Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malwarebytes , WINDOWS\system32\uacinit.dll, and Combofix

Started by thex707 , Aug 02 2009 03:25 AM

  • Please log in to reply

#1
thex707
Posted 02 August 2009 - 03:25 AM

thex707

    New Member

  • Member
  • Pip
  • 2 posts


Hi,

I recently come across this malware called "system security 2009". I downloaded malwarebytes as I had this type of malware but not the same type before. Though the different thing about this one was that it didn't let me load the malwarebytes software.. Then i went around the net and download a program that let me kill the system security pop ups and i renamed malwarebytes and i was able to load the program but it didn't let me scan. I installed trend micro also and it did not let me scan fully and still doesn't.. To make the long story short i was able to get rid of the malware well most of it. I was able to scan with malwarebytes and it came with two infected files , some UAC and the uacinit.dll files.. it told to me restart the computer to get rid of them but it seemed that it didn't delete it.

The problems that i still seem to have is that it takes a longer than usual to reboot

Usually it doesn't even let me boot into the desktop. It would usually stay on a black screen. I would have to manually turn it off.

It usually froze while i was on the computer..

I then used combofix and i still seem to have a longer then normal startup. It goes to the backround and it would seem not to load then, all of a sudden all the icons pop up.

here is the log for combofix to see if i still have any malware:

ComboFix 09-08-01.06 - Mom&Dad 08/02/2009 1:27.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.685 [GMT -7:00]
Running from: c:\documents and settings\Mom&Dad\Desktop\Combo-Fix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\96550306.ini
c:\program files\iMeshBar
c:\program files\iMeshBar\bar\History\search
c:\recycler\S-1-5-21-2227849616-1901146213-1468099963-500
c:\windows\Install.txt
c:\windows\Installer\6652c3.msi
c:\windows\Installer\78589.msi
c:\windows\Installer\aa0a4.msp
c:\windows\run.log
c:\windows\system32\drivers\UACaimxfuxngsckdul.sys
c:\windows\system32\UACaavdymtalnowxdqqo.log
c:\windows\system32\UACbttpixjxbofetli.dll
c:\windows\system32\UACcitufxneqyratrv.dll
c:\windows\system32\UAChbbgrfvmqqvbdmq.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACorxkvpgikswwaap.db
c:\windows\system32\UACqpprdlemrqbwvki.dll
c:\windows\system32\UACrfqjpixqaflfdqt.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACuoowvyxvbscpawj.dat
c:\windows\system32\wiawow32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_MSNCACHE
-------\Legacy_SOPIDKC


