Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uacinit.dll [Moved]


  • Please log in to reply
17 replies to this topic

#1 fetus989

fetus989

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 29 June 2009 - 10:11 PM

Hi. My computer is infected with uacinit.dll
I have spent the last 3 hours at least looking up ways to get rid of it.
I downloaded and installed Combofix and SUPERantispyware and neither of them were able to run.
Combofix just wouldn't open, after disabling AVG. SAS keeps telling "SAS has encountered a problem and needs to close. We are sorry for the inconvenience.".

I scanned with Malwarebyte's Anti-Malware and it deleted the virus, but it came back on reboot (which is what it told me to do)
Any help would be greatly appreciated and fellatio is offered as reward.
Please and thank you. :D

EDIT: Here is my Malwarebyte's log


Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

6/29/2009 9:22:30 PM
mbam-log-2009-06-26 (21-22-30).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 231317
Time elapsed: 31 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

Edited by fetus989, 29 June 2009 - 10:19 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:37 AM

Posted 29 June 2009 - 10:50 PM

As the log posted above is an MBAM log, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST OTHER LOGS<== unless a log is specifically requested.

I downloaded and installed Combofix . . . and [it wasn't] able to run.


That is just as well. Please note that ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.


From: http://www.bleepingcomputer.com/forums/ind...t&p=1159014

That said, please describe the issues you are experiencing with your computer. Obviously, you are having difficulty running at least some kinds of security programs. Are you experiencing redirections, pop- ups, other issues? Please be as specific as possible. Also, in case you post links, please do not post live links. Change the "http" to "hxxp"

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 29 June 2009 - 11:08 PM

Please download RootRepeal Rootkit Detector and save it to your Desktop.

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.
* Create a new folder on your hard drive called RootRepeal (C:\RootRepeal) and extract (unzip) RootRepeal.zip. (click here if you're not sure how to do this. Vista users refer to this link.)
* Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
* Click on the Files tab, then click the Scan button.
* In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
* When the scan has completed, a list of files will be generated in the RootRepeal window.
* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.
* Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "Safe Mode".
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 fetus989

fetus989
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 29 June 2009 - 11:09 PM

Sorry about posting in the wrong place, really didn't know where to put it. And sorry about posting the log :thumbsup:

And I read other posts and people experienced the same problem I was and they were told to run combofix, so I figured if I was having identical problems, I'd have an identical solution.

But I'm having redirections, specifically with Google. And a pop-up everytime I start up Firefox. Usually when I'm playing a game (WC3, Fallout 3, Oblivion) it'll randomly minimize. My computer almost always freezes when I reboot.

I've researched all over and from what I understand it is a rootkit.
I really just want to get rid of it.

Any help is appreciated.
Thanks :D

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:37 AM

Posted 29 June 2009 - 11:15 PM

Hello fetus989,

No need to apologize about posting the MBAM log. I put that note about not posting other logs in an effort to keep folks from posting other kinds of logs which would result in further delays in assistance.

Please follow Budapest's advice above.

Cheers,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 fetus989

fetus989
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 29 June 2009 - 11:27 PM

Yea I read his post after I posted mine.
Ran RootRepeal with no problems

Here's the log:

ROOTREPEAL AD, 2007-2009
==================================================
Scan Time: 2009/06/29 23:25
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\RootRepeal\RootRepeal.dmp
Status: Visible to the Windows API, but not on disk.

Path: C:\RootRepeal\RootRepeal_crash_062909.231204.txt
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\SKYNET.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETartkltpo.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETbobrkcvn.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETmnwaqbap.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNEToiqwuynm.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACitrjrcnnlloyhyp.db
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UAChktewqomoqrrvxd.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACiplhnvtbwtxvkon.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACmvwmlpjjaelafxm.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACoeomovdhairedil.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACplyrsluasrnlmfg.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACqrjrtbpihkkyxet.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uactmp.db
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACtpjbgkyultuqtdj.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACyboxobqjwpbpcvu.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETaophcnsrvc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETaqyaioixqt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbcvoepvosp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbniqraprqs.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbpysauegbv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbraxhvbuxb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbrnccltexj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbsgingwvtw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbvmfgismay.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbvskkaqyfu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETcibbhvvcwp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETciqdcdxvnx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETciqsfngvoo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETcqhtrakoov.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETcriemqdnyy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdaqhiuccgt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdhvjwmqdwh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdludgnpdej.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdnmtluufdw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\Temporary Internet Files
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\UAC8e4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\UACc776.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\WGAErrLog.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF1031.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF1E7E.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF34B0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF64B1.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF693B.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF947E.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFAF0E.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFB95A.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFC4DA.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFDFBB.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFF3F4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFFA7E.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFFEB.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnnxrrdgiww.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnossmmcltj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnpcuymplak.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnruqqbcvyy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETntixnstikp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnxnjrjrnfo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNEToedrmsvbih.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETohbsojkgam.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETopbwgmwvke.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNEToqxlfmgpyt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETorppheviru.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpaqaiintmg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpcnemhnduk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpdolsojkup.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpinivtnxbd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETplepuqaulj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpmhqioptwn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpopcbdgqdr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETppyksufafm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETptptmswoya.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETputilhluxh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpvhqfnlnqw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpxqyfkmvjx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETqbcuvhlpgk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETqcxcndcqko.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETqhnjxsopqe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETaoisuhrqyd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdvmlfordap.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgwanbfwvrl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETkbxrjvydml.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnipstrfkks.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETqmxtsneobw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETusmrrbuflk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxljtewatpe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETibqqrpvstq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETicknttepgp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETifkchdxnbj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETiflityenyf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETiigbpsbvvu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETinnvrcrpvn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETipfyxcdiba.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETithirrqrmd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETivlrpphpyy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETiwvwlmbvto.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETixgvwhxvns.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjccriixvtt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjeoajleqfh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjgcjiumcpm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjgoeytddji.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjjekftvlcv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjkbnpkqnii.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjovdlvmlwu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjyjhqwdmpm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETuubewetqyf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETuxfvxmjria.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETuxoabcegwp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvblflsdemx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvfcimueqxt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETviwmleinmf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvjkimhhhdd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvkohpbamyj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvoufjwiwwb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvpijoblpop.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvuifsnwdob.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvvcprmaeqb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETwagppucxqe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETwciyumdsbu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETwdweemrkcr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETwkptbymxvp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETwqwgdmpbwt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETqryxwlxqgj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrhbscairpi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrhhsfnhrmk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETririrytmbw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrjfyjjaluk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrnbjjsvave.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrnptuecwki.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrnsvnylpcv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrpucioufge.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrrvevaeyim.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrtexfsdslc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETruxxnkgunb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrxrxslvldf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrxuqibbnyl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETslctakaarh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETssqpqshlfc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETtdentlkrox.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETthxjinlnsm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETtokmaqsphk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETtsvymbnbap.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETtumadtxcko.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETtydsdmloor.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETuetqstvqob.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETufhwhxrrdm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETukxkuevffo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETummpmppsma.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETuqpoxxvcjb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETkeeypppgxi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETkftyjmrlti.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETkibabwyxvn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETkjuhcdhyne.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETlbxttxufjy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETlccwovxryc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETldmsswbrne.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETlepxuhsfdw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETlkrubhapwj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETlpsncbjckm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmcbyuvwspx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmigltelggo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmiqrnsetet.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmkciabyrcc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmpetqduwme.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmrbnjfwkip.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmruyfhostd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmsngihiijo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmvrvjnjbxy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmyhpwtinip.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnbeqshyxlg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnfvornsemi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnicshgkfcq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdwqecqhdoi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETeafmvarvpu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETecberplvdt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETegynupblxs.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETelwrmueuua.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETercrprxvjd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETexbeqxjssj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETexgexlytee.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETextgvjpdkc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfcysticxkn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfdyqjnkgkq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfeihydqlbi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfhqfawrujw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfldumnniyf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfnwhfsqxom.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfxmwukwndk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgcbxvgnwoq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgckefepdhl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgnddjpeqkn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgokfqbppcl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgrycogsuxm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETakpflxncwo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETamtnibgjwa.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxmjvfjyxpp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxpddqohgup.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxqlnqqfnpv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxrsrxaxcdw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxtuwffvvvr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxwevxylbbl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxxnoisenvn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETyehykospyp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETygwubtbojo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETymbcjpeenv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETynqdciuxoq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETynxwiildsw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETyppkrvuprd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETyrflquxvtg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETyuwtrpusns.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\UACmqphoblvymulkvw.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\SKYNETkmhsnoej.sys
Status: Invisible to the Windows API!

Path: C:\Program Files\DOOM Collector's Edition\WADS\DOOM1\UAC_DEAD.WAD
Status: Invisible to the Windows API!

Path: C:\Program Files\DOOM Collector's Edition\WADS\DOOM2\UACPEN2.WAD
Status: Invisible to the Windows API!

Path: C:\Program Files\DOOM Collector's Edition\WADS\DOOM2\UAC_DEA2.WAD
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Nowell\Local Settings\Temp\UAC35a8.tmp
Status: Invisible to the Windows API!

Path: c:\documents and settings\nowell\local settings\temp\etilqs_gno91qn8qsgkouqzbvtb
Status: Allocation size mismatch (API: 32768, Raw: 0)

Edited by fetus989, 29 June 2009 - 11:39 PM.


#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 29 June 2009 - 11:33 PM

Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:

C:\WINDOWS\system32\drivers\UACmqphoblvymulkvw.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes and post the log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 fetus989

fetus989
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 29 June 2009 - 11:46 PM

Awesome. Wiped the file and rebooted, so far I'm experiencing none of the problems I listed above. And I'm scanning with Malwarebyte's now.
I'll post the log ASAP

And assuming you guys saw the porn, this is uh... my younger brothers computer. xD

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 29 June 2009 - 11:49 PM

I didn't see a thing :thumbsup:
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 fetus989

fetus989
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 29 June 2009 - 11:50 PM

Yeah.
It was pretty bad anyway xD
lol @ ancient Limewire porn.

EDIT: Damn. I'm still getting redirected.

Edited by fetus989, 29 June 2009 - 11:52 PM.


#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 29 June 2009 - 11:53 PM

Post the Malwarebytes scan when it's finished.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 fetus989

fetus989
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 30 June 2009 - 12:20 AM

:thumbsup:


Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

6/30/2009 12:19:56 AM
mbam-log-2009-06-30 (00-19-54).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 234286
Time elapsed: 32 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 30 June 2009 - 12:22 AM

Damn, the stupid thing is still there!

Run the RootRepeal scan again and post the new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 fetus989

