Jump to content

bullhead

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. bullhead
    Sorry for the absence, life happens. I removed Java as per instructions, BUT No logfile from JavaRa on screen, so I couldn't save it someplace that I could find and copy. If it was saved, I don't know where. I can't install Java. (They're up to ver. 6-15, BTW.) I keep getting a message saying the installation was interrupted. Same thing when I try to do it on-line. I did remove Viewpoint Media Player.
  2. bullhead
    Here it is: 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 7-Zip 4.57 Activation Assistant for the 2007 Microsoft Office suites Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Reader 8.1.2 Adobe Shockwave Player AIM 6 AppCore Apple Mobile Device Support Apple Software Update Bonjour Canon IJ Network Scan Utility Canon IJ Network Tool Canon MX7600 series Canon MX7600 series User Registration Canon My Printer ccCommon Cisco Clean Access Agent Compatibility Pack for the 2007 Office system Component Framework Conexant HD Audio CyberLink YouCam DVD Suite EA Link Google Gears Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Google Update Helper Google Video Uploader Hauppauge MCE XP/Vista Software Encoder (2.0.25149) HDAUDIO Soft Data Fax Modem with SmartCP Hewlett-Packard Active Check Hewlett-Packard Asset Agent for Health Check HijackThis 2.0.2 HP Customer Experience Enhancements HP Doc Viewer HP Easy Setup - Frontend HP Help and Support HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.30 E1 HP QuickPlay 3.6 HP QuickTouch 1.00 C4 HP Smart Web Printing HP Total Care Advisor HP Update HP User Guides 0090 HP Wireless Assistant HPNetworkAssistant Intel® Graphics Media Accelerator Driver iTunes Java 6 Update 13 Java 6 Update 2 LabelPrint LiveUpdate (Symantec Corporation) LiveUpdate (Symantec Corporation) Malwarebytes' Anti-Malware Marvell Miniport Driver Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) muvee autoProducer 6.1 My HP Games NetWaiting Norton AntiVirus Norton AntiVirus Help Norton Confidential Core Norton Internet Security Norton Internet Security Norton Internet Security (Symantec Corporation) Norton Protection Center Power2Go PowerDirector QuickPlay SlingPlayer 0.4.6 QuickTime RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969679) Security Update for Microsoft Office Excel 2007 (KB969682) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office Word 2007 (KB969604) Skype
  3. bullhead
    Dare I say it, it seems fine. I ran MBAM again and it came up clean. No strange behavior. Suddenly I seem to have Windows updates available.
  4. bullhead
    Looks like progress: Malwarebytes' Anti-Malware 1.40 Database version: 2560 Windows 6.0.6001 Service Pack 1 8/4/2009 5:04:27 PM mbam-log-2009-08-04 (17-04-27).txt Scan type: Quick Scan Objects scanned: 83882 Time elapsed: 6 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\UACbdtbvblfdi.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Windows\System32\UACikhycexxrj.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Windows\System32\UAClxmqfpstqo.dll (Rogue.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\UACyxflopmcix.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Windows\System32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\UACmfehgawnfp.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\UACmwpucfuprs.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\drivers\UACcvrnitthox.sys (Trojan.Agent) -> Quarantined and deleted successfully.
  5. bullhead
    Here it is: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/04 14:57 Program Version: Version 1.3.3.0 Windows Version: Windows Vista SP1 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\System Volume Information\{0b4cfa36-78b1-11de-ac5f-001d725b9ceb}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{0b4cfa65-78b1-11de-ac5f-001d725b9ceb}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{0b4cfaad-78b1-11de-ac5f-001d725b9ceb}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{0b4cfac2-78b1-11de-ac5f-001d725b9ceb}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{5a1abde0-7850-11de-91f9-001d725b9ceb}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{78a67d84-8063-11de-99fc-001f3c5cceb6}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{7a2620a4-8105-11de-9af8-001d725b9ceb}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{aa2255ff-8102-11de-ad02-001d725b9ceb}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\Windows\System32\MPEG2D~1.AX Status: Locked to the Windows API! Path: C:\Windows\System32\UACbdtbvblfdi.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\UACikhycexxrj.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\uacinit.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\UAClxmqfpstqo.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\UACmfehgawnfp.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\UACmudcsjckma.db Status: Invisible to the Windows API! Path: C:\Windows\System32\UACmwpucfuprs.dat Status: Invisible to the Windows API! Path: C:\Windows\System32\UACyxflopmcix.dll Status: Invisible to the Windows API! Path: C:\Windows\Temp\UAC3590.tmp Status: Invisible to the Windows API! Path: C:\Windows\Temp\UAC384e.tmp Status: Invisible to the Windows API! Path: C:\Windows\Temp\UAC3b3b.tmp Status: Invisible to the Windows API! Path: C:\Windows\Temp\UAC3cc1.tmp Status: Invisible to the Windows API! Path: C:\Windows\Temp\UAC3ea4.tmp Status: Invisible to the Windows API! Path: C:\Program Files\CyberLink\PowerDirector\UACAgent.exe Status: Invisible to the Windows API! Path: c:\programdata\symantec\spbbc\shl_{f938ebce-5773-4c2f-9126-88c62d9989ec}.ldb Status: Allocation size mismatch (API: 64, Raw: 0) Path: C:\Windows\System32\drivers\UACcvrnitthox.sys Status: Invisible to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea 1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003 bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d21850 4d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d d7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e2 0e9863b4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5 ca663317c4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ab ac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c 0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a 620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11d f268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd a6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8 .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc 0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053 e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d 5e63e93b68.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddf c6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d 131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a898 0e994a5d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638 6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\MPEG2D~1.AX Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18115_none_dbf76b9657133c48\MPEG2D~1.AX Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18177_none_dbb88ca25742169c\MPEG2D~1.AX Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18254_none_dbcb2d8257348fdc\MPEG2D~1.AX Status: Locked to the Windows API! Path: C:\Users\Franzi\AppData\Local\Temp\UAC67.tmp Status: Invisible to the Windows API! Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Status: Locked to the Windows API!
  6. bullhead
    I seem to have the same problem as a few others, uacinit.dll just won't go away. HijackThis logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:06:29 AM, on 8/4/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/48.11/uploader2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate1c98d5b94b4b930) (gupdate1c98d5b94b4b930) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12514 bytes And MBAM logfile: Malwarebytes' Anti-Malware 1.39 Database version: 2549 Windows 6.0.6001 Service Pack 1 8/4/2009 10:45:01 AM mbam-log-2009-08-04 (10-45-01).txt Scan type: Quick Scan Objects scanned: 84698 Time elapsed: 7 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. Needless to say, uacinit.dll doesn't seem to get deleted on reboot. Any help very gratefully accepted.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.