1.

Solve : UACD.sys Removal?

Answer»

Hi all-I've finally figured out what is so terribly wrong with my computer, it's got UACD.sys

I haven't been able to REMOVE it because by looking at other forums and such, it seems I can't find it in my device manager...aych...This is my first time posting on here, and I'll do everything I've been told, just bear with me!

I am unable to run SUPERAntiSpyware installer--I believe as a result of the virus. Every time I try to install it, it says "SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience."

Similar situation going on with Malwarebytes. I've downloaded the installer and when I double-click and hit Run, nothing seems to happen. I've repeated it over and over with no luck.


I have attached my HJT log. Thanks sooo much for your help!



[attachment deleted by admin]Quote from: lisaread on June 05, 2009, 12:58:10 AM

Hi all-I've finally figured out what is so terribly wrong with my computer, it's got UACD.sys

I haven't been able to remove it because by looking at other forums and such, it seems I can't find it in my device manager...aych...This is my first time posting on here, and I'll do everything I've been told, just bear with me!

I am unable to run SUPERAntiSpyware installer--I believe as a result of the virus. Every time I try to install it, it says "SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience."

Similar situation going on with Malwarebytes. I've downloaded the installer and when I double-click and hit Run, nothing seems to happen. I've repeated it over and over with no luck.


I have attached my HJT log. Thanks sooo much for your help!


Your HijackThis log is not attached, please attach it so an expert can help you.Thank you--I've updated my post to include it, don't know how that happened!Download ComboFix from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop.

Link 1
Link 2
Link 3

Rename ComboFix to Combo-Fix before saving it to the desktop.





Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Here is my Combo Fix report:

ComboFix 09-06-06.01 - Lisa Read 06/06/2009 17:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.494.154 [GMT -7:00]
Running from: c:\documents and settings\Lisa Read\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\docume~1\LISARE~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Lisa Read\Local Settings\Temp\IadHide5.dll
c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
c:\windows\system32\rpcnet.dll
c:\windows\system32\UACatargrve.dll
c:\windows\system32\UACcsxooyan.dll
c:\windows\system32\UACdldstpvg.dll
c:\windows\system32\UACdvjaqjik.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjycdakxl.dll
c:\windows\system32\UACleamfjer.log
c:\windows\system32\UAClymdnowq.dll
c:\windows\system32\UACnmaumxme.db
c:\windows\system32\UACwwjrxydj.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-05 16:34 . 2009-06-05 16:34--------d-sh--w-c:\windows\system32\config\systemprofile\IETldCache
2009-06-05 16:29 . 2009-06-05 16:29--------d-sh--w-c:\documents and settings\Lisa Read\IETldCache
2009-06-05 06:48 . 2009-06-05 06:48--------d-----w-c:\program files\Trend Micro
2009-06-05 06:22 . 2009-06-05 06:22--------d-----w-c:\program files\CCleaner
2009-06-05 06:02 . 2009-06-05 06:02574----a-w-C:\cleanup.bat
2009-06-05 06:02 . 2009-06-05 06:02135168----a-w-C:\zip.exe
2009-06-05 05:42 . 2009-06-05 05:42--------d-----w-c:\documents and settings\All Users\Application Data\Prevx
2009-06-05 05:39 . 2009-06-05 05:39--------d-----w-c:\documents and settings\Lisa Read\Application Data\PrevxCSI
2009-06-05 05:22 . 2009-06-05 06:07--------d-----w-c:\program files\Prevx
2009-06-05 05:22 . 2009-06-05 06:07--------d-----w-c:\documents and settings\All Users\Application Data\PrevxCSI
2009-06-04 06:34 . 2009-06-04 06:34--------d-----w-c:\windows\ie8updates
2009-06-04 06:33 . 2009-05-12 05:11102912-c----w-c:\windows\system32\dllcache\iecompat.dll
2009-06-04 06:29 . 2009-06-04 06:33--------dc-H--w-c:\windows\ie8
2009-06-04 06:15 . 2009-06-04 06:15152576----a-w-c:\documents and settings\Lisa Read\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-03 21:20 . 2006-02-07 15:35135168----a-w-c:\windows\system32\igfxres.dll
2009-06-03 19:36 . 2006-02-07 15:5661440----a-w-c:\windows\system32\iAlmCoIn_v4497.dll
2009-06-03 19:31 . 2009-06-03 19:31--------d-----w-c:\program files\SystemRequirementsLab
2009-05-22 01:31 . 2009-05-22 01:3113160----a-w-c:\windows\system32\Upgrd.exe
2009-05-20 23:09 . 2008-03-21 20:5714640------w-c:\windows\system32\spmsgXP_2k3.dll
2009-05-20 23:08 . 2008-12-16 20:441112288----a-w-c:\windows\system32\WdfCoInstaller01007.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 00:23 . 2006-07-19 16:2217408----a-w-c:\windows\system32\rpcnetp.exe
2009-06-05 08:27 . 2009-01-14 22:29296608----a-w-c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-05 06:17 . 2006-07-20 01:33--------d--h--w-c:\program files\InstallShield Installation Information
2009-06-05 06:06 . 2009-04-28 18:41--------d-----w-c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-05 06:00 . 2006-09-05 17:41--------d-----w-c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-04 06:26 . 2009-04-03 23:0550688------w-c:\windows\system32\drivers\UACqmtorsbk.sys
2009-05-22 01:31 . 2008-07-10 02:0856680----a-w-c:\windows\system32\rpcnet.exe
2009-05-12 06:29 . 2006-09-06 18:34--------d-----w-c:\program files\Dl_cats
2009-05-11 04:45 . 2009-04-10 20:46--------d-----w-c:\documents and settings\Lisa Read\Application Data\TeraCopy
2009-05-07 08:03 . 2009-05-07 03:32--------d-----w-c:\documents and settings\Lisa Read\Application Data\TeamViewer
2009-05-07 03:32 . 2009-05-07 03:32--------d-----w-c:\program files\TeamViewer
2009-05-07 03:25 . 2009-05-07 03:23--------d-----w-c:\program files\CrossLoop
2009-05-01 18:30 . 2009-05-01 18:303366912----a-w-c:\windows\system32\GPhotos.scr
2009-05-01 00:13 . 2008-01-06 20:5253120-c-ha-w-c:\windows\system32\mlfcache.dat
2009-04-10 21:59 . 2009-04-10 21:59--------d-----w-c:\program files\Seagate
2009-04-10 21:38 . 2009-04-10 21:38--------d-----w-c:\documents and settings\All Users\Application Data\Seagate
2009-04-03 00:23 . 2006-08-08 05:348854----a-r-c:\documents and settings\Lisa Read\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2009-04-03 00:23 . 2006-08-08 05:3440960----a-r-c:\documents and settings\Lisa Read\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2009-04-03 00:23 . 2006-08-08 05:3410134----a-r-c:\documents and settings\Lisa Read\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2009-03-25 22:55 . 2008-01-22 01:4333280----a-w-c:\windows\system32\identprv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Lisa Read\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-09-30 104128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-02 185632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-12 144792]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-05 160800]
"VX6000"="c:\windows\vVX6000.exe" [2008-08-05 713744]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-14 180224]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\Lisa Read\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Lisa Read\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 4:29 PM 101936]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [1/11/2009 5:32 PM 2077840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1580818891-1343024091-1004.job
- c:\documents and settings\Lisa Read\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-04 20:29]

2009-06-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart PAGE = hxxp://www.netflix.com/MemberHome
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: arubanetworks.com\securelogin
Trusted Zone: stumbleupon.com
FF - ProfilePath - c:\documents and settings\Lisa Read\Application Data\Mozilla\Firefox\Profiles\fliel1x8.default\
FF - plugin: c:\documents and settings\Lisa Read\Application Data\Mozilla\Firefox\Profiles\fliel1x8.default\extensions\[emailprotected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\Lisa Read\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Millisecond Software\Inquisit 2.0 Mozilla Plugin\npInquisit_20610047.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 17:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[emailprotected]??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1284)
c:\docume~1\LISARE~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wscntfy.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-07 17:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-07 00:37

