Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Need help removing various malware

  1. #1
    Junior Member
    Join Date
    Mar 2014
    Posts
    12

    Default Need help removing various malware

    Have been infected with various malware, including Jollywallet, spyhunter and maybe others.

    Here is DDS file, don't seem to be able to zip the Attach file so let me know what to do with this.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.25.2
    Run by Barnen at 12:48:38 on 2014-03-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.1303 [GMT -5:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Users\Barnen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\Barnen\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Personal\bin\Personal.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\GoZone\GoZone_iSync.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\PROGRA~2\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\Barnen\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Users\Barnen\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Barnen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com
    uSearch Bar = hxxp://www.bing.com
    mWinlogon: Userinit = userinit.exe,
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Spotify Web Helper] "C:\Users\Barnen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [Google Update] "C:\Users\Barnen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe "C:\Program Files (x86)\HP\HP UT\"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\Users\Barnen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Barnen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.0.1 205.171.2.25
    TCP: Interfaces\{4C6D152D-CC5B-49B4-ADF6-19201C085B5D} : DHCPNameServer = 192.168.0.1 205.171.2.25
    TCP: Interfaces\{4C6D152D-CC5B-49B4-ADF6-19201C085B5D}\3456E647572797C496E6B613731393 : DHCPNameServer = 192.168.0.1 205.171.2.25
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= c:\progra~3\winfil~1\winfil~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: RemovEEAdsTube: {3E3AB388-4FE1-9D51-3DE6-10CC3E4542EA} -
    x64-BHO: DiigiSaver: {6BED37A9-4FD6-45E9-163F-12632B580357} -
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: EnjuoyCouopoen: {B4773300-8B80-1396-9DFB-4C21F1B93B53} -
    x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-18 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-18 207904]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 647080]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-10-13 284648]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-11-24 55856]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-2-13 1038072]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-2-13 421704]
    R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-10-13 75808]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-2-13 78648]
    R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-8 80184]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-10-13 65264]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-11-24 317440]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
    R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-15 25928]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-13 229528]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-10-13 481768]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-13 100912]
    .
    =============== Created Last 30 ================
    .
    2014-03-16 17:30:28 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
    2014-03-16 17:30:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2014-03-16 17:30:14 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-03-16 16:30:21 -------- d-----w- C:\Windows\ERUNT
    2014-03-16 13:40:46 -------- d-----w- C:\Users\Barnen\AppData\Roaming\AVG2014
    2014-03-16 13:39:15 -------- d-----w- C:\Users\Barnen\AppData\Roaming\TuneUp Software
    2014-03-16 13:37:26 -------- d--h--w- C:\$AVG
    2014-03-16 13:37:25 -------- d-----w- C:\ProgramData\AVG2014
    2014-03-16 13:36:38 -------- d-----w- C:\Program Files (x86)\AVG
    2014-03-16 13:33:36 -------- d-----w- C:\Users\Barnen\AppData\Local\MFAData
    2014-03-16 13:33:36 -------- d-----w- C:\Users\Barnen\AppData\Local\Avg2014
    2014-03-16 13:33:36 -------- d-----w- C:\ProgramData\MFAData
    2014-03-16 02:27:13 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-03-16 02:25:59 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2014-03-15 22:36:15 -------- d-----w- C:\Users\Barnen\AppData\Roaming\Malwarebytes
    2014-03-15 22:36:11 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-03-15 22:36:10 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-03-15 22:36:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-03-15 22:27:18 -------- d-----w- C:\AdwCleaner
    2014-03-15 06:04:46 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-03-15 06:04:45 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-03-15 06:04:44 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-03-15 06:04:44 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-03-15 03:50:30 5777288 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2014-03-15 02:29:07 -------- d-----w- C:\Program Files\My Dell
    2014-03-03 14:35:22 -------- d-----w- C:\Users\Barnen\AppData\Local\Skype
    2014-02-28 05:40:48 -------- d-----w- C:\Users\Barnen\AppData\Local\Packages
    2014-02-26 09:03:00 -------- d-----w- C:\Windows\Migration
    .
    ==================== Find3M ====================
    .
    2014-03-15 03:50:43 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-15 03:50:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-15 02:32:29 80184 ----a-w- C:\Windows\System32\drivers\aswstm.sys
    2014-03-15 02:32:29 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-03-15 02:32:29 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-03-15 02:32:27 43152 ----a-w- C:\Windows\avastSS.scr
    2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    2014-01-09 03:36:18 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    .
    ============= FINISH: 12:50:22.98 ===============

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi ankideverdier,

    I see you have Malwarebytes. Have you run it recently? The free version must be updated before a scan. Only need 1 active AV per machine, you have three. More is not better in this case. I would remove two of them one by one via the add/remove programs panel.

    Please download AdwCleaner to your desktop.
    Double click on AdwCleaner.exe, select OK, then Run. Accept Terms of Use
    Click on SCAN. Once the scan completes, click the Clean button.
    Machine will reboot and on restart will display a log file that you can copy/paste in your reply.
    A logfile will automatically open after the scan has finished
    You can also find the logfile at C:\AdwCleaner[R1].txt as well.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Mar 2014
    Posts
    12

    Default Will try

    OK, will download AdwCleaner and give it a go later this evening. Could only find one instance of Malwarebytes in my program list so not quite sure how to deal with this duplication? I ran a Malwarebytes scan last night and it did not find any issues, although I'm still clearly infected with Jollywallet and other stuff that pops up regularly. Will try to update and run another one tonight. Thanks!





