Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zeroAccess entry in FRST log


  • This topic is locked This topic is locked
7 replies to this topic

#1 4on4off

4on4off

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 PM

Posted 20 June 2013 - 08:46 PM

I was running a FRST scan to try and understand how it works and see if I could make sense of it and noticed a ZeroAccess entry. I initially posted over here: http://www.bleepingcomputer.com/forums/t/498649/question-regarding-zeroaccess-entry-in-frst-log/#entry3083923

 

I was instructed to post the entire log in this forum.

 

 

Here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2013
Ran by scott (administrator) on 20-06-2013 10:10:17
Running from C:\Users\scott\Desktop\PC TOOLS
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
( ) C:\Windows\system32\lxeccoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot [970080 2013-06-10] (BullGuard Ltd.)
HKLM\...\Run: [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2011-01-23] ()
HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [BullGuardUpdate2] c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2531168 2013-06-10] (BullGuard Ltd.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
AppInit_DLLs:  C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll [103848 2013-05-02] (BullGuard Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://lfppi.longfibre.com/+CSCOL+/relayp.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1338582773130
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 09 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 10 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 21 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t78upwc3.default
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.100 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-12] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-28] (Advanced Micro Devices, Inc.)
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [684896 2013-06-10] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [384352 2013-06-10] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [376160 2013-06-10] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [596832 2013-06-10] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [619360 2013-06-10] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [335712 2013-06-10] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [243552 2013-06-10] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [353120 2013-06-10] (BullGuard Ltd.)
S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.)

==================== Drivers (Whitelisted) ====================

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [40544 2013-04-23] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [464480 2013-04-23] (Agnitum Ltd.)
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R3 BdNet; C:\Windows\System32\drivers\BdNet.sys [34928 2013-04-23] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [68720 2013-04-23] (BullGuard Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [256072 2012-03-19] (NovaShield, Inc.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [25160 2012-03-19] (NovaShield, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-04-23] (BitDefender S.R.L.)
U3 fgloypow; \??\C:\Users\scott\AppData\Local\Temp\fgloypow.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-20 07:38 - 2013-06-20 07:38 - 00000480 ____A C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-06-20 00:48 - 2013-06-20 00:48 - 00000981 ____A C:\Users\scott\Desktop\ark.txt
2013-06-20 00:11 - 2013-06-20 00:11 - 00000000 ____D C:\FRST
2013-06-19 15:52 - 2013-06-19 15:52 - 00002258 ____A C:\Users\scott\Desktop\Rkill.txt
2013-06-19 07:45 - 2013-06-19 07:45 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-19 07:44 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 07:44 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 07:44 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 07:44 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 07:43 - 2013-06-19 07:44 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-17 07:57 - 2013-06-17 07:57 - 00000000 ____D C:\Program Files\Java
2013-06-17 07:56 - 2013-06-19 07:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-17 07:39 - 2013-06-17 07:39 - 00000981 ____A C:\AdwCleaner[S6].txt
2013-06-15 07:53 - 2013-06-15 07:53 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-12 06:20 - 2013-05-16 18:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 06:20 - 2013-05-16 17:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 06:20 - 2013-05-16 17:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 06:20 - 2013-05-16 17:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 06:20 - 2013-05-14 05:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 06:20 - 2013-05-14 01:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 06:19 - 2013-06-08 07:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 06:19 - 2013-06-08 07:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 06:19 - 2013-06-08 07:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 06:19 - 2013-06-08 07:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 06:19 - 2013-06-08 07:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 06:19 - 2013-06-08 05:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 06:19 - 2013-06-08 04:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 06:19 - 2013-06-08 04:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 06:19 - 2013-06-08 04:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 06:19 - 2013-06-08 04:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 06:19 - 2013-06-08 04:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 06:19 - 2013-06-08 04:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 06:18 - 2013-05-12 22:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 06:18 - 2013-05-12 22:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 06:18 - 2013-05-12 22:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 06:18 - 2013-05-12 22:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 06:18 - 2013-05-12 21:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 06:18 - 2013-05-12 21:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 06:18 - 2013-05-12 21:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 06:18 - 2013-05-12 20:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 06:18 - 2013-05-12 20:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 06:18 - 2013-05-12 20:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 06:18 - 2013-05-09 22:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 06:18 - 2013-05-09 20:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 06:18 - 2013-05-07 23:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 06:18 - 2013-04-25 22:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 06:18 - 2013-04-25 21:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 06:18 - 2013-04-17 00:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 06:18 - 2013-04-16 23:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 06:17 - 2013-04-25 16:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 06:17 - 2013-03-31 15:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-10 17:39 - 2013-06-10 17:39 - 00000924 ____A C:\AdwCleaner[S5].txt
2013-06-10 07:01 - 2013-06-10 07:01 - 00125496 ____A (BullGuard Ltd.) C:\Windows\System32\BgGamingMonitor.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00113088 ____A (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00073056 ____A (BullGuard Ltd.) C:\Windows\System32\BGLsp.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00060256 ____A (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2013-06-02 18:09 - 2013-06-15 09:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-02 16:36 - 2013-06-02 16:36 - 00000975 ____A C:\AdwCleaner[S4].txt