Pre-Run: 16,691,523,584 bytes free
Post-Run: 16,614,338,560 bytes free

220--- E O F ---2009-06-05 02:38

Suspicious files to scan

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
Code: [Select]c:\windows\system32\Upgrd.exe2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
[color="Red"]Important:[/color] Wait for all of the scanning engines to complete.
5. Once the Scan is completed SCROLL down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.

Note: If using FireFox you will need to copy the link in the address bar and post it back here instead. The Copy to Clipboard feature will not work.http://virscan.org/report/e8541b64f8b1bb1cbd8e955aa9dfd4d2.htmlAre you sure you scanned the right file? c:\windows\system32\Upgrd.exe

It says File Name : 1.htmlSorry, here it is:

VirSCAN.org Scanned Report :
Scanned time : 2009/06/06 23:41:38 (PDT)
Scanner results: All Scanners reported not find malware!
File Name : Upgrd.exe
File Size : 13160 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : da67fca724b077642b4a05ae5c954cc3
SHA1 : 25dd176cc9676d133d26fa3ac975ea722c12142 4
Online report : http://virscan.org/report/66c9bd36bb6457c6e41b74697466118f.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.1 20090606013111 2009-06-06 2.10 -
AhnLab V3 2009.06.05.01 2009.06.05 2009-06-05 0.72 -
AntiVir 8.2.0.180 7.1.4.65 2009-06-06 0.47 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.12 -
Arcavir 2009 200906061305 2009-06-06 0.04 -
Authentium 5.1.1 200906061841 2009-06-06 1.13 -
AVAST! 4.7.4 090606-0 2009-06-06 0.00 -
AVG 8.5.286 270.12.54/2159 2009-06-07 3.50 -
BitDefender 7.81008.3346768 7.25847 2009-06-07 3.14 -
CA (VET) 9.0.0.143 31.6.6541 2009-06-06 5.66 -
ClamAV 0.95.1 9434 2009-06-06 0.01 -
Comodo 3.9 1274 2009-06-06 0.71 -
CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 -
Dr.Web 4.44.0.9170 2009.06.07 2009-06-07 4.73 -
F-Prot 4.4.4.56 20090606 2009-06-06 1.14 -
F-Secure 5.51.6100 2009.06.05.11 2009-06-05 0.07 -
Fortinet 2.81-3.117 10.474 2009-06-06 0.21 -
GData 19.5671/19.355 20090607 2009-06-07 4.18 -
ViRobot 20090605 2009.06.05 2009-06-05 0.41 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.90 -
JiangMin 11.0.706 2009.06.07 2009-06-07 2.03 -
Kaspersky 5.5.10 2009.06.07 2009-06-07 0.05 -
KingSoft 2009.2.5.15 2009.6.6.21 2009-06-06 0.64 -
McAfee 5.3.00 5638 2009-06-06 3.05 -
Microsoft 1.4701 2009.06.06 2009-06-06 4.59 -
mks_vir 2.01 2009.06.05 2009-06-05 3.19 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 -
Panda 9.05.01 2009.06.06 2009-06-06 1.78 -
Trend Micro 8.700-1004 6.176.10 2009-06-06 0.03 -
Quick Heal 10.00 2009.06.06 2009-06-06 1.21 -
Rising 20.0 21.32.60.00 2009-06-07 0.85 -
Sophos 2.87.1 4.42 2009-06-07 2.38 -
Sunbelt 5173 5173 2009-06-06 0.82 -
Symantec 1.3.0.24 20090606.003 2009-06-06 0.05 -
nProtect 20090607.01 4203005 2009-06-07 5.39 -
The Hacker 6.3.4.3 v00340 2009-06-04 0.57 -
VBA32 3.12.10.6 20090606.1348 2009-06-06 1.96 -
VirusBuster 4.5.11.10 10.107.4/1587341 2009-06-06 1.94 -




http://virscan.org/report/66c9bd36bb6457c6e41b74697466118f.html
Thank you.
.
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information: .
It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
  • Viewpoint Experience Technology
.
----------

