Pending UI0Detect.exe Keeps Popping up a lot

Discussion in 'Virus, Spyware and Malware Removal' started by Lord Baylish, Jul 10, 2012.

Recommended: Click here to Fix Errors and Optimize Windows

  1. Lord Baylish Bronze Member

    Bronze
    Message Count:
    8
    Likes Received:
    0
    My System
    Loading...
    I don't mean to hijack this thread, but I have the same problem and would appreciate some help. I've done research and can't find any solution online. I've already full scanned twice on MBAM and even my TuneUp program couldn't find anything wrong. Using MBAM to clean helped remove the problem for a few hours, just to start over again the next day. Please help, I can't take it anymore.
    Here is my recent MBAM log if needed.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    A
    Database version: v2012.07.05.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    raoul :: RAOUL-COMP [administrator]

    09/07/2012 2:22:33 PM
    mbam-log-2012-07-09 (14-22-33).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 451457
    Time elapsed: 3 hour(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Lord Baylish, Jul 10, 2012
    #1

  2. Crush Administrator & Security Team Leader

    Manager
    PCHF Staff
    Message Count:
    39,901
    Likes Received:
    3,660
    My System
    Loading...
    Hi,

    I have moved your post to a new thread. Please complete the Prework (a link for which can be found in my signature below) and attach the 3 resulting logs
    Crush, Jul 10, 2012
    #2

  3. Lord Baylish Bronze Member

    Bronze
    Message Count:
    8
    Likes Received:
    0
    My System
    Loading...
    Thanks. Here are the 3 logs:

    Attached Files:

    Lord Baylish, Jul 10, 2012
    #3

  4. Google Advertisement

  5. Crush Administrator & Security Team Leader

    Manager
    PCHF Staff
    Message Count:
    39,901
    Likes Received:
    3,660
    My System
    Loading...
    Do you have the MBAM log where the detection was picked up?
    Crush, Jul 10, 2012
    #4

  6. Lord Baylish Bronze Member

    Bronze
    Message Count:
    8
    Likes Received:
    0
    My System
    Loading...
    Yes. But I deleted all the infected files already. Here it is:

    PS it picked up an infection the first time i used mbam

    Attached Files:

    Lord Baylish, Jul 10, 2012
    #5

  7. Crush Administrator & Security Team Leader

    Manager
    PCHF Staff
    Message Count:
    39,901
    Likes Received:
    3,660
    My System
    Loading...
    Hmm. It doesn't seem like the file is there. When does the popup occur
    Crush, Jul 10, 2012
    #6

  8. Lord Baylish Bronze Member

    Bronze
    Message Count:
    8
    Likes Received:
    0
    My System
    Loading...
    I know, it's frustrating. Every 2-5 minutes. Pops up in my taskbar for a milisecond, even disabling Interactive services detection all together doesn't help.
    Lord Baylish, Jul 10, 2012
    #7

  9. Crush Administrator & Security Team Leader

    Manager
    PCHF Staff
    Message Count:
    39,901
    Likes Received:
    3,660
    My System
    Loading...
    Can you do a selective startup via msconfig? Disable all startup items and see if the popup continues
    Crush, Jul 10, 2012
    #8

  10. Lord Baylish Bronze Member

    Bronze
    Message Count:
    8
    Likes Received:
    0
    My System
    Loading...
    I've disabled a few selective ones, but haven't tried disabling all at once. I'll try that.
    Lord Baylish, Jul 10, 2012
    #9

  11. Crush Administrator & Security Team Leader

    Manager
    PCHF Staff
    Message Count:
    39,901
    Likes Received:
    3,660
    My System
    Loading...
    :mrgreen:
    Crush, Jul 10, 2012
    #10

  12. Lord Baylish Bronze Member

    Bronze
    Message Count:
    8
    Likes Received:
    0
    My System
    Loading...
    It's still popping up; however, it seems less frequent now.
    Lord Baylish, Jul 11, 2012
    #11

  13. Lord Baylish Bronze Member

    Bronze
    Message Count:
    8
    Likes Received:
    0
    My System
    Loading...
    Any ideas? Because I'm all out :(
    Lord Baylish, Jul 12, 2012
    #12

  14. Crush Administrator & Security Team Leader

    Manager
    PCHF Staff
    Message Count:
    39,901
    Likes Received:
    3,660
    My System
    Loading...
    I'm conferring with my colleagues
    Crush, Jul 12, 2012
    #13

  15. Lord Baylish Bronze Member

    Bronze
    Message Count:
    8
    Likes Received:
    0
    My System
    Loading...
    Okay cool. If it isn't a deep seeded malware than I'm completely in the dark on this one.
    Lord Baylish, Jul 14, 2012
    #14

  16. Crush Administrator & Security Team Leader

    Manager
    PCHF Staff
    Message Count:
    39,901
    Likes Received:
    3,660
    My System
    Loading...
    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    Link 3

    When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


    Refer to this image:

    To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click PCHelpForum.exe to run it.

      You will see the following image:
    [IMG]

    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:

    [IMG]

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.

    [IMG]

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Crush, Jul 15, 2012
    #15

UI0Detect.exe Keeps Popping up a lot

Recommended: Click here to Fix Errors and Optimize Windows