ItsBrucey Posted September 1, 2009 ID:118321 Share Posted September 1, 2009 Hi I am using a different computer i tried helping my friend fix his laptop. I don't know too much but every time i start a anti virus/ spyware / malware program it is instantly exited out...I have done a GMER rootkit scan and had to change the file name before it would even be allowed to open up.Here is what turned up red in the log i received. ---- Processes - GMER 1.0.15 ----Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [768] 0x00F90000 Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [932] 0x028E0000 Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [932] 0x02CC0000 Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1008] 0x00A00000 Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1008] 0x00AB0000 Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1024] 0x00A00000 Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1024] 0x00AB0000 Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1064] 0x00A00000 Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1064] 0x00AB0000 Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1128] 0x00D00000 Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1136] 0x00A00000 Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1136] 0x00AB0000 Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1332] 0x00A00000 Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1332] 0x00AB0000 Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1580] 0x00A00000 Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1580] 0x00AB0000 Library C:\Documents (*** hidden *** ) @ C:\Documents [2344] 0x00400000 Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3276] 0x00F90000 Library C:\Documents (*** hidden *** ) @ C:\Documents [3392] 0x00400000 Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [4008] 0x00F90000 ---- Services - GMER 1.0.15 ----Service C:\WINDOWS\system32\ef6c3899705d7db453751ff210073ae1.sys (*** hidden *** ) [BOOT] ef6c3899705d7db453751ff210073ae1 <-- ROOTKIT !!!Service C:\WINDOWS\system32\drivers\SKYNETetxxtqgf.sys (*** hidden *** ) [SYSTEM] SKYNETktgkjoel <-- ROOTKIT !!!Service C:\WINDOWS\system32\drivers\UACsklfrmupqowqppy.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!! Link to post Share on other sites More sharing options...
ItsBrucey Posted September 1, 2009 Author ID:118502 Share Posted September 1, 2009 Bump..What do I do next? Link to post Share on other sites More sharing options...
ItsBrucey Posted September 2, 2009 Author ID:118947 Share Posted September 2, 2009 Bump..What do I do next? Link to post Share on other sites More sharing options...
Staff screen317 Posted September 6, 2009 Staff ID:121514 Share Posted September 6, 2009 Hi and welcome to Malwarebytes.When you bump your topic, it makes it appear as though you are already receiving help; as such, you were overlooked because of it.Download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 20, 2009 Staff ID:129832 Share Posted September 20, 2009 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts