Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Advanced System Protector & Others


  • Please log in to reply
11 replies to this topic

#1 mikemctx

mikemctx

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 30 January 2014 - 02:37 PM

I have a Dell Laptop running Win 7 that has been giving the blue screen of death.  After looking at it this morning some new "programs" appeared on the desktop including Advanced System Protector, MyPC Backup, RegClean Pro, MyPC Backup, and Sync Folder. 

 

Messages on the screen include "WARNING.  Advanced System Protector has detected 96 items.  It is highly recommended to clean them immediately."  It has a "Clean Now" button which I did not press.

 

I also get the message "Reminder  Your Computer is not Backed Up.  Backup Your Files Online Today  FREE Computer Backup Available."  It has a "Backup Now" button which I did not press.

 

Pasted below is the DDS.txt file and I have attached the attach.txt file.

 

Thanks,

Mike

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by UW at 14:17:27 on 2014-01-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6050.4357 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\UW\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Users\UW\AppData\Local\WeatherAlerts\WeatherAlerts.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.irs.gov/
uDefault_Page_URL = www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\UW\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
StartupFolder: C:\Users\UW\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKTO~1.LNK - C:\Users\UW\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
StartupFolder: C:\Users\UW\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\Users\UW\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEATHE~1.LNK - C:\Users\UW\AppData\Local\WeatherAlerts\WeatherAlerts.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 65.32.5.111 65.32.5.112 192.168.0.1
TCP: Interfaces\{D24479CE-15B3-4C7A-BCE4-4C5888AFA62A} : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{E8E9F1E8-A8FE-445A-B483-A9DA03A5677B} : DHCPNameServer = 65.32.5.111 65.32.5.112 192.168.0.1
TCP: Interfaces\{E8E9F1E8-A8FE-445A-B483-A9DA03A5677B}\055414E4554535 : DHCPNameServer = 192.168.5.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 248240]
R0 nlem64nt;nlem64nt;C:\Windows\System32\drivers\nlem64nt.sys [2009-10-13 72808]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-16 55856]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-10-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-16 203776]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-1-27 36392]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-1-29 2301216]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-10-16 172704]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-10-16 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-10-16 12252192]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-16 406632]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-10-16 136000]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-10-16 406336]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/10/16 11:02:44;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-10-16 51872]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-10-16 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-10-16 201376]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-10-16 154272]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-1-22 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-10-16 158976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-10-16 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-10-16 181248]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-10-16 250984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-5 1255736]
.
=============== Created Last 30 ================
.
2014-01-30 18:50:36 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC917DCE-65BA-464C-BE54-A8B7ABC78B0D}\offreg.dll
2014-01-30 14:56:28 -------- d-----w- C:\Users\UW\AppData\Local\BrowserSafeguard
2014-01-30 14:54:21 -------- d-----w- C:\ProgramData\Systweak
2014-01-30 14:54:18 -------- d-----w- C:\Program Files (x86)\Advanced System Protector
2014-01-30 14:54:17 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2014-01-30 14:54:05 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2014-01-30 14:53:38 20312 ----a-w- C:\Windows\System32\roboot64.exe
2014-01-30 14:53:38 -------- d-----w- C:\Users\UW\AppData\Roaming\Systweak
2014-01-30 14:53:32 -------- d-----w- C:\Program Files (x86)\RegClean Pro
2014-01-30 14:53:31 -------- d-----w- C:\Users\UW\AppData\Local\Local_Weather_LLC
2014-01-30 14:53:30 -------- d-----w- C:\Users\UW\AppData\Local\Programs
2014-01-30 14:53:23 -------- d-----w- C:\Users\UW\AppData\Local\WeatherAlerts
2014-01-30 14:53:05 -------- d-----w- C:\Users\UW\AppData\Local\GreatArcadeHits
2014-01-30 14:52:30 -------- d-----w- C:\Users\UW\AppData\Local\SearchProtect
2014-01-30 14:52:30 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-01-30 14:33:13 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC917DCE-65BA-464C-BE54-A8B7ABC78B0D}\mpengine.dll
2014-01-30 14:33:09 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-01-21 14:19:44 81408 ----a-w- C:\Windows\System32\imagehlp.dll
.
==================== Find3M  ====================
.
2014-01-21 14:28:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-21 14:28:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-29 16:39:34 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-11-29 16:38:05 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-29 16:37:11 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-29 16:37:11 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 14:18:07.18 ===============
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:40 AM

Posted 30 January 2014 - 03:38 PM

:welcome:

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt
 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 


No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 mikemctx

mikemctx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 30 January 2014 - 04:34 PM

Thanks for the quick reply.

 

Here is the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by UW on Thu 01/30/2014 at 15:53:46.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack
Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\regclean pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\UW\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\UW\appdata\local\browsersafeguard"
Successfully deleted: [Folder] "C:\Users\UW\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\advanced system protector"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\regclean pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\advanced system protector"
Successfully deleted: [Folder] "C:\Users\UW\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/30/2014 at 15:57:56.36
End of JRT log

 

 

Here is the Adw Cleaner log:

 

# AdwCleaner v3.018 - Report created 30/01/2014 at 16:02:57
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : UW - UW93
# Running from : C:\Users\UW\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\UW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\UW\Desktop\MyPC Backup.lnk
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\Windows\System32\Tasks\RegClean Pro
File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

*************************

AdwCleaner[R0].txt - [1913 octets] - [30/01/2014 16:00:45]
AdwCleaner[S0].txt - [1669 octets] - [30/01/2014 16:02:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1729 octets] ##########

 

Here is the mbam log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
UW :: UW93 [administrator]

1/30/2014 4:07:41 PM
MBAM-log-2014-01-30 (16-16-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204631
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Detected: 1
C:\Users\UW\AppData\Local\WeatherAlerts\WeatherAlerts.exe (PUP.Optional.WeatherAlerts) -> 2368 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCR\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> No action taken.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> No action taken.
HKCU\SOFTWARE\SEARCHPROTECTINT (PUP.Optional.SearchProtect.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts (PUP.Optional.WeatherAlerts) -> No action taken.

Registry Values Detected: 2
HKCU\Software\Mozilla\Firefox\EXTENSIONS|{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Data: C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ -> No action taken.
HKCU\Software\SearchProtectINT|Install (PUP.Optional.SearchProtect.A) -> Data: 1 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 11
C:\Users\UW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\Local_Weather_LLC (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_qnbl450kdj2cvykvgox4ww1mussjtow0 (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_qnbl450kdj2cvykvgox4ww1mussjtow0\1.4.0.0 (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48 (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629 (PUP.Optional.WeatherAlerts) -> No action taken.

Files Detected: 72
C:\Users\UW\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\Temp\DM.exe (PUP.Optional.OutBrowse) -> No action taken.
C:\Users\UW\AppData\Local\Temp\nshC323.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\UW\AppData\Local\Temp\nsxFAE.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\UW\AppData\Local\Temp\SearchProtectINT.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\UW\AppData\Local\Temp\nsm54F5\SpSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\UW\Local Settings\Temporary Internet Files\Content.IE5\5PAYIW7K\SetupGreatArcadeHits[1].exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\Local Settings\Temporary Internet Files\Content.IE5\5PAYIW7K\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\UW\Local Settings\Temporary Internet Files\Content.IE5\UTXSII71\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\UW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Windows\Tasks\GreatArcadeHits.job (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\gahcrx.zip (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\PopupBroker.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome.manifest (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\icon.png (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\install.rdf (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\application.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\overlay.xul (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\page.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\static.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\UW\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_qnbl450kdj2cvykvgox4ww1mussjtow0\1.4.0.0\user.config (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp0.dat (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\DesktopWeatherAlertsK.dat.U.dat (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\DesktopWeatherAlertsU.dat (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\ICSharpCode.SharpZipLib.dll (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\mod.DesktopWeatherAlertsApp0.dat (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\uninstall.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\WAUpdater.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\WeatherAlerts.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\WeatherAlerts.exe.config (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.0.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.1.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.10.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.11.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.12.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.2.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.3.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.4.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.5.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.6.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.7.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.8.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130095333.48\3651.9.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.23.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.24.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.25.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.26.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.27.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.28.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.29.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.30.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.31.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.32.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.33.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.34.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.35.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.36.tmp (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\UW\AppData\Local\WeatherAlerts\0130154629\3651.37.tmp (PUP.Optional.WeatherAlerts) -> No action taken.

