09-06-2009, 12:00 PM
|
#1 |
|
Rear Admiral Lower Half
  
Join Date: May 2000
Location: border of oc and la
Posts: 2,382
|
How can I remove uacinit.dll from my PC?
I have scanned with Malwarebytes and Avast!. Both programs found the virus, but neither are able to delete it. Anybody have a simple resource for manual removal of this thing?
is this legit? http://www.scanforfree.com/52/remove-uacinit-dll.html |
|
|
|
09-07-2009, 07:47 AM
|
#2 |
|
Chief News Editor & Master of His Domain
Join Date: Aug 2000
Location: Minnesota
Posts: 8,161
|
Xoftspy is a legit software.
__________________
lpmiller Chief News Editor Nobel Prize Nominee Reverend in the Universal Life Church Once Shot A Man For Snoring Too Loud Way Too Lazy To Change His Signature "The strength to change what I can, the inability to accept what I can't, and the incapacity to tell the difference." - Calvin and Hobbes |
|
|
|
|
09-08-2009, 10:37 AM
|
#3 |
|
Rear Admiral Lower Half
Join Date: May 2000
Location: border of oc and la
Posts: 2,382
|
can't run the link, the virus forces everything else to open up.
Read on bleeping computers to try combofix, but the warning message is kinda harsh. Anyone try combofix? not to mention i'm not sure if i can run it in regular windows... |
|
|
|
|
09-08-2009, 12:10 PM
|
#4 |
|
Rear Admiral Lower Half
Join Date: May 2000
Location: border of oc and la
Posts: 2,382
|
so i ran malwarebytes in safe mode, and got the same 3 problems... restarted to remove... and then was able to run combofix... i think i'm good now...
here's the log... I think i'm clean now.. .what do you guys think? ComboFix 09-09-07.06 - Charles 09/08/2009 10:30.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1429 [GMT -7:00] Running from: c:\documents and settings\Charles\Desktop\ccc.exe AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Charles\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat C:\osps.exe c:\program files\Windows Police Pro c:\program files\Windows Police Pro\msvcm80.dll c:\program files\Windows Police Pro\msvcp80.dll c:\program files\Windows Police Pro\msvcr80.dll c:\program files\Windows Police Pro\tmp\images\i1.gif c:\program files\Windows Police Pro\tmp\images\i2.gif c:\program files\Windows Police Pro\tmp\images\i3.gif c:\program files\Windows Police Pro\tmp\images\j1.gif c:\program files\Windows Police Pro\tmp\images\j2.gif c:\program files\Windows Police Pro\tmp\images\j3.gif c:\program files\Windows Police Pro\tmp\images\jj1.gif c:\program files\Windows Police Pro\tmp\images\jj2.gif c:\program files\Windows Police Pro\tmp\images\jj3.gif c:\program files\Windows Police Pro\tmp\images\l1.gif c:\program files\Windows Police Pro\tmp\images\l2.gif c:\program files\Windows Police Pro\tmp\images\l3.gif c:\program files\Windows Police Pro\tmp\images\pix.gif c:\program files\Windows Police Pro\tmp\images\t1.gif c:\program files\Windows Police Pro\tmp\images\t2.gif c:\program files\Windows Police Pro\tmp\images\up1.gif c:\program files\Windows Police Pro\tmp\images\up2.gif c:\program files\Windows Police Pro\tmp\images\w1.gif c:\program files\Windows Police Pro\tmp\images\w11.gif c:\program files\Windows Police Pro\tmp\images\w2.gif c:\program files\Windows Police Pro\tmp\images\w3.gif c:\program files\Windows Police Pro\tmp\images\w3.jpg c:\program files\Windows Police Pro\tmp\images\wt1.gif c:\program files\Windows Police Pro\tmp\images\wt2.gif c:\program files\Windows Police Pro\tmp\images\wt3.gif c:\program files\Windows Police Pro\tmp\wispex.html c:\recycler\S-1-5-21-4767879047-9988355272-092397258-8700 c:\recycler\S-1-5-21-4767879047-9988355272-092397258-8700\msimfo32.exe c:\windows\Installer\17bfa5a.msp c:\windows\Installer\1b6e5c9.msp c:\windows\Installer\1bfb1f7.msp c:\windows\Installer\1bfb20f.msp c:\windows\Installer\1bfb2ff.msp c:\windows\Installer\329ef.msp c:\windows\Installer\329f3.msp c:\windows\Installer\329f7.msp c:\windows\kb913800.exe c:\windows\svchasts.exe c:\windows\system32\Data c:\windows\system32\drivers\rotscxbejxjcpo.sys c:\windows\system32\drivers\UACdquhjbwawy.sys c:\windows\system32\rotscxgkvrsotx.dat c:\windows\system32\rotscxgyqahqin.dll c:\windows\system32\rotscxvrsiuypd.dll c:\windows\system32\rotscxwxyvbxhp.dat c:\windows\system32\tevuyupu.dll c:\windows\system32\tmp.reg c:\windows\system32\UACamyufmuekk.dll c:\windows\system32\UACdwcxanbuds.dll c:\windows\system32\UACilmkxvvwse.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACobtitweasp.dll c:\windows\system32\UACquwntyqjnk.dll c:\windows\system32\UACsqbcgsofdy.dat c:\windows\system32\UACvkhithybhx.dll c:\windows\system32\wscsvc32.exe C:\xvhu.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_rotscxxdkfwqvx -------\Legacy_rotscxxdkfwqvx -------\Service_UACd.sys -------\Legacy_UACd.sys -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 ))))))))))))))))))))))))))))))) . 2009-09-06 07:45 . 2009-09-06 07:45 -------- d-----w- C:\820c508e139705023044d6 2009-09-05 17:21 . 2009-09-05 17:21 -------- d-----w- C:\1b2e855ef3210dea16c044af 2009-09-05 08:30 . 2009-09-05 09:52 -------- d-----w- C:\4491befbd9931196c2e8dd3da8 2009-09-04 00:13 . 2009-09-04 00:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-31 22:02 . 2009-08-31 22:02 -------- d-----w- c:\program files\Free WMA to MP3 Converter 2009-08-26 17:19 . 2009-08-26 17:32 -------- d-----w- C:\The Dead Weather - Horehound 320Kbps [Cov+CD] [Bubanee] 2009-08-13 15:30 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-08 17:44 . 2007-01-26 16:22 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2009-09-08 17:44 . 2007-03-19 23:34 56680 ----a-w- c:\windows\system32\Rpcnet.dll 2009-09-08 17:44 . 2008-11-25 17:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-08 17:43 . 2008-03-13 15:35 -------- d-----w- c:\program files\DNA 2009-09-08 17:43 . 2008-03-13 15:35 -------- d-----w- c:\documents and settings\Charles\Application Data\DNA 2009-09-08 17:10 . 2007-01-26 16:22 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2009-09-07 18:08 . 2008-11-25 18:16 -------- d-----w- c:\documents and settings\Charles\Application Data\Azureus 2009-09-04 18:08 . 2007-08-31 18:05 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-04 16:06 . 2009-07-10 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-26 17:20 . 2009-07-20 17:56 -------- d-----w- c:\program files\SugarSync 2009-08-12 22:47 . 2007-07-12 16:03 -------- d-----w- c:\documents and settings\Charles\Application Data\BitTorrent 2009-08-12 22:47 . 2007-07-12 16:02 -------- d-----w- c:\program files\BitTorrent 2009-08-10 16:40 . 2008-02-21 16:32 -------- d-----w- c:\program files\IDrive 2009-08-06 00:08 . 2008-11-25 18:12 -------- d-----w- c:\program files\Vuze 2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 20:36 . 2009-07-10 18:31 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 20:36 . 2009-07-10 18:31 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-03 15:10 . 2009-04-09 21:56 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-31 22:51 . 2009-07-31 21:25 3532 ----a-w- C:\drmHeader.bin 2009-07-17 19:01 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 16:45 . 2007-01-19 05:52 123872 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-14 06:43 . 2005-08-16 10:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 18:31 . 2009-07-10 18:31 -------- d-----w- c:\documents and settings\Charles\Application Data\Malwarebytes 2009-07-10 18:31 . 2009-07-10 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-03 17:09 . 2005-08-16 10:18 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:36 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2005-08-16 10:18 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2005-08-16 10:18 76288 ----a-w- c:\windows\system32\telnet.exe 2008-07-08 15:08 . 2008-04-28 15:46 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-07-08 15:08 . 2008-04-28 15:46 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-07-08 15:08 . 2008-04-28 15:46 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-07-08 15:08 . 2008-04-28 15:46 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-07-08 15:08 . 2008-04-28 15:46 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2008-09-17 15:20 . 2007-01-28 21:10 88 --sh--r- c:\windows\system32\5FEBAE97DE.sys 2008-09-17 15:22 . 2007-01-28 21:10 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-07 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-07 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Su garSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Su garSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Su garSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Su garSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040] "pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-09 2828184] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856] "DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2007-07-06 53248] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "HostManager"="c:\program files\Common Files\AOL\1170357729\ee\AOLSoftware.exe" [2007-10-08 41824] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-19 98304] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208] "PDF CMYK Print EngineClient"="c:\program files\4over Inc.\PDF CMYK Print Engine\PDFCMYKPrintEngineClient.exe" [2008-04-18 315392] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-24 29744] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-21 1519616] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-03-21 73728] "MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-06-29 1355042] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-03-28 22:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\1170357729\\ee\\aolsoftware.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\utorrent\\utorrent.exe"= "c:\\Program Files\\BitTorrent_DNA\\dna.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\4over Inc\\PDF CMYK Print Engine\\PDFCMYKPrintEngineClient.exe"= "c:\\WINDOWS\\system32\\WLTRAY.EXE"= R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [2/21/2008 9:32 AM 128464] R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [9/25/2006 7:26 AM 345696] R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/25/2006 7:26 AM 923216] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/25/2006 7:26 AM 36368] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [9/25/2006 7:26 AM 566872] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/19/2008 10:17 AM 24652] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [9/25/2006 7:26 AM 280392] S2 gxxztzt;gxxztzt;c:\windows\system32\drivers\eowqhdsu.sys --> c:\windows\system32\drivers\eowqhdsu.sys [?] S2 mkinabb;mkinabb;c:\windows\system32\drivers\pktkyp.sys --> c:\windows\system32\drivers\pktkyp.sys [?] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/18/2007 10:40 PM 29744] --- Other Services/Drivers In Memory --- *NewlyCreated* - ATWPKT2 *Deregistered* - ATWPKT2 . Contents of the 'Scheduled Tasks' folder 2009-09-05 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 20:25] 2009-09-05 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 20:25] 2009-09-08 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2007-08-02 16:20] 2009-09-03 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2007-08-02 16:20] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=ySMS8qzjTGh8f9MQ4dZQwkg5IA4 IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Charles\Application Data\Mozilla\Firefox\Profiles\05ze0ipg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - AOL Search FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-08 10:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1536) c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll - - - - - - - > 'explorer.exe'(1764) c:\windows\system32\WININET.dll c:\program files\SugarSync\SugarSyncShellExt.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\docume~1\Charles\LOCALS~1\temp\clclean.0001 c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe c:\windows\system32\PDFCreatorMessages.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\rpcnet.exe c:\windows\wanmpsvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe . ************************************************************************** . Completion time: 2009-09-08 10:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-08 17:55 Pre-Run: 18,880,393,216 bytes free Post-Run: 19,506,831,360 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 368 --- E O F --- 2009-09-02 10:01 |
|
|
|
Linear Mode
