fwiw I think I have this resolved. What a pain in the tail. For others heres what i did. Note: I was limited on what i could run with windows 2003
1. gmer full scan
--disabled (not delete) uacinit service after it was found.
--deleted the tmp dlls with various uacinit names
4. reran malware bytes. it found the uacinit.dll and corresponding reg entry. clicked delete. this was the first time it was actually able to remove them without a restart, this seemed to be the difference in all my prior attempts.
5. reran gmer and malware bytes and came up clean.
While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.
Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.
We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.
Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.
Thank you for understanding.
Orange Blossom ~ forum moderator
Edited by seanmc, 02 June 2009 - 07:12 AM.