflch.exe
c:\windows\system32\msflpz.exe
c:\windows\system32\msflw.exe
c:\windows\system32\msflzexx.exe
c:\windows\system32\msfnbg.exe
c:\windows\system32\msfnn.exe
c:\windows\system32\msfoczg.exe
c:\windows\system32\msfokl.exe
c:\windows\system32\msfpf.exe
c:\windows\system32\msfplwwj.exe
c:\windows\system32\msfqf.exe
c:\windows\system32\msfquugo.exe
c:\windows\system32\msfts.exe
c:\windows\system32\msfubp.exe
c:\windows\system32\msfxf.exe
c:\windows\system32\msfxfjjy.exe
c:\windows\system32\msfyav.exe
c:\windows\system32\msfyhk.exe
c:\windows\system32\msfznia.exe
c:\windows\system32\msgbakd.exe
c:\windows\system32\msgbbh.exe
c:\windows\system32\msgcbjw.exe
c:\windows\system32\msgexzb.exe
c:\windows\system32\msgfc.exe
c:\windows\system32\msgfrfat.exe
c:\windows\system32\msggr.exe
c:\windows\system32\msghrri.exe
c:\windows\system32\msghshv.exe
c:\windows\system32\msghuk.exe
c:\windows\system32\msgitx.exe
c:\windows\system32\msgjkdpp.exe
c:\windows\system32\msgjssc.exe
c:\windows\system32\msgkh.exe
c:\windows\system32\msgkt.exe
c:\windows\system32\msgnjfuj.exe
c:\windows\system32\msgpp.exe
c:\windows\system32\msgrcet.exe
c:\windows\system32\msgscdn.exe
c:\windows\system32\msgsgit.exe
c:\windows\system32\msgtyygs.exe
c:\windows\system32\msgtzou.exe
c:\windows\system32\msguckz.exe
c:\windows\system32\msgvlma.exe
c:\windows\system32\msgwcckv.exe
c:\windows\system32\msgxgxxh.exe
c:\windows\system32\msgyyx.exe
c:\windows\system32\msgzi.exe
c:\windows\system32\msgzrtxl.exe
c:\windows\system32\mshacrif.exe
c:\windows\system32\mshagrq.exe
c:\windows\system32\mshasq.exe
c:\windows\system32\mshbnmi.exe
c:\windows\system32\mshcasyh.exe
c:\windows\system32\mshcij.exe
c:\windows\system32\mshcmj.exe
c:\windows\system32\mshdmw.exe
c:\windows\system32\mshdypvi.exe
c:\windows\system32\mshebyke.exe
c:\windows\system32\mshfgfpt.exe
c:\windows\system32\mshfvl.exe
c:\windows\system32\mshgp.exe
c:\windows\system32\mshhdsjj.exe
c:\windows\system32\mshhjos.exe
c:\windows\system32\mshhtsd.exe
c:\windows\system32\mshiyr.exe
c:\windows\system32\mshjcx.exe
c:\windows\system32\mshkiv.exe
c:\windows\system32\mshmuw.exe
c:\windows\system32\mshpn.exe
c:\windows\system32\mshqz.exe
c:\windows\system32\mshrdkk.exe
c:\windows\system32\mshrxf.exe
c:\windows\system32\mshrxmx.exe
c:\windows\system32\mshsccyp.exe
c:\windows\system32\mshsku.exe
c:\windows\system32\mshsu.exe
c:\windows\system32\mshts.exe
c:\windows\system32\mshuaui.exe
c:\windows\system32\mshufrwv.exe
c:\windows\system32\mshuq.exe
c:\windows\system32\mshuwtxh.exe
c:\windows\system32\mshwiry.exe
c:\windows\system32\mshwvo.exe
c:\windows\system32\mshxl.exe
c:\windows\system32\mshxtvwa.exe
c:\windows\system32\msiat.exe
c:\windows\system32\msiaup.exe
c:\windows\system32\msiawm.exe
c:\windows\system32\msiblx.exe
c:\windows\system32\msibm.exe
c:\windows\system32\msichlfc.exe
c:\windows\system32\mside.exe
c:\windows\system32\msidkhr.exe
c:\windows\system32\msiehnd.exe
c:\windows\system32\msigsdb.exe
c:\windows\system32\msihirrc.exe
c:\windows\system32\msihte.exe
c:\windows\system32\msiiqyz.exe
c:\windows\system32\msiiyv.exe
c:\windows\system32\msikfoic.exe
c:\windows\system32\msikfqcv.exe
c:\windows\system32\msilc.exe
c:\windows\system32\msile.exe
c:\windows\system32\msimomj.exe
c:\windows\system32\msimwvk.exe
c:\windows\system32\msine.exe
c:\windows\system32\msiogqcf.exe
c:\windows\system32\msipbp.exe
c:\windows\system32\msipdvqj.exe
c:\windows\system32\msipt.exe
c:\windows\system32\msiqau.exe
c:\windows\system32\msiqpcm.exe
c:\windows\system32\msitth.exe
c:\windows\system32\msiuayui.exe
c:\windows\system32\msiueac.exe
c:\windows\system32\msivceyk.exe
c:\windows\system32\msiwotez.exe
c:\windows\system32\msiwvqz.exe
c:\windows\system32\msixb.exe
c:\windows\system32\msjahnsr.exe
c:\windows\system32\msjcjb.exe
c:\windows\system32\msjdovju.exe
c:\windows\system32\msjeixwa.exe
c:\windows\system32\msjes.exe
c:\windows\system32\msjfe.exe
c:\windows\system32\msjhkelf.exe
c:\windows\system32\msjhr.exe
c:\windows\system32\msjjkoxg.exe
c:\windows\system32\msjjz.exe
c:\windows\system32\msjlcue.exe
c:\windows\system32\msjlvpu.exe
c:\windows\system32\msjmnp.exe
c:\windows\system32\msjmp.exe
c:\windows\system32\msjngsur.exe
c:\windows\system32\msjpi.exe
c:\windows\system32\msjqfaa.exe
c:\windows\system32\msjqph.exe
c:\windows\system32\msjrncry.exe
c:\windows\system32\msjsjzaa.exe