  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.
.
  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.
.
----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator
  • Under Main: Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • Click Exit on the Main menu to close the program.
.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.
When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save


Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.I wasn't able to find any of the Viewpoint programs in my Add/Remove programs...is there any other way to get rid of them? Also, I have been getting this new message that pops up every few minutes: Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry of the inconvenience.

Here's the requested report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 9, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 10, 2009 01:00:12
Records in database: 2332781
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 53332
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:42:51

No malware has been detected. The scan area is clean.

The selected area was scanned.

Download ViewpointKiller.zip
  • Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
  • Double click the ViewpointKiller icon to run ViewpointKiller.exe.
  • Select the File menu, and select Check to see if you have Viewpoint installed.
  • If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper Kill option in the File menu.
  • Follow the prompts and instructions very carefully, answering Yes or No depending on which option you are most comfortable with.
  • The MsConfig instructions are very important, so be sure to read them carefully.
  • Note: When done with ViewpointKiller right click and delete all files that were unzipped.
.
----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixViewpoint Killer didn't find anything...Here is the Combofix report:

ComboFix 09-06-11.04 - Lisa Read 06/11/2009 11:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.494.219 [GMT -7:00]
Running from: c:\documents and settings\Lisa Read\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\LISARE~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Lisa Read\Local Settings\temp\IadHide5.dll
c:\windows\system32\rpcnet.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 18:54 . 2009-06-11 18:5456680----a-w-c:\windows\system32\rpcnet.dll
2009-06-09 22:07 . 2009-06-09 22:08--------d-s---w-C:\Combo-Fix
2009-06-07 06:42 . 2009-06-07 06:42--------d-sh--w-c:\documents and settings\Lisa Read\PrivacIE
2009-06-05 16:34 . 2009-06-05 16:34--------d-sh--w-c:\windows\system32\config\systemprofile\IETldCache
2009-06-05 16:29 . 2009-06-05 16:29--------d-sh--w-c:\documents and settings\Lisa Read\IETldCache
2009-06-05 06:48 . 2009-06-05 06:48--------d-----w-c:\program files\Trend Micro
2009-06-05 06:22 . 2009-06-05 06:22--------d-----w-c:\program files\CCleaner
2009-06-05 06:02 . 2009-06-05 06:02574----a-w-C:\cleanup.bat
2009-06-05 06:02 . 2009-06-05 06:02135168----a-w-C:\zip.exe
2009-06-05 05:42 . 2009-06-05 05:42--------d-----w-c:\documents and settings\All Users\Application Data\Prevx
2009-06-05 05:39 . 2009-06-05 05:47--------d-----w-c:\documents and settings\Lisa Read\Application Data\PrevxCSI
2009-06-05 05:22 . 2009-06-05 06:07--------d-----w-c:\program files\Prevx
2009-06-05 05:22 . 2009-06-05 06:07--------d-----w-c:\documents and settings\All Users\Application Data\PrevxCSI
2009-06-04 06:34 . 2009-06-04 06:34--------d-----w-c:\windows\ie8updates
2009-06-04 06:33 . 2009-05-12 05:11102912-c----w-c:\windows\system32\dllcache\iecompat.dll
2009-06-04 06:29 . 2009-06-04 06:33--------dc-h--w-c:\windows\ie8
2009-06-04 06:15 . 2009-06-04 06:15152576----a-w-c:\documents and settings\Lisa Read\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-03 21:20 . 2006-02-07 15:35135168----a-w-c:\windows\system32\igfxres.dll
2009-06-03 19:36 . 2006-02-07 15:5661440----a-w-c:\windows\system32\iAlmCoIn_v4497.dll
2009-06-03 19:31 . 2009-06-03 19:31--------d-----w-c:\program files\SystemRequirementsLab
2009-05-22 01:31 . 2009-05-22 01:3113160----a-w-c:\windows\system32\Upgrd.exe
2009-05-20 23:09 . 2008-03-21 20:5714640------w-c:\windows\system32\spmsgXP_2k3.dll
2009-05-20 23:08 . 2008-12-16 20:441112288----a-w-c:\windows\system32\WdfCoInstaller01007.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 18:54 . 2006-07-19 16:2217408----a-w-c:\windows\system32\rpcnetp.exe
2009-06-05 08:27 . 2009-01-14 22:29296608----a-w-c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-05 06:17 . 2006-07-20 01:33--------d--h--w-c:\program files\InstallShield Installation Information
2009-06-05 06:06 . 2009-04-28 18:41--------d-----w-c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-04 06:26 . 2009-04-03 23:0550688------w-c:\windows\system32\drivers\UACqmtorsbk.sys
2009-05-22 01:31 . 2008-07-10 02:0856680----a-w-c:\windows\system32\rpcnet.exe
2009-05-12 06:29 . 2006-09-06 18:34--------d-----w-c:\program files\Dl_cats
2009-05-11 04:45 . 2009-04-10 20:46--------d-----w-c:\documents and settings\Lisa Read\Application Data\TeraCopy
2009-05-07 08:03 . 2009-05-07 03:32--------d-----w-c:\documents and settings\Lisa Read\Application Data\TeamViewer
2009-05-07 03:32 . 2009-05-07 03:32--------d-----w-c:\program files\TeamViewer
2009-05-07 03:25 . 2009-05-07 03:23--------d-----w-c:\program files\CrossLoop
2009-05-01 18:30 . 2009-05-01 18:303366912----a-w-c:\windows\system32\GPhotos.scr
2009-05-01 00:13 . 2008-01-06 20:5253120-c-ha-w-c:\windows\system32\mlfcache.dat
2009-04-03 00:23 . 2006-08-08 05:348854----a-r-c:\documents and settings\Lisa Read\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2009-04-03 00:23 . 2006-08-08 05:3440960----a-r-c:\documents and settings\Lisa Read\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2009-04-03 00:23 . 2006-08-08 05:3410134----a-r-c:\documents and settings\Lisa Read\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2009-03-25 22:55 . 2008-01-22 01:4333280----a-w-c:\windows\system32\identprv.dll
2009-03-25 01:33 . 2009-03-25 01:33237264----a-w-c:\documents and settings\Lisa Read\Application Data\Mozilla\plugins\npgoogletalk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Lisa Read\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-09-30 104128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-02 185632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-12 144792]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-05 160800]
"VX6000"="c:\windows\vVX6000.exe" [2008-08-05 713744]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-14 180224]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\Lisa Read\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Lisa Read\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 4:29 PM 101936]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [1/11/2009 5:32 PM 2077840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1580818891-1343024091-1004.job
- c:\documents and settings\Lisa Read\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-04 20:29]

2009-06-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/MemberHome
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: arubanetworks.com\securelogin
Trusted Zone: stumbleupon.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 11:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3656)
c:\docume~1\LISARE~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\CF11289.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-11 12:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-11 19:09
ComboFix2.txt 2009-06-07 00:37

Pre-Run: 18,495,057,920 bytes free
Post-Run: 18,611,720,192 bytes free

192--- E O F ---2009-06-11 18:18

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and Paste the entire report in your next reply.
    .
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.Malwarebytes' Anti-Malware 1.37
    Database version: 2263
    Windows 5.1.2600 Service Pack 3

    6/11/2009 12:33:17 PM
    mbam-log-2009-06-11 (12-33-17).txt

    Scan type: Quick Scan
    Objects scanned: 82363
    Time elapsed: 4 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\system32\drivers\UACqmtorsbk.sys (Trojan.Agent) -> Quarantined and deleted successfully.


    Discussion

    No Comment Found

    Related InterviewSolutions