Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cant install removal and protection programs, heavily infected? HELP !!!!


  • Please log in to reply
3 replies to this topic

#1 latherly

latherly

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 25 June 2009 - 12:15 AM

Hi My name is ALYSSA,
OK IVE TRIED EVERYTHING :flowers: :trumpet:
im at my wits end.
this is what is going on with my computer.

ITS WINDOWSXP SP3
DELL DIMENSION DE051


-FIREFOX (LATEST VERSION) CRASHES UNEXPECTEDLY ALLLLLL THE TIME, RANDOMLY.
-I had issues installing Malwarebytes Anti-Malware, I renamed the files and Installed it, I checked: check for updates
and launch program....NOTHING HAPPEND....
-I tried to download HIJACKTHIS so I could post a log and remove the viruses/malware and it wouldnt run install.
-I have NORTON360. It found :
-->PACKED.GENERAL.200 or something like that...AND FAILED TO REMOVE, QUARENTINE (ECT.)
buut i dont think this is the only problem, i think my computer is infected way more.
-When I use firefox && I search a website and click on a link (ON GOOGLE) takes me to an advertising site..SO
I have to goto the CACHE version when web browsing.
-The Computer has startup issues and when I turn it on I have to goto BOOTMENU and click option 2-for it to even work

I AM DESPERATE !!
please help me !!!!!!!!!!!!!!!

thanks a ton :thumbsup:

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:23 PM

Posted 25 June 2009 - 10:44 AM

Hi Alyssa let's see if we can get in like this.

Next Please install RootRepeal

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.
Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services


Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 latherly

latherly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 25 June 2009 - 12:19 PM

Okay here is the report you requested.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Time: 2009/06/25 12:57
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xED076000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B40000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7C84000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEBA41000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF74FE000 Size: 323584 File Visible: No Signed: -
Status: -

Name: UACaiwynmtoawqeoyybe.sys
Image Path: C:\WINDOWS\system32\drivers\UACaiwynmtoawqeoyybe.sys
Address: 0xED46C000 Size: 77824 File Visible: - Signed: -
Status: Hidden from Windows API!

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\UACcdiphndlvxayrklwm.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACepypotkyrpkxcaksl.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACfvrdtupadddcmpvea.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACjcagrseywmhyiyhwu.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACtvvyjrdvmfdnjumot.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACvrpblgrddxdbtsmir.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACyitmnegexebnnskmd.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC40b4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC4111.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC6dc3.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACf156.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\UACaiwynmtoawqeoyybe.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\alyssa\local settings\temp\etilqs_hacy7pcjg2zxkt2bgcq5
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Lyssa\Local Settings\Temp\UAC3e7f.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Mom\Local Settings\Temp\nsw853.tmp\uac.dll
Status: Invisible to the Windows API!

Path: c:\documents and settings\alyssa\local settings\application data\mozilla\firefox\profiles\tv5i8v68.default\urlclassifier3.sqlite
Status: Allocation size mismatch (API: 14700544, Raw: 14979072)

Path: C:\Documents and Settings\Lyssa\My Documents\My Pictures\-O09;;\phOtObuckett\New Folder (3)\New Folder (2)\New Folder (3)\Snoop Dogg- Pharell- Usher- Destinys Child- Ciara- Mario- Ashanti- N.O.R.E.- Pitbull- lloyd banks- akon- ll cool j- T.I- Outkast- Nelly- Diplomat-You Hot (Unreleased).mp3
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: winlogon.exe (PID: 1368) Address: 0x00650000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: winlogon.exe (PID: 1368) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: services.exe (PID: 1416) Address: 0x00710000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: services.exe (PID: 1416) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: lsass.exe (PID: 1428) Address: 0x00720000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: lsass.exe (PID: 1428) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: svchost.exe (PID: 1640) Address: 0x006f0000 Size: 49152

Object: Hidden Module [Name: UAC4111.tmphndlvxayrklwm.dll]
Process: svchost.exe (PID: 1640) Address: 0x009f0000 Size: 200704

Object: Hidden Module [Name: UACfvrdtupadddcmpvea.dll]
Process: svchost.exe (PID: 1640) Address: 0x00ae0000 Size: 69632

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: svchost.exe (PID: 1640) Address: 0x00c80000 Size: 45056

Object: Hidden Module [Name: UAC40b4.tmphndlvxayrklwm.dll]
Process: svchost.exe (PID: 1640) Address: 0x026b0000 Size: 200704

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: svchost.exe (PID: 1640) Address: 0x02830000 Size: 49152

Object: Hidden Module [Name: UACjcagrseywmhyiyhwu.dll]
Process: svchost.exe (PID: 1640) Address: 0x028d0000 Size: 53248

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: svchost.exe (PID: 1640) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: svchost.exe (PID: 1792) Address: 0x006f0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: svchost.exe (PID: 1792) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: MsMpEng.exe (PID: 1944) Address: 0x008d0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: MsMpEng.exe (PID: 1944) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: svchost.exe (PID: 1988) Address: 0x006f0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: svchost.exe (PID: 1988) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: svchost.exe (PID: 2036) Address: 0x006f0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: svchost.exe (PID: 2036) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: svchost.exe (PID: 212) Address: 0x006f0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: svchost.exe (PID: 212) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: LEXBCES.EXE (PID: 652) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: LEXBCES.EXE (PID: 652) Address: 0x00980000 Size: 49152

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: spoolsv.exe (PID: 692) Address: 0x00980000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: spoolsv.exe (PID: 692) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: LEXPPS.EXE (PID: 700) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: LEXPPS.EXE (PID: 700) Address: 0x009b0000 Size: 49152