((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-02 05:06 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-08-02 05:06 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-08-02 05:06 . 2009-04-02 23:08 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-02 05:05 . 2009-08-02 05:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Trend Micro
2009-08-02 05:05 . 2009-08-02 05:36 -------- d-----w- c:\program files\Trend Micro
2009-08-02 05:03 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-08-02 05:03 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-08-02 05:03 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-08-02 05:03 . 2009-03-03 23:12 80400 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-08-02 05:03 . 2009-03-03 09:08 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2009-08-02 04:53 . 2009-08-02 04:53 -------- d-----w- c:\documents and settings\Mom&Dad\log
2009-07-11 11:55 . 2009-07-11 11:55 -------- d-----w- c:\program files\Unlocker
2009-07-11 08:49 . 2009-07-11 08:49 -------- d-----w- c:\windows\system32\scripting
2009-07-11 08:49 . 2009-07-11 08:49 -------- d-----w- c:\windows\l2schemas
2009-07-11 08:49 . 2009-07-11 08:49 -------- d-----w- c:\windows\system32\en
2009-07-08 16:08 . 2009-07-08 16:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-08 16:08 . 2009-07-08 16:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-08 15:24 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-08 15:24 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-08 15:22 . 2009-07-08 15:22 -------- d-----w- c:\windows\system32\LogFiles
2009-07-08 13:18 . 2009-07-08 13:18 -------- d-----w- c:\windows\system32\Service
2009-07-08 08:50 . 2009-07-08 08:50 -------- d-----w- c:\program files\AVG
2009-07-08 07:11 . 2009-07-08 09:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\96550306
2009-07-08 07:11 . 2009-07-08 08:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\16540314
2009-07-05 12:12 . 2009-07-05 12:12 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 05:02 . 2009-07-09 05:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-19 04:36 . 2008-03-26 16:39 -------- d-----w- c:\program files\LIVEUPDATE
2009-07-11 08:57 . 2003-08-12 02:15 93087 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-11 08:25 . 2009-07-08 16:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-11 08:25 . 2004-02-09 18:19 -------- d-----w- c:\program files\Java
2009-07-11 08:25 . 2008-10-10 03:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-07-11 08:25 . 2009-07-11 08:25 152576 ----a-w- c:\documents and settings\Mom&Dad\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-09 06:02 . 2009-07-09 06:02 -------- d-----w- c:\program files\CCleaner
2009-07-09 03:56 . 2009-07-09 03:56 -------- d-----w- c:\documents and settings\Mom&Dad\Application Data\Malwarebytes
2009-07-09 03:52 . 2009-07-09 03:31 -------- d-----w- c:\program files\Shoot
2009-07-09 03:23 . 2004-02-09 19:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-09 03:17 . 2007-03-10 22:29 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-09 03:13 . 2005-04-26 22:12 -------- d-----w- c:\program files\Zone.com Deluxe Games
2009-07-08 11:22 . 2009-05-13 13:19 -------- d-----w- c:\program files\Lavasoft
2009-06-17 18:27 . 2009-07-09 03:31 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 18:27 . 2009-07-09 03:31 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2003-07-31 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-07-31 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 04:28 . 2009-06-09 04:27 -------- d-----w- c:\program files\iTunes
2009-06-09 04:28 . 2009-06-09 04:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-09 04:27 . 2009-06-09 04:27 -------- d-----w- c:\program files\iPod
2009-06-09 04:27 . 2008-10-10 03:06 -------- d-----w- c:\program files\Common Files\Apple
2009-06-09 04:25 . 2009-06-09 04:25 -------- d-----w- c:\program files\QuickTime
2009-06-05 22:29 . 2009-06-05 22:29 -------- d-----w- c:\documents and settings\Mom&Dad\Application Data\ImgBurn
2009-06-05 22:21 . 2009-06-05 22:19 -------- d-----w- c:\program files\ImgBurn
2009-06-04 22:52 . 2009-04-20 06:52 -------- d-----w- c:\program files\Project64 1.6
2009-06-03 19:09 . 2003-11-12 11:54 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2003-07-31 04:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-24 13:26 . 2009-04-04 23:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-08-02 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1024000]
"Startup Manager Scanner"="c:\program files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-10 4730880]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-10-28 237568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-11 148888]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-08-02 497008]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [8/1/2009 10:06 PM 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [8/1/2009 10:06 PM 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/1/2009 10:03 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [8/1/2009 10:06 PM 677128]
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [8/15/2003 10:10 AM 68480]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [8/1/2009 10:03 PM 335376]
S3 HPUsbPVR;HP USB TV Tuner and Personal Video Recorder Device;c:\windows\system32\drivers\HPUsbPVR.sys [11/12/2003 8:17 AM 136960]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0926F62B-6B28-4FFC-B603-09ABD9FB721D} - (no file)
BHO-{67E0827C-2CE6-4416-A9CA-F87112090D4C} - (no file)
BHO-{a4889644-daba-4481-92be-73b378e32ec7} - (no file)
ShellIconOverlayIdentifiers-{2D7E38A6-A604-45AE-9A87-4F5F25760650} - (no file)
HKCU-Run-RecordNow! - (no file)
Notify-ddccd - (no file)
Notify-ddccy - (no file)
Notify-gebcc - (no file)
Notify-pmkjj - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\docume~1\Mom&Dad\APPLIC~1\Mozilla\Firefox\Profiles\4992erdy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - plugin: c:\documents and settings\Mom&Dad\Application Data\Mozilla\Firefox\Profiles\4992erdy.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000005.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 01:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-864174813-862989696-1741061995-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehsched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\wdfmgr.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-08-02 1:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 08:49

Pre-Run: 51,768,442,880 bytes free
Post-Run: 52,137,820,160 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
265 --- E O F --- 2009-07-15 23:11


also here is malware bytes log if needed:

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

8/1/2009 11:45:29 PM
mbam-log-2009-08-01 (23-45-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 162374
Time elapsed: 28 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.


thanks in advanced!!

Edited by thex707, 02 August 2009 - 03:29 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP