Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home Personal Antivirus Windows


  • This topic is locked This topic is locked
2 replies to this topic

#1 whitevanman

whitevanman

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich , East Anglia
  • Local time:10:38 AM

Posted 07 October 2009 - 06:14 PM

I have a laptop with Home Personal Antivirus Windows on it but have tried to run Malwarebytes on the desktop envioment and in safe mode but it will not appear on the screen.
looking in the task manager Malwarebytes is in there but not visible on screen

I have managed to stop Home personal antivirus windows from running

Malwarebytes will not run at all
mbam.clean will not run also
HJK also will not run

No programs will install at all

Don,t know what else to try

Have exhausted all known programs that I know

need help asap.





ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/10/07 00:43
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA4EA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A04000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA934B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\UACgviuqhtpdyjbabwct.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UAChowxduiduxuxeikuh.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACnmycfalvrrexgiphw.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACrjsvepchjickhjkwk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACyonstioepofmklwtr.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC5aaa.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC8f73.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACce8b.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACf0f7.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC119f.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC15c5.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC1730.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC175b.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC1aa0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC1bc2.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC1bf5.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC2386.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC238c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC25bd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC26fb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC272a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC2b00.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC2d57.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC2ff9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC35d3.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC3a26.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC3a40.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC3db9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC42a0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC4447.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC4488.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC44b5.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC4702.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC4afe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC4b1b.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC4cc4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC5137.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC51bd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC5701.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACf30a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACf3c4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACf6a0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACfc07.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACfd0d.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACfff3.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\url.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\uxeventlog.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WGAErrLog.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WGANotify.settings
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\_add_ds.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\_ISTMP1.DIR
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\_ISTMP2.DIR
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\_remove_ds.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC9009.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC90c7.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC912b.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC94a9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC9d0a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC9fd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACa05b.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACa08c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACa3f1.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACa529.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACa5b3.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACa619.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACa7d1.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACae10.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACb19.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACb2ff.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACb4a4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACb91a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACb939.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACb9db.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACbbef.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACbc05.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACc027.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACca50.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACcab6.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACcdc6.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC5b5e.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC606f.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC663a.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC67cd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC6801.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC6901.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC69ab.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC6acc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC6b43.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC6be1.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC6e4c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC704c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC731c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC7463.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC7d1d.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC7dca.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC7ec9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC7f52.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC7f6f.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC8021.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC8203.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC8464.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC847c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC84f9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC8529.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC8850.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC8913.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC8d42.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC8e6c.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACcee0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACcf44.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACd21.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACd358.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACd373.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACd4a0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACd670.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACd6c9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACd735.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACd987.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACdbcb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACddd2.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACe0a7.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACe1fe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACe228.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACe48.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACe572.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACe869.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACea9e.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACeac4.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACedac.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\UACbekxillovyxtudevb.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\marty\Local Settings\Temp\UACfe4b.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\marty\Local Settings\Temporary Internet Files\Content.IE5\C3B2ESHE\UACHGe%2FB%3DmyfyX9mSuyM-%2FJ%3D1249562565636503%2FK%3Dj5Y7rGPERRM1vwdnOyqR9g%2FA%3D200850219%2FR%3D0%2F%2A%24,http%3A%2F%2Fuk.mc861.mail.yahoo.com%2Fmc%2Fmd[1].htm
Status: Invisible to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: winlogon.exe (PID: 676) Address: 0x00730000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: winlogon.exe (PID: 676) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: services.exe (PID: 724) Address: 0x007c0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: services.exe (PID: 724) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: lsass.exe (PID: 736) Address: 0x008d0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: lsass.exe (PID: 736) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UAChowxduiduxuxeikuh.dll]
Process: svchost.exe (PID: 880) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: svchost.exe (PID: 880) Address: 0x00820000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: svchost.exe (PID: 880) Address: 0x008b0000 Size: 49152

Object: Hidden Module [Name: UACnmycfalvrrexgiphw.dll]
Process: svchost.exe (PID: 880) Address: 0x00bb0000 Size: 73728

