HELP - Four Rundll32.exe and 10 Chrome pages open on processes and 63 processes

[sunny1]

Hi guys this is my first post on the malwarebytes forum

This may not be the best place to post it, but I need some help.

I have 10 chrome pages open on 'Processes' in Task manager, even though I only have one Chrome window open, what's going on?

Also there is four rundll32.exe open in processes, one of them which isn't a windows host process.

Lastly it says I have 63 processes.... when I have around 20..

What is going on?

My laptop has been sluggish for the last day or two, I rebooted in safe mode.. downloaded malware bytes and it detected one thing which was RiskWare.Tool.HCK apparently a keygen which patches a program from being detected, but that has been quarantined and the file deleted. Scanned again using Malwarebytes and there was nothing detected

Also scanned using Avast antivirus and it came up with nothing.

CPU and Memory has been jumping around a little.

Images included

Specs:

Dell inspiron 1520

3gb ram

Intel Core Duo T5450 1.66 ghz processor

Windows 7 32 bit

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[sunny1]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

The DDS wont work

black box opens but no log is made ...

and then crashes

Have turned antivirus and internet off

[MrCharlie]

Can you run RogueKiller?????? MrC

[sunny1]

Can you run RogueKiller?????? MrC

Yep it worked.

Report Included.

RKreport1.txt

[MrCharlie]

That's clean, see if you can do this......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

---------------------------------------

If not..........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (it can be run in safe mode if needed)

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[sunny1]

OTL.TxtExtras.TxtExtras.Txt

That's clean, see if you can do this...... Please download OTL from one of the links below: http://oldtimer.geekstogo.com/OTL.exe http://oldtimer.geekstogo.com/OTL.com (<---renamed version) Save it to your desktop. Double click on the icon on your desktop. Click the Scan All Users checkbox. Push the Quick Scan button. The scan will take about 10 minutes...depends on your hard drive size. Two reports will open, copy and paste them in a reply here: (or attach them as .txt files) OTL.txt <-- Will be opened Extra.txt <-- Will be minimized --------------------------------------- If not.......... Please make sure system restore is running and create a new restore point before continuing. XP <===> Vista & W7 XP users > please back up the registry using ERUNT. ----------------------------------------- Please download and run TDSSKiller to your desktop as outlined below: Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (it can be run in safe mode if needed) For Windows XP, double-click to start. For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. ------------------------- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK. ------------------------ Click the Start Scan button. ----------------------- If a suspicious object is detected, the default action will be Skip, click on Continue If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose Skip and click on Continue ---------------------- If malicious objects are found, they will show in the Scan results and offer three (3) options. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. -------------------- A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply. Sometimes these logs can be very large, in that case please attach it or zip it up and attach it. ------------------- Here's a summary of what to do if you would like to print it out: If a suspicious object is detected, the default action will be Skip, click on Continue If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose Skip and click on Continue If malicious objects are found, they will show in the Scan results and offer three (3) options. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. MrC

Will run the last so called TDDS killer

[sunny1]

TDSSKiller.2.7.46.0_21.07.2012_16.24.12_log.txt

Didnt say 'reboot' at the end of the scan but had 4 threats

[MrCharlie]

Those files are OK, no action needed.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[sunny1]

How are we doing??

Do you still need help or can I close this post??

MrC

Hi sorry about the delay, combofix last night didn't work... turned off all antivirus programs. Left it for nearly an hour, when I got back it was still on the page ''could take 10 minutes, may easily double for infected comeputers'' - something like that..

mouse was frozen and pc was not working.

had to reboot.

tried again and the same happened.

[MrCharlie]

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[Maurice Naggar]

Re-opened per member request.

[sunny1]

Charlie I tried it in safe mode, same thing happened... no report made. The blue box just stayed open and crashed after a while..

[sunny1]

Any other programs?

[MrCharlie]

OK, hang on and I'll get back to you tomorrow, MrC

[MrCharlie]

Sorry for the delay.......

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!