c:\windows\system32\msjum.exe
c:\windows\system32\msjun.exe
c:\windows\system32\msjvomat.exe
c:\windows\system32\msjwoftn.exe
c:\windows\system32\msjxyiqs.exe
c:\windows\system32\msjzdown.exe
c:\windows\system32\mskaiqs.exe
c:\windows\system32\mskanyb.exe
c:\windows\system32\mskbd.exe
c:\windows\system32\mskcin.exe
c:\windows\system32\mskdly.exe
c:\windows\system32\mskeuwu.exe
c:\windows\system32\mskeyujg.exe
c:\windows\system32\mskfcpy.exe
c:\windows\system32\mskfpy.exe
c:\windows\system32\mskft.exe
c:\windows\system32\mskfyvad.exe
c:\windows\system32\mskgju.exe
c:\windows\system32\mskgtuur.exe
c:\windows\system32\mskhki.exe
c:\windows\system32\mskhrm.exe
c:\windows\system32\mskixvx.exe
c:\windows\system32\mskmhz.exe
c:\windows\system32\mskodqz.exe
c:\windows\system32\mskoqn.exe
c:\windows\system32\mskotvmg.exe
c:\windows\system32\mskqdu.exe
c:\windows\system32\mskreaxd.exe
c:\windows\system32\mskrn.exe
c:\windows\system32\mskte.exe
c:\windows\system32\mskuby.exe
c:\windows\system32\mskvng.exe
c:\windows\system32\mskxmzvn.exe
c:\windows\system32\mskzjmy.exe
c:\windows\system32\mslblla.exe
c:\windows\system32\msldmh.exe
c:\windows\system32\msldtls.exe
c:\windows\system32\mslfqgf.exe
c:\windows\system32\mslge.exe
c:\windows\system32\mslghaxa.exe
c:\windows\system32\mslgq.exe
c:\windows\system32\mslgxivg.exe
c:\windows\system32\mslhk.exe
c:\windows\system32\mslini.exe
c:\windows\system32\mslit.exe
c:\windows\system32\mslitc.exe
c:\windows\system32\msliza.exe
c:\windows\system32\msljgh.exe
c:\windows\system32\msljmglm.exe
c:\windows\system32\msljpj.exe
c:\windows\system32\msljyp.exe
c:\windows\system32\mslkddc.exe
c:\windows\system32\mslkef.exe
c:\windows\system32\mslkpcvs.exe
c:\windows\system32\mslktjvd.exe
c:\windows\system32\msllmqel.exe
c:\windows\system32\msllyxxz.exe
c:\windows\system32\mslmhhj.exe
c:\windows\system32\msloa.exe
c:\windows\system32\msloedxy.exe
c:\windows\system32\mslot.exe
c:\windows\system32\mslpongn.exe
c:\windows\system32\mslqr.exe
c:\windows\system32\mslrfxet.exe
c:\windows\system32\mslrqf.exe
c:\windows\system32\mslrsxgo.exe
c:\windows\system32\msltcsp.exe
c:\windows\system32\msltf.exe
c:\windows\system32\mslvnlmt.exe
c:\windows\system32\mslwxqch.exe
c:\windows\system32\mslxfa.exe
c:\windows\system32\mslxi.exe
c:\windows\system32\mslxvxav.exe
c:\windows\system32\mslyv.exe
c:\windows\system32\msmabq.exe
c:\windows\system32\msmagzy.exe
c:\windows\system32\msmaiomf.exe
c:\windows\system32\msmbz.exe
c:\windows\system32\msmcc.exe
c:\windows\system32\msmeke.exe
c:\windows\system32\msmeon.exe
c:\windows\system32\msmfzv.exe
c:\windows\system32\msmgpq.exe
c:\windows\system32\msmgqa.exe
c:\windows\system32\msmgts.exe
c:\windows\system32\msmjhyi.exe
c:\windows\system32\msmjtkyx.exe
c:\windows\system32\msmmglgv.exe
c:\windows\system32\msmmvcse.exe
c:\windows\system32\msmng.exe
c:\windows\system32\msmoihgs.exe
c:\windows\system32\msmojuic.exe
c:\windows\system32\msmomrr.exe
c:\windows\system32\msmpay.exe
c:\windows\system32\msmrbhwb.exe
c:\windows\system32\msmsa.exe
c:\windows\system32\msmsy.exe
c:\windows\system32\msmtgwym.exe
c:\windows\system32\msmtus.exe
c:\windows\system32\msmvjez.exe
c:\windows\system32\msmvjvb.exe
c:\windows\system32\msmvoeis.exe
c:\windows\system32\msmwgk.exe
c:\windows\system32\msmwv.exe
c:\windows\system32\msmyg.exe
c:\windows\system32\msncifu.exe
c:\windows\system32\msnculs.exe
c:\windows\system32\msndqwwy.exe
c:\windows\system32\msneach.exe
c:\windows\system32\msnfv.exe
c:\windows\system32\msnggti.exe
c:\windows\system32\msnhgy.exe
c:\windows\system32\msnhpk.exe
c:\windows\system32\msnhyv.exe
c:\windows\system32\msnia.exe
c:\windows\system32\msnib.exe
c:\windows\system32\msnjxs.exe
c:\windows\system32\msnlcqmr.exe
c:\windows\system32\msnllsv.exe
c:\windows\system32\msnlwlz.exe
c:\windows\system32\msnmynx.exe
c:\windows\system32\msnmzcsc.exe
c:\windows\system32\msnnk.exe
c:\windows\system32\msnnpubd.exe
c:\windows\system32\msnnqb.exe
c:\windows\system32\msnonchm.exe
c:\windows\system32\msnpcim.exe
c:\windows\system32\msnppwp.exe
c:\windows\system32\msnpyvi.exe
c:\windows\system32\msnqag.exe
c:\windows\system32\msnql.exe
c:\windows\system32\msnrzjec.exe
c:\windows\system32\msntowdp.exe
c:\windows\system32\msnuewh.exe
c:\windows\system32\msnup.exe
c:\windows\system32\msnxh.exe
c:\windows\system32\msnyciw.exe
c:\windows\system32\msnye.exe
c:\windows\system32\msnyeptu.exe
c:\windows\system32\msnzbc.exe
c:\windows\system32\msnzic.exe
c:\windows\system32\msnzjb.exe
c:\windows\system32\msoalhf.exe
c:\windows\system32\msobuyxj.exe
c:\windows\system32\msocodc.exe
c:\windows\system32\msodccp.exe
c:\windows\system32\msodiiw.exe
c:\windows\system32\msodwu.exe
c:\windows\system32\msogfm.exe
c:\windows\system32\msogkgb.exe
c:\windows\system32\msogvvq.exe
c:\windows\system32\msohey.exe
c:\windows\system32\msohh.exe
c:\windows\system32\msohqo.exe
c:\windows\system32\msoioynw.exe
c:\windows\system32\msoitkxi.exe
c:\windows\system32\msokivl.exe
c:\windows\system32\msoktm.exe
c:\windows\system32\msolb.exe
c:\windows\system32\msold.exe
c:\windows\system32\msolos.exe
c:\windows\system32\msoluck.exe
c:\windows\system32\msommau.exe
c:\windows\system32\msomvasz.exe
c:\windows\system32\msooftof.exe
c:\windows\system32\msoqggk.exe
c:\windows\system32\msorjwpz.exe
c:\windows\system32\msotd.exe
c:\windows\system32\msotzm.exe
c:\windows\system32\msoutozm.exe
c:\windows\system32\msowidqm.exe
c:\windows\system32\msoxa.exe
c:\windows\system32\msoyj.exe
c:\windows\system32\msoyvpzb.exe
c:\windows\system32\msoyvydw.exe
c:\windows\system32\msoyxyol.exe
c:\windows\system32\msozr.exe
c:\windows\system32\msozsl.exe
c:\windows\system32\mspcqvda.exe
c:\windows\system32\mspcxgqp.exe
c:\windows\system32\mspdmc.exe
c:\windows\system32\mspebg.exe
c:\windows\system32\mspet.exe
c:\windows\system32\mspgq.exe
c:\windows\system32\msphdt.exe
c:\windows\system32\msphlvx.exe
c:\windows\system32\mspijbny.exe
c:\windows\system32\mspim.exe
c:\windows\system32\mspkeyds.exe
c:\windows\system32\mspks.exe
c:\windows\system32\mspkz.exe
c:\windows\system32\msplsz.exe
c:\windows\system32\msplwvq.exe
c:\windows\system32\msplyr.exe
c:\windows\system32\mspmez.exe
c:\windows\system32\mspmm.exe
c:\windows\system32\msppgl.exe
c:\windows\system32\msppoaft.exe
c:\windows\system32\msppqx.exe
c:\windows\system32\msppzpye.exe
c:\windows\system32\mspqlymy.exe
c:\windows\system32\msptv.exe
c:\windows\system32\mspujvq.exe
c:\windows\system32\mspvec.exe
c:\windows\system32\mspxmch.exe
c:\windows\system32\mspyqjf.exe
c:\windows\system32\mspytas.exe
c:\windows\system32\mspyulx.exe
c:\windows\system32\mspze.exe
c:\windows\system32\mspzmsv.exe
c:\windows\system32\msqajb.exe
c:\windows\system32\msqbr.exe
c:\windows\system32\msqbzl.exe
c:\windows\system32\msqchkok.exe
c:\windows\system32\msqdho.exe
c:\windows\system32\msqebjr.exe
c:\windows\system32\msqecgqa.exe
c:\windows\system32\msqfjil.exe
c:\windows\system32\msqfyzx.exe
c:\windows\system32\msqgix.exe
c:\windows\system32\msqiv.exe
c:\windows\system32\msqiwd.exe
c:\windows\system32\msqktbkg.exe
c:\windows\system32\msqkv.exe
c:\windows\system32\msqnrlqu.exe
c:\windows\system32\msqojkf.exe
c:\windows\system32\msqphhdn.exe
c:\windows\system32\msqpono.exe
c:\windows\system32\msqpzv.exe
c:\windows\system32\msqqeoe.exe
c:\windows\system32\msqrbxbs.exe
c:\windows\system32\msqsdwae.exe
c:\windows\system32\msqujp.exe
c:\windows\system32\msqvocea.exe
c:\windows\system32\msqvz.exe
c:\windows\system32\msqwgddg.exe
c:\windows\system32\msqxzy.exe
c:\windows\system32\msqyhuqx.exe
c:\windows\system32\msqyreep.exe
c:\windows\system32\msqzxqlf.exe
c:\windows\system32\msrbzhy.exe
c:\windows\system32\msrcda.exe
c:\windows\system32\msrdf.exe
c:\windows\system32\msrend.exe
c:\windows\system32\msrfjzlo.exe
c:\windows\system32\msrfk.exe
c:\windows\system32\msrfmvdh.exe
c:\windows\system32\msrfpg.exe
c:\windows\system32\msrhir.exe
c:\windows\system32\msrhpi.exe
c:\windows\system32\msriin.exe
c:\windows\system32\msrkha.exe
c:\windows\system32\msrkkfy.exe
c:\windows\system32\msrmhoj.exe
c:\windows\system32\msrnina.exe
c:\windows\system32\msrnyq.exe
c:\windows\system32\msroif.exe
c:\windows\system32\msrpaxo.exe
c:\windows\system32\msrpwt.exe
c:\windows\system32\msrqpbp.exe
c:\windows\system32\msrqs.exe
c:\windows\system32\msrquywm.exe
c:\windows\system32\msrsk.exe
c:\windows\system32\msrvovbx.exe
c:\windows\system32\msrvrypk.exe
c:\windows\system32\msrvt.exe
c:\windows\system32\msrwn.exe
c:\windows\system32\msrxgj.exe
c:\windows\system32\msrycgyr.exe
c:\windows\system32\msryx.exe
c:\windows\system32\msrzn.exe
c:\windows\system32\mssbw.exe
c:\windows\system32\mssfvbbx.exe
c:\windows\system32\mssfwnv.exe
c:\windows\system32\mssibxcr.exe
c:\windows\system32\mssixftw.exe
c:\windows\system32\mssiymz.exe
c:\windows\system32\mssjckv.exe
c:\windows\system32\msslm.exe
c:\windows\system32\mssmfkoi.exe
c:\windows\system32\mssoznk.exe
c:\windows\system32\mssqjqm.exe
c:\windows\system32\msssqp.exe
c:\windows\system32\msssw.exe
c:\windows\system32\mssubfu.exe
c:\windows\system32\mssui.exe
c:\windows\system32\mssunx.exe
c:\windows\system32\mssyqb.exe
c:\windows\system32\msszdgap.exe
c:\windows\system32\msszo.exe
c:\windows\system32\mstbtw.exe
c:\windows\system32\mstbvkc.exe
c:\windows\system32\mstcn.exe
c:\windows\system32\mstcqauu.exe
c:\windows\system32\msteq.exe
c:\windows\system32\mstfomg.exe
c:\windows\system32\mstfsew.exe
c:\windows\system32\mstfy.exe
c:\windows\system32\mstgcv.exe
c:\windows\system32\mstiisf.exe
c:\windows\system32\mstjvl.exe
c:\windows\system32\mstkogo.exe
c:\windows\system32\mstmi.exe
c:\windows\system32\mstmkriz.exe
c:\windows\system32\mstoin.exe
c:\windows\system32\mstpnwl.exe
c:\windows\system32\mstqbi.exe
c:\windows\system32\mstqdvb.exe
c:\windows\system32\mstqvwk.exe
c:\windows\system32\mstrk.exe
c:\windows\system32\mstrqr.exe
c:\windows\system32\mstsmlz.exe
c:\windows\system32\msttlv.exe
c:\windows\system32\msttymr.exe
c:\windows\system32\mstuqmi.exe
c:\windows\system32\mstutwek.exe
c:\windows\system32\mstwtdwe.exe
c:\windows\system32\mstxhhqp.exe
c:\windows\system32\mstybu.exe
c:\windows\system32\msubdwtb.exe
c:\windows\system32\msubi.exe
c:\windows\system32\msuectn.exe
c:\windows\system32\msughavy.exe
c:\windows\system32\msugigb.exe
c:\windows\system32\msugocox.exe
c:\windows\system32\msugutmx.exe
c:\windows\system32\msuied.exe
c:\windows\system32\msuiq.exe
c:\windows\system32\msuirqyt.exe
c:\windows\system32\msujh.exe
c:\windows\system32\msukw.exe
c:\windows\system32\msumm.exe
c:\windows\system32\msuoaded.exe
c:\windows\system32\msupft.exe
c:\windows\system32\msupmn.exe
c:\windows\system32\msupqsci.exe
c:\windows\system32\msurhutd.exe
c:\windows\system32\msurqp.exe
c:\windows\system32\msutv.exe
c:\windows\system32\msuuvzbw.exe
c:\windows\system32\msuvhamg.exe
c:\windows\system32\msuwc.exe
c:\windows\system32\msuwwfq.exe
c:\windows\system32\msuxkgw.exe
c:\windows\system32\msuxko.exe
c:\windows\system32\msuxwb.exe
c:\windows\system32\msuxze.exe
c:\windows\system32\msuyejgo.exe
c:\windows\system32\msuyw.exe
c:\windows\system32\msuyyj.exe
c:\windows\system32\msuyzdz.exe
c:\windows\system32\msvbbuh.exe
c:\windows\system32\msvbhghi.exe
c:\windows\system32\msvbliy.exe
c:\windows\system32\msvcusq.exe
c:\windows\system32\msveg.exe
c:\windows\system32\msvfbjzp.exe
c:\windows\system32\msvfdv.exe
c:\windows\system32\msvflqr.exe
c:\windows\system32\msvhhkm.exe
c:\windows\system32\msvibc.exe
c:\windows\system32\msvjasl.exe
c:\windows\system32\msvjass.exe
c:\windows\system32\msvjfde.exe
c:\windows\system32\msvjuhk.exe
c:\windows\system32\msvkhw.exe
c:\windows\system32\msvkkku.exe
c:\windows\system32\msvkuvbo.exe
c:\windows\system32\msvmc.exe
c:\windows\system32\msvntup.exe
c:\windows\system32\msvnxwmd.exe
c:\windows\system32\msvocovb.exe
c:\windows\system32\msvouow.exe
c:\windows\system32\msvpswxn.exe
c:\windows\system32\msvshxa.exe
c:\windows\system32\msvswsbo.exe
c:\windows\system32\msvtgro.exe
c:\windows\system32\msvtm.exe
c:\windows\system32\msvtnj.exe
c:\windows\system32\msvtq.exe
c:\windows\system32\msvtt.exe
c:\windows\system32\msvtwg.exe
c:\windows\system32\msvus.exe
c:\windows\system32\msvuynuf.exe
c:\windows\system32\msvvfj.exe
c:\windows\system32\msvwgref.exe
c:\windows\system32\msvwp.exe
c:\windows\system32\msvxsg.exe
c:\windows\system32\msvxuj.exe
c:\windows\system32\msvzdp.exe
c:\windows\system32\mswbokkq.exe
c:\windows\system32\mswcvc.exe
c:\windows\system32\mswegwt.exe
c:\windows\system32\mswhyyz.exe
c:\windows\system32\mswjqd.exe
c:\windows\system32\mswjsuc.exe
c:\windows\system32\mswkjmx.exe
c:\windows\system32\mswmal.exe
c:\windows\system32\mswmxom.exe
c:\windows\system32\mswmz.exe
c:\windows\system32\mswpmkt.exe
c:\windows\system32\mswqw.exe
c:\windows\system32\mswrtvye.exe
c:\windows\system32\mswsh.exe
c:\windows\system32\mswsjl.exe
c:\windows\system32\mswufiy.exe
c:\windows\system32\mswwifsa.exe
c:\windows\system32\mswxgwdk.exe
c:\windows\system32\mswxkhwi.exe
c:\windows\system32\mswye.exe
c:\windows\system32\mswyiy.exe
c:\windows\system32\mswzkcq.exe
c:\windows\system32\mswztf.exe
c:\windows\system32\msxah.exe
c:\windows\system32\msxaj.exe
c:\windows\system32\msxaja.exe
c:\windows\system32\msxatpi.exe
c:\windows\system32\msxbuh.exe
c:\windows\system32\msxebb.exe
c:\windows\system32\msxetvg.exe
c:\windows\system32\msxeu.exe
c:\windows\system32\msxfcvri.exe
c:\windows\system32\msxfel.exe
c:\windows\system32\msxhogt.exe
c:\windows\system32\msxhqck.exe
c:\windows\system32\msxhtd.exe
c:\windows\system32\msxje.exe
c:\windows\system32\msxlyqy.exe
c:\windows\system32\msxmxv.exe
c:\windows\system32\msxon.exe
c:\windows\system32\msxoxrvg.exe
c:\windows\system32\msxqpzii.exe
c:\windows\system32\msxqqb.exe
c:\windows\system32\msxrgs.exe
c:\windows\system32\msxsl.exe
c:\windows\system32\msxtwifa.exe
c:\windows\system32\msxukkt.exe
c:\windows\system32\msxune.exe
c:\windows\system32\msxxn.exe
c:\windows\system32\msxyano.exe
c:\windows\system32\msxyl.exe
c:\windows\system32\msyaqpwi.exe
c:\windows\system32\msybq.exe
c:\windows\system32\msybqs.exe
c:\windows\system32\msydcii.exe
c:\windows\system32\msydi.exe
c:\windows\system32\msydl.exe
c:\windows\system32\msyeap.exe
c:\windows\system32\msygtlpj.exe
c:\windows\system32\msyheddj.exe
c:\windows\system32\msyibp.exe
c:\windows\system32\msyikaes.exe
c:\windows\system32\msyilnfd.exe
c:\windows\system32\msyliji.exe
c:\windows\system32\msylp.exe
c:\windows\system32\msymsund.exe
c:\windows\system32\msyngca.exe
c:\windows\system32\msynwwo.exe
c:\windows\system32\msyodo.exe
c:\windows\system32\msyonamj.exe
c:\windows\system32\msyqffb.exe
c:\windows\system32\msyqmkuz.exe
c:\windows\system32\msysguog.exe
c:\windows\system32\msyudspp.exe
c:\windows\system32\msyvdzbd.exe
c:\windows\system32\msyvo.exe
c:\windows\system32\msywmu.exe
c:\windows\system32\msywtf.exe
c:\windows\system32\msyxl.exe
c:\windows\system32\msyykr.exe
c:\windows\system32\msyyzuf.exe
c:\windows\system32\msyzdrys.exe
c:\windows\system32\msyzquop.exe
c:\windows\system32\mszauprc.exe
c:\windows\system32\mszbj.exe
c:\windows\system32\mszbnvst.exe
c:\windows\system32\mszeqrjf.exe
c:\windows\system32\mszfseru.exe
c:\windows\system32\mszghyl.exe
c:\windows\system32\mszir.exe
c:\windows\system32\mszkap.exe
c:\windows\system32\mszkd.exe
c:\windows\system32\mszkkzb.exe
c:\windows\system32\mszksydh.exe
c:\windows\system32\mszkymc.exe
c:\windows\system32\mszmy.exe
c:\windows\system32\mszngvum.exe
c:\windows\system32\msznn.exe
c:\windows\system32\mszolrf.exe
c:\windows\system32\mszolsd.exe
c:\windows\system32\mszqcajc.exe
c:\windows\system32\mszqv.exe
c:\windows\system32\mszri.exe
c:\windows\system32\mszrr.exe
c:\windows\system32\mszsb.exe
c:\windows\system32\mszsullj.exe
c:\windows\system32\msztaxt.exe
c:\windows\system32\mszttlbz.exe
c:\windows\system32\mszujzu.exe
c:\windows\system32\mszuykf.exe
c:\windows\system32\mszvz.exe
c:\windows\system32\mszxhjk.exe
c:\windows\system32\mszxnsqi.exe
c:\windows\system32\mszzazg.exe
c:\windows\system32\mszzub.exe
c:\windows\system32\mszzupp.exe
c:\windows\system32\mszzyl.exe
c:\windows\system32\UACevtnktuspucbvpe.dll
c:\windows\system32\UAChkmarokqaffgvgd.dll
c:\windows\system32\UACjhpnkamvknfucue.dll
c:\windows\system32\UACjrmtrmwptwnyroy.log
c:\windows\system32\UACpmkbpfqbaovfpln.log
c:\windows\system32\UACqrikxdsncxdetyx.dat
c:\windows\system32\UACrxuatsftyyxhkly.log
c:\windows\system32\UACxtpqdvfhwmdsilx.dll
c:\windows\system32\UACybcnhjxqxuoecfe.dll
C:\-1799974285
C:\hccps.exe
c:\windows\Install.txt
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\mlonwnoyovjgimx.sys
c:\windows\system32\drivers\UACknawqrprjlwlnkk.sys
c:\windows\system32\Install.txt
c:\windows\system32\UACevtnktuspucbvpe.dll
c:\windows\system32\UAChkmarokqaffgvgd.dll
c:\windows\system32\UACjhpnkamvknfucue.dll
c:\windows\system32\UACjrmtrmwptwnyroy.log
c:\windows\system32\UACpmkbpfqbaovfpln.log
c:\windows\system32\UACqrikxdsncxdetyx.dat
c:\windows\system32\UACrxuatsftyyxhkly.log
c:\windows\system32\UACxtpqdvfhwmdsilx.dll
c:\windows\system32\UACybcnhjxqxuoecfe.dll
c:\windows\system32\wiawow32.sys
c:\windows\Temp\2885692548.exe
c:\windows\Temp\2973348798.exe
c:\windows\Temp\3112692723.exe
c:\windows\Temp\3411562626.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_6to4
-------\Legacy_AZGTPWINSOTQUJ
-------\Legacy_dhcpsrv
-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Legacy_isadisk
-------\Legacy_MSNCACHE
-------\Legacy_sopidkc
-------\Service_3578c39d


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 05:40 . 2009-06-19 23:58 19968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe
2009-06-24 03:33 . 2009-06-24 03:34 -------- d-----w- c:\program files\ERUNT
2009-06-24 03:31 . 2009-06-24 03:31 -------- d-----w- c:\documents and settings\Administrator.BAHJEN\Local Settings\Application Data\Mozilla
2009-06-20 17:03 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 17:03 . 2009-06-20 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 17:03 . 2009-06-20 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 17:03 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 23:58 . 2009-06-19 23:58 12288 ----a-w- c:\windows\cvjser5usjfyigsfhjhswybn4wgss81.exe
2009-06-19 02:15 . 2009-06-19 02:15 127872 ----a-w- c:\documents and settings\Jenna\Application Data\Move Networks\uninstall.exe
2009-06-19 02:14 . 2009-06-19 02:15 1686272 ----a-w- c:\documents and settings\Jenna\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-06-18 22:57 . 2009-06-18 22:57 66560 ----a-w- c:\windows\system32\UACpdkoeqaepxuhrrp.dll
2009-06-17 22:05 . 2009-06-19 23:57 28672 ----a-w- C:\cqftyah.exe
2009-06-17 22:05 . 2009-06-19 23:57 201233 ----a-w- C:\cdpn.exe
2009-06-17 22:04 . 2009-06-17 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\99811396
2009-06-17 22:04 . 2009-06-17 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\19801404
2009-06-17 22:03 . 2009-06-17 22:03 2 ----a-w- c:\windows\010112010146118114.dat
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Jenna\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 06:35 . 2009-06-19 02:15 4183416 ----a-w- c:\documents and settings\Jenna\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-05-27 01:14 . 2009-05-27 01:14 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 05:41 . 2009-01-22 04:05 -------- d-----w- c:\documents and settings\Jenna\Application Data\skypePM
2009-06-24 03:21 . 2009-06-24 03:21 -------- d-----w- c:\program files\Trend Micro
2009-06-23 00:19 . 2006-07-29 21:32 91456 ----a-w- c:\documents and settings\Jenna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 00:19 . 2008-10-24 08:53 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-06-21 16:29 . 2009-06-21 16:29 -------- d-----w- c:\documents and settings\Administrator.BAHJEN\Application Data\Lavasoft
2009-06-20 19:16 . 2009-06-20 19:16 -------- d-----w- c:\documents and settings\Jenna\Application Data\Malwarebytes
2009-06-20 17:44 . 2009-06-20 17:44 -------- d-----w- c:\documents and settings\Administrator.BAHJEN\Application Data\Malwarebytes
2009-06-20 17:19 . 2009-06-20 17:19 69728 ----a-w- C:\cc_20090620_121931.reg
2009-06-20 17:19 . 2009-06-20 17:19 876468 ----a-w- C:\cc_20090620_121848.reg
2009-06-20 17:17 . 2009-06-20 17:17 -------- d-----w- c:\program files\CCleaner
2009-06-19 02:15 . 2007-12-21 19:08 -------- d-----w- c:\documents and settings\Jenna\Application Data\Move Networks
2009-06-02 16:14 . 2009-01-22 04:03 -------- d-----w- c:\documents and settings\Jenna\Application Data\Skype
2009-05-25 22:48 . 2009-02-05 03:20 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-05-25 22:48 . 2009-01-22 03:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-10 17:51 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 07:21 . 2006-08-24 17:47 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-12-22 05:00 . 2006-07-29 22:15 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 05:00 . 2006-07-29 22:15 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 05:00 . 2007-11-07 03:43 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 05:00 . 2007-11-07 03:43 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 05:00 . 2006-07-29 22:15 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-08-24 17:47 . 2006-08-24 17:47 8 --sh--r- c:\windows\system32\1CABB80194.sys
2006-08-21 22:59 . 2006-08-05 06:00 88 --sh--r- c:\windows\system32\9CF3B38F84.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Internet Connection Wizard Setup Tool"="c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe" [2009-06-19 19968]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624]

c:\documents and settings\Jenna\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-7-20 2913584]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-24 24576]
icwsetup.exe [2009-6-19 19968]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-17 18:49 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^icwsetup.exe]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe
backup=c:\windows\pss\icwsetup.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^Service Manager.lnk]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

S2 azgtpwinsotquj;azgtpwinsotquj;\??\c:\windows\system32\drivers\mlonwnoyovjgimx.sys --> c:\windows\system32\drivers\mlonwnoyovjgimx.sys [?]
S2 cvjser5usjfyigsfhjhswybn4wgss80;cvjser5usjfyigsfhjhswybn4wgss80;c:\windows\cvjser5usjfyigsfhjhswybn4wgss81.exe [6/19/2009 6:58 PM 12288]
S2 expe;expe;c:\windows\system32\drivers\whukkhjb.sys --> c:\windows\system32\drivers\whukkhjb.sys [?]
S2 pbcv;pbcv;c:\windows\system32\drivers\rilg.sys --> c:\windows\system32\drivers\rilg.sys [?]
S2 sahah;sahah;c:\windows\system32\drivers\obsfcerb.sys --> c:\windows\system32\drivers\obsfcerb.sys [?]
S2 wlnbdik;wlnbdik;c:\windows\system32\drivers\lsbmqc.sys --> c:\windows\system32\drivers\lsbmqc.sys [?]
S2 wqhtggx;wqhtggx;c:\windows\system32\drivers\kekx.sys --> c:\windows\system32\drivers\kekx.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 21:42]