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: svchost.exe (PID: 992) Address: 0x00820000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: svchost.exe (PID: 992) Address: 0x008b0000 Size: 49152

Object: Hidden Module [Name: UAChowxduiduxuxeikuh.dll]
Process: svchost.exe (PID: 992) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: svchost.exe (PID: 1032) Address: 0x00820000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: svchost.exe (PID: 1032) Address: 0x008b0000 Size: 49152

Object: Hidden Module [Name: UAChowxduiduxuxeikuh.dll]
Process: svchost.exe (PID: 1032) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: svchost.exe (PID: 1112) Address: 0x00820000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: svchost.exe (PID: 1112) Address: 0x008b0000 Size: 49152

Object: Hidden Module [Name: UAChowxduiduxuxeikuh.dll]
Process: svchost.exe (PID: 1112) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: spoolsv.exe (PID: 1500) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: spoolsv.exe (PID: 1500) Address: 0x00b30000 Size: 49152

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: AppleMobileDeviceService.exe (PID: 1604) Address: 0x007c0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: AppleMobileDeviceService.exe (PID: 1604) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: avgwdsvc.exe (PID: 1620) Address: 0x007f0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: avgwdsvc.exe (PID: 1620) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: mDNSResponder.exe (PID: 1648) Address: 0x00800000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: mDNSResponder.exe (PID: 1648) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: jqs.exe (PID: 1724) Address: 0x007d0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: jqs.exe (PID: 1724) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: HPZipm12.exe (PID: 1764) Address: 0x007a0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: HPZipm12.exe (PID: 1764) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: SMAgent.exe (PID: 1836) Address: 0x00890000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: SMAgent.exe (PID: 1836) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: svchost.exe (PID: 1864) Address: 0x00820000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: svchost.exe (PID: 1864) Address: 0x008b0000 Size: 49152

Object: Hidden Module [Name: UAChowxduiduxuxeikuh.dll]
Process: svchost.exe (PID: 1864) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: symlcsvc.exe (PID: 1880) Address: 0x00c20000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: symlcsvc.exe (PID: 1880) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: wdfmgr.exe (PID: 1912) Address: 0x006c0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: wdfmgr.exe (PID: 1912) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: avgemc.exe (PID: 208) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: avgemc.exe (PID: 208) Address: 0x009a0000 Size: 49152

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: avgrsx.exe (PID: 256) Address: 0x00820000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: avgrsx.exe (PID: 256) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: avgnsx.exe (PID: 300) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: avgnsx.exe (PID: 300) Address: 0x00840000 Size: 49152

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: avgcsrvx.exe (PID: 488) Address: 0x00850000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: avgcsrvx.exe (PID: 488) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: alg.exe (PID: 780) Address: 0x007b0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: alg.exe (PID: 780) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: Explorer.EXE (PID: 1548) Address: 0x00dc0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: Explorer.EXE (PID: 1548) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: SMax4PNP.exe (PID: 2188) Address: 0x00cc0000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: SMax4PNP.exe (PID: 2188) Address: 0x00e00000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: igfxtray.exe (PID: 2212) Address: 0x00a10000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: igfxtray.exe (PID: 2212) Address: 0x00b60000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: hkcmd.exe (PID: 2220) Address: 0x00a10000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: hkcmd.exe (PID: 2220) Address: 0x00b50000 Size: 49152

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: EabServr.exe (PID: 2244) Address: 0x00aa0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: EabServr.exe (PID: 2244) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: HP Wireless Assistant.exe (PID: 2276) Address: 0x00bd0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: HP Wireless Assistant.exe (PID: 2276) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: ybrwicon.exe (PID: 2292) Address: 0x00b40000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: ybrwicon.exe (PID: 2292) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: BTHelpNotifier.exe (PID: 2320) Address: 0x00e10000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: BTHelpNotifier.exe (PID: 2320) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: McciTrayApp.exe (PID: 2344) Address: 0x00c10000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: McciTrayApp.exe (PID: 2344) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: wmiprvse.exe (PID: 2412) Address: 0x008d0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: wmiprvse.exe (PID: 2412) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: realsched.exe (PID: 2424) Address: 0x00b40000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: realsched.exe (PID: 2424) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: ycommon.exe (PID: 2476) Address: 0x00bd0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: ycommon.exe (PID: 2476) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: avgtray.exe (PID: 2600) Address: 0x00da0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: avgtray.exe (PID: 2600) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: iTunesHelper.exe (PID: 2720) Address: 0x00c80000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: iTunesHelper.exe (PID: 2720) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: ctfmon.exe (PID: 2716) Address: 0x00a40000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: ctfmon.exe (PID: 2716) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: jusched.exe (PID: 2784) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: jusched.exe (PID: 2784) Address: 0x00d70000 Size: 49152