==================== One Month Modified Files and Folders =======

2013-06-20 10:10 - 2012-07-21 05:54 - 00000000 ____D C:\Users\scott\Desktop\PC TOOLS
2013-06-20 10:10 - 2011-03-31 12:50 - 00000000 ____D C:\ProgramData\BullGuard
2013-06-20 10:09 - 2011-06-11 16:11 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 10:07 - 2011-04-02 11:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-20 07:49 - 2011-06-11 16:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 07:38 - 2013-06-20 07:38 - 00000480 ____A C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-06-20 00:48 - 2013-06-20 00:48 - 00000981 ____A C:\Users\scott\Desktop\ark.txt
2013-06-20 00:11 - 2013-06-20 00:11 - 00000000 ____D C:\FRST
2013-06-19 21:38 - 2011-03-31 01:09 - 01794351 ____A C:\Windows\WindowsUpdate.log
2013-06-19 16:12 - 2011-03-31 14:15 - 00000000 ____D C:\Users\scott\AppData\Roaming\Skype
2013-06-19 15:52 - 2013-06-19 15:52 - 00002258 ____A C:\Users\scott\Desktop\Rkill.txt
2013-06-19 07:45 - 2013-06-19 07:45 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-19 07:45 - 2013-01-13 06:33 - 01093032 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-19 07:45 - 2011-03-31 03:05 - 00972712 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-19 07:44 - 2013-06-19 07:43 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 07:44 - 2013-06-17 07:56 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 07:43 - 2009-07-13 21:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 07:43 - 2009-07-13 21:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 07:36 - 2011-03-31 12:51 - 00000664 ____A C:\Windows\System32\config\afw_hm.conf
2013-06-19 07:36 - 2011-03-31 12:51 - 00000004 ____A C:\Windows\System32\config\afw_db.conf
2013-06-19 07:35 - 2012-07-24 16:29 - 00027653 ____A C:\Windows\setupact.log
2013-06-19 07:35 - 2011-04-19 17:21 - 00211090 ____A C:\ProgramData\lxecscan.log
2013-06-19 07:35 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 07:57 - 2013-06-17 07:57 - 00000000 ____D C:\Program Files\Java
2013-06-17 07:46 - 2011-04-23 09:34 - 00000000 ____D C:\Users\scott\AppData\Local\Apps\2.0
2013-06-17 07:39 - 2013-06-17 07:39 - 00000981 ____A C:\AdwCleaner[S6].txt
2013-06-15 09:12 - 2013-06-02 18:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-15 08:15 - 2012-07-10 13:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-15 08:15 - 2011-03-31 12:31 - 00163588 ____A C:\Windows\PFRO.log
2013-06-15 08:07 - 2012-07-10 13:37 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-15 08:07 - 2011-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-15 07:54 - 2011-03-31 03:08 - 00000000 ____D C:\Users\scott\AppData\Local\Adobe
2013-06-15 07:53 - 2013-06-15 07:53 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-15 07:53 - 2011-03-31 03:08 - 00000000 ____D C:\ProgramData\Adobe
2013-06-15 07:53 - 2011-03-31 03:08 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-15 07:41 - 2012-03-29 05:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-15 07:41 - 2011-06-03 07:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-14 20:18 - 2013-01-20 21:54 - 00012702 ____A C:\Users\scott\Desktop\Operation20G.xlsx
2013-06-12 21:48 - 2012-05-21 21:45 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2011-03-31 03:03 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 07:44 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 07:44 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 07:44 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 07:44 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 14:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 11:28 - 2009-07-13 22:13 - 00740322 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 06:23 - 2011-03-31 12:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 06:21 - 2011-03-31 01:55 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 17:41 - 2013-03-06 16:58 - 00000000 ____D C:\JRT
2013-06-10 17:39 - 2013-06-10 17:39 - 00000924 ____A C:\AdwCleaner[S5].txt
2013-06-10 07:01 - 2013-06-10 07:01 - 00125496 ____A (BullGuard Ltd.) C:\Windows\System32\BgGamingMonitor.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00113088 ____A (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00073056 ____A (BullGuard Ltd.) C:\Windows\System32\BGLsp.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00060256 ____A (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2013-06-08 07:08 - 2013-06-12 06:19 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 07:07 - 2013-06-12 06:19 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 07:06 - 2013-06-12 06:19 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 07:06 - 2013-06-12 06:19 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 07:06 - 2013-06-12 06:19 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 05:28 - 2013-06-12 06:19 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 04:42 - 2013-06-12 06:19 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 04:40 - 2013-06-12 06:19 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 04:40 - 2013-06-12 06:19 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 04:40 - 2013-06-12 06:19 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 04:40 - 2013-06-12 06:19 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 04:13 - 2013-06-12 06:19 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 13:28 - 2012-09-02 09:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-05 20:49 - 2011-04-01 12:02 - 00000000 ____D C:\Users\scott\advfn
2013-06-02 16:36 - 2013-06-02 16:36 - 00000975 ____A C:\AdwCleaner[S4].txt
2013-05-31 16:56 - 2011-03-31 03:48 - 00084317 ____A C:\ProgramData\lxecJSW.log
2013-05-31 16:56 - 2011-03-31 03:47 - 00000000 ____D C:\ProgramData\lx_Cats