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: svchost.exe (PID: 996) Address: 0x006f0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: svchost.exe (PID: 996) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: AppleMobileDeviceService.exe (PID: 252) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: AppleMobileDeviceService.exe (PID: 252) Address: 0x006e0000 Size: 49152

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: mDNSResponder.exe (PID: 276) Address: 0x00720000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: mDNSResponder.exe (PID: 276) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: CTsvcCDA.EXE (PID: 316) Address: 0x006b0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: CTsvcCDA.EXE (PID: 316) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: MDM.EXE (PID: 424) Address: 0x009b0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: MDM.EXE (PID: 424) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: ccSvcHst.exe (PID: 620) Address: 0x00620000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: ccSvcHst.exe (PID: 620) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: FWService.exe (PID: 1240) Address: 0x00700000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: FWService.exe (PID: 1240) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: HPZipm12.exe (PID: 352) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: HPZipm12.exe (PID: 352) Address: 0x006c0000 Size: 49152

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: PSIService.exe (PID: 756) Address: 0x008c0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: PSIService.exe (PID: 756) Address: 0x007f0000 Size: 45056

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: svchost.exe (PID: 2928) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: svchost.exe (PID: 2928) Address: 0x006f0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: TFService.exe (PID: 3136) Address: 0x008f0000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: TFService.exe (PID: 3136) Address: 0x009b0000 Size: 49152

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: Tmntsrv.exe (PID: 3260) Address: 0x009b0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: Tmntsrv.exe (PID: 3260) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: TmPfw.exe (PID: 1392) Address: 0x00a10000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: TmPfw.exe (PID: 1392) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: ccSvcHst.exe (PID: 4060) Address: 0x008a0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: ccSvcHst.exe (PID: 4060) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: alg.exe (PID: 2976) Address: 0x00700000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: alg.exe (PID: 2976) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: smax4pnp.exe (PID: 3400) Address: 0x00b00000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: smax4pnp.exe (PID: 3400) Address: 0x00bc0000 Size: 49152

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: issch.exe (PID: 3672) Address: 0x00940000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: issch.exe (PID: 3672) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: PRISMSVR.EXE (PID: 3300) Address: 0x00970000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: PRISMSVR.EXE (PID: 3300) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: hkcmd.exe (PID: 932) Address: 0x00960000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: hkcmd.exe (PID: 932) Address: 0x003a0000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: igfxpers.exe (PID: 1060) Address: 0x00940000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: igfxpers.exe (PID: 1060) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: jusched.exe (PID: 2612) Address: 0x00bc0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: jusched.exe (PID: 2612) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: iTunesHelper.exe (PID: 1216) Address: 0x00bb0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: iTunesHelper.exe (PID: 1216) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: TFTray.exe (PID: 2852) Address: 0x003f0000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: TFTray.exe (PID: 2852) Address: 0x00be0000 Size: 49152

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: TMAS_OEMon.exe (PID: 2912) Address: 0x009a0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: TMAS_OEMon.exe (PID: 2912) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: ctfmon.exe (PID: 3160) Address: 0x00990000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: ctfmon.exe (PID: 3160) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: mpbtn.exe (PID: 3384) Address: 0x009b0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: mpbtn.exe (PID: 3384) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: iPodService.exe (PID: 3012) Address: 0x00740000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: iPodService.exe (PID: 3012) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: rundll32.exe (PID: 5324) Address: 0x00800000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: rundll32.exe (PID: 5324) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: explorer.exe (PID: 4904) Address: 0x00c10000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: explorer.exe (PID: 4904) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: rundll32.exe (PID: 3692) Address: 0x00a80000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: rundll32.exe (PID: 3692) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: ASR.exe (PID: 1516) Address: 0x00f00000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: ASR.exe (PID: 1516) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: notepad.exe (PID: 1696) Address: 0x00980000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: notepad.exe (PID: 1696) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACyitmnegexebnnskmd.dll]
Process: RootRepeal.exe (PID: 3328) Address: 0x00af0000 Size: 49152

Object: Hidden Module [Name: UACvrpblgrddxdbtsmir.dll]
Process: RootRepeal.exe (PID: 3328) Address: 0x10000000 Size: 45056

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACaiwynmtoawqeoyybe.sys

==EOF==

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:23 PM

Posted 25 June 2009 - 02:34 PM

You're doing well Alyssa!!

Now the next step...

Rerun Rootrepeal. After the scan completes, go to the files tab and find these files:

C:\WINDOWS\system32\UACcdiphndlvxayrklwm.dll
C:\WINDOWS\system32\UACepypotkyrpkxcaksl.log
C:\WINDOWS\system32\UACfvrdtupadddcmpvea.dll
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\system32\UACjcagrseywmhyiyhwu.dll
C:\WINDOWS\system32\UACtvvyjrdvmfdnjumot.dat
C:\WINDOWS\system32\UACvrpblgrddxdbtsmir.dll
C:\WINDOWS\system32\UACyitmnegexebnnskmd.dll
C:\WINDOWS\Temp\UAC40b4.tmp
C:\WINDOWS\Temp\UAC4111.tmp
C:\WINDOWS\Temp\UAC6dc3.tmp
C:\WINDOWS\Temp\UACf156.tmp
C:\WINDOWS\system32\drivers\UACaiwynmtoawqeoyybe.sys
C:\Documents and Settings\Lyssa\Local Settings\Temp\UAC3e7f.tmp
C:\Documents and Settings\Mom\Local Settings\Temp\nsw853.tmp\uac.dll

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.



Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users