this sttupid program on my PC has appeared called Information Update and the process is UI.exe after some google searching i determined that it is some kind of malware, probably a trojan i have stopped the process, removed the program folder it was in, and unchecked it in regedit. is there anything else i should do? the stupid thing is that i just scanned my system with ad-aware se pro, spybot s&d and bitdefender 9 pro plus like two days ago on the latest updates apperantly none of them found it the only reason i knew about it is that bitdefender kept popping up saying it wanted to access the internet so it did see it and allow me to block its internet access it just didnt recognize it as a virus or whatever (nor did ad-ware ans spybot, as already noted) is there anything else i should do to eradicate this stupid thing or is what i have done sufficient (i doubt it as malware is usually sneakier then that) thanx

are there other files associated with this SOB?? i just searched my machine for 'iu' and it found a whole bunch of stuff with iu in the name is the windows service pack files, ad-aware porgram folder, vb 6.0 folder, Windows folders (windows/inf, windows/prefetch, windows/system32, and more), some things located in 'com/ms/ui' and 'com/ms/com' and 'com/ms/directx' is this thing really rooted into my system that deep or am i just being paranoid about files with iu in the name?? any removal tips beyond what i have already done VERY MUCH APPRECIATED!! thanx!

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed. Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

so, what exactly does HJT do? does it scan and log EVERYTHING it sees or does it only scan for known malware or what?? just wondering... what i dont understand is why this stupid thing would have slipped past BitDefender 9 Pro Plus (as being seen as virus) AND Ad-Aware SE AND Spybot all on latest definitions!! i am kinda paranoid about malware viruses etc because i once lost everything to a virus including important docs and stuff so yeah now im kinda paranoid about it. anyway, the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 2:22:29 PM, on 2/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe C:\WINDOWS\Explorer.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.exe C:\WINDOWS\system32\CTHELPER.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\progra~1\softwin\bitdef~1\bdnagent.exe C:\progra~1\softwin\bitdef~1\bdswitch.exe C:\progra~1\softwin\bitdef~1\bdmcon.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.exe C:\Program Files\Mindbeat\MPower\MPower.exe C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe C:\PROGRA~1\MOZILL~1\FIREFOX.exe C:\Documents and Settings\Brendan J. LeBaige\Desktop\Misc Files\Security and Internet\HJT\HijackThis.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: gPhotoShow Toolbar Helper - {F26BB70E-AC8A-4232-A71B-FE64AC45F763} - C:\Program Files\gPhotoShow Toolbar\v2.0.0.0\gPhotoShow_Toolbar.dll O3 - Toolbar: gPhotoShow Toolbar - {D0E449ED-EE93-4833-8A0A-40DE0E477507} - C:\Program Files\gPhotoShow Toolbar\v2.0.0.0\gPhotoShow_Toolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe" O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.exe O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [MPower] "C:\Program Files\Mindbeat\MPower\MPower.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) i hope you guys know what is what because i have alot of programs installed on this machine including some ya'll may or may not have heard of or be familiar with okay, so what should be 'fixed' or what action taken? or is this thing already gone from deleting the program file, terminating the process, and unchecking it in msconfig?? thanx all!

The only questionable item I see is: O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray which is p2p networking that allows a shared folder that becomes a portal for malware becuase it is not scanned by your antivirus as all the other p2p programs do. And you have msconfig running in "selective startup" as this item indicates, O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto which needs to be changed to "normal startup" to effectively diagnose the computer with HT as those unchecked items will not show up in the Hijack This log. The virus iu.exe is usually a "stand alone" but sometimes is found on computers infected with smitrem, not in you case as far as I can see.

so i should be okay?

As far as I can see. Would be best to set msconfig to normal startup and post a new HT log.