mmault
Members-
Posts
5 -
Joined
-
Last visited
Reputation
0 Neutral-
Everything appears to be clean and running at full speed. Thanks again for all your help. You saved me from having to throw my computer out the window.
-
My computer is running much, much better now. I really appreciate the help!!! I followed the last set of instructions th last command to delete ComboFix didn't delete it, it just made it try to run the program again. Any idea why?
-
I really appreciate the help. Here is the log file from ComboFix. I had to rename the file in order to get it to work. ComboFix 09-06-18.02 - Mark 06/19/2009 18:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1545 [GMT -5:00] Running from: c:\documents and settings\Mark\Desktop\ComboFi.exe AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4} FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\recycler\S-1-5-21-3806632252-987185090-3488195982-500 c:\recycler\S-1-5-21-767095321-2202053304-2693556500-500 c:\windows\system32\drivers\UACwatrltrdnbvotbb.sys c:\windows\system32\UACaufwmeuswsccykq.dll c:\windows\system32\UACdruainakbynviwh.dll c:\windows\system32\UAChenodeingsbuemd.dat c:\windows\system32\UACiotemsagjmufbkx.log c:\windows\system32\UACllhtqoehrnjkpqu.dll c:\windows\system32\UACpmqvldqaqmqlyhu.dll c:\windows\system32\UACqaamskmxotucoab.log c:\windows\system32\UACrdjeamyiosaspnj.dll c:\windows\system32\UACtokxufdwqktdfal.db c:\windows\system32\UACubwdcwvvqfnmvwh.log c:\windows\system32\UACwncnrefnftlbkvu.dll c:\recycler\S-1-5-21-3806632252-987185090-3488195982-500\desktop.ini c:\recycler\S-1-5-21-3806632252-987185090-3488195982-500\INFO2 c:\recycler\S-1-5-21-767095321-2202053304-2693556500-500\desktop.ini c:\recycler\S-1-5-21-767095321-2202053304-2693556500-500\INFO2 c:\windows\kb913800.exe c:\windows\setup.exe c:\windows\system32\drivers\UACwatrltrdnbvotbb.sys c:\windows\system32\epuwejot.ini c:\windows\system32\muzapp.exe c:\windows\system32\oriwegef.ini c:\windows\system32\QTWMCI32.DLL c:\windows\system32\UACaufwmeuswsccykq.dll c:\windows\system32\UACdruainakbynviwh.dll c:\windows\system32\UAChenodeingsbuemd.dat c:\windows\system32\uacinit.dll c:\windows\system32\UACiotemsagjmufbkx.log c:\windows\system32\UACllhtqoehrnjkpqu.dll c:\windows\system32\UACpmqvldqaqmqlyhu.dll c:\windows\system32\UACqaamskmxotucoab.log c:\windows\system32\UACrdjeamyiosaspnj.dll c:\windows\system32\uactmp.db c:\windows\system32\UACtokxufdwqktdfal.db c:\windows\system32\UACubwdcwvvqfnmvwh.log c:\windows\system32\UACwncnrefnftlbkvu.dll c:\windows\system32\wbem\proquota.exe M:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://downloadsoftwareserver.com c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 ))))))))))))))))))))))))))))))) . 2009-06-20 00:13 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-06-20 00:13 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-06-19 01:22 . 2009-06-19 01:22 -------- d-----w- c:\program files\Trend Micro 2009-06-18 23:48 . 2009-06-18 23:48 390664 ----a-w- c:\documents and settings\Mark\Application Data\Real\RealPlayer\Update\realplayer11gold.exe 2009-06-18 23:32 . 2009-06-18 23:32 -------- d-----w- c:\documents and settings\Ainslee\Application Data\Yahoo! 2009-06-18 23:31 . 2009-06-18 23:31 -------- d-sh--w- c:\documents and settings\Ainslee\IETldCache 2009-06-18 23:28 . 2005-04-27 00:19 13104 ----a-w- c:\documents and settings\Ainslee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-18 23:28 . 2007-09-23 23:27 -------- d-----w- c:\documents and settings\Ainslee\Application Data\Intuit 2009-06-11 10:14 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 10:14 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-10 00:00 . 2009-06-10 00:00 152576 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-09 03:10 . 2009-06-09 03:10 -------- d-----w- c:\program files\Xilisoft 2009-06-09 00:58 . 2009-06-09 00:58 -------- d-----w- C:\divx 2009-06-07 13:36 . 2009-06-07 13:36 -------- d-----w- c:\documents and settings\Mark\Application Data\Auslogics 2009-06-06 01:42 . 2009-06-06 01:42 -------- d-----w- c:\program files\QuickTime 2009-06-06 01:42 . 2009-06-06 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-05 04:08 . 2009-06-05 04:08 -------- d-----w- c:\program files\Common Files\xing shared 2009-06-05 01:24 . 2009-06-05 01:24 -------- dc-h--w- c:\windows\ie8 2009-06-05 01:23 . 2009-06-05 01:23 -------- d-----w- c:\program files\Microsoft Silverlight 2009-06-05 01:22 . 2009-06-05 01:25 -------- d--h--w- c:\windows\msdownld.tmp 2009-06-03 01:33 . 2004-08-10 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll 2009-06-03 01:33 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2009-06-03 01:33 . 