After Searching UAC.sys In My Browser. This Person Said To Download ComboFix,So I Did And Had NO Problems With Getting Rid Of The Nasty Malware. The Google Installer Pop Up Has Stopped Coming Up & The Problem With A Driver Is Fixed.
Here Is My Log After Using ComboFix- Thank You Whoever Helped Me.
ComboFix 09-08-31.04 - jeff 09/01/2009 14:23.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2813.1951 [GMT -4:00]
Running from: c:\users\jeff\Contacts\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3842084670-3972306024-4010053558-500
c:\programdata\Microsoft\Windows\Start Menu\PAV
c:\programdata\Microsoft\Windows\Start Menu\PAV\Uninstall.lnk
c:\users\jeff\AppData\Roaming\.#
c:\users\jeff\AppData\Roaming\inst.exe
c:\windows\system32\drivers\snetcfg.exe
c:\windows\system32\drivers\UACtvrtitrbcb.sys
c:\windows\system32\ndisapi.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjbobwrrpsn.dll
c:\windows\system32\UACmoiifwbnlc.dat
c:\windows\system32\UACpqplsuxmlf.dll
c:\windows\system32\UACydtqqelviv.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ESQULserv.sys
-------\Service_UACd.sys
-------\Legacy_ESQULserv.sys
-------\Legacy_UACd.sys
-------\Service_NDISRD
((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.
2009-08-31 18:33 . 2009-08-31 18:33 -------- d-----w- c:\users\jeff\AppData\Local\ESET
2009-08-31 17:25 . 2009-08-31 17:25 -------- d-----w- c:\windows\system32\EventProviders
2009-08-30 23:51 . 2009-08-30 23:51 -------- d-----w- c:\program files\ESET
2009-08-30 23:45 . 2009-08-30 23:45 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-30 14:18 . 2009-08-30 14:18 -------- d-----w- c:\users\jeff\Option
2009-08-30 05:41 . 2009-08-30 05:41 -------- d-----w- c:\program files\PersonalAV
2009-08-28 21:44 . 2009-08-29 23:58 -------- d-----w- c:\users\jeff\AppData\Local\MediaMonkey
2009-08-28 21:44 . 2009-08-29 23:58 -------- d-----w- c:\program files\MediaMonkey
2009-08-27 07:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 13:07 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 13:07 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-16 15:49 . 2009-08-16 15:49 -------- d-----w- c:\users\jeff\AppData\Local\WeatherBug
2009-08-16 15:48 . 2009-08-16 15:48 -------- d-----w- c:\users\jeff\AppData\Roaming\WeatherBug
2009-08-16 15:48 . 2009-08-16 15:48 -------- d-----w- c:\users\jeff\AppData\Roaming\blinkx
2009-08-16 15:48 . 2009-08-16 15:50 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-15 22:06 . 2009-08-15 22:06 -------- d-----w- c:\programdata\Zylom
2009-08-12 17:52 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 17:52 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 17:52 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 17:52 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 17:52 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 17:52 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 17:51 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 17:30 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-12 17:29 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-12 17:29 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-12 17:29 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-12 17:29 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-12 17:29 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-12 17:29 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-12 17:29 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-12 17:28 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 12:39 . 2009-07-29 19:01 -------- d-----w- c:\users\jeff\AppData\Roaming\Vso
2009-09-01 12:22 . 2009-02-07 20:20 680 ----a-w- c:\users\jeff\AppData\Local\d3d9caps.dat
2009-08-31 17:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-08-31 17:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-31 17:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-08-31 17:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-08-31 17:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-08-31 17:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-31 17:34 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-30 23:43 . 2009-07-26 23:42 -------- d-----w- c:\program files\Common Files\Softwin
2009-08-30 23:42 . 2009-07-27 00:14 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-30 23:20 . 2009-02-06 20:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-30 23:20 . 2008-12-04 12:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-30 23:18 . 2009-02-06 20:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-30 18:25 . 2009-02-07 06:42 -------- d-----w- c:\program files\BitComet
2009-08-16 15:48 . 2009-07-13 22:51 -------- d-----w- c:\program files\Yahoo!
2009-08-07 03:02 . 2009-02-14 23:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 20:07 . 2009-07-29 20:07 -------- d-----w- c:\programdata\vsosdk
2009-07-29 19:01 . 2009-07-29 19:01 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-29 19:01 . 2009-07-29 19:01 47360 ----a-w- c:\users\jeff\AppData\Roaming\pcouffin.sys
2009-07-29 19:01 . 2009-07-29 19:01 47360 ----a-w- c:\users\jeff\AppData\Roaming\pcouffin.sys
2009-07-29 19:01 . 2009-07-29 19:01 -------- d-----w- c:\program files\VSO
2009-07-26 23:29 . 2009-05-22 20:45 -------- d-----w- c:\programdata\avg8
2009-07-25 19:57 . 2008-12-04 12:53 -------- d-----w- c:\programdata\McAfee
2009-07-25 19:52 . 2009-07-25 19:49 -------- d-----w- c:\users\jeff\AppData\Roaming\FairStars Audio Converter
2009-07-25 00:54 . 2009-06-15 18:32 -------- d-----w- c:\programdata\WildTangent
2009-07-23 17:42 . 2009-05-08 01:11 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-22 17:13 . 2009-04-19 23:29 -------- d-----w- c:\program files\Java
2009-07-21 21:52 . 2009-07-29 14:24 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 14:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 14:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 14:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 19:03 . 2009-05-08 01:12 -------- d-----w- c:\users\jeff\AppData\Roaming\AVS4YOU
2009-07-19 05:54 . 2009-07-13 22:51 -------- d-----w- c:\programdata\Yahoo!
2009-07-18 20:40 . 2009-07-18 20:40 -------- d-----w- c:\users\jeff\AppData\Roaming\PlayFirst
2009-07-18 20:40 . 2009-07-18 20:40 -------- d-----w- c:\programdata\PlayFirst
2009-07-13 22:53 . 2009-07-13 22:53 -------- d-----w- c:\users\jeff\AppData\Roaming\Yahoo!
2009-06-15 15:24 . 2009-07-14 22:06 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-14 22:06 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-14 22:06 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-14 22:06 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-09 11:06 . 2009-06-09 11:06 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb284F.tmp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Google Update"="c:\users\jeff\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-16 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-23 846344]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-06-25 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{93986BAE-5214-46DC-B318-141D2814B512}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F5E6067-EC42-4CF3-8A31-2D153A4B80E5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D64DAAC3-3615-46D7-9676-E10679B9500C}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{0DDE240D-FD2A-4050-AB17-AF76C247A3BE}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{5A6A4999-D213-474E-9218-2C40DB4A4009}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{259F1611-C159-42C3-AFAF-5539853B7035}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{5533EFBD-587E-4F6D-8CB1-9F6108E273C2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CFE4FE28-3EC5-4FA2-A6E5-C916CD1B584C}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"TCP Query User{92F4DB27-FAAD-4D01-8F0C-DC6230DBA032}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{7A777C56-3BC7-4B49-951D-6E4CF57C7F60}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{16A4EF65-BDDD-40E5-BFF7-5B261B66D543}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{291E93E7-C757-44F2-B177-AD6326BF859C}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"TCP Query User{BA7DC9ED-9A54-4616-A0A7-3BCE496C1190}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{A42067FA-E048-4256-847A-6B2CEDE7EE96}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{26228A52-2DE7-4C11-A2EB-6EC4B136C285}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9BAD013F-E724-406A-8D2E-3C175E486840}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 5:11 PM 16384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [5/14/2009 3:49 PM 93312]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [12/17/2008 2:05 PM 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/26/2008 1:36 AM 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/26/2008 1:36 AM 131072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842084670-3972306024-4010053558-1000Core.job
- c:\users\jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 00:44]
2009-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842084670-3972306024-4010053558-1000UA.job
- c:\users\jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 00:44]
2009-09-01 c:\windows\Tasks\User_Feed_Synchronization-{A57BF8E2-40D6-4518-A0F0-65DB2757A6AD}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
TCP: {D00B9979-42B9-4910-94EB-250C116767D1} = 208.67.220.220,208.67.222.222
TCP: {D05A26F8-7E62-46CA-918F-0502981C0364} = 208.67.220.220,208.67.222.222
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 14:34
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\jeff\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-09-01 14:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-01 18:41
Pre-Run: 30,810,488,832 bytes free
Post-Run: 30,481,629,184 bytes free
222 --- E O F --- 2009-08-31 17:31