Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple instances of wuauclt.exe


  • This topic is locked This topic is locked
3 replies to this topic

#1 splinn

splinn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 31 August 2010 - 02:43 PM

Windows XP Home Edition (SP3)

Computer became extremely slow as of late, I've checked the Task Manager and it looked like wuauclt.exe process was eating up the most memory (even though CPU was pretty low, computer was very slow to react). After checking couple of sites out there Iíve disabled Automatic Update via Control Panel and killed the wuauclt process (which was actually running after Auto Update was disabled).
Things tried so far:
- Turned Windows Auto Update off via C/panel.

- Start>Search>wuauclt revealed several wuauclt related files. Iíve renamed wuauclt1 to wuauclt1_whatsthis and it instantly created 2 more files.
Please see attached screenshot for file names and location.


- Ran few different programs including ccleaner, eset, security task manager without any notable result.
- Found these forums and went through steps 1-7 of the Preparation Guide. Getting stuck on step 8. GMER seems to put CPU at 100% causing me to manually reboot the system.

CODE
DDS (Ver_10-03-17.01) - NTFSx86  
Run by Compaq_Owner at 11:00:08.34 on Tue 08/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.446.69 [GMT -7:00]

AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated)   {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ParaWin XP\pwic.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Compaq_Owner.STATION1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [pwindicator] c:\program files\parawin xp\pwic.exe
uRun: [Google Update] "c:\documents and settings\compaq_owner.station1\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [pwindicator] c:\program files\parawin xp\pwic.exe
StartupFolder: c:\docume~1\compaq~1.sta\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282863215812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-25 10448]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-10-19 30192]

=============== Created Last 30 ================

2010-08-31 17:57:18    0    ----a-w-    c:\documents and settings\compaq_owner.station1\defogger_reenable
2010-08-31 00:47:55    0    d-sha-r-    C:\cmdcons
2010-08-31 00:45:20    98816    ----a-w-    c:\windows\sed.exe
2010-08-31 00:45:20    77312    ----a-w-    c:\windows\MBR.exe
2010-08-31 00:45:20    256512    ----a-w-    c:\windows\PEV.exe
2010-08-31 00:45:20    161792    ----a-w-    c:\windows\SWREG.exe
2010-08-30 21:33:33    21504    ----a-w-    c:\windows\system32\hidserv.dll
2010-08-30 21:33:33    21504    ----a-w-    c:\windows\system32\dllcache\hidserv.dll
2010-08-30 21:33:09    60032    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2010-08-30 21:33:09    60032    ----a-w-    c:\windows\system32\dllcache\usbaudio.sys
2010-08-30 21:32:47    32128    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2010-08-30 21:32:47    32128    ----a-w-    c:\windows\system32\dllcache\usbccgp.sys
2010-08-30 17:37:05    0    d-----w-    c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-08-30 17:36:50    0    d-----w-    c:\program files\Security Task Manager
2010-08-27 21:29:16    421888    ----a-w-    c:\windows\system32\ac3filter.acm
2010-08-27 21:28:16    0    d-----w-    c:\program files\XP Codec Pack
2010-08-27 18:55:39    7794    ----a-w-    c:\windows\vp171b-2.cat
2010-08-27 18:55:39    7786    ----a-w-    c:\windows\g90f-3.cat
2010-08-27 18:55:39    7782    ----a-w-    c:\windows\q51-9.cat
2010-08-27 18:55:39    512    ----a-w-    c:\windows\VP171b-2.icm
2010-08-27 18:55:39    512    ----a-w-    c:\windows\Q51-9.icm
2010-08-27 18:55:39    512    ----a-w-    c:\windows\G90f-3.icm
2010-08-27 18:55:39    1224    ----a-w-    c:\windows\VP171b-2.inf
2010-08-27 18:55:39    1204    ----a-w-    c:\windows\Q51-9.inf
2010-08-27 18:55:39    1164    ----a-w-    c:\windows\G90f-3.inf
2010-08-27 17:44:26    22    --sha-w-    c:\windows\Sys3390 SettingsCollection.bin
2010-08-27 17:44:26    22    --sha-w-    c:\docume~1\compaq~1.sta\applic~1\Sys6925.Config Collection.sys
2010-08-27 17:43:43    0    d-----w-    c:\program files\jv16 PowerTools 2010
2010-08-27 17:03:51    0    d-----w-    c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-27 16:32:48    819200    ----a-w-    c:\windows\system32\xvidcore.dll
2010-08-27 16:32:48    77824    ----a-w-    c:\windows\system32\xvid.ax
2010-08-27 16:32:47    180224    ----a-w-    c:\windows\system32\xvidvfw.dll
2010-08-27 16:32:46    0    d-----w-    c:\program files\Xvid
2010-08-27 16:11:58    0    d-----w-    c:\program files\Free Window Registry Repair
2010-08-27 13:54:40    274288    ----a-w-    c:\windows\system32\mucltui.dll
2010-08-27 13:54:40    16736    ----a-w-    c:\windows\system32\mucltui.dll.mui
2010-08-27 03:04:38    0    d-----w-    c:\docume~1\alluse~1\applic~1\VirtualizedApplications
2010-08-27 00:01:02    0    d-----w-    c:\program files\ATI
2010-08-26 22:37:36    0    d-----w-    c:\docume~1\compaq~1.sta\applic~1\SoftGrid Client
2010-08-26 22:33:41    0    d-----w-    c:\documents and settings\all users\Microsoft
2010-08-26 22:33:40    0    d-----w-    c:\program files\Microsoft Application Virtualization Client
2010-08-26 22:31:15    0    d-----w-    c:\docume~1\compaq~1.sta\applic~1\TP
2010-08-26 20:01:36    0    d-----w-    c:\program files\uTorrent
2010-08-26 20:00:54    0    d-----w-    c:\docume~1\compaq~1.sta\applic~1\uTorrent
2010-08-26 01:53:51    0    d-----w-    c:\docume~1\compaq~1.sta\applic~1\Auslogics
2010-08-26 01:53:39    0    d-----w-    c:\program files\Auslogics
2010-08-25 23:05:06    0    d-----w-    c:\program files\ParaWin XP
2010-08-25 23:03:51    233472    ----a-w-    c:\program files\PakScape.exe
2010-08-25 23:03:04    0    d-----w-    c:\program files\EditPlus 3
2010-08-25 23:03:04    0    d-----w-    c:\docume~1\compaq~1.sta\applic~1\EditPlus 3
2010-08-25 22:25:10    139152    ----a-w-    c:\docume~1\compaq~1.sta\applic~1\PnkBstrK.sys
2010-08-25 22:24:45    794408    ----a-w-    c:\windows\system32\pbsvc.exe
2010-08-25 22:03:36    0    d-----w-    c:\program files\Return to Castle Wolfenstein - Game of The Year Edition
2010-08-25 20:58:40    16400    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2010-08-25 20:58:40    0    ---ha-w-    c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-25 20:58:19    16928    ------w-    c:\windows\system32\spmsgXP_2k3.dll
2010-08-25 20:57:12    10448    ----a-w-    c:\windows\system32\drivers\LBeepKE.sys
2010-08-25 20:54:56    0    d-----w-    c:\docume~1\compaq~1.sta\applic~1\Logishrd
2010-08-25 20:44:57    12160    ----a-w-    c:\windows\system32\drivers\mouhid.sys
2010-08-25 20:44:57    12160    ----a-w-    c:\windows\system32\dllcache\mouhid.sys
2010-08-25 20:44:23    10368    ----a-w-    c:\windows\system32\drivers\hidusb.sys
2010-08-25 20:44:23    10368    ----a-w-    c:\windows\system32\dllcache\hidusb.sys
2010-08-25 17:22:42    0    d-----w-    c:\program files\File Scavenger 3.2
2010-08-25 16:52:54    6200    ----a-w-    c:\windows\system32\INT13EXT.VXD
2010-08-25 16:52:51    0    d-----w-    c:\program files\PC Inspector File Recovery
2010-08-25 16:34:48    0    d-----w-    c:\program files\jZip
2010-08-25 02:43:09    138784    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-08-25 02:42:57    202008    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-08-25 02:42:43    0    d-----w-    c:\windows\system32\LogFiles
2010-08-25 02:42:42    66872    ----a-w-    c:\windows\system32\PnkBstrA.exe
2010-08-25 01:05:30    0    d-----w-    c:\program files\NCH Swift Sound
2010-08-04 18:50:36    140752    ----a-w-    c:\windows\system32\drivers\eamon.sys
2010-08-03 20:28:36    95896    ----a-w-    c:\windows\system32\drivers\epfwtdir.sys

