Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what to do next


  • Please log in to reply
11 replies to this topic

#1 marnao

marnao

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 02 September 2009 - 10:55 PM

Thanks to my son my computer has been infected with the Protection System virus. I tried to download and install the Malwarebytes program but it won't start up once it is finished installing. How do I get rid of this?

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:52 PM

Posted 02 September 2009 - 11:22 PM

Hello marnao and :thumbsup: to BleepingComputer.

If you have problems getting MBAM to execute after installation, navigate to the folder MBAM installed to and rename mbam.exe to winlogon.exe. Then double click on the file you just renamed to launch the program. Once MBAM is running, make sure you've updated it and then run a Quick Scan in Normal Mode and post the log back here for my review.

Let me know if that works; if it doesn't we've got other things we can try.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 marnao

marnao
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 03 September 2009 - 09:14 PM

thank you for trying to help. I can't find a file named mbam.exe only one named mbam.exe.0bEE0439.pf in the C:windows\prefetch folder. Is that the one I am looking for?

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:52 PM

Posted 03 September 2009 - 09:27 PM

No that's not the one. The one you're looking for should be in a subfolder of the Program Files directory if you installed to the default location.

Let me confirm: Malwarebytes completed installation, correct?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 marnao

marnao
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 04 September 2009 - 10:42 PM

yes it said it completed installation but when i open the folder the exe file is not there.

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:52 PM

Posted 04 September 2009 - 10:58 PM

If you have access to another, clean computer then please try the following:
  • Install Malwarebytes on the clean computer.
  • Navigate to the folder Malwarebytes installed to, and rename mbam.exe to winlogon.exe
  • Copy the now renamed mbam.exe to a flash drive or burn it to CD.
  • Copy the file into the Malwarebytes directory on your infected computer, and double click on it to execute.
If you can get Malwarebytes to run this way, then make sure it's updated and then run a quick scan. Post the log back to me.

If this fails, or you do not have access to another computer then let me know and we'll work from there.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 marnao

marnao
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 05 September 2009 - 11:40 AM

I am unable to do what you suggested. What is the next step?

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:52 PM

Posted 05 September 2009 - 03:43 PM

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • At the top of the window, click Settings, then Options.
  • Click the Ssdt & Shadow Ssdt Tab.
  • Make sure the box next to "Only display hooked functions." is checked.
  • Click the "X" in the top right corner of the Settings window to close it.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 marnao

marnao
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 05 September 2009 - 10:53 PM

I got the RootRepeal to run and have the report on my desk top. I tried to copy and past but that doesn't work. How do I get the log posted on a reply? Sorry, as you can tell I am not very computer literate. I figured it out, see below. Also I posted below that I could not get the McAfee to close so I ran the RootRepeal with it on. Hope that doesn't mess up anything.

Edited by marnao, 05 September 2009 - 11:27 PM.


#10 marnao

marnao
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 05 September 2009 - 11:23 PM

I figured out how to get it on the post. Here it is.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/05 23:21
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA44F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B4C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8F75000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\UACbhghddgrcq.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACqyudhaloqv.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACxjugebpkug.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACxwiscualcd.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac103a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac1078.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD4EA.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD5D7.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD652.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD6AE.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD76C.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD76D.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD79.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD7B.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD8BE.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD96.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPDA30.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPDA5B.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPDB64.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPDE3.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPDED6.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPDFE5.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uxeventlog.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\viewmgr
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\vmgr
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WFV1BE.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WFV41.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WFV452.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WFV538.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WFVA4A.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WGAErrLog.txt
Status: Invisible to the Windows API!

Path: c:\windows\temp\sqlite_mpqp5cmbgrrettd
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_31azitjiiywgsig
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_gesktenaciiaokg
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\WGANotify.settings
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WLTB Custom Button Feeds
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\_INS0432._MP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\_INZ0432._MP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\_ISTMP0.DIR
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\{DABD554A-7DA6-4763-BF17-D3CAFB55E5A6}
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\~DF772D.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\~nsu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\~TM1E1A.TMP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\~TM386A.EXE
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\~TM386A.TMP
Status: Invisible to the Windows API!

Path: c:\windows\temp\sqlite_wvvwv3ldqoteeit
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\uaca802.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaca94a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacabc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacac21.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacae5b.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacb0c4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacb7d9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacc1cc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacc399.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacc660.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacc8c1.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaccad0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaccc37.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaccd9e.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaccf04.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaccf15.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacd138.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacd7f5.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacdb3f.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacdc9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uace4cd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uace694.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uace76.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uace80b.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uace982.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uace997.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaceae9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacecfc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaced7f.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacedae.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacee1c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacef73.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf0db.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf204.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac123e.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac1396.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac13b5.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac152c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac1693.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac18a6.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac21fd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac22e7.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac242f.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac2568.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac26b0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac28b4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac2af1.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac2cc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac30f1.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac35e3.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac37f6.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac3b51.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac3c2c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac3cb9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac3e5e.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac411a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac4697.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac4b2c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac4f43.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac4f66.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac4fd3.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5378.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac53d.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac10a8.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5467.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaca6f.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf407.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD45C.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\_WUTL95.DLL
Status: Invisible to the Windows API!

Path: c:\windows\temp\sqlite_6fjubkxjmgbzqkc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\uacf5ad.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf5b5.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf6b7.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf807.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacf8ac.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacfa1a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacfc4d.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacfd6d.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacff33.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uacff5a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD1101.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD1260.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD15CF.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD17EC.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD19C3.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD1B4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD1B95.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD25E.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD286.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UPD423.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac55d.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac55de.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac55f9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5745.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac582b.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac58bc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac59f2.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5a5e.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5ad0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5d8a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac5f83.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac6164.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac61d5.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac63e8.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac63f7.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac661a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac6908.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac7029.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac7207.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac7be.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac81d.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac8a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac92e4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uac983.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaca2c4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaca572.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaca5d3.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uaca6ba.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\UACbwwdsautwg.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Temp\UAC7734.tmp
Status: Invisible to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: UACqyudhaloqv.dll]
Process: svchost.exe (PID: 812) Address: 0x00710000 Size: 65536

Object: Hidden Module [Name: UACxwiscualcd.dll]
Process: svchost.exe (PID: 812) Address: 0x10000000 Size: 217088

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACbwwdsautwg.sys

==EOF==

#11 marnao

marnao
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 05 September 2009 - 11:24 PM

I forgot to add that I couldn't get my McAfee to close so I ran the scan with it on. Hope that didn't mess up anything.

#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:52 PM

Posted 06 September 2009 - 11:18 AM

You have a rootkit on your machine. With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days before you receive a reply. But rest assured, help is on the way!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users