ZeroAccess:
C:\Users\scott\AppData\Local\72bc5ef5
C:\Users\scott\AppData\Local\72bc5ef5\@
C:\Users\scott\AppData\Local\72bc5ef5\loader.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-13 18:26

==================== End Of Log ==========================

 

I then ran a Fixlist.txt to move the three entries.

 

Here is the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-06-2013
Ran by scott at 2013-06-20 10:09:59 Run:1
Running from C:\Users\scott\Desktop\PC TOOLS
Boot Mode: Normal
==============================================

C:\Users\scott\AppData\Local\72bc5ef5 => Moved successfully.

==== End of Fixlog ====

 

I then reran FRST to see if the Fix worked.

 

Here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2013
Ran by scott (administrator) on 20-06-2013 10:10:17
Running from C:\Users\scott\Desktop\PC TOOLS
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
( ) C:\Windows\system32\lxeccoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot [970080 2013-06-10] (BullGuard Ltd.)
HKLM\...\Run: [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2011-01-23] ()
HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [BullGuardUpdate2] c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2531168 2013-06-10] (BullGuard Ltd.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
AppInit_DLLs:  C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll [103848 2013-05-02] (BullGuard Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://lfppi.longfibre.com/+CSCOL+/relayp.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1338582773130
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 09 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 10 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Winsock: Catalog9 21 C:\Windows\system32\BGLsp.dll [73056] (BullGuard Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t78upwc3.default
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.100 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-12] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-28] (Advanced Micro Devices, Inc.)
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [684896 2013-06-10] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [384352 2013-06-10] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [376160 2013-06-10] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [596832 2013-06-10] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [619360 2013-06-10] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [335712 2013-06-10] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [243552 2013-06-10] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [353120 2013-06-10] (BullGuard Ltd.)
S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.)

