Jump to content

Root Repeal Log


Recommended Posts

Here is the report from RootRepeal. Before I deleted anything I want you to look at it. I believe there is a file that needs to go. Thanks for your help.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/15 11:45

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\WINDOWS\system32\UACaklrqdiqgh.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACaswxutcjcp.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACbxbesxabai.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACdumwdptxen.db

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACeigtewnijx.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UAChfuxbbdjrx.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACjtcihistpd.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACvmpktlqgom.dat

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac62dd.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac153a.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac1bc8.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac2d0c.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac2e03.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac32c6.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac3611.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac393e.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac3d93.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac43e1.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac4a5.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac4c72.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac4caa.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac4d18.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac4f69.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5079.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac515d.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac539f.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac53d4.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac568d.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac56a3.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5986.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5a7b.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5d6e.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac6703.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac7542.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac7f05.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC7f4d.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac8fa0.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac94b2.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac9cb.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaca077.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaca2d8.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaca4bd.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaca99f.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacac79.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacaccb.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacb75a.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacba6a.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacd507.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacd5f0.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacd749.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacd9aa.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacdbfc.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacdecb.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacdf95.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacefc1.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf3b9.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf4e2.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf61a.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf763.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf8f9.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf9d4.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacfd2f.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacfd3f.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\UACptmxownkxw.sys

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temp\UAC526f.tmp

Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temp\~df9b25.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\UACmd.exe

Status: Invisible to the Windows API!

Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\7sp8bcar\index[2].htm

Status: Allocation size mismatch (API: 49152, Raw: 65536)

Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7SP8BCAR\index[3].htm

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\7A9XPAHE\mail.google.com

Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\owner\local settings\application data\microsoft\internet explorer\recovery\active\{f28a8eb0-89bb-11de-a876-0016ce2310dd}.dat

Status: Size mismatch (API: 10240, Raw: 8192)

==EOF==

Link to post
Share on other sites

Forgto to mention problem. Picked up the "Protection System Virus" and have had a real problem getting rid of it. I have malwarebytes installed but only after the bug hit me. I had to go through the process of renaming the mbam exe file to get it to run. The computer is working but very slow to boot up. Thanks for your help.

Link to post
Share on other sites

  • Staff

Hi Dab5811 and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

However, do not download it from the links on that page. Download it from here instead:

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.