Rundll32 problem

[ladaloop]

Lots of extra programs start up, eating up all of my computer's CPU

 

[argus]

Helllo,

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

[ladaloop]

See attached

 

[argus]

Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[ladaloop]

Attached

 

[argus]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[ladaloop]

I did this, restarted my computer, and now by screen is black. I can still start programs through the Task Manager, but don't have a screen (I think maybe problem with explorer.exe?)

 

[argus]

you can run a system restore?

 

[ladaloop]

Not sure how to do that (can I open that program with a file location?)

 

[argus]

Click start and copy system restore in search
Click System Restore

 

[ladaloop]

I don't have a start button...my screen is black once I log in

 

[argus]

You can download the file from the Internet?

 

[argus]

Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

• Plug the flashdrive into the infected PC.
• Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
• Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
• In the Choose Recovery Tool menu select Command Prompt.
• You will see a big black window with a blinking cursor (command prompt).
  
  
  
  
  
  Access the notepad and identify your USB drive
  
  In the Command Prompt please type in:
  

  notepad

  and press Enter.
• When the notepad opens, go to File menu.
• Select Open.
• Go to Computer and search there for your USB drive letter.
• Note down the letter and close the notepad.
  
  
  
  Once back in the command prompt window, please do the following:
• Type in e:\frst64.exe and press Enter.
  You need to replace e with the letter of your USB drive taken from notepad!
• FRST will start to run. Give him a minute or so to load itself.
• Click Yes to Disclaimer.
• Copy explorer.exe into the Search: field in FRST then click the Search Files button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

 

[ladaloop]

So I was able to do a system recovery. The problem/slowness came back, so I ran Malwarebytes again. Here is the latest report.

 

[argus]

where?

 

[ladaloop]

Sorry, I'll try again.

 

[argus]

Yes, there is Poweliks

Do you want fix for FRST?

 

[ladaloop]

So what should I do next?

 

[argus]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[argus]

Don't worry, here was a mistake

HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-05-26] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-05-26] (Microsoft Corporation) <==== ATTENTION

FRST bug