==================== Drivers (Whitelisted) ====================

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [40544 2013-04-23] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [464480 2013-04-23] (Agnitum Ltd.)
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R3 BdNet; C:\Windows\System32\drivers\BdNet.sys [34928 2013-04-23] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [68720 2013-04-23] (BullGuard Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [256072 2012-03-19] (NovaShield, Inc.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [25160 2012-03-19] (NovaShield, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-04-23] (BitDefender S.R.L.)
U3 fgloypow; \??\C:\Users\scott\AppData\Local\Temp\fgloypow.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-20 07:38 - 2013-06-20 07:38 - 00000480 ____A C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-06-20 00:48 - 2013-06-20 00:48 - 00000981 ____A C:\Users\scott\Desktop\ark.txt
2013-06-20 00:11 - 2013-06-20 00:11 - 00000000 ____D C:\FRST
2013-06-19 15:52 - 2013-06-19 15:52 - 00002258 ____A C:\Users\scott\Desktop\Rkill.txt
2013-06-19 07:45 - 2013-06-19 07:45 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-19 07:44 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 07:44 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 07:44 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 07:44 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 07:43 - 2013-06-19 07:44 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-17 07:57 - 2013-06-17 07:57 - 00000000 ____D C:\Program Files\Java
2013-06-17 07:56 - 2013-06-19 07:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-17 07:39 - 2013-06-17 07:39 - 00000981 ____A C:\AdwCleaner[S6].txt
2013-06-15 07:53 - 2013-06-15 07:53 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-12 06:20 - 2013-05-16 18:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 06:20 - 2013-05-16 18:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 06:20 - 2013-05-16 17:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 06:20 - 2013-05-16 17:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 06:20 - 2013-05-16 17:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 06:20 - 2013-05-16 17:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 06:20 - 2013-05-14 05:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 06:20 - 2013-05-14 01:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 06:19 - 2013-06-08 07:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 06:19 - 2013-06-08 07:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 06:19 - 2013-06-08 07:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 06:19 - 2013-06-08 07:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 06:19 - 2013-06-08 07:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 06:19 - 2013-06-08 05:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 06:19 - 2013-06-08 04:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 06:19 - 2013-06-08 04:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 06:19 - 2013-06-08 04:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 06:19 - 2013-06-08 04:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 06:19 - 2013-06-08 04:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 06:19 - 2013-06-08 04:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 06:18 - 2013-05-12 22:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 06:18 - 2013-05-12 22:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 06:18 - 2013-05-12 22:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 06:18 - 2013-05-12 22:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 06:18 - 2013-05-12 21:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 06:18 - 2013-05-12 21:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 06:18 - 2013-05-12 21:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 06:18 - 2013-05-12 20:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 06:18 - 2013-05-12 20:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 06:18 - 2013-05-12 20:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 06:18 - 2013-05-09 22:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 06:18 - 2013-05-09 20:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 06:18 - 2013-05-07 23:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 06:18 - 2013-04-25 22:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 06:18 - 2013-04-25 21:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 06:18 - 2013-04-17 00:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 06:18 - 2013-04-16 23:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 06:17 - 2013-04-25 16:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 06:17 - 2013-03-31 15:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-10 17:39 - 2013-06-10 17:39 - 00000924 ____A C:\AdwCleaner[S5].txt
2013-06-10 07:01 - 2013-06-10 07:01 - 00125496 ____A (BullGuard Ltd.) C:\Windows\System32\BgGamingMonitor.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00113088 ____A (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00073056 ____A (BullGuard Ltd.) C:\Windows\System32\BGLsp.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00060256 ____A (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2013-06-02 18:09 - 2013-06-15 09:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-02 16:36 - 2013-06-02 16:36 - 00000975 ____A C:\AdwCleaner[S4].txt