(end)

 

Thanks,

Mike



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:40 AM

Posted 30 January 2014 - 06:07 PM

It appears no action was taken when running Malwarebytes antimalware. You should make sure that everything is checked, and click Remove Selected.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 mikemctx

mikemctx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 30 January 2014 - 06:40 PM

Thanks for another quick response.

 

Ran Malware... again and it said no malicious items were detected.  Under Quarantine there are 96 items.  It gives me a choice of delete if I should do that.

 

Here's another Malware... log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
UW :: UW93 [administrator]

1/30/2014 6:10:40 PM
mbam-log-2014-01-30 (18-10-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204545
Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

That laptop is 64 bit so that is the version of FRST that I ran.  Here is the FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by UW (administrator) on UW93 on 30-01-2014 18:28:32
Running from C:\Users\UW\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [592240 2010-12-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irs.gov/
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112 192.168.0.1

==================== Services (Whitelisted) =================

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R0 nlem64nt; C:\Windows\System32\Drivers\nlem64nt.sys [72808 2009-10-13] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-30 18:28 - 2014-01-30 18:28 - 00005356 _____ C:\Users\UW\Desktop\FRST.txt
2014-01-30 18:28 - 2014-01-30 18:28 - 00000000 ____D C:\FRST
2014-01-30 18:28 - 2014-01-30 18:27 - 02079744 _____ (Farbar) C:\Users\UW\Desktop\FRST64.exe
2014-01-30 16:07 - 2014-01-30 16:07 - 00000000 ____D C:\Users\UW\AppData\Roaming\Malwarebytes
2014-01-30 16:06 - 2014-01-30 16:06 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-30 16:06 - 2014-01-30 16:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-30 16:06 - 2014-01-30 16:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 16:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-30 16:05 - 2014-01-30 16:02 - 00001813 _____ C:\Users\UW\Desktop\AdwCleaner[S0].txt
2014-01-30 16:00 - 2014-01-30 16:02 - 00000000 ____D C:\AdwCleaner
2014-01-30 16:00 - 2014-01-30 15:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\UW\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-30 15:57 - 2014-01-30 15:57 - 00002465 _____ C:\Users\UW\Desktop\JRT.txt
2014-01-30 15:53 - 2014-01-30 15:53 - 00000000 ____D C:\Windows\ERUNT
2014-01-30 15:53 - 2014-01-30 15:52 - 01037068 _____ (Thisisu) C:\Users\UW\Desktop\JRT.exe
2014-01-30 15:50 - 2014-01-30 15:50 - 01166132 _____ C:\Users\UW\Desktop\AdwCleaner.exe
2014-01-30 15:50 - 2014-01-30 15:50 - 00262144 _____ C:\Windows\Minidump\013014-15927-01.dmp
2014-01-30 14:18 - 2014-01-30 14:18 - 00014368 _____ C:\Users\UW\Desktop\dds.txt
2014-01-30 14:18 - 2014-01-30 14:18 - 00009063 _____ C:\Users\UW\Desktop\attach.txt
2014-01-30 14:16 - 2014-01-30 14:13 - 00688992 ____R (Swearware) C:\Users\UW\Desktop\dds.com
2014-01-30 09:54 - 2014-01-30 09:54 - 00001979 _____ C:\Users\UW\Desktop\Sync Folder.lnk
2014-01-30 09:54 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2014-01-30 09:53 - 2014-01-30 09:53 - 00000000 ____D C:\Users\UW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-01-30 09:46 - 2014-01-30 09:47 - 00262144 _____ C:\Windows\Minidump\013014-32323-01.dmp
2014-01-30 09:41 - 2014-01-30 09:42 - 00262144 _____ C:\Windows\Minidump\013014-43586-01.dmp
2014-01-30 09:38 - 2014-01-30 09:38 - 00262144 _____ C:\Windows\Minidump\013014-43602-01.dmp
2014-01-30 09:35 - 2014-01-30 09:35 - 00262144 _____ C:\Windows\Minidump\013014-44647-01.dmp
2014-01-30 09:33 - 2014-01-30 09:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2014-01-28 13:10 - 2014-01-28 13:10 - 00262144 _____ C:\Windows\Minidump\012814-19234-01.dmp
2014-01-28 11:49 - 2014-01-28 11:49 - 00262144 _____ C:\Windows\Minidump\012814-19281-01.dmp
2014-01-22 13:26 - 2014-01-22 13:26 - 00001423 _____ C:\Users\UW\Desktop\Internet Explorer.lnk
2014-01-22 13:12 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-22 13:12 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-22 13:12 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-22 13:12 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-22 13:12 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-22 13:12 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-22 13:12 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-22 13:12 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-22 13:12 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-22 13:12 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-22 13:12 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-22 13:12 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-22 13:12 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-22 13:12 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-22 13:12 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-22 13:12 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-22 13:12 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-22 13:12 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-22 13:12 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-22 13:12 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-22 13:12 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-22 13:12 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-22 13:12 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-22 13:12 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-22 13:12 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-22 13:12 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-22 13:12 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-22 13:12 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-22 13:12 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-22 13:12 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-22 13:12 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-21 09:21 - 2014-01-21 09:21 - 00000395 _____ C:\Users\Public\Desktop\TaxWise 2013 on Y Drive.lnk
2014-01-21 09:19 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-21 09:19 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-21 09:19 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-21 09:19 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-21 09:19 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-21 09:19 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-21 09:19 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-21 09:19 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-21 09:19 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-21 09:19 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-21 09:19 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-21 09:19 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-21 09:19 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-21 09:19 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-21 09:19 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-21 09:19 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-21 09:19 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-21 09:19 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-21 09:19 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-21 09:19 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-21 09:19 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-21 09:19 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-21 09:15 - 2009-01-11 16:54 - 00000400 _____ C:\Users\UW\Desktop\Reference Documents on Server.lnk

==================== One Month Modified Files and Folders =======

2014-01-30 18:28 - 2014-01-30 18:28 - 00005356 _____ C:\Users\UW\Desktop\FRST.txt
2014-01-30 18:28 - 2014-01-30 18:28 - 00000000 ____D C:\FRST
2014-01-30 18:28 - 2013-02-07 10:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 18:27 - 2014-01-30 18:28 - 02079744 _____ (Farbar) C:\Users\UW\Desktop\FRST64.exe
2014-01-30 16:28 - 2009-07-13 23:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 16:28 - 2009-07-13 23:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 16:25 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-30 16:24 - 2012-10-16 10:46 - 01199800 _____ C:\Windows\WindowsUpdate.log
2014-01-30 16:20 - 2010-11-20 22:47 - 00034180 _____ C:\Windows\PFRO.log
2014-01-30 16:20 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 16:20 - 2009-07-13 23:51 - 00045646 _____ C:\Windows\setupact.log
2014-01-30 16:19 - 2012-11-05 09:06 - 00000000 ___RD C:\Users\UW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-30 16:07 - 2014-01-30 16:07 - 00000000 ____D C:\Users\UW\AppData\Roaming\Malwarebytes
2014-01-30 16:06 - 2014-01-30 16:06 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-30 16:06 - 2014-01-30 16:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-30 16:06 - 2014-01-30 16:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 16:02 - 2014-01-30 16:05 - 00001813 _____ C:\Users\UW\Desktop\AdwCleaner[S0].txt
2014-01-30 16:02 - 2014-01-30 16:00 - 00000000 ____D C:\AdwCleaner
2014-01-30 15:57 - 2014-01-30 16:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\UW\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-30 15:57 - 2014-01-30 15:57 - 00002465 _____ C:\Users\UW\Desktop\JRT.txt
2014-01-30 15:53 - 2014-01-30 15:53 - 00000000 ____D C:\Windows\ERUNT
2014-01-30 15:52 - 2014-01-30 15:53 - 01037068 _____ (Thisisu) C:\Users\UW\Desktop\JRT.exe
2014-01-30 15:50 - 2014-01-30 15:50 - 01166132 _____ C:\Users\UW\Desktop\AdwCleaner.exe
2014-01-30 15:50 - 2014-01-30 15:50 - 00262144 _____ C:\Windows\Minidump\013014-15927-01.dmp
2014-01-30 15:50 - 2013-11-29 11:55 - 480912896 _____ C:\Windows\MEMORY.DMP
2014-01-30 15:50 - 2013-11-29 11:55 - 00000000 ____D C:\Windows\Minidump
2014-01-30 15:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2014-01-30 14:18 - 2014-01-30 14:18 - 00014368 _____ C:\Users\UW\Desktop\dds.txt
2014-01-30 14:18 - 2014-01-30 14:18 - 00009063 _____ C:\Users\UW\Desktop\attach.txt
2014-01-30 14:13 - 2014-01-30 14:16 - 00688992 ____R (Swearware) C:\Users\UW\Desktop\dds.com
2014-01-30 09:54 - 2014-01-30 09:54 - 00001979 _____ C:\Users\UW\Desktop\Sync Folder.lnk
2014-01-30 09:54 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-30 09:53 - 2014-01-30 09:53 - 00000000 ____D C:\Users\UW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-01-30 09:47 - 2014-01-30 09:46 - 00262144 _____ C:\Windows\Minidump\013014-32323-01.dmp
2014-01-30 09:47 - 2012-10-16 11:10 - 00000000 ____D C:\ProgramData\Sonic
2014-01-30 09:43 - 2012-10-16 11:13 - 00000000 ____D C:\ProgramData\Adobe
2014-01-30 09:42 - 2014-01-30 09:41 - 00262144 _____ C:\Windows\Minidump\013014-43586-01.dmp
2014-01-30 09:38 - 2014-01-30 09:38 - 00262144 _____ C:\Windows\Minidump\013014-43602-01.dmp
2014-01-30 09:35 - 2014-01-30 09:35 - 00262144 _____ C:\Windows\Minidump\013014-44647-01.dmp
2014-01-30 09:33 - 2014-01-30 09:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2014-01-30 09:33 - 2012-11-05 11:08 - 00001945 _____ C:\Windows\epplauncher.mif
2014-01-30 09:33 - 2012-11-05 11:06 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-28 13:10 - 2014-01-28 13:10 - 00262144 _____ C:\Windows\Minidump\012814-19234-01.dmp
2014-01-28 11:49 - 2014-01-28 11:49 - 00262144 _____ C:\Windows\Minidump\012814-19281-01.dmp
2014-01-22 13:26 - 2014-01-22 13:26 - 00001423 _____ C:\Users\UW\Desktop\Internet Explorer.lnk
2014-01-22 13:15 - 2009-07-13 23:45 - 00341688 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-22 13:12 - 2013-11-29 11:17 - 00000000 ____D C:\Windows\system32\MRT
2014-01-21 09:28 - 2013-02-07 10:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-21 09:28 - 2013-02-07 10:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-21 09:28 - 2013-02-07 10:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-21 09:23 - 2012-11-05 09:16 - 00083624 _____ C:\Users\UW\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-21 09:21 - 2014-01-21 09:21 - 00000395 _____ C:\Users\Public\Desktop\TaxWise 2013 on Y Drive.lnk
2014-01-21 09:21 - 2012-11-05 11:37 - 00001014 _____ C:\Windows\ODBC.INI
2014-01-21 09:21 - 2012-11-05 11:37 - 00000777 _____ C:\Windows\ODBCINST.INI
2014-01-21 09:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2014-01-21 09:13 - 2013-11-29 15:45 - 00000000 ____D C:\UTS13
2014-01-19 02:33 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-08 14:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2014-01-08 08:59 - 2013-02-27 09:40 - 00000000 ____D C:\Users\UW\AppData\Local\Microsoft Games
2014-01-06 16:20 - 2012-11-24 13:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\UW\AppData\Local\Temp\6_Offer_18.exe
C:\Users\UW\AppData\Local\Temp\BackupSetup.exe
C:\Users\UW\AppData\Local\Temp\Quarantine.exe
C:\Users\UW\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\UW\AppData\Local\Temp\System.Data.SQLite10590.dll
C:\Users\UW\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-30 15:08

==================== End Of Log ============================

 

Attached is the Addition.txt file.

 

Thanks,

Mike

Attached Files



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:40 AM

Posted 30 January 2014 - 08:16 PM

Download the enclosed file. Attached File  fixlist.txt   651bytes   3 downloads

 

Save it in the same location FRST64 is.

 

Run FRST64 and click on the Fix button. Wait until finished.

 

The tool will make a log (Fixlog.txt). Please post it to your reply.

 

How is the computer doing?
 


Edited by JSntgRvr, 30 January 2014 - 08:16 PM.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 mikemctx

mikemctx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 30 January 2014 - 09:09 PM

Thanks for another quick response.

 

Computer almost perfect, but is acting a little funny in IE11.

 

1) On right side of screen there is a 1/2 black bar.

2) Mouse position is off by 1/2 inch.  To click on a button or hyperlink I need to hover 1/2 inch to the right.

3) Some graphics don't appear correctly and I see an x

 

I've attached a screen capture of IE11.  Should I reset IE11 or uninstall/reinstall?

 

Problems started with blue screen in IE11, but that hasn't been happening lately.

 

Here's fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01
Ran by UW at 2014-01-30 20:49:06 Run:1
Running from C:\Users\UW\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found
C:\Users\UW\AppData\Local\Temp\6_Offer_18.exe
C:\Users\UW\AppData\Local\Temp\BackupSetup.exe
C:\Users\UW\AppData\Local\Temp\Quarantine.exe
C:\Users\UW\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\UW\AppData\Local\Temp\System.Data.SQLite10590.dll
C:\Users\UW\AppData\Local\Temp\vcredist_x64.exe
Task: {0E73CADC-E675-4D4C-A0D0-8AF197B4688E} - \RegClean Pro No Task File
Task: {1B58B4B3-D890-4E28-AA9C-0D6DA19CE11E} - \RegClean Pro_UPDATES No Task File
Task: {3F725536-D0FB-4A0E-BD4C-762BDD2145A1} - \RegClean Pro_DEFAULT No Task File
End
*****************

"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
C:\Users\UW\AppData\Local\Temp\6_Offer_18.exe => Moved successfully.
C:\Users\UW\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\UW\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\UW\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\UW\AppData\Local\Temp\System.Data.SQLite10590.dll => Moved successfully.
C:\Users\UW\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E73CADC-E675-4D4C-A0D0-8AF197B4688E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E73CADC-E675-4D4C-A0D0-8AF197B4688E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B58B4B3-D890-4E28-AA9C-0D6DA19CE11E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B58B4B3-D890-4E28-AA9C-0D6DA19CE11E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F725536-D0FB-4A0E-BD4C-762BDD2145A1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F725536-D0FB-4A0E-BD4C-762BDD2145A1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key deleted successfully.

==== End of Fixlog ====

 

Thanks,

Mike

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:40 AM

Posted 31 January 2014 - 08:43 AM

Check the Device Manager for problems with your display. Update the drivers if needed.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 mikemctx

mikemctx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 31 January 2014 - 02:54 PM

Thanks for the prompt reply.

 

My IE11 problem was solved by updating driver and also by deleting cookies associated with the problem website.

 

Here is the FSS.TXT log:

 

Farbar Service Scanner Version: 08-01-2014
Ran by UW (administrator) on 31-01-2014 at 14:52:15
Running from "C:\Users\UW\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

Mike



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:40 AM

Posted 31 January 2014 - 04:57 PM

So the black bar was also gone?


No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 mikemctx

mikemctx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 01 February 2014 - 06:14 AM

Yes - reloading/updating display driver resulted in the black bar going away when in IE11.  Mouse position is now accurate when clicking on hyperlinks.

 

Deleting cookies corrected the problem website where the graphics did not appear correctly for some links.  No longer get the black X's.  Instead I see the actual graphics that are there.

 

All appears to be well.

 

Thanks,

Mike



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:40 AM

Posted 01 February 2014 - 06:24 PM

Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

 

Run OTL. Click on the Cleanup button and follow the prompts.

Remove the C:\FRST folder if present.

Run AdwCleaner and uninstall.

Manually remove any tool left.

Here are some suggestions.
 

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article    by Miekiemoes.

Best wishes! :hello:
 

 

 

 


No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users