2004-08-10 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe 2009-06-03 01:33 . 2004-08-10 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll 2009-06-03 01:33 . 2004-08-10 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll 2009-06-03 01:33 . 2004-08-10 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll 2009-06-03 01:33 . 2004-08-10 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe 2009-06-03 01:33 . 2004-08-10 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll 2009-06-03 01:17 . 2009-06-06 01:36 -------- d-----w- c:\documents and settings\Mark\Application Data\IObit 2009-06-03 01:17 . 2009-06-03 01:17 -------- d-----w- c:\program files\IObit 2009-05-31 01:16 . 2009-05-31 01:16 29352 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\HTML\item_templ\common\fixes\HASFix058456.dll 2009-05-31 01:16 . 2009-05-31 01:16 23720 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\HTML\item_templ\common\fixes\HelpAndSupport_TestContent.dll 2009-05-31 01:16 . 2009-05-31 01:16 23056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\HTML\item_templ\common\fixes\HASFix101001.dll 2009-05-31 01:16 . 2009-05-31 01:16 221208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\HTML\item_templ\common\fixes\HelpAndSupportCommon.dll 2009-05-31 01:16 . 2009-05-31 01:16 21160 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\HTML\item_templ\common\fixes\HASFix056479.dll 2009-05-31 01:16 . 2009-05-31 01:16 110248 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\HTML\item_templ\common\fixes\HelpAndSupportInterface.dll 2009-05-30 20:40 . 2009-05-30 20:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-05-28 23:36 . 2009-05-28 23:36 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2009-05-28 23:36 . 2009-05-28 23:36 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-05-28 23:36 . 2009-05-28 23:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-05-28 22:43 . 2009-06-03 02:26 -------- d-----w- c:\documents and settings\Mason 2009-05-28 02:14 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-05-27 18:03 . 2009-05-27 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeRIP 2009-05-25 03:51 . 2009-05-25 03:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-20 00:18 . 2008-05-09 02:24 -------- d-----w- c:\documents and settings\Mark\Application Data\WTablet 2009-06-19 23:22 . 2009-03-26 00:04 -------- d-----w- c:\program files\Windows Live Safety Center 2009-06-19 22:43 . 2008-05-10 00:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet 2009-06-19 22:20 . 2008-12-24 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-19 21:51 . 2009-02-28 19:25 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-19 18:10 . 2007-09-28 14:42 -------- d-----w- c:\program files\mIRC 2009-06-17 16:27 . 2008-12-24 22:20 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 16:27 . 2008-12-24 22:20 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-14 23:07 . 2009-01-01 16:48 -------- d-----w- c:\documents and settings\Mark\Application Data\uTorrent 2009-06-14 17:54 . 2007-11-14 02:28 -------- d-----w- c:\program files\Zune 2009-06-10 00:01 . 2005-04-26 02:58 -------- d-----w- c:\program files\Java 2009-06-09 01:51 . 2008-06-04 01:35 -------- d-----w- c:\documents and settings\Mark\Application Data\Vso 2009-06-09 00:42 . 2007-09-24 17:53 -------- d-----w- c:\program files\DivX 2009-06-09 00:42 . 2009-04-08 02:43 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-06 04:04 . 2008-04-21 02:27 3532 ----a-w- C:\drmHeader.bin 2009-06-05 04:08 . 2007-11-26 20:12 -------- d-----w- c:\program files\Common Files\Real 2009-06-05 04:07 . 2007-11-26 20:12 -------- d-----w- c:\program files\Real 2009-06-05 01:54 . 2007-09-24 02:10 -------- d-----w- c:\program files\Azureus 2009-06-05 01:53 . 2005-04-26 23:33 -------- d-----w- c:\program files\Google 2009-06-03 02:26 . 2008-05-10 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-06-03 02:26 . 2007-09-24 02:11 -------- d-----w- c:\documents and settings\Mark\Application Data\Azureus 2009-06-03 02:26 . 2007-09-24 17:55 -------- d-----w- c:\program files\Total Video Converter 2009-06-03 02:25 . 2008-04-14 23:47 -------- d-----w- c:\program files\CDisplay 2009-06-03 02:15 . 2009-04-08 01:44 -------- d-----w- c:\program files\Kidspiration 3 2009-06-03 01:37 . 2008-01-27 23:46 -------- d-----w- c:\program files\Lavasoft 2009-06-01 02:34 . 2005-04-27 00:19 53208 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-01 02:16 . 2007-09-23 23:23 -------- d-----w- c:\program files\Microsoft Works 2009-06-01 01:42 . 2008-11-02 16:46 -------- d-----w- c:\program files\Nick Arcade 2009-06-01 01:41 . 