==================== One Month Modified Files and Folders =======

2013-06-20 10:10 - 2012-07-21 05:54 - 00000000 ____D C:\Users\scott\Desktop\PC TOOLS
2013-06-20 10:10 - 2011-03-31 12:50 - 00000000 ____D C:\ProgramData\BullGuard
2013-06-20 10:09 - 2011-06-11 16:11 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 10:07 - 2011-04-02 11:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-20 07:49 - 2011-06-11 16:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 07:38 - 2013-06-20 07:38 - 00000480 ____A C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-06-20 00:48 - 2013-06-20 00:48 - 00000981 ____A C:\Users\scott\Desktop\ark.txt
2013-06-20 00:11 - 2013-06-20 00:11 - 00000000 ____D C:\FRST
2013-06-19 21:38 - 2011-03-31 01:09 - 01794351 ____A C:\Windows\WindowsUpdate.log
2013-06-19 16:12 - 2011-03-31 14:15 - 00000000 ____D C:\Users\scott\AppData\Roaming\Skype
2013-06-19 15:52 - 2013-06-19 15:52 - 00002258 ____A C:\Users\scott\Desktop\Rkill.txt
2013-06-19 07:45 - 2013-06-19 07:45 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 07:45 - 2013-06-19 07:45 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-19 07:45 - 2013-01-13 06:33 - 01093032 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-19 07:45 - 2011-03-31 03:05 - 00972712 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-19 07:44 - 2013-06-19 07:43 - 00004802 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 07:44 - 2013-06-17 07:56 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 07:43 - 2009-07-13 21:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 07:43 - 2009-07-13 21:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 07:36 - 2011-03-31 12:51 - 00000664 ____A C:\Windows\System32\config\afw_hm.conf
2013-06-19 07:36 - 2011-03-31 12:51 - 00000004 ____A C:\Windows\System32\config\afw_db.conf
2013-06-19 07:35 - 2012-07-24 16:29 - 00027653 ____A C:\Windows\setupact.log
2013-06-19 07:35 - 2011-04-19 17:21 - 00211090 ____A C:\ProgramData\lxecscan.log
2013-06-19 07:35 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 07:57 - 2013-06-17 07:57 - 00000000 ____D C:\Program Files\Java
2013-06-17 07:46 - 2011-04-23 09:34 - 00000000 ____D C:\Users\scott\AppData\Local\Apps\2.0
2013-06-17 07:39 - 2013-06-17 07:39 - 00000981 ____A C:\AdwCleaner[S6].txt
2013-06-15 09:12 - 2013-06-02 18:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-15 08:15 - 2012-07-10 13:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-15 08:15 - 2011-03-31 12:31 - 00163588 ____A C:\Windows\PFRO.log
2013-06-15 08:07 - 2012-07-10 13:37 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-15 08:07 - 2011-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-15 07:54 - 2011-03-31 03:08 - 00000000 ____D C:\Users\scott\AppData\Local\Adobe
2013-06-15 07:53 - 2013-06-15 07:53 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-15 07:53 - 2011-03-31 03:08 - 00000000 ____D C:\ProgramData\Adobe
2013-06-15 07:53 - 2011-03-31 03:08 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-15 07:41 - 2012-03-29 05:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-15 07:41 - 2011-06-03 07:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-14 20:18 - 2013-01-20 21:54 - 00012702 ____A C:\Users\scott\Desktop\Operation20G.xlsx
2013-06-12 21:48 - 2012-05-21 21:45 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2011-03-31 03:03 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 07:44 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 07:44 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 07:44 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 07:44 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 14:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 11:28 - 2009-07-13 22:13 - 00740322 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 06:23 - 2011-03-31 12:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 06:21 - 2011-03-31 01:55 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 17:41 - 2013-03-06 16:58 - 00000000 ____D C:\JRT
2013-06-10 17:39 - 2013-06-10 17:39 - 00000924 ____A C:\AdwCleaner[S5].txt
2013-06-10 07:01 - 2013-06-10 07:01 - 00125496 ____A (BullGuard Ltd.) C:\Windows\System32\BgGamingMonitor.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00113088 ____A (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00073056 ____A (BullGuard Ltd.) C:\Windows\System32\BGLsp.dll
2013-06-10 07:01 - 2013-06-10 07:01 - 00060256 ____A (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2013-06-08 07:08 - 2013-06-12 06:19 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 07:07 - 2013-06-12 06:19 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 07:06 - 2013-06-12 06:19 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 07:06 - 2013-06-12 06:19 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 07:06 - 2013-06-12 06:19 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 05:28 - 2013-06-12 06:19 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 04:42 - 2013-06-12 06:19 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 04:40 - 2013-06-12 06:19 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 04:40 - 2013-06-12 06:19 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 04:40 - 2013-06-12 06:19 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 04:40 - 2013-06-12 06:19 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 04:13 - 2013-06-12 06:19 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 13:28 - 2012-09-02 09:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-05 20:49 - 2011-04-01 12:02 - 00000000 ____D C:\Users\scott\advfn
2013-06-02 16:36 - 2013-06-02 16:36 - 00000975 ____A C:\AdwCleaner[S4].txt
2013-05-31 16:56 - 2011-03-31 03:48 - 00084317 ____A C:\ProgramData\lxecJSW.log
2013-05-31 16:56 - 2011-03-31 03:47 - 00000000 ____D C:\ProgramData\lx_Cats

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-13 18:26

==================== End Of Log ============================

 

 

Thank you for taking a look and I do apologize for running the fix on my own after posting originally in AII.

 

4

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:41 PM

Posted 24 June 2013 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Link 1
    Link 2

    IMPORTANT !!! Save ComboFix.exe to your Desktop

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Do not install any other programs until this if fixed.