==================== Find3M  ====================

2010-07-29 20:31:26    115008    ----a-w-    c:\windows\system32\drivers\ehdrv.sys
2010-07-27 06:30:35    8462336    ------w-    c:\windows\system32\dllcache\shell32.dll
2010-07-17 12:00:04    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35    149504    ----a-w-    c:\windows\system32\schannel.dll
2010-06-30 12:31:35    149504    ------w-    c:\windows\system32\dllcache\schannel.dll
2010-06-25 00:51:58    11077120    ------w-    c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-24 12:22:03    916480    ------w-    c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03    12800    ------w-    c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02    1210368    ------w-    c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01    611840    ----a-w-    c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01    5951488    ------w-    c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01    206848    ----a-w-    c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59    599040    ------w-    c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59    55296    ------w-    c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59    25600    ------w-    c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58    247808    ------w-    c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58    1986560    ------w-    c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58    184320    ----a-w-    c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56    743424    ------w-    c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55    387584    ------w-    c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04    1851904    ----a-w-    c:\windows\system32\win32k.sys
2010-06-23 13:44:04    1851904    ------w-    c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09    173056    ------w-    c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11    354304    ------w-    c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12    3558912    ------w-    c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00    80384    ----a-w-    c:\windows\system32\iccvid.dll
2010-06-14 14:31:20    744448    ------w-    c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45    1172480    ----a-w-    c:\windows\system32\msxml3.dll
2010-06-14 07:41:45    1172480    ----a-w-    c:\windows\system32\dllcache\msxml3.dll
2009-07-09 19:01:35    245760    --sha-w-    c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-07-09 19:01:35    32768    --sha-w-    c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009070920090710\index.dat

============= FINISH: 11:01:07.95 ===============


Any help is appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:17 AM

Posted 08 September 2010 - 03:33 PM

Hello splinn, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • MBAM log
  • RKUnHooker report
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 splinn

splinn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 08 September 2010 - 03:37 PM

Thanks for the reply. Went with the clean install.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:17 AM

Posted 08 September 2010 - 03:40 PM

Thank you for letting me know thumbup2.gif

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users