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: HPWuSchd2.exe (PID: 2880) Address: 0x00b20000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: HPWuSchd2.exe (PID: 2880) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: MsnMsgr.Exe (PID: 2920) Address: 0x01350000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: MsnMsgr.Exe (PID: 2920) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: SPUVolumeWatcher.exe (PID: 3032) Address: 0x00b40000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: SPUVolumeWatcher.exe (PID: 3032) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: hpqwmi.exe (PID: 3208) Address: 0x008a0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: hpqwmi.exe (PID: 3208) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: ymsgr_tray.exe (PID: 3552) Address: 0x00b40000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: ymsgr_tray.exe (PID: 3552) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: iPodService.exe (PID: 3676) Address: 0x00820000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: iPodService.exe (PID: 3676) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: RootRepeal.exe (PID: 4028) Address: 0x00bb0000 Size: 49152

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: RootRepeal.exe (PID: 4028) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACrjsvepchjickhjkwk.dll]
Process: Iexplore.exe (PID: 1740) Address: 0x00c20000 Size: 45056

Object: Hidden Module [Name: UACgviuqhtpdyjbabwct.dll]
Process: Iexplore.exe (PID: 1740) Address: 0x00cd0000 Size: 49152

Object: Hidden Module [Name: UAChowxduiduxuxeikuh.dll]
Process: Iexplore.exe (PID: 1740) Address: 0x10000000 Size: 217088

Hidden Services
-------------------
Service Name: TDSSserv.sys
Image Path: C:\WINDOWS\system32\drivers\TDSSmhct.sys

Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACbekxillovyxtudevb.sys

==EOF==


Volume in drive C has no label.
Volume Serial Number is DC20-6BE4

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

14/04/2008 01:12 181,248 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

14/04/2008 01:12 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

14/04/2008 01:11 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/08/2004 13:00 180,224 scecli.dll

Directory of C:\WINDOWS\system32

04/08/2004 13:00 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/08/2004 13:00 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\system32\dllcache

04/08/2004 13:00 180,224 scecli.dll

Directory of C:\WINDOWS\system32\dllcache

04/08/2004 13:00 407,040 netlogon.dll

Directory of C:\WINDOWS\system32\dllcache

04/08/2004 13:00 55,808 eventlog.dll
3 File(s) 643,072 bytes

Total Files Listed:
9 File(s) 1,930,752 bytes
0 Dir(s) 25,503,916,032 bytes free


both logs as requested went smooth with no hickups

ps using XP home

cheers

Edited by whitevanman, 08 October 2009 - 04:48 AM.

Solar Wind and Biodiesel I am doing my bit to stop Climate change to this World but What have the British Government done?

BC AdBot (Login to Remove)

 


#2 whitevanman

whitevanman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich , East Anglia
  • Local time:10:38 AM

Posted 08 October 2009 - 09:32 AM

I have sorted the problem with the help of a member of Malwarebytes forum
help yourself section

I had a rootkit on the laptop and followed advice on how to remove it by using rootrapeal rootkit detector.
I found and deleted one sys file then rebooted which corrected the registry and allowed Malwarebytes to run and remove all 172 tmp files associated
Avg found viruses when scanning and is removing all the rest.

Job done
Solar Wind and Biodiesel I am doing my bit to stop Climate change to this World but What have the British Government done?

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 08 October 2009 - 04:32 PM

Thanks for letting us know whitevanman. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users