    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html

    Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#3 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 PM

Posted 24 June 2013 - 10:13 AM

Nasdaq,

 

Here is the logs as requested:

 

Rogue Killer:

 

RogueKiller V8.6.1 _x64_ [Jun 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : scott [Admin rights]
Mode : Remove -- Date : 06/24/2013 07:43:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FALS-00E8B0 ATA Device +++++
--- User ---
[MBR] 1713a0d0831d3ba2f4b4e4cc2321d665
[BSP] ac08de3051a11e85f52b2988df606d38 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06242013_074301.txt >>
RKreport[0]_S_06242013_074201.txt

 

AdwCleaner:

 

# AdwCleaner v2.303 - Logfile created 06/24/2013 at 07:43:58
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : scott - SCOTT-PC
# Boot Mode : Normal
# Running from : C:\Users\scott\Desktop\PC TOOLS\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t78upwc3.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S3].txt - [806 octets] - [04/05/2013 19:43:41]
AdwCleaner[S4].txt - [975 octets] - [02/06/2013 16:36:15]
AdwCleaner[S5].txt - [924 octets] - [10/06/2013 17:39:19]
AdwCleaner[S6].txt - [981 octets] - [17/06/2013 07:39:22]
AdwCleaner[S7].txt - [1040 octets] - [20/06/2013 10:12:41]
AdwCleaner[S8].txt - [973 octets] - [24/06/2013 07:43:58]

########## EOF - C:\AdwCleaner[S8].txt - [1032 octets] ##########

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by scott on Mon 06/24/2013 at  7:48:00.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/24/2013 at  7:51:03.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Combofix:

 

