Results 1 to 2 of 2

Thread: smitfraud-c.generic

  1. 2012-07-18, 20:43 #1
    nyc1973
    nyc1973 is offline
    Junior Member
    Join Date
    Jul 2012
    Posts
    2

    Unhappy smitfraud-c.generic

    A few days ago, some audio ads started playing on my computer. I ran Spybot as administrador mode and came up with smitfraud-c.generic in C://Windows/svhost.exe. Spybot removed it, but after rebooting my laptop, the smitfraud-c.generic warning was still coming back. I tried Malwarebytes, it didn’t work. I read on Spybot Forum several posting about his same issue and downloaded and run combofix. I tried multiple times without luck. It just doen’t go away. This is what I gor from Combofix. Help please


    ComboFix 12-07-16.01 - ASUS 07/18/2012 13:42:57.4.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8103.6448 [GMT -4:00]
    Running from: c:\users\ASUS\Desktop\ComboFix.exe
    AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\svchost.exe
    c:\windows\svchost.exe_old
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-18 17:46 . 2012-07-18 17:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-07-18 17:46 . 2012-07-18 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-18 03:01 . 2012-07-18 03:02 -------- d-----w- c:\users\ASUS
    2012-07-18 02:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AFEABFC-E0D8-4A28-A553-5533683380DF}\mpengine.dll
    2012-07-17 16:08 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2012-07-17 16:08 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2012-07-17 16:08 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-07-17 16:08 . 2012-06-27 20:33 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2012-07-17 16:05 . 2012-07-17 16:05 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-07-17 16:05 . 2012-07-17 16:05 