fetus989
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 30 June 2009 - 12:35 AM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Time: 2009/06/30 00:33
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\SKYNET.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETartkltpo.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETbobrkcvn.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETmnwaqbap.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNEToiqwuynm.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETaophcnsrvc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETaqyaioixqt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbcvoepvosp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbniqraprqs.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbpysauegbv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbraxhvbuxb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbrnccltexj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbsgingwvtw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbvmfgismay.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETbvskkaqyfu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETcibbhvvcwp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETciqdcdxvnx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETciqsfngvoo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETcqhtrakoov.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETcriemqdnyy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdaqhiuccgt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdhvjwmqdwh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdludgnpdej.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdnmtluufdw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\Temporary Internet Files
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\UACc776.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\WGAErrLog.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF1031.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF1E7E.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF34B0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF64B1.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF693B.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DF947E.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFAF0E.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFB95A.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFC4DA.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFDFBB.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFF3F4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFFA7E.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\~DFFEB.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnnxrrdgiww.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnossmmcltj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnpcuymplak.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnruqqbcvyy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETntixnstikp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnxnjrjrnfo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNEToedrmsvbih.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETohbsojkgam.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETopbwgmwvke.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNEToqxlfmgpyt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETorppheviru.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpaqaiintmg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpcnemhnduk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpdolsojkup.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpinivtnxbd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETplepuqaulj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpmhqioptwn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpopcbdgqdr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETppyksufafm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETptptmswoya.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETputilhluxh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpvhqfnlnqw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETpxqyfkmvjx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETqbcuvhlpgk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETqcxcndcqko.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETqhnjxsopqe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETaoisuhrqyd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdvmlfordap.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgwanbfwvrl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETkbxrjvydml.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnipstrfkks.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETqmxtsneobw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETusmrrbuflk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxljtewatpe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETibqqrpvstq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETicknttepgp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETifkchdxnbj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETiflityenyf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETiigbpsbvvu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETinnvrcrpvn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETipfyxcdiba.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETithirrqrmd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETivlrpphpyy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETiwvwlmbvto.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETixgvwhxvns.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjccriixvtt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjeoajleqfh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjgcjiumcpm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjgoeytddji.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjjekftvlcv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjkbnpkqnii.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjovdlvmlwu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETjyjhqwdmpm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETuubewetqyf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETuxfvxmjria.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETuxoabcegwp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvblflsdemx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvfcimueqxt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETviwmleinmf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvjkimhhhdd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvkohpbamyj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvoufjwiwwb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvpijoblpop.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvuifsnwdob.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETvvcprmaeqb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETwagppucxqe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETwciyumdsbu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETwdweemrkcr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETwkptbymxvp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETwqwgdmpbwt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETqryxwlxqgj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrhbscairpi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrhhsfnhrmk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETririrytmbw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrjfyjjaluk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrnbjjsvave.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrnptuecwki.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrnsvnylpcv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrpucioufge.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrrvevaeyim.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrtexfsdslc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETruxxnkgunb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrxrxslvldf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETrxuqibbnyl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETslctakaarh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETssqpqshlfc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETtdentlkrox.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETthxjinlnsm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETtokmaqsphk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETtsvymbnbap.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETtumadtxcko.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETtydsdmloor.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETuetqstvqob.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETufhwhxrrdm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETukxkuevffo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETummpmppsma.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETuqpoxxvcjb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETkeeypppgxi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETkftyjmrlti.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETkibabwyxvn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETkjuhcdhyne.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETlbxttxufjy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETlccwovxryc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETldmsswbrne.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETlepxuhsfdw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETlkrubhapwj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETlpsncbjckm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmcbyuvwspx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmecwqptpdg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmigltelggo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmiqrnsetet.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmkciabyrcc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmpetqduwme.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmrbnjfwkip.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmruyfhostd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmsngihiijo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmvrvjnjbxy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETmyhpwtinip.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnbeqshyxlg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnfvornsemi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETnicshgkfcq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdwqecqhdoi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETeafmvarvpu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETecberplvdt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETegynupblxs.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETelwrmueuua.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETercrprxvjd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETexbeqxjssj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETexgexlytee.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETextgvjpdkc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfcysticxkn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfdyqjnkgkq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfeihydqlbi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfhqfawrujw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfldumnniyf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfnwhfsqxom.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETfxmwukwndk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgcbxvgnwoq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgckefepdhl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgnddjpeqkn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgokfqbppcl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETgrycogsuxm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETakpflxncwo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETamtnibgjwa.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxmjvfjyxpp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxpddqohgup.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxqlnqqfnpv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxrsrxaxcdw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxtuwffvvvr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxwevxylbbl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETxxnoisenvn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETyehykospyp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETygwubtbojo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETymbcjpeenv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETynqdciuxoq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETynxwiildsw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETyppkrvuprd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETyrflquxvtg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETyuwtrpusns.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\SKYNETkmhsnoej.sys
Status: Invisible to the Windows API!

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 30 June 2009 - 12:41 AM

Rerun Rootrepeal. After the scan completes, go to the files tab and find these files:

C:\WINDOWS\system32\SKYNET.dat
C:\WINDOWS\system32\SKYNETartkltpo.dll
C:\WINDOWS\system32\SKYNETbobrkcvn.dll
C:\WINDOWS\system32\drivers\SKYNETkmhsnoej.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes and post the log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users