ok so..

I've ran through what i need to do in the read me before you post thread. And after an hour of this. It's still here. So i decided time to post and request further help. i did a forum search also. found nothing regarding the two files.
winsci.exe and
wuitgurd.exe

Recently i've noticed my computer processes randomly freeze. and task manager won't open. just the icon displays in the task bar. Tried removing these any way i know how. and they're still here.

Any suggestions or help would be great.

 

forgot to mention, im running Win XP SP1

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

alright, here is my hijackthis log.

 

Your Operating System and Internet Explorer versions are WAY out of date and represent a major security risk. After we fix your current problems, you must get updated. You need to install Service Pack 2 for security purposes.


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/

O4 - HKLM\..\Run: [CPU Temp Control] wuitgurd.exe
O4 - HKLM\..\RunServices: [CPU Temp Control] wuitgurd.exe
O4 - HKCU\..\Run: [CPU Temp Control] wuitgurd.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\WINDOWS\System32\wuitgurd.exe

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

alright. did that. heres the log.

 

Your HJT log is now clean, you must now get updated. Surf into Windows Updates and install Service Pack 2. Afterwards reboot and get all critical updates.

After you get all updates then follow all of the steps in this sticky thread on How to Protect yourself from malware!

 

Thanks for the help.

 

Your Welcome!

 

ok...so actually my problems aren't over. i was going to install the updated Internet explorer. Not that i use IE and instead use mozilla. but anyway...mozilla did that same thing it's been doing...and now my Task manager wont open again. I ran HJT. and heres the log.

 

You must update before we can continue, without this critical update you will continue to have problems.

Surf into windows updates and install Service Pack 2. After you install, reboot and attach a fresh HJT log.

 

I cant exactly install SP2 to my knowledge. Since the cdkey im using isn't a legit one

 

There has gotta be a way to remove the winsci.exe without upgrading to sp2 :/

 

Yes it is but it will come right back without having protection. Without SP2 your completely open for any infection while on the internet.

Its very critical you install SP2.

 

well why dont you just tell me how to get rid of it cause there is no way i can currently upgrade to sp2. i just tried.

 

You're missing bj's point here...

You asked for help and bj gave it...your log came back clean after following his instructions and he told you "you must get updated" and that you should also follow the instructions in the How To Protect Yourself From Malware thread. Without updating to SP2 the problem you are having will keep returning because you haven't installed the operating system security fixes.

If you have a legit earlier version of Windows you can purchase an upgrade to XP, otherwise you will need to purchase the full version.

 

ok. well either way i've now got sp2. took a while and a lot of looking. but i have SP2 installed. So now i assume they wont come back once they're removed. right?

 

Here is my current log. I have Task manager open. Cause i fear if i close it. Well. it isnt gonna open again. lol sigh.

also. i dont know if it matters or not. but i changed my keyboard to a logitech one and updated teh mouse and keyboard drivers. just figured i'd mention it.

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

O4 - HKLM\..\Run: [CPU Temp Control] wuitgurd.exe
O4 - HKLM\..\RunServices: [System Updates] winsci.exe
O4 - HKLM\..\RunServices: [CPU Temp Control] wuitgurd.exe
O4 - HKCU\..\Run: [CPU Temp Control] wuitgurd.exe
O4 - HKCU\..\RunServices: [System Updates] winsci.exe

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

Make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

winsci.exe <-- Search for this file and delete when found!

wuitgurd.exe <-- Search for this file and delete when found!

NEXT:
Run CCleaner to clean up cookies and temp files.

Since you now have SP2, go ahead and run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

K. heres the new log

 

Your HJT log is clean, you must now follow the steps in this thread on How to Protect yourself from malware!

Are you having any further problems?

 

not that i see. thanks

 

Your Welcome!

Surf Safely!