Hi,
I recently come across this malware called "system security 2009". I downloaded malwarebytes as I had this type of malware but not the same type before. Though the different thing about this one was that it didn't let me load the malwarebytes software.. Then i went around the net and download a program that let me kill the system security pop ups and i renamed malwarebytes and i was able to load the program but it didn't let me scan. I installed trend micro also and it did not let me scan fully and still doesn't.. To make the long story short i was able to get rid of the malware well most of it. I was able to scan with malwarebytes and it came with two infected files , some UAC and the uacinit.dll files.. it told to me restart the computer to get rid of them but it seemed that it didn't delete it.
The problems that i still seem to have is that it takes a longer than usual to reboot
Usually it doesn't even let me boot into the desktop. It would usually stay on a black screen. I would have to manually turn it off.
It usually froze while i was on the computer..
I then used combofix and i still seem to have a longer then normal startup. It goes to the backround and it would seem not to load then, all of a sudden all the icons pop up.
here is the log for combofix to see if i still have any malware:
ComboFix 09-08-01.06 - Mom&Dad 08/02/2009 1:27.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.685 [GMT -7:00]
Running from: c:\documents and settings\Mom&Dad\Desktop\Combo-Fix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ALLUSE~1\APPLIC~1\96550306.ini
c:\program files\iMeshBar
c:\program files\iMeshBar\bar\History\search
c:\recycler\S-1-5-21-2227849616-1901146213-1468099963-500
c:\windows\Install.txt
c:\windows\Installer\6652c3.msi
c:\windows\Installer\78589.msi
c:\windows\Installer\aa0a4.msp
c:\windows\run.log
c:\windows\system32\drivers\UACaimxfuxngsckdul.sys
c:\windows\system32\UACaavdymtalnowxdqqo.log
c:\windows\system32\UACbttpixjxbofetli.dll
c:\windows\system32\UACcitufxneqyratrv.dll
c:\windows\system32\UAChbbgrfvmqqvbdmq.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACorxkvpgikswwaap.db
c:\windows\system32\UACqpprdlemrqbwvki.dll
c:\windows\system32\UACrfqjpixqaflfdqt.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACuoowvyxvbscpawj.dat
c:\windows\system32\wiawow32.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_MSNCACHE
-------\Legacy_SOPIDKC
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.
2009-08-02 05:06 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-08-02 05:06 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-08-02 05:06 . 2009-04-02 23:08 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-02 05:05 . 2009-08-02 05:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Trend Micro
2009-08-02 05:05 . 2009-08-02 05:36 -------- d-----w- c:\program files\Trend Micro
2009-08-02 05:03 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-08-02 05:03 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-08-02 05:03 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-08-02 05:03 . 2009-03-03 23:12 80400 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-08-02 05:03 . 2009-03-03 09:08 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2009-08-02 04:53 . 2009-08-02 04:53 -------- d-----w- c:\documents and settings\Mom&Dad\log
2009-07-11 11:55 . 2009-07-11 11:55 -------- d-----w- c:\program files\Unlocker
2009-07-11 08:49 . 2009-07-11 08:49 -------- d-----w- c:\windows\system32\scripting
2009-07-11 08:49 . 2009-07-11 08:49 -------- d-----w- c:\windows\l2schemas
2009-07-11 08:49 . 2009-07-11 08:49 -------- d-----w- c:\windows\system32\en
2009-07-08 16:08 . 2009-07-08 16:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-08 16:08 . 2009-07-08 16:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-08 15:24 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-08 15:24 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-08 15:22 . 2009-07-08 15:22 -------- d-----w- c:\windows\system32\LogFiles
2009-07-08 13:18 . 2009-07-08 13:18 -------- d-----w- c:\windows\system32\Service
2009-07-08 08:50 . 2009-07-08 08:50 -------- d-----w- c:\program files\AVG
2009-07-08 07:11 . 2009-07-08 09:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\96550306
2009-07-08 07:11 . 2009-07-08 08:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\16540314
2009-07-05 12:12 . 2009-07-05 12:12 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 05:02 . 2009-07-09 05:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-19 04:36 . 2008-03-26 16:39 -------- d-----w- c:\program files\LIVEUPDATE
2009-07-11 08:57 . 2003-08-12 02:15 93087 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-11 08:25 . 2009-07-08 16:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-11 08:25 . 2004-02-09 18:19 -------- d-----w- c:\program files\Java
2009-07-11 08:25 . 2008-10-10 03:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-07-11 08:25 . 2009-07-11 08:25 152576 ----a-w- c:\documents and settings\Mom&Dad\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-09 06:02 . 2009-07-09 06:02 -------- d-----w- c:\program files\CCleaner
2009-07-09 03:56 . 2009-07-09 03:56 -------- d-----w- c:\documents and settings\Mom&Dad\Application Data\Malwarebytes
2009-07-09 03:52 . 2009-07-09 03:31 -------- d-----w- c:\program files\Shoot
2009-07-09 03:23 . 2004-02-09 19:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-09 03:17 . 2007-03-10 22:29 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-09 03:13 . 2005-04-26 22:12 -------- d-----w- c:\program files\Zone.com Deluxe Games
2009-07-08 11:22 . 2009-05-13 13:19 -------- d-----w- c:\program files\Lavasoft
2009-06-17 18:27 . 2009-07-09 03:31 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 18:27 . 2009-07-09 03:31 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2003-07-31 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-07-31 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 04:28 . 2009-06-09 04:27 -------- d-----w- c:\program files\iTunes
2009-06-09 04:28 . 2009-06-09 04:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-09 04:27 . 2009-06-09 04:27 -------- d-----w- c:\program files\iPod
2009-06-09 04:27 . 2008-10-10 03:06 -------- d-----w- c:\program files\Common Files\Apple
2009-06-09 04:25 . 2009-06-09 04:25 -------- d-----w- c:\program files\QuickTime
2009-06-05 22:29 . 2009-06-05 22:29 -------- d-----w- c:\documents and settings\Mom&Dad\Application Data\ImgBurn
2009-06-05 22:21 . 2009-06-05 22:19 -------- d-----w- c:\program files\ImgBurn
2009-06-04 22:52 . 2009-04-20 06:52 -------- d-----w- c:\program files\Project64 1.6
2009-06-03 19:09 . 2003-11-12 11:54 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2003-07-31 04:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-24 13:26 . 2009-04-04 23:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-08-02 497008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1024000]
"Startup Manager Scanner"="c:\program files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-10 4730880]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-10-28 237568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-11 148888]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-08-02 497008]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [8/1/2009 10:06 PM 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [8/1/2009 10:06 PM 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/1/2009 10:03 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [8/1/2009 10:06 PM 677128]
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [8/15/2003 10:10 AM 68480]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [8/1/2009 10:03 PM 335376]
S3 HPUsbPVR;HP USB TV Tuner and Personal Video Recorder Device;c:\windows\system32\drivers\HPUsbPVR.sys [11/12/2003 8:17 AM 136960]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0926F62B-6B28-4FFC-B603-09ABD9FB721D} - (no file)
BHO-{67E0827C-2CE6-4416-A9CA-F87112090D4C} - (no file)
BHO-{a4889644-daba-4481-92be-73b378e32ec7} - (no file)
ShellIconOverlayIdentifiers-{2D7E38A6-A604-45AE-9A87-4F5F25760650} - (no file)
HKCU-Run-RecordNow! - (no file)
Notify-ddccd - (no file)
Notify-ddccy - (no file)
Notify-gebcc - (no file)
Notify-pmkjj - (no file)
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\docume~1\Mom&Dad\APPLIC~1\Mozilla\Firefox\Profiles\4992erdy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - plugin: c:\documents and settings\Mom&Dad\Application Data\Mozilla\Firefox\Profiles\4992erdy.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000005.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 01:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-864174813-862989696-1741061995-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehsched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\wdfmgr.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-08-02 1:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 08:49
Pre-Run: 51,768,442,880 bytes free
Post-Run: 52,137,820,160 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
265 --- E O F --- 2009-07-15 23:11
also here is malware bytes log if needed:
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3
8/1/2009 11:45:29 PM
mbam-log-2009-08-01 (23-45-23).txt
Scan type: Full Scan (C:\|)
Objects scanned: 162374
Time elapsed: 28 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
thanks in advanced!!
Edited by thex707, 02 August 2009 - 03:29 AM.