2009-06-19 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 00:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(832)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-25 0:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 05:46

Pre-Run: 45,572,571,136 bytes free
Post-Run: 46,103,867,392 bytes free

973 --- E O F --- 2009-06-19 23:59


HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:44 AM, on 6/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: icwsetup.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: cvjser5usjfyigsfhjhswybn4wgss80 - Unknown owner - C:\WINDOWS\cvjser5usjfyigsfhjhswybn4wgss81.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8226 bytes


thanks

#4 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 25 June 2009 - 04:57 AM

Hi,

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://forums.whatthetech.com/uacinit_dll_t104481.html

Collect::
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe
c:\windows\cvjser5usjfyigsfhjhswybn4wgss81.exe
c:\windows\system32\UACpdkoeqaepxuhrrp.dll
C:\cqftyah.exe
C:\cdpn.exe

File::
c:\windows\010112010146118114.dat
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\1CABB80194.sys
c:\windows\system32\9CF3B38F84.sys

Folder::
c:\documents and settings\All Users\Application Data\99811396
c:\documents and settings\All Users\Application Data\19801404

Driver::
azgtpwinsotquj
cvjser5usjfyigsfhjhswybn4wgss80
expe
pbcv
sahah
wlnbdik
wqhtggx

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"ImagePath"="%systemroot%\\system32\\svchost.exe -k netsvcs"
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.
Let me know how things are running now.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#5 D_Piddy89

D_Piddy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 28 June 2009 - 05:07 PM

ok, here is what I got. I think this is everything. my computer also seems to be running great now! Thanks!!!




Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

6/28/2009 6:01:15 PM
mbam-log-2009-06-28 (18-01-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 165111
Time elapsed: 1 hour(s), 1 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:45 PM, on 6/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7613 bytes

#6 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 29 June 2009 - 04:43 AM

Hi,

Can I see the ComboFix log as well please? Should be at:
C:\ComboFix.txt

Any more problems at all?

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#7 D_Piddy89

D_Piddy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 02 July 2009 - 11:02 PM

Hi there sorry about the slow reply. I've been out of town. I was working on the computer for friend of mine and everything seemed to be working great so I returned it to her. I didn't realize I didn't post the combofix log, but no longer have access to it. I think everything is working great now for her though. Thank you very much!! I really appreciate it!!

#8 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 03 July 2009 - 02:50 AM

Okie dokie :thumbup:

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#9 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 09 July 2009 - 06:21 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·