S&W629
2009-09-07, 01:20
i'm having my first battle with a virus. It started last night and now i can't access my thumb drive at all or format my USB Maxtor Hard drive which the Maxtor disk management program is calling for.. The DM program states the drive must be returned for repair. I can still access the files on the Maxtor but not the thumb.
I attempted to clean the viruses last night using AVG. AVG found 16 reported contaminated files and cleaned them. I tried to run Spybot and the usual screen that pops up in nowhere to be seen. I have no idea if the program has run or not.
The C drive on my computer won't permit me to defrag it or run dskchk or dskchk/f. It won't respond to "System restore" either.
i've probably destroyed any hope of recovering my drives. I guess you folks are my only hope.. The following is a copy of my "Rootrepeal"
Thanks!!
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/06 15:11
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2631000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF83C6000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF837000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\UACbwuplceppj.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACfyxwbdmaov.dat
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACmbyxfkbdxu.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UAComkqxdoyml.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACtobwwobmtb.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacc50c.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacc87e.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacc911.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacce15.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uaccf66.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd129.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd235.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd59f.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd65a.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd7d0.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd8f2.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd9b4.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacda04.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacdf92.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uace042.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uace733.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uaceacb.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacfa08.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacfccd.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac112d.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac1709.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac1bcc.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac1fe3.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac2a05.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac2d3f.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac35e9.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac3aac.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac55df.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac5ebf.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac5f66.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac5fd7.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac60b1.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac6854.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac6bd8.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac705c.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac753e.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac7c05.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\UAC8623.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac8e66.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\UACa8ce.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacaffe.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacb62d.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacbb77.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\UACbb9a.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacc250.tmp
Status: Invisible to the Windows API!
Path: c:\documents and settings\terry corp\cookies\index.dat
Status: Allocation size mismatch (API: 16384, Raw: 20480)
Path: C:\WINDOWS\system32\drivers\UACpfviqrjuci.sys
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\Terry Corp\Local Settings\Temp\UAC3a3.tmp
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\Terry Corp\Local Settings\Temp\UAC3b3.tmp
Status: Invisible to the Windows API!
Path: c:\documents and settings\terry corp\application data\mozilla\firefox\profiles\cbviiw8y.default\cookies.sqlite-journal
Status: Allocation size mismatch (API: 512, Raw: 0)
Stealth Objects
-------------------
Object: Hidden Module [Name: UACmbyxfkbdxu.dll]
Process: svchost.exe (PID: 844) Address: 0x00a10000 Size: 65536
Object: Hidden Module [Name: UACa8ce.tmpxdoyml.dll]
Process: svchost.exe (PID: 844) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACbwuplceppj.dll]
Process: Explorer.EXE (PID: 1500) Address: 0x10000000 Size: 49152
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 2664) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 1188) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 1144) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 1796) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 4512) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 6968) Address: 0x10000000 Size: 217088
Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACpfviqrjuci.sys
==EOF==
I attempted to clean the viruses last night using AVG. AVG found 16 reported contaminated files and cleaned them. I tried to run Spybot and the usual screen that pops up in nowhere to be seen. I have no idea if the program has run or not.
The C drive on my computer won't permit me to defrag it or run dskchk or dskchk/f. It won't respond to "System restore" either.
i've probably destroyed any hope of recovering my drives. I guess you folks are my only hope.. The following is a copy of my "Rootrepeal"
Thanks!!
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/06 15:11
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2631000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF83C6000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF837000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\UACbwuplceppj.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACfyxwbdmaov.dat
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACmbyxfkbdxu.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UAComkqxdoyml.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACtobwwobmtb.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacc50c.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacc87e.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacc911.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacce15.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uaccf66.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd129.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd235.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd59f.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd65a.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd7d0.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd8f2.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacd9b4.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacda04.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacdf92.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uace042.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uace733.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uaceacb.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacfa08.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacfccd.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac112d.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac1709.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac1bcc.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac1fe3.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac2a05.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac2d3f.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac35e9.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac3aac.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac55df.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac5ebf.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac5f66.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac5fd7.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac60b1.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac6854.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac6bd8.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac705c.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac753e.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac7c05.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\UAC8623.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uac8e66.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\UACa8ce.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacaffe.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacb62d.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacbb77.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\UACbb9a.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\uacc250.tmp
Status: Invisible to the Windows API!
Path: c:\documents and settings\terry corp\cookies\index.dat
Status: Allocation size mismatch (API: 16384, Raw: 20480)
Path: C:\WINDOWS\system32\drivers\UACpfviqrjuci.sys
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\Terry Corp\Local Settings\Temp\UAC3a3.tmp
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\Terry Corp\Local Settings\Temp\UAC3b3.tmp
Status: Invisible to the Windows API!
Path: c:\documents and settings\terry corp\application data\mozilla\firefox\profiles\cbviiw8y.default\cookies.sqlite-journal
Status: Allocation size mismatch (API: 512, Raw: 0)
Stealth Objects
-------------------
Object: Hidden Module [Name: UACmbyxfkbdxu.dll]
Process: svchost.exe (PID: 844) Address: 0x00a10000 Size: 65536
Object: Hidden Module [Name: UACa8ce.tmpxdoyml.dll]
Process: svchost.exe (PID: 844) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACbwuplceppj.dll]
Process: Explorer.EXE (PID: 1500) Address: 0x10000000 Size: 49152
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 2664) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 1188) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 1144) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 1796) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 4512) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAComkqxdoyml.dll]
Process: Iexplore.exe (PID: 6968) Address: 0x10000000 Size: 217088
Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACpfviqrjuci.sys
==EOF==