Jump to content

trojan keeps coming back

toddtcas

By toddtcas
in Resolved Malware Removal Logs

 Share

Recommended Posts

toddtcas

toddtcas

Posted
Posted

I ran malwarebytes two times and I still got some infected objects. Is there anything else I should be doing to completely remove this trojan and other malware inside my laptop? I use XP professional.

Log 1:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5087

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

11/10/2010 4:27:11 PM

mbam-log-2010-11-10 (16-27-11).txt

Scan type: Quick scan

Objects scanned: 189527

Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 7

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\engel (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows services (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update system (Backdoor.IRCBot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows safeassist (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update system (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

Log 2:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5087

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

11/10/2010 5:08:39 PM

mbam-log-2010-11-10 (17-08-39).txt

Scan type: Quick scan

Objects scanned: 189735

Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 195

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\UACgnwolxrplamvbothx.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACkfycdjonevtsowwdy.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACvdlfyoqiwphouwykj.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACwqmlwyrduxrsdjcxd.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\UACkbowykyigfthxilte.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC10a5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC11e5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC1504.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC1733.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC17a3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC17db.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC17ef.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC18c2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC191b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC19ba.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC1aad.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC1add.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC1b2b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC1eeb.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC1fbc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC20c4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2285.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2332.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2379.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2689.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC26f6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC277.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC27cc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2861.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2a12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2ddf.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2df4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2ef7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2fe5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC2fee.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC304d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC32ee.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC34b6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC35ab.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC3616.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC3651.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC3dac.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC3e3d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC405f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC40cc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC4340.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC449.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC4837.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC4899.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC48f7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC493.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC4dcc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC4fc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC51df.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC5296.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC531c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC56f3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC571.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC59ca.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC5b9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC5bb9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC5c05.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC5d32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC5e43.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC5f00.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC6050.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC627b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC627d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC63c7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC6417.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC655b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC65b3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC65c0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC67ef.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC6a43.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC6a4e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC6b8d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC6db5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC6dd5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC6eb0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC6f9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC7192.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC73a1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC750b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC752e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC764c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC7733.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC779a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC792c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC79e6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC7a9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC7bcc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC7f3a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC7f50.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC7ff5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC81a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC8782.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC88ac.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC89db.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC8af5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC8b72.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC8c89.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC8cd8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC8eeb.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC8fed.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC90bd.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC92d2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC946e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC97f3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC997.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC998c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC9aa7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC9d68.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC9e1f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACa075.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACa161.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACa3b3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACa601.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACa668.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACa83a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACa8ee.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACa95f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACa9ce.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACac16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACac3e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACb000.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACb114.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACb20a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACb480.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACb4af.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACba61.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACbbe.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACbc5a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACbcd7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACbd1b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACbe66.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACbf23.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACbf2c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACc26e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACc2d1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACc547.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACc5d0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACc623.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACc692.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACc9f1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACcaf9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACcbb6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACcc94.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACccf7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACcd37.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACce1b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACd0f1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACd24c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACd450.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACd48f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACd801.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACd878.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACd9ba.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACdb8c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACdc8f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACdd7c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACddb2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACdeaa.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACded5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe05e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe092.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe184.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe417.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe4f7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe580.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe65a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe789.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe939.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe96e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACe99.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACea29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACea72.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACeb6a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACebbd.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACecf8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACed3d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACefc4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACf02f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACf20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACf2a3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACf2db.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACf65f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACf828.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACf879.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACf97f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACf9fd.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACfa22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACfcc6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UACfe0b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACmqmtkdjbloopqrvuy.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.

Link to post
Share on other sites
deltalima

deltalima

Posted
Posted

Hi toddtcas,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please reboot into normal mode.

Rkill

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad windows will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

    [*]Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept