Windows 7 Malware Problem - with logs

Hi I have started to clean my Windows 7 Laptop and have done a number of scans. Malwarebites says I have PUP.Bundle.Installer.DW, which I removed. This malware has deleted or made a number of my software items unuseable. I believe this has been a problem since some time in the spring of 2013 (maybe April 2013). I am sorry I cannot recall what may have triggered the infection. I am generally cautious in where I visit and I run an adblock extension on Firefox. I rarely used IE and also rarely used Chrome.

I followed the intstructions in read and run me to the best of my ability but did make a few errors in that regard.

I use Firefox and originally (yesterday) downloaded RogueKiller, MalwareBites, TDSSKiller and HitmanPro to my temp file, from which I then saved them to my desktop, saving MalwareBites as mb.exe, as instructed.

I ran RogueKiller and mistakenly tried to fix some problems as prompted by the software. This quarrantined a number of items. I later re-ran RogueKiller (apologies as I realise I was not meant to re-run scans) and found about 5 or so problems, which I did not quarantine. I then ran RogueKiller today and found different items (that is items in addition to those found on my second RogueKiller scan).

I will need to add two posts to attach all my scan logs.

This morning I downloaded ADWCleaner and tried to use it (also I know and apologise, contrary to instructions). I got an error message -- that basically said ADW does not exist on my computer.

I had no problems installing and running TDSS, HitmanPro or MalwareBites but did have problems with installation on MGTools. I disabled my AV (McAfee) and MalwareBites and still had problems because I had not disabled the Firefox McAfee extension. So after turning off UAC and rebooting, and properly turning off McAfee firewall and scanning etc. I was able to install MalwareBites and run the GetLogs Bat file as an Administrator. This generated a number of logs (as expected) but just before the end of the log-generating I got an error message saying essentially that the software did not exist on my computer (i'm sorry I cannot remember the exact error message).

Here are my logs, I cannot seem to locate the TDSS report. I am attaching the rest of my RKreports in my next post.

Thanks very much in advance.

Jessica

 

I re-ran Hitman and deleted the cookie listed (had actually deleted all the earlier PUPs when they showed up during the first scan). My newest Hitman log is attached. I have not deleted the Microsoft file, etilqs_GL9utbmvPgEB0y7, because it is published by Microsoft (and its not listed as a PUP). Is this something I should delete?

My system is running much better/faster than it was before the original Hitman scan; this morning I noticed a number of temp word files saved on my desktop, which i think is a good thing as I used to have temp word files show up on the desktop all the time (before the infection).

Many, many of my programs no longer exist or are showing up with error messages when I try to open them (for instance, I get an instruction at 0x67c20a46 refernced memory at 0x0000000 memory reading error when I try to open Windows Media Player).

Also when I log off the computer if a program is not responding my system fails to shut down after a soft boot, I have to hard boot it. Windows update wants to do updates but these fail to happen.

I am wondering about the files that RogueKiller is still finding. My most recent scan log is also attached as is a new scan of TDSS which I re-ran yesterday.

Thanks for your help so far. I appreciate it.

 

Thanks again, answers below.

>>Word files, that you did not create? What are the exact names of the files?

Not sure if I created these: desktop.ini; desktop.ini (non-word temp files)

definitely did create these Word temp files: ~$00A_Laurie_Appeal_16nov2013.docx; ~$eliminary_Bibliography_Coleridge_11dec2011_3.docx; ~$glish507A_Pragmatic_Markers_Can.docx; ~$glish530A_Can.docx; ~$glish530A_Can_1nov.docx; ~$r_Harry_Hotspur.rtf;

not sure if I created these Word temp files: ~WRL0003.tmp; ~WRL1513.tmp; ~WRL3661.tmp; ~WRL3661.tmp;

I do have Word set to save backup files.

Word did give an error message today while Firefox was running online tv. The thing that was weird is that at the time Word was not open. My roomate closed the error message without noting what it said. (Perhaps this is also a software forum topic). System somewhat slow today. I still have UCI at never notify.

>> This is topic for the software forum.
Thanks I will follow up on that there.