lhmogensen

Malware program shuts down while performing a quick scan. it says I am updated, please help.

I tried to scan with malwarebytes & it stops during "system 32" wont perform a complete scan. I have had a problem like this once before & I think it might be a root kit issue again. Please Help.

Thank you so much for the advice I found the .sys file & wiped it out followed by a scan & found 10 dirty files. I think I am clean!! System seems to be working great again. Below are my logs..Thanks again!! you saved my pc! ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/03/18 18:56 Program Version: Version 1.2.3.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\WINDOWS\system32\UACbdveiqxf.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACbekvpphb.db Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uacinit.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACjbvwuwsf.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACmhlvdmpr.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UAColwmqhin.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uactmp.db Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACubrxdksf.dat Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACvwubkrwx.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACymverqpm.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACysiullop.log Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\UAC66a4.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\UAC83f5.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\drivers\UACmfxylkya.sys Status: Invisible to the Windows API! Path: C:\Documents and Settings\Lindsey\Local Settings\Temp\UAC9b9b.tmp Status: Invisible to the Windows API! Malwarebytes' Anti-Malware 1.34 Database version: 1866 Windows 5.1.2600 Service Pack 3 3/18/2009 7:19:17 PM mbam-log-2009-03-18 (19-19-17).txt Scan type: Quick Scan Objects scanned: 93352 Time elapsed: 11 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\UACbdveiqxf.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Lindsey\Local Settings\Temp\UAC9b9b.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\UAC66a4.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACubrxdksf.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACvwubkrwx.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACysiullop.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\UACmfxylkya.sys (Trojan.Agent) -> Quarantined and deleted successfully.

UPDATE: I noticed my Malware bytes was out of date. When i clicked to update it said it was going to install the latest verison , close & re open. It did not re open and when I reopened it the update did not take affect.

UPDATE: I was able to change the order of booting. I had USB CD/ROM first and when it loaded with the Avir resuce disk..I got the Blue Screen of Death, that said it had to shut down. I am still able to work from safe mode/networking.

Also i was told to try Avira System Rescue. I got the program on a disc & tried to launch it at start up..But it didnt work. they had said u have to make sure when the PC starts up, the disc runs first..I am unsure how to change the order.

I was unalble to Run Hijack this. Please see new post. Thanks for the help. http://www.malwarebytes.org/forums/index.php?showtopic=12805

After posting in the forum last night I got a responce to install Hijack this by Pcillen. I was unable to run hijack this. I have been working in safe mode. below is my post from yesterday for more detail. I noticed after browsing around in my search engine yesterday (FireFox, yahoo search) My yahoo search looked messed up. when u search a site it takes you to a advertising site. I had this issue once before, I was told it was Malware infecting my browser..I was instrued to DL Malwarebytes & disable 3rd party sites. That worked for that issue. But this time I wasnt even able to OPEN malwareBytes. I was able to do virus check with my Pclllen software & pulled up nothing both in normal & safe mode. I have done a system restore, that did not work. I eventually found how to open Malware bytes by creating a short cut & changing its name(seems this virus affects certain programs u try & lanuch). I ran a full scan with malwareBytes with no success of catching the virus. When I am in Normal mode, my PC will shut down & I get the horrible blue screen of death that reads: River_Irql_not_less_or equal. So i know there is still something invading my PC even though my virus software is not picking it up. I really dont want to go through the trouble of uninstalling windows & re loading windows..Any advice?? Please help.

I noticed after browsing around in my search engine yesterday (FireFox, yahoo search) My yahoo search looked messed up. when u search a site it takes you to a advertising site. I had this issue once before, I was told it was Malware infecting my browser..I was instrued to DL Malwarebytes & disable 3rd party sites. That worked for that issue. But this time I wasnt even able to OPEN malwareBytes. I was able to do virus check with my Pclllen software & pulled up nothing both in normal & safe mode. I have done a system restore, that did not work. I eventually found how to open Malware bytes by creating a short cut & changing its name(seems this virus affects certain programs u try & lanuch). I ran a full scan with malwareBytes with no success of catching the virus. When I am in Normal mode, my PC will shut down & I get the horrible blue screen of death that reads: River_Irql_not_less_or equal. So i know there is still something invading my PC even though my virus software is not picking it up. I really dont want to go through the trouble of uninstalling windows & re loading windows..Any advice?? Please help.