80000000.@ and 800000cb.@ recurring alerts

[gy91]

Hi,

Every few minutes an Avast alert appears stating Malware detected.

They are all either 80000000.@ or 800000cb.@

Infection: Win32:Malware-gen
Process: C:\Windows\System32\services.exe

I have ran a Malwarebytes scan which found several objects but the alerts continue to appear.

All help greatly appreciated.

Many thanks,

Matt

EDIT: I've attached Malwarebytes, OTL and aswMBR logs.

[Pondus]

malware remover is notified: It may take sveral hours before one arrive so be patient

[magna86]

Hello 



Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]

:files
C:\Windows\Installer\{ecaa638c-8948-8b51-4f49-d593f166684c}
C:\Users\Matt\AppData\Local\{ecaa638c-8948-8b51-4f49-d593f166684c}

:Commands
[emptytemp]

:OTL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
O4:[b]64bit:[/b] - HKLM..\Run: [setlw] C:\Users\Matt\AppData\Roaming\setlw.dll (DT Soft Ltd)
O4:[b]64bit:[/b] - HKLM..\Run: [uiplo] C:\Users\Matt\AppData\Roaming\uiplo.dll (C-Media Electronics Inc.)


• Then click the Run Fix button at the top.
  
• Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

**************************************


> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Attach log reports ( ComboFix.txt) back to topic.

[gy91]

Thank you.

Please find attached the OTL and ComboFix logs.

Matt

[magna86]

Ok, re-run OTL and click on QuickScan.
Attach here fresh OTL.txt

[gy91]

Fresh OTL log attached.

Matt

[magna86]

It is necessary to uninstall Combofix


Start >> Run

Code: [Select]

Combofix /Uninstall
Enter

*************************

Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]

:otl
O4:[b]64bit:[/b] - HKLM..\Run: [setlw] rundll32.exe "C:\Users\Matt\AppData\Roaming\setlw.dll",CreateTableColumnIndex File not found
O4:[b]64bit:[/b] - HKLM..\Run: [uiplo] "C:\Windows\System32\rundll32.exe" "C:\Users\Matt\AppData\Roaming\uiplo.dll",LoadSurfaceFromResourceW File not found


• Then click the Run Fix button at the top.
  
• Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport.

I dont need logreport.
Just re-run OTL and click on CleanUp! button.


that's all 

[gy91]

Many thanks.

ComboFix uninstalled successfully.

However when I ran OTL it did not ask to reboot after I clicked Run Fix.

I rebooted anyway and clicked Cleanup but I am getting 2 dialogue boxes on every startup.

First one:

RunDLL
There was a problem starting
C:\Users\Matt\AppData\Roaming\setlw.dll

The specified module could not be found.

and the other one:

RunDLL
There was a problem starting
C:\Users\Matt\AppData\Roaming\uiplo.dll

The specified module could not be found.

[magna86]

    * Open Notepad by click start

    * Type notepad into the box and click enter
    * Notepad will open
    * Copy and Paste everything from the Code box into Notepad:

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"setlw"=-
"uiplo"=-



NOTE: Make sure there are NO blank lines before Windows Registry Editor Version 5.00
NOTE: Make sure there IS one blank line at the end of the file.

    * Go to File > Save As
    * Save File name as Fix.reg
    * Change Save as Type to All Files and save the file to your desktop
    * Close Notepad, and double-click Fix.reg on your Desktop
    * When it asks if you want to merge the info to the registry, hit YES/OK
      Reboot computers





 Better? 

[gy91]

All sorted. 

Thanks very much for your help!

Matt

[magna86]

np 
I'm glad that I helped.

[The_Scrupulous_1]

I'm having the same problem as gy91.
I do have Malwarebytes but i dont have OTL or aswMBR

I was just wondering if you could help me fix this problem as well.

[magna86]

@The_Scrupulous_1
Open new topic