Tech Problem Aggregator

UACekodrtvvim.dll

Q: UACekodrtvvim.dll

Hi
I'm trying to sort out a mates pc which had 'personal antivirus' folder on the desktop.They have tried allsort of removal program before asking if I could have a look.

I've run malwarebytes which fixesallsortsof problem but I'm now left with UACekodrtvvim.dll which is can not remove

here are the requested logs


DDS (Ver_09-07-30.01) - NTFSx86
Run by lizzy at 9:54:13.67 on 11/09/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Basic 6.0.6000.0.1252.44.1033.18.1015.220 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\lizzy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Creative Live! Cam Manager] c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\test.exe" /runcleanupscript
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 is-G2T07drv;is-G2T07drv;c:\windows\system32\drivers\30894471.sys [2009-9-10 148496]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-2-10 55264]
R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-2 9216]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-3-25 810320]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2007-12-25 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-12-25 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-12-25 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-12-25 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2007-12-25 98696]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [2008-1-25 146112]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [2008-1-25 6272]

=============== Created Last 30 ================

2009-09-11 08:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 21:54 <DIR> --d----- c:\users\lizzy\appdata\roaming\SUPERAntiSpyware.com
2009-09-10 21:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-10 21:52 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-10 21:04 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2009-09-10 21:04 568 a---h--- c:\windows\nod32fixtemdono.reg
2009-09-10 20:58 <DIR> --d----- c:\programdata\ESET
2009-09-10 20:58 <DIR> --d----- c:\program files\ESET
2009-09-10 17:26 <DIR> --d----- c:\users\lizzy\appdata\roaming\Malwarebytes
2009-09-10 16:22 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 16:22 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-10 16:22 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-10 16:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malwarexxx
2009-09-10 16:22 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-10 16:21 <DIR> --d----- c:\programdata\is-SP256
2009-09-10 16:21 <DIR> --d----- c:\progra~2\is-SP256
2009-09-10 16:21 <DIR> --d----- c:\programdata\is-8N3OB
2009-09-10 16:21 <DIR> --d----- c:\progra~2\is-8N3OB
2009-09-10 15:57 <DIR> --d----- c:\windows\system32\wbem\repository
2009-09-10 15:00 <DIR> --d----- c:\windows\pss
2009-09-10 11:33 200,813,924 a------- c:\windows\MEMORY.DMP
2009-09-10 11:32 3,747,936 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-10 11:32 32,636 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-10 10:34 <DIR> --d----- c:\programdata\is-G2T07
2009-09-10 10:34 <DIR> --d----- c:\progra~2\is-G2T07
2009-09-10 10:33 148,496 a------- c:\windows\system32\drivers\30894471.sys
2009-09-10 08:11 172,032 a------- c:\windows\system32\igfxres.dll
2009-09-09 19:46 <DIR> --d----- C:\c34ff76f602bc01e1e410d8e
2009-09-09 19:42 8,704 a------- c:\windows\system32\hcrstco.dll
2009-09-09 15:54 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-09-09 09:15 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-09 09:14 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-04 12:17 <DIR> --d----- c:\program files\common files\Uninstall
2009-09-02 22:57 1,686,528 a------- c:\windows\system32\gameux.dll
2009-09-02 22:56 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 22:56 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 11:05 2,048 a------- c:\windows\system32\tzres.dll
2009-08-16 12:28 97,800 a------- c:\windows\system32\infocardapi.dll
2009-08-16 12:28 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-16 12:28 622,080 a------- c:\windows\system32\icardagt.exe
2009-08-16 12:28 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-08-16 12:28 11,264 a------- c:\windows\system32\icardres.dll
2009-08-16 12:28 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-08-16 12:28 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-08-16 12:28 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-08-16 12:22 32,768 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-08-16 12:22 16,384 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-08-16 12:22 33,538,048 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-08-16 12:01 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-16 12:00 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-16 12:00 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-16 11:59 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-16 11:59 83,968 a------- c:\windows\system32\mscories.dll
2009-08-14 21:43 494,592 a------- c:\windows\system32\kerberos.dll
2009-08-14 21:43 216,576 a------- c:\windows\system32\msv1_0.dll
2009-08-14 21:43 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-14 21:43 1,233,920 a------- c:\windows\system32\lsasrv.dll
2009-08-14 21:43 408,136 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 21:43 272,384 a------- c:\windows\system32\schannel.dll
2009-08-14 21:43 72,704 a------- c:\windows\system32\secur32.dll
2009-08-14 21:43 7,680 a------- c:\windows\system32\lsass.exe
2009-08-13 12:12 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-13 12:12 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-13 12:12 <DIR> --d----- c:\program files\iPod
2009-08-13 12:11 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-13 12:11 <DIR> --d----- c:\program files\iTunes
2009-08-13 12:11 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-13 11:54 <DIR> --d----- c:\program files\Bonjour
2009-08-13 00:02 71,680 a------- c:\windows\system32\atl.dll
2009-08-13 00:02 156,160 a------- c:\windows\system32\wkssvc.dll

==================== Find3M ====================

2009-09-10 07:14 86,016 a------- c:\windows\inf\infpub.dat
2009-09-10 07:14 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-10 07:14 143,360 a------- c:\windows\inf\infstor.dat
2009-09-10 07:13 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-09 09:32 174 a--sh--- c:\program files\desktop.ini
2009-09-09 08:59 101,376 a------- c:\windows\system32\ifxcardm.dll
2009-09-09 08:59 79,872 a------- c:\windows\system32\axaltocm.dll
2009-08-29 04:40 449,024 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 04:40 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 04:40 2,143,744 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 04:40 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 00:15 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-08-14 18:16 213,592 a------- c:\windows\system32\drivers\netio.sys
2009-08-14 17:42 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-08-14 17:40 103,936 a------- c:\windows\system32\netiohlp.dll
2009-08-14 17:40 15,360 a------- c:\windows\system32\netevent.dll
2009-08-14 15:25 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:25 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 15:25 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 15:25 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:25 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 15:25 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 15:25 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 15:24 813,568 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:23 22,016 a------- c:\windows\system32\netiougc.exe
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-14 14:02 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 14:01 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 14:00 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 12:11 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-07-11 20:32 502,272 a------- c:\windows\system32\wlansvc.dll
2009-07-11 20:32 297,984 a------- c:\windows\system32\wlansec.dll
2009-07-11 20:32 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 20:32 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-07-11 20:32 47,104 a------- c:\windows\system32\wlanapi.dll
2009-07-11 20:26 123,904 a------- c:\windows\system32\L2SecHC.dll
2009-06-30 15:36 18,696 a------- c:\windows\help\oem\scripts\HC_BatteryReplaceNew.exe
2009-06-30 15:10 18,696 a------- c:\windows\help\oem\scripts\HC_BatteryNoTravel.exe
2009-06-30 15:03 18,696 a------- c:\windows\help\oem\scripts\HC_BatteryAccessories.exe
2009-06-30 12:44 18,184 a------- c:\windows\help\oem\scripts\HC_BatteryWeakNew.exe
2009-06-26 18:36 18,184 a------- c:\windows\help\oem\scripts\HC_BatteryUpgrade.exe
2009-06-15 16:29 156,160 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:23 24,064 a------- c:\windows\system32\lpk.dll
2009-06-15 16:22 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:21 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 16:20 34,304 a------- c:\windows\system32\atmlib.dll
2009-06-15 14:03 289,792 a------- c:\windows\system32\atmfd.dll
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-07 14:14 16,384 a--sh--- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat

============= FINISH: 9:58:19.09 ===============

OS is windows Vista basic

Cheers

Windy

A: UACekodrtvvim.dll

hi.

Welcome to TSF once again.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe

-------------------------------------------------------------------------
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

-----------------------------------------------------------------------
I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

----------------------------------------------------------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


* You must rename it before saving it. Rename it from Combofix.exe to Combo-fix.exe . Save it to your desktop.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

Please include the C:\ComboFix.txt in your next reply for further review


Mark

13 more replies