2007-09-23 23:31 -------- d-----w- c:\program files\MoodLogic 2009-05-31 01:17 . 2009-03-28 02:28 -------- d-----w- c:\program files\Logitech 2009-05-30 04:02 . 2008-01-27 23:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-05-28 02:06 . 2007-09-23 22:40 -------- d-----w- c:\documents and settings\Mark\Application Data\U3 2009-05-26 10:06 . 2007-10-08 03:23 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-05-21 16:33 . 2008-11-28 02:57 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-19 21:10 . 2009-02-19 03:58 -------- d-----w- c:\program files\Photodex 2009-05-15 01:39 . 2009-05-15 01:39 -------- d-----w- c:\documents and settings\Mark\Application Data\Realtime Soft 2009-05-13 05:15 . 2005-04-26 02:17 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2005-04-26 02:17 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-06 15:40 . 2005-04-26 02:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-26 17:06 . 2009-04-26 04:16 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-04-26 17:06 . 2009-04-26 04:16 -------- d-----w- c:\program files\AVS4YOU 2009-04-26 14:45 . 2009-04-26 14:45 -------- d-----w- c:\documents and settings\Mark\Application Data\DataCast 2009-04-26 14:44 . 2009-02-25 18:37 -------- d-----w- c:\program files\Samsung 2009-04-26 04:17 . 2009-04-26 04:17 -------- d-----w- c:\documents and settings\Mark\Application Data\AVS4YOU 2009-04-26 04:17 . 2009-04-26 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-04-17 12:26 . 2005-04-26 02:17 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-16 18:24 . 2009-04-16 18:24 921600 ----a-w- c:\windows\system32\vorbisenc.dll 2009-04-16 18:24 . 2009-04-16 18:24 483328 ----a-w- c:\windows\system32\muzapp.dll 2009-04-16 18:24 . 2009-04-16 18:24 45056 ----a-w- c:\windows\system32\Ogg.dll 2009-04-16 18:24 . 2009-04-16 18:24 237568 ----a-w- c:\windows\system32\OggDS.dll 2009-04-16 18:24 . 2009-04-16 18:24 200704 ----a-w- c:\windows\system32\muzwmts.dll 2009-04-16 18:24 . 2009-04-16 18:24 188416 ----a-w- c:\windows\system32\vorbis.dll 2009-04-16 18:24 . 2009-04-16 18:24 110592 ----a-w- c:\windows\system32\TG_DUMP0708.DLL 2009-04-16 18:24 . 2009-04-16 18:24 110592 ----a-w- c:\windows\system32\tg_dump.dll 2009-04-16 18:24 . 2009-04-16 18:24 40960 ----a-w- c:\windows\system32\MAMACExtract.dll 2009-04-16 18:24 . 2009-04-16 18:24 135168 ----a-w- c:\windows\system32\muzaf1.dll 2009-04-16 18:24 . 2009-04-16 18:24 118784 ----a-w- c:\windows\system32\MaDRM.dll 2009-04-15 14:51 . 2005-04-26 02:17 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-03 00:07 . 2009-04-03 00:07 152576 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-28 02:30 . 2009-03-28 02:30 10134 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2009-03-28 02:29 . 2009-03-28 02:29 10134 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe 2009-03-28 02:28 . 2009-03-28 02:28 10134 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe 2009-03-26 21:36 . 2009-03-26 21:36 503808 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7fda5c0a-n\msvcp71.dll 2009-03-26 21:36 . 2009-03-26 21:36 499712 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7fda5c0a-n\jmc.dll 2009-03-26 21:36 . 2009-03-26 21:36 348160 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7fda5c0a-n\msvcr71.dll 2009-03-25 23:56 . 2008-06-07 23:13 256 ----a-w- c:\windows\system32\pool.bin 2009-03-22 18:16 . 2009-03-22 18:16 152576 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\jre1.6.0_12\lzma.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-05-01 2329936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 139264] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-23 5406720] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728] "iRiver Updater"="\Updater.exe" [2004-07-01 212992] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-05 198160] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-21 86016] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-09-21 2807808] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] c:\documents and settings\Mark\Start Menu\Programs\Startup\ Memeo AutoBackup Launcher.lnk - c:\documents and settings\Mark\Application Data\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-1-24 73728] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-23 113664] APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-8-18 221247] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-3 572008] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-27 692224] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"= "c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\Pen_Tablet.