Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: RansSIRIA Ransomware Takes Advantage of the Syrian Refugee Crisis

Featured Deal: Get 92% off a Microsoft Azure Mastery Bundle Deal

uacinit.dll virus, how to remove?

Started by mchan77 , Aug 15 2009 12:01 PM

Please log in to reply

11 replies to this topic

#1 mchan77

Members
27 posts
OFFLINE

Local time:03:31 PM

Posted 15 August 2009 - 12:01 PM

Hi all,

This is the Malwarebytes log file, it says we are infected with uacinit.dll virus. Malwarebytes identifies and tries to remove, but it just comes right back. Also, Malwarebytes does not update. Thanks for you help.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/15/2009 9:57:58 AM
mbam-log-2009-08-15 (09-57-58).txt

Scan type: Quick Scan
Objects scanned: 102283
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 boopme

To Insanity and Beyond

Global Moderator
72,740 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:07:31 PM

Posted 15 August 2009 - 12:49 PM

Hello and welcome...
We Need to check for Rootkits with RootRepeal

Download RootRepeal from the following location and save it to your desktop.
- Zip Mirrors (Recommended)
- Rar Mirrors - Only if you know what a RAR is and can extract it.
Extract RootRepeal.exe from the archive.
Open on your desktop.
Click the tab.
Click the button.
Check all seven boxes:
Push Ok
Check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mchan77

Topic Starter

Members
27 posts
OFFLINE

Local time:03:31 PM

Posted 15 August 2009 - 04:58 PM

Thanks for your help, here is the report:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/15 14:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xF779A000 Size: 23552 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF73A3000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xF7304000 Size: 101888 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF79FE000 Size: 4384 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEEA79000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF75D2000 Size: 42368 File Visible: - Signed: -
Status: -

Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xF7602000 Size: 44928 File Visible: - Signed: -
Status: -

Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xF78EA000 Size: 12800 File Visible: - Signed: -
Status: -

Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xF7532000 Size: 55168 File Visible: - Signed: -
Status: -

Name: aic78xx.sys
Image Path: aic78xx.sys
Address: 0xF7502000 Size: 56960 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xF79D6000 Size: 5248 File Visible: - Signed: -
Status: -

Name: alim1541.sys
Image Path: alim1541.sys
Address: 0xF75E2000 Size: 42752 File Visible: - Signed: -
Status: -

Name: amdagp.sys
Image Path: amdagp.sys
Address: 0xF75F2000 Size: 43008 File Visible: - Signed: -
Status: -

Name: amsint.sys
Image Path: amsint.sys
Address: 0xF78F6000 Size: 12032 File Visible: - Signed: -
Status: -

Name: asc.sys
Image Path: asc.sys
Address: 0xF776A000 Size: 26496 File Visible: - Signed: -
Status: -

Name: asc3350p.sys
Image Path: asc3350p.sys
Address: 0xF77A2000 Size: 22400 File Visible: - Signed: -
Status: -

Name: asc3550.sys
Image Path: asc3550.sys
Address: 0xF78FA000 Size: 14848 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF731D000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF049000 Size: 237568 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000 Size: 225280 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF6FB9000 Size: 839680 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF083000 Size: 1916928 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF257000 Size: 507904 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7C0F000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xEE942000 Size: 329088 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF77E2000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xEEAC3000 Size: 101888 File Visible: - Signed: -
Status: -

Name: b57xp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Address: 0xF6F77000 Size: 186112 File Visible: - Signed: -
Status: -

Name: BASFND.sys
Image Path: C:\WINDOWS\system32\Drivers\BASFND.sys
Address: 0xF79F8000 Size: 5312 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A06000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF78E2000 Size: 12288 File Visible: - Signed: -
Status: -

Name: cbidf2k.sys
Image Path: cbidf2k.sys
Address: 0xF7902000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cd20xrnt.sys
Image Path: cd20xrnt.sys
Address: 0xF79E2000 Size: 7680 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF6E1A000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF70EF000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7592000 Size: 53248 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: cmdide.sys
Address: 0xF79D8000 Size: 6656 File Visible: - Signed: -
Status: -

Name: cpqarray.sys
Image Path: cpqarray.sys
Address: 0xF78E6000 Size: 14976 File Visible: - Signed: -
Status: -

Name: dac2w2k.sys
Image Path: dac2w2k.sys
Address: 0xF72D8000 Size: 179584 File Visible: - Signed: -
Status: -

Name: dac960nt.sys
Image Path: dac960nt.sys
Address: 0xF78F2000 Size: 14720 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7582000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF734D000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF79E0000 Size: 5888 File Visible: - Signed: -
Status: -

Name: dpti2o.sys
Image Path: dpti2o.sys
Address: 0xF77AA000 Size: 20192 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF711F000 Size: 61440 File Visible: - Signed: -
Status: -

Name: drvmcdb.sys
Image Path: drvmcdb.sys
Address: 0xF7292000 Size: 80704 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE902000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A3C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF79A2000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7BF0000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xEC413000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7872000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7702000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF78AA000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF72B8000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A04000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7373000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF76B2000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF78BA000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF7986000 Size: 10368 File Visible: - Signed: -
Status: -

Name: hpn.sys
Image Path: hpn.sys
Address: 0xF77BA000 Size: 25952 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEC7F7000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF7086000 Size: 8576 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: i2omp.sys
Address: 0xF777A000 Size: 18560 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF70FF000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ini910u.sys
Image Path: ini910u.sys
Address: 0xF78FE000 Size: 16000 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF79DE000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF712F000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xEEA2E000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xEEB35000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF74D2000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7892000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xF79AA000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF79D2000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xEC3E8000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xF6E76000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF727B000 Size: 92288 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF75A2000 Size: 57472 File Visible: - Signed: -
Status: -

Name: mbamswissarmy.sys
Image Path: C:\WINDOWS\system32\drivers\mbamswissarmy.sys
Address: 0xEEBA4000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A08000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF789A000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF7992000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF74E2000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: mraid35x.sys
Address: 0xF7772000 Size: 17280 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xED4AD000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xEE993000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF78D2000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7632000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7167000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF71A7000 Size: 105344 File Visible: - Signed: -
Status: -

Name: nbf.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nbf.sys
Address: 0xED732000 Size: 98176 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF71C1000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7183000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xED7D2000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6E4B000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7672000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF76E2000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xEEA9B000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF78DA000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF71EE000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7B61000 Size: 2944 File Visible: - Signed: -
Status: -

Name: omci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\omci.sys
Address: 0xF78A2000 Size: 17088 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF6E62000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF775A000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7392000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A9A000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7752000 Size: 28672 File Visible: - Signed: -
Status: -

Name: perc2.sys
Image Path: perc2.sys
Address: 0xF77B2000 Size: 27296 File Visible: - Signed: -
Status: -

Name: perc2hib.sys
Image Path: perc2hib.sys
Address: 0xF79E4000 Size: 5504 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF6E99000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6E3A000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7882000 Size: 17792 File Visible: - Signed: -
Status: -

Name: ql1080.sys
Image Path: ql1080.sys
Address: 0xF7552000 Size: 40320 File Visible: - Signed: -
Status: -

Name: ql10wnt.sys
Image Path: ql10wnt.sys
Address: 0xF7512000 Size: 33152 File Visible: - Signed: -
Status: -

Name: ql12160.sys
Image Path: ql12160.sys
Address: 0xF7572000 Size: 45312 File Visible: - Signed: -
Status: -

Name: ql1240.sys
Image Path: ql1240.sys
Address: 0xF7522000 Size: 40448 File Visible: - Signed: -
Status: -

Name: ql1280.sys
Image Path: ql1280.sys
Address: 0xF7562000 Size: 49024 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7996000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF70CF000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF70BF000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7622000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF788A000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xEEA03000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A0A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF6D6A000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF70DF000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xED6DA000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF77D2000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xEEA54000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF7335000 Size: 98304 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF79CA000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF710F000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sisagp.sys
Image Path: sisagp.sys
Address: 0xF75B2000 Size: 40960 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xF6EBD000 Size: 612352 File Visible: - Signed: -
Status: -

Name: sparrow.sys
Image Path: sparrow.sys
Address: 0xF7762000 Size: 19072 File Visible: - Signed: -
Status: -

Name: splitter.sys
Image Path: C:\WINDOWS\system32\drivers\splitter.sys
Address: 0xF7A48000 Size: 6272 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF72A6000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xED393000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A00000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: sym_hi.sys
Address: 0xF778A000 Size: 28384 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: sym_u3.sys
Address: 0xF7792000 Size: 30688 File Visible: - Signed: -
Status: -

Name: symc810.sys
Image Path: symc810.sys
Address: 0xF78EE000 Size: 16256 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: symc8xx.sys
Address: 0xF7782000 Size: 32640 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xECE0B000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xEEADC000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF787A000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7642000 Size: 40704 File Visible: - Signed: -
Status: -

Name: toside.sys
Image Path: toside.sys
Address: 0xF79DA000 Size: 4992 File Visible: - Signed: -
Status: -

Name: UACnysxhorjdubdkce.sys
Image Path: C:\WINDOWS\system32\drivers\UACnysxhorjdubdkce.sys
Address: 0xEEB48000 Size: 81920 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: ultra.sys
Image Path: ultra.sys
Address: 0xF7542000 Size: 36736 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6D0C000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF78B2000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A02000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF786A000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7692000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6F53000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7862000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF78CA000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xF75C2000 Size: 42240 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF79DC000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6FA5000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF74F2000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF76F2000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF780A000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xECB5E000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF79D4000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

#4 boopme

To Insanity and Beyond

Global Moderator
72,740 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:07:31 PM

Posted 15 August 2009 - 06:19 PM

Hello,please rerun rootrepeal. This time only select FILES.

#5 mchan77

Topic Starter

Members
27 posts
OFFLINE

Local time:03:31 PM

Posted 15 August 2009 - 06:58 PM

sorry the version I ran didn't give me an option to select folder, but I see the file tabs now. This is the File only report.

Thanks agian.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/15 16:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACagydlxvnydmnupn.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACkdfdmupvbhghlhw.#ll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACkdfdmupvbhghlhw.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACnullkcnktrfjxfh.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACqabyqvwwvgmccin.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACvbvyqcuxofoahfk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACwhuqvagpsaireqg.#ll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACwhuqvagpsaireqg.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\UACwwkrtjmtjamndom.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC1335.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC1ff6.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACbbed.#mp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\DRIVERS\UACnysxhorjdubdkce.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed0.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed1.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed2.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed3.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed4.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed5.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed6.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlh7.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlh8.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlh9.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlhw.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaire09.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaire19.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq0.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq1.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq2.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq3.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq4.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq5.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq6.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed8.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed9.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACd6b8.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghl09.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghl19.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghl29.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghl39.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghl49.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghl59.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghl69.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlh0.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlh1.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlh2.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlh3.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlh4.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlh5.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq8.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq9.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireqg.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACbbed7.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACkdfdmupvbhghlh6.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq7.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Amy Laguna\Local Settings\Temp\UACf365.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\uackdfdmupvbhghlhw.dll.8f64756049a5187f0355adf45677239.aawqff
Status: Invisible to the Windows API!

#6 boopme

To Insanity and Beyond

Global Moderator
72,740 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:07:31 PM

Posted 15 August 2009 - 07:49 PM

Hello, which version did you run as I may want to change things ,rather than have to run this twice.

Now the next step...

Rerun Rootrepeal. After the scan completes, go to the files tab and find these files:

C:\WINDOWS\SYSTEM32\DRIVERS\UACnysxhorjdubdkce.sys
C:\WINDOWS\SYSTEM32\uacinit.dll

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

How is it running now?

#7 mchan77

Topic Starter

Members
27 posts
OFFLINE

Local time:03:31 PM

Posted 15 August 2009 - 09:25 PM

Thanks, that seemed to have helped a little as AVG resident shield now picks up stuff and superantispyware actually launched on it's own.

SAS and mbam still will not update. Running a SAS check now and rebooting.

#8 boopme

To Insanity and Beyond

Global Moderator
72,740 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:07:31 PM

Posted 15 August 2009 - 09:31 PM

If you have then just run MBAM as it will still get thos Skynet files we opened for it.
Perhaps it will update after.

#9 mchan77

Topic Starter

Members
27 posts
OFFLINE

Local time:03:31 PM

Posted 15 August 2009 - 09:32 PM

okay, thanks... running a full scan now, will post log when it's done. Thanks so much!

#10 mchan77

Topic Starter

Members
27 posts
OFFLINE

Local time:03:31 PM

Posted 15 August 2009 - 10:29 PM

okay, here's the new mbam log, thanks:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/15/2009 8:29:01 PM
mbam-log-2009-08-15 (20-29-01).txt

Scan type: Full Scan (C:\|U:\|X:\|)
Objects scanned: 98097
Time elapsed: 56 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 50

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaire09.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaire19.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq0.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq1.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq2.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq3.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq4.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq5.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq6.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq8.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireqg.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Laguna\DoctorWeb\Quarantine\UACwhuqvagpsaireq7.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058995.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058984.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058986.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058987.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058988.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058989.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058990.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058991.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058992.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058993.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058994.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058996.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058997.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058998.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0058999.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059000.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059001.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059002.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059003.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059004.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059005.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059006.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059007.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059019.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059020.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059021.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059022.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059023.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059024.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059025.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059026.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059027.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059028.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059029.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059030.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1718\A0059031.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACwhuqvagpsaireqg.#ll (Trojan.TDSS) -> Quarantined and deleted successfully.

#11 mchan77

Topic Starter

Members
27 posts
OFFLINE

Local time:03:31 PM

Posted 15 August 2009 - 11:33 PM

okay, ran another full system scan with mbam and if found nothing! Yeah!

Although it still will not update and IE does not load webpages.

Any thoughts on where to go next?

Thanks!

here is the log:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/15/2009 9:27:35 PM
mbam-log-2009-08-15 (21-27-35).txt

Scan type: Quick Scan
Objects scanned: 102075
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Edited by mchan77, 15 August 2009 - 11:33 PM.

#12 mchan77

Topic Starter

Members
27 posts
OFFLINE

Local time:03:31 PM

Posted 18 August 2009 - 10:44 PM

sorry to be a pest, but can anyone help me? I've tried just about everything I can find here and still have no IE. Should I remove SP3 and IE8 and start over?

Back to Am I infected? What do I do?