    Quote Originally Posted by shelf life View Post
    hi ankideverdier,

    I see you have Malwarebytes. Have you run it recently? The free version must be updated before a scan. Only need 1 active AV per machine, you have three. More is not better in this case. I would remove two of them one by one via the add/remove programs panel.

    Please download AdwCleaner to your desktop.
    Double click on AdwCleaner.exe, select OK, then Run. Accept Terms of Use
    Click on SCAN. Once the scan completes, click the Clean button.
    Machine will reboot and on restart will display a log file that you can copy/paste in your reply.
    A logfile will automatically open after the scan has finished
    You can also find the logfile at C:\AdwCleaner[R1].txt as well.

  4. #4
    Junior Member
    Join Date
    Mar 2014
    Posts
    12

    Default Still getting lots of spurious websites popping up, plus Skype not working....

    I have run Adwcleaner and also a scan with Malwarebytes however still getting lots of unwanted websites popping up. I have also found that Skype is not working, not sure if this is linked or I've managed to mess something up while trying to fix the PC!

    Attaching the Attach.txt file in case that's of any use.
    Attached Files Attached Files

  5. #5
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Ok. can you post the Adwcleaner log?
    Once it runs you can find the logfile at C:\AdwCleaner[R1].txt.
    Did you unload two of those AV?
    You can also run JRT.exe. Once I get the adwcleaner log and the JRT log we can dig a little deeper if needed.

    Please download Junkware Removal JRT.exe to your desktop.

    Double click the icon or Right click for Vista/W7,8 and select Run as admin.
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message
    How Can I Reduce My Risk?

  6. #6
    Junior Member
    Join Date
    Mar 2014
    Posts
    12

    Default

    Hello again and thanks for helping! Progress a bit slow but have attached the logs from adwcleaner and jrt.

    I could only find one instance of Malwarebytes in the Control Panel/Program and Features list, but did delete a couple of copies in the download area (is this what you were thinking, not sure I fixed the right problem?).
    Attached Files Attached Files

  7. #7
    Junior Member
    Join Date
    Mar 2014
    Posts
    12

    Default

    Not sure if the adwcleaner log was truly attached, trying again.
    Attached Files Attached Files

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Not much there in the adwcleaner and JRT logs. Forgot to add this one last time. Its another tool you can run:


    Download RogueKiller
    Close all programs that you may have started.
    Please disconnect any USB or external drives from the computer before you run this scan!
    For Vista or Windows 7, right-click and select "Run as Administrator to start"
    Wait until Prescan has finished running
    Then Click on the "Scan" button
    Wait until the Status box shows "Scan Finished"
    click on "delete"
    Wait until the Status box shows "Deleting Finished"
    Click on "Report" and copy/paste the content of the Notepad into your next reply.
    The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller

    I could only find one instance of Malwarebytes in the Control Panel/Program and Features list, but did delete a couple of copies in the download area (is this what you were thinking, not sure I fixed the right problem?).
    If you are referring to to what I said here:
    I see you have Malwarebytes. Have you run it recently? The free version must be updated before a scan.
    Only need 1 active AV per machine, you have three. More is not better in this case. I would remove two of them one by one via the add/remove programs panel.
    I was saying that you have 3 antivirus apps installed on your machine: AVG, Mcafee and Avast. Only need 1 active antivirus per machine. You can have as many as you want but you only want one thats active and running, not three running at the same time.
    You should remove two of them, one by one via the add/remove programs panel. If you paid for Mcafee then you might want to keep that one.

    Post the Rougekiller log and we will go from there. Is the popup situation any better after you used adwcleaner and JRT?
    How Can I Reduce My Risk?

  9. #9
    Junior Member
    Join Date
    Mar 2014
    Posts
    12

    Default

    First, sorry about confusion on anti-virus programs, will remove a couple of them. Have not paid for McAfee so removed this and AVG. Prior to running Roguekiller not much difference on websites popping up (most recently lots of Norton anti-virus promotion) and smaller pop-ups within web-pages. Will reboot and do some testing now.

    Here is the result from Roguekiller:

    RogueKiller V8.8.12 [Mar 20 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Barnen [Admin rights]
    Mode : Remove -- Date : 03/20/2014 21:46:41
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\Barnen\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=4a27ee1fb16647d094fc2104e41956d2-072b5dadb58134e54d2149248f1cd52127e0d262 /CMPID=0214c [x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-2474308540-2300480683-3314301382-1001\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\Barnen\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=4a27ee1fb16647d094fc2104e41956d2-072b5dadb58134e54d2149248f1cd52127e0d262 /CMPID=0214c [x][x]) -> [0x2] The system cannot find the file specified.
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][ROGUE ST] 4779 : wscript.exe - C:\Users\Barnen\AppData\Local\Temp\launchie.vbs //B -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-753CA1 ATA Device +++++
    --- User ---
    [MBR] 6c8af97fa42b261457613bba18e60e7e
    [BSP] 64fb9cadb047dc19ee1f5bb3a9f793d0 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15166 MB
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31141888 | Size: 461733 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
    Error reading User MBR! ([0x15] The device is not ready. )
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    Finished : << RKreport[0]_D_03202014_214641.txt >>
    RKreport[0]_S_03202014_214623.txt

  10. #10
    Junior Member
    Join Date
    Mar 2014
    Posts
    12

    Default

    Have rebooted and still getting both small pop-ups within web pages and unwanted pages starting up. Only good news is Skype is back up and running!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •