Help removing smitfraud

**spaceycayce** · 2012-03-29, 20:40

ComboFix 12-03-29.02 - owner 03/29/2012 11:18:06.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2589 [GMT -7:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 18:22 . 2012-03-29 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 07:26 . 2012-03-29 07:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-16 21:26 . 2012-03-16 21:26 -------- d-----w- c:\program files\7-Zip
2012-03-16 16:09 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06D6E3DE-7A61-4EB6-A6A7-92E5627CE843}\mpengine.dll
2012-03-15 18:51 . 2012-03-15 19:30 -------- d-----w- c:\program files\CCleaner
2012-03-15 18:45 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 18:45 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 18:45 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-15 18:45 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-15 18:45 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-15 18:45 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-15 18:45 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-15 18:45 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-15 18:45 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-15 18:44 . 2012-03-16 16:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-15 18:44 . 2012-03-15 18:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-15 18:35 . 2011-08-02 21:33 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-03-15 18:35 . 2011-08-02 21:33 232464 ----a-w- c:\windows\TmNSCIns.dll
2012-03-13 22:07 . 2012-03-13 22:15 -------- d-----w- c:\users\owner\AppData\Local\Kjs.AppLife.Update
2012-03-13 21:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-12 01:42 . 2012-03-12 01:42 -------- d-----w- C:\$AVG
2012-03-12 01:07 . 2012-03-12 01:07 -------- d-----w- c:\users\owner\AppData\Roaming\AVG2012
2012-03-12 01:06 . 2012-03-26 17:04 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-12 01:06 . 2012-03-15 17:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-12 01:06 . 2012-03-26 17:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-12 01:06 . 2012-03-12 01:06 -------- d--h--w- c:\programdata\Common Files
2012-03-12 01:06 . 2012-03-12 01:06 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-12 01:05 . 2012-03-16 18:05 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-12 01:05 . 2012-03-12 01:18 -------- d-----w- c:\programdata\AVG2012
2012-03-12 01:05 . 2012-03-12 01:05 -------- d-----w- c:\program files (x86)\AVG
2012-03-12 00:55 . 2012-03-16 16:02 -------- d-----w- c:\programdata\MFAData
2012-03-11 07:23 . 2012-03-11 07:23 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2012-03-03 19:14 . 2010-12-07 22:23 34304 ----a-w- c:\windows\system32\drivers\lgandmodem64.sys
2012-03-03 19:14 . 2010-12-07 22:23 27136 ----a-w- c:\windows\system32\drivers\lgandgps64.sys
2012-03-03 19:14 . 2010-12-07 22:23 27648 ----a-w- c:\windows\system32\drivers\lganddiag64.sys
2012-03-03 19:14 . 2010-12-07 22:22 19456 ----a-w- c:\windows\system32\drivers\lgandbus64.sys
2012-03-03 19:14 . 2012-03-03 19:14 -------- d-----w- c:\program files (x86)\LG Electronics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 20:17 . 2012-02-11 20:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C32BDBBE-FC19-4DE2-B182-E820F523E92B}\gapaengine.dll
2012-02-08 07:13 . 2012-02-07 05:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-06 14:14 . 2011-10-31 02:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-06 05:26 . 2012-02-11 20:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-07 23:27 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-04 10:44 . 2012-02-15 05:50 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 05:50 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_16.57.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-29 18:13 . 2012-03-29 07:27 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-29 18:13 . 2012-03-29 07:27 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2012-03-29 18:13 . 2012-03-29 07:27 16384 c:\windows\temp\Cookies\index.dat
+ 2012-03-29 07:21 . 2012-03-29 07:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032920120330\index.dat
+ 2012-03-28 16:39 . 2012-03-28 20:29 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032820120329\index.dat
- 2012-03-09 23:35 . 2012-03-28 16:35 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-09 23:35 . 2012-03-29 07:18 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-22 07:20 . 2012-03-29 18:13 96966 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-01-07 20:55 . 2012-03-29 03:08 74096 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-11-21 03:09 . 2012-03-29 07:29 43988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-29 07:29 48990 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-29 08:16 . 2012-03-29 03:08 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-03-16 16:09 . 2012-03-28 18:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-16 16:09 . 2012-03-16 16:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-16 16:09 . 2012-03-28 18:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-16 16:09 . 2012-03-16 16:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-16 16:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 18:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-09 23:30 . 2012-03-28 16:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-09 23:30 . 2012-03-16 22:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-09 23:30 . 2012-03-16 22:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-09 23:30 . 2012-03-28 16:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-09 23:30 . 2012-03-16 22:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-09 23:30 . 2012-03-28 16:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-28 17:28 . 2012-03-28 17:28 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
+ 2012-03-28 17:28 . 2012-03-28 17:28 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
+ 2012-03-28 17:18 . 2012-03-28 17:18 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
+ 2012-03-28 17:18 . 2012-03-28 17:18 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
+ 2012-01-07 20:33 . 2012-03-29 07:29 6322 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2547257186-3653365119-3982157553-1000_UserData.bin
+ 2012-03-29 18:23 . 2012-03-29 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-28 16:56 . 2012-03-28 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-28 16:56 . 2012-03-28 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-29 18:23 . 2012-03-29 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-09 23:31 . 2012-03-29 07:18 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-03-09 23:31 . 2012-03-28 16:35 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-03-28 16:57 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-29 07:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-03-28 16:41 638134 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-29 18:17 638134 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-29 18:17 111460 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-28 16:41 111460 c:\windows\system32\perfc009.dat
+ 2012-03-16 18:06 . 2012-03-29 18:22 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-16 18:06 . 2012-03-28 16:56 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-16 18:06 . 2012-03-29 07:26 229488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-03-16 18:06 . 2012-03-28 16:56 229488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-03-28 17:28 . 2012-03-28 17:28 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
+ 2012-03-28 17:28 . 2012-03-28 17:28 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\b73b4f0282ef46505b3e59702ded433b\System.Runtime.Remoting.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
+ 2012-03-28 17:22 . 2012-03-28 17:22 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5a7e968020fcc15deaead9c8f27feeab\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
- 2009-07-14 04:54 . 2012-03-28 16:44 9388032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 07:27 9388032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-28 17:20 . 2012-03-28 17:20 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
+ 2012-03-28 17:28 . 2012-03-28 17:28 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
+ 2012-03-28 17:28 . 2012-03-28 17:28 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-28 17:28 . 2012-03-28 17:28 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bd044dc068adc34e430faa820e5c5e44\System.Web.Services.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll
+ 2012-03-28 17:23 . 2012-03-28 17:23 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
+ 2012-03-28 17:24 . 2012-03-28 17:24 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b18f859bfbbe0897cade0aa931c22477\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-28 17:20 . 2012-03-28 17:20 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-28 17:26 . 2012-03-28 17:26 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
+ 2009-07-14 04:54 . 2012-03-29 07:18 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 16:44 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-29 18:17 . 2012-03-29 18:17 10125312 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2012-03-28 17:23 . 2012-03-28 17:23 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll
+ 2012-03-28 17:27 . 2012-03-28 17:27 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
+ 2012-03-28 17:25 . 2012-03-28 17:25 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
+ 2012-03-28 17:19 . 2012-03-28 17:19 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
+ 2012-03-28 17:22 . 2012-03-28 17:22 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll
+ 2012-03-28 17:21 . 2012-03-28 17:21 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-26 17:04 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-26 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-05 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-26 982880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2011-06-22 22:26 3218864 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaAppPlace]
2010-09-23 18:03 552960 ----a-w- c:\program files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2011-07-12 01:16 1298816 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-26 918880]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000Core.job
- c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 04:44]
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000UA.job
- c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 04:44]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 20:15]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 20:15]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:28]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2547257186-3653365119-3982157553-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 21:28]
.
2012-03-12 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2010-11-21 03:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MRT"="c:\windows\system32\MRT.exe" [2012-03-16 56297240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 10.0.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-29 11:27:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 18:27
ComboFix2.txt 2012-03-16 18:29
.
Pre-Run: 260,982,353,920 bytes free
Post-Run: 260,929,994,752 bytes free
.
- - End Of File - - 8649188C872DAF97D1B8980D37098E10

Thread: Help removing smitfraud

Thread Tools

Display

Threaded View

Posting Permissions