ComboFix 13-06-24.01 - scott 06/24/2013   7:54.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2605 [GMT -7:00]
Running from: c:\users\scott\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {C3CCAC61-52F7-A056-1860-6406566E2578}
FW: BullGuard Firewall *Disabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203}
SP: BullGuard Antispyware *Disabled/Outdated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL7701.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-24 to 2013-06-24  )))))))))))))))))))))))))))))))
.
.
2013-06-24 15:00 . 2013-06-24 15:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-24 15:00 . 2013-06-24 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-20 07:11 . 2013-06-20 07:11 -------- d-----w- C:\FRST
2013-06-19 14:45 . 2013-06-19 14:45 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-19 14:45 . 2013-06-19 14:45 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-19 14:45 . 2013-06-19 14:45 188840 ----a-w- c:\windows\system32\java.exe
2013-06-19 14:45 . 2013-06-19 14:45 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-19 14:44 . 2013-06-13 04:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-18 16:37 . 2013-06-24 14:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADF15532-9CAC-48F3-B87C-24B34BA3A3A2}\offreg.dll
2013-06-18 14:34 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADF15532-9CAC-48F3-B87C-24B34BA3A3A2}\mpengine.dll
2013-06-17 14:57 . 2013-06-17 14:57 -------- d-----w- c:\program files\Java
2013-06-17 14:57 . 2013-06-17 14:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-17 14:56 . 2013-06-19 14:44 -------- d-----w- c:\program files (x86)\Java
2013-06-15 15:07 . 2013-05-11 22:27 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-15 15:07 . 2013-05-11 22:26 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-06-15 15:07 . 2013-05-11 22:26 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-06-15 15:07 . 2013-05-11 22:26 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-06-15 15:07 . 2013-05-11 22:26 131480 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2013-06-15 15:07 . 2013-05-11 22:26 193824 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-06-15 15:07 . 2013-05-11 22:26 117144 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-06-15 15:07 . 2013-05-11 22:26 3076504 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2013-06-15 15:07 . 2013-05-11 22:26 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-06-15 15:07 . 2010-03-18 16:15 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-06-15 15:07 . 2010-03-18 16:15 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-06-15 14:53 . 2013-06-15 14:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-06-12 13:19 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 13:18 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 13:17 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 13:17 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-10 14:01 . 2013-06-10 14:01 125496 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2013-06-10 14:01 . 2013-06-10 14:01 113088 ----a-w- c:\windows\SysWow64\BgGamingMonitor.dll
2013-06-10 14:01 . 2013-06-10 14:01 60256 ----a-w- c:\windows\SysWow64\BGLsp.dll
2013-06-10 14:01 . 2013-06-10 14:01 73056 ----a-w- c:\windows\system32\BGLsp.dll
2013-06-03 01:09 . 2013-06-20 17:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-19 14:45 . 2013-01-13 13:33 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-19 14:45 . 2011-03-31 10:05 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-15 14:41 . 2012-03-29 12:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-15 14:41 . 2011-06-03 14:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 04:48 . 2012-05-22 04:45 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-13 04:48 . 2011-03-31 10:03 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 13:21 . 2011-03-31 08:55 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 17:22 . 2013-05-02 17:22 2274480 ----a-w- c:\windows\system32\coin94.dll
2013-05-02 09:06 . 2011-03-31 08:50 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-25 15:56 . 2013-04-25 15:56 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-23 14:24 . 2013-04-23 14:25 34928 ----a-w- c:\windows\system32\drivers\BdNet.sys
2013-04-23 14:24 . 2010-10-12 10:04 40544 ----a-r- c:\windows\system32\drivers\afw.sys
2013-04-23 14:24 . 2011-04-11 14:26 68720 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2013-04-23 14:24 . 2012-03-19 22:57 350160 ----a-w- c:\windows\system32\drivers\Trufos.sys
2013-04-23 14:23 . 2010-10-12 10:04 464480 ----a-r- c:\windows\system32\drivers\afwcore.sys
2013-04-13 05:49 . 2013-05-16 14:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 14:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 14:58 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 14:58 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 14:58 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 14:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-05-07 14:23 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 14:58 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 14:58 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 14:58 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50 . 2012-05-19 02:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxecserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys;c:\windows\SYSNATIVE\DRIVERS\afw.sys [x]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys;c:\windows\SYSNATIVE\DRIVERS\BdSpy.sys [x]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys;c:\windows\SYSNATIVE\DRIVERS\NSKernel.sys [x]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys;c:\windows\SYSNATIVE\DRIVERS\NSNetmon.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe;c:\windows\SYSNATIVE\lxeccoms.exe [x]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys;c:\windows\SYSNATIVE\DRIVERS\afwcore.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BdNet;BdNet;c:\windows\system32\drivers\BdNet.sys;c:\windows\SYSNATIVE\drivers\BdNet.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ    nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 23:10]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 23:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2013-06-10 970080]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" [2013-06-10 2531168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll c:\windows\System32\BgGamingMonitor.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll c:\windows\System32\BgGamingMonitor.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll c:\windows\System32\BgGamingMonitor.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll c:\windows\System32\BgGamingMonitor.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll c:\windows\System32\BgGamingMonitor.dll c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll c:\windows\System32\BgGamingMonitor.dll c:\progra~1\BULLGU~1\BULLGU~1\BgAgent.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
FF - ProfilePath - c:\users\scott\AppData\Roaming\Mozilla\Firefox\Profiles\t78upwc3.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-24  08:01:21
ComboFix-quarantined-files.txt  2013-06-24 15:01
ComboFix2.txt  2013-05-05 02:26
.
Pre-Run: 919,228,002,304 bytes free
Post-Run: 918,802,788,352 bytes free
.
- - End Of File - - 42C1F97A9DDDD3790ACF3E8591C81161
A36C5E4F47E84449FF07ED3517B43A31
 

 

Security Check would not run and this is what it produced:

 

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

 

___________________

 

Never seen that before and I have ran security check several times before on this machine.

 

The only thing I noticed prior to posting was a slight lagginess but that has seems to be resolved from the little I have seen after running the above scans.

 

 

4


Edited by 4on4off, 24 June 2013 - 10:19 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:41 PM

Posted 24 June 2013 - 10:42 AM

Your logs are clean.

Run the SecurityCheck tool as an Administrator.
Post the log if you can.

Any remaining issues with this computer?

#5 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 PM

Posted 24 June 2013 - 10:45 AM

Security check will not run as Admin either.

 

That is the only remaining issue as I have run it several times before. In  fact just a couple of days ago.

 

4


Edited by 4on4off, 24 June 2013 - 10:46 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:41 PM

Posted 24 June 2013 - 12:21 PM

I know the owner is working on an update.
I will report your problem.

You probably have the latest updates.
If you want to check here is my canned speech.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Old versions....

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#7 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 PM

Posted 24 June 2013 - 05:58 PM

Your instructions for clean up have been followed.

 

Thank you.

 

4



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:41 PM

Posted 25 June 2013 - 07:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users