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "%windir%\\system32\\drivers\\svchost.exe"= R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2/2/2008 12:01 AM 6097] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [5/8/2008 9:24 PM 1373480] S0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\DRIVERS\ifp300.sys --> c:\windows\system32\DRIVERS\ifp300.sys [?] S2 ctge;ctge;c:\windows\system32\drivers\dgeozpvl.sys --> c:\windows\system32\drivers\dgeozpvl.sys [?] S2 jolqk;jolqk;c:\windows\system32\drivers\kaaz.sys --> c:\windows\system32\drivers\kaaz.sys [?] S2 lbgqj;lbgqj;\??\c:\windows\system32\drivers\wcrnwksapfq.sys --> c:\windows\system32\drivers\wcrnwksapfq.sys [?] S2 lheejh;lheejh;c:\windows\system32\drivers\kwrsto.sys --> c:\windows\system32\drivers\kwrsto.sys [?] S2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" --> c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [?] S2 uyea;uyea;c:\windows\system32\drivers\nwrrr.sys --> c:\windows\system32\drivers\nwrrr.sys [?] S2 yyztam;yyztam;c:\windows\system32\drivers\rescsrn.sys --> c:\windows\system32\drivers\rescsrn.sys [?] S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2/2/2008 12:01 AM 299923] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [12/25/2007 9:39 PM 29522] . Contents of the 'Scheduled Tasks' folder 2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2009-06-20 c:\windows\Tasks\User_Feed_Synchronization-{58B7CD79-A126-4F23-858C-4F6C84272DC9}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . - - - - ORPHANS REMOVED - - - - HKLM-Run-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe SafeBoot-OneCareMP . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-19 19:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-921572911-1707835667-3359345692-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{99DBA13D-2705-B025-CE5F-8920257F68CB}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abiiomgogbfabkialnpolpmhkbofbiiime"=hex:61,62,67,6c,69,69,63,62,65,61,6b,61, 6e,69,6e,64,6f,69,6b,70,6b,6c,66,6b,6d,6a,69,6b,6c,6a,70,62,6a,6d,00,77 "bbiiomgogbfabkialnoomohdcgamliobaidk"=hex:61,62,6c,6c,69,6f,67,6f,6f,6c,6f,6e, 69,6f,6f,65,6b,6f,6d,64,6f,69,63,6d,70,6b,70,66,6b,69,6c,6b,67,6d,00,77 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(300) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe c:\program files\Photodex\CompuPicPro\scsiaccess.exe c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\ZuneBusEnum.exe c:\program files\Zune\ZuneNss.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\rundll32.exe C:\Updater.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\windows\system32\HPZipm12.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe c:\program files\Memeo\AutoBackup\MemeoBackup.exe . ************************************************************************** . Completion time: 2009-06-20 19:34 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-20 00:34 Pre-Run: 76,782,043,136 bytes free Post-Run: 76,811,046,912 bytes free 368 --- E O F --- 2009-06-11 12:02
-
I've been trying for weeks to remove uacinit.dll - Here are the log files. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:22:42 PM, on 6/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Zune\ZuneLauncher.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Updater.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe C:\Program Files\Malwarebytes' Anti-Malware\mbyam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O1 - Hosts: 209.44.111.57 spydetect.microsoft.com O1 - Hosts: 209.44.111.57 antivirwin2009.com O1 - Hosts: 209.44.111.57 www.antivirwin2009.com O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbyam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [yeruzahata] Rundll32.exe "C:\WINDOWS\system32\tuviwezi.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [yeruzahata] Rundll32.exe "C:\WINDOWS\system32\tuviwezi.dll",s (User 'NETWORK SERVICE') O4 - Startup: Memeo AutoBackup Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190589286718 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 17340 bytes Malwarebytes' Anti-Malware 1.37 Database version: 2306 Windows 5.1.2600 Service Pack 3 6/18/2009 8:22:10 PM mbam-log-2009-06-18 (20-22-10).txt Scan type: Quick Scan Objects scanned: 121098 Time elapsed: 6 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
-
tenacious redirect virus (Trojan.Agent)
mmault replied to jackofspades's topic in Resolved Malware Removal Logs
I have the same problem too. It states that Rootkit.Trace was deleted and that uacinit.dll will be deleted on reboot. They are both still there no matter how many times I clean it and reboot.