avast says infected Windows\SysWOW64\rundll32.exe

H

Helgi88

New Member
Thread author
Dec 25, 2016
2
Avast always poping up about infection in wow64/rundll32.exe and the computer is running slow. I havent taken any steps to remove it since it is a rundll32 file and i dont want to harm my system. But it seems that avast can not remove the infection.
 

Attachments

  • FRST.txt
    65.5 KB · Views: 1
  • Addition.txt
    38.9 KB · Views: 1
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.



adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 
H

Helgi88

New Member
Thread author
Dec 25, 2016
2
# AdwCleaner v6.041 - Logfile created 25/12/2016 at 22:48:02
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-23.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Ingolfur - INGOLFUR-PC
# Running from : C:\Users\Ingolfur\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: hola_svc
[-] Service deleted: hola_updater


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\saver box
[-] Folder deleted: C:\Users\Ingolfur\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Ingolfur\AppData\Roaming\Bonanza
[-] Folder deleted: C:\Users\Ingolfur\AppData\Roaming\Hola
[-] Folder deleted: C:\Users\Ingolfur\AppData\Roaming\UpdateBonanza
[-] Folder deleted: C:\Program Files\Hola
[-] Folder deleted: C:\ProgramData\SecTaskMan
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SecTaskMan
[-] Folder deleted: C:\Program Files (x86)\ShoppingChip
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
[-] Folder deleted: C:\Users\Ingolfur\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo


***** [ Files ] *****

[-] File deleted: C:\Windows\SysWOW64\ComputerUpdaterLM.ocx
[-] File deleted: C:\Windows\SysWOW64\CUUpdateComponent.ocx
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: Update Bonanza


***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ComputerUpdater Service
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ComputerUpdater Service
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wpm
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wpm
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKU\.DEFAULT\Software\Hola
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\Bitberry
[-] Key deleted: HKU\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\FileTypeAssistant
[-] Key deleted: HKU\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\ForumerIT
[-] Key deleted: HKU\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\Hola
[-] Key deleted: HKU\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\firefox free download packages
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\AskPartnerNetwork
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\BrowseSmart
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\mysearchdial
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\SweetIM
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Hola
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\Bitberry
[#] Key deleted on reboot: HKCU\Software\FileTypeAssistant
[#] Key deleted on reboot: HKCU\Software\ForumerIT
[#] Key deleted on reboot: HKCU\Software\Hola
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\couponsupport
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\firefox free download packages
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\AskPartnerNetwork
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\BrowseSmart
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\mysearchdial
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1887384922-2650132235-3957123264-1000\Software\SweetIM
[#] Key deleted on reboot: [x64] HKCU\Software\Bitberry
[#] Key deleted on reboot: [x64] HKCU\Software\FileTypeAssistant
[#] Key deleted on reboot: [x64] HKCU\Software\ForumerIT
[#] Key deleted on reboot: [x64] HKCU\Software\Hola
[-] Key deleted: [x64] HKLM\SOFTWARE\Hola
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\firefox free download packages
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hola
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [hola]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo


***** [ Web browsers ] *****

[-] [C:\Users\Ingolfur\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: npdicihegicnhaangkdmcgbjceoemeoo


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [10682 Bytes] - [25/12/2016 22:48:02]
C:\AdwCleaner\AdwCleaner[R0].txt - [21908 Bytes] - [13/07/2014 20:31:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [22574 Bytes] - [13/07/2014 20:35:19]
C:\AdwCleaner\AdwCleaner[S1].txt - [10629 Bytes] - [25/12/2016 22:47:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10978 Bytes] ##########
 

Attachments

  • 2016.12.25-14.25.11-i0-t92-d5.txt
    2.9 KB · Views: 3

Similar threads

A
    • Like
  • Locked
Any good reason for rundll32.exe to try and access the internet?
Replies
5
Views
1,363
Windows Malware Removal Help & Support
nasdaq
nasdaq
tanner_doriano
  • Locked
No Reply PC Infected with Persistent Malware Downloading Files Hourly
Replies
7
Views
356
Windows Malware Removal Help & Support
icotonev
icotonev
X195
    • Like
Serious Discussion Windows Firewall Control block rule for a specific .exe is not (fully) taking affect // source of rundll32 outbound traffic
Replies
4
Views
494
Malwarebytes
X195
X195

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top