Hi all, was looking in msconfig at startup programs and came across RTHDBPL in there, it says manufacturer unknown and it’s in c:\users\suszannah\AppData\Roaming\SystemProc\lsass.exe
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Scan the c:\users\suszannah\AppData\Roaming\SystemProc\lsass.exe file with avast and if no detection, add it to the chest and submit to avast as undetected malware.
It should be in MBAM’s quarantine - you can restore it - scan with Avast. If it doesn’t detect it submit it and then get MBAM to kill it again
Would you like me to have a look to see if there is anything left ? If so
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Reg - Shell Spawning
[*]File - Lop Check
[*]File - Purity Scan
[*]Evnt - EvtViewer (last 10)
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
drivers32
%SYSTEMDRIVE%*.*
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\System32\config*.sav
%systemroot%\system32\drivers*.sys /180
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
cheers essex, as it’s a little late to get my head around that one (work tomorrow) will do OTS on saturday my next day off and post the log…once again thanks both for your help:)
Go to PROFILE then Modify Profile then Forum Profile Information then Please select your country: then Signature: and put information about your system just like my signature about your system just like my signature so that the helpers can offer pertinent advice.
In Account Related Settings select Hide email address from public to prevent scammers and spammers harvesting your aol.com email address.
Hi Polonus, nice to hear from you, hope you are keeping well, starting to get better slowly will take a look at that too Polonus
YoKenny, will set that up saturday when i am on next, using win7 on a Toshiba satellite just for reference…i should have remembered but been a long time since i have been in here…i forget things easily lol
You can either add it as an attachment here - select additional options, bottom left on the post window, browse to the file and then post — or upload to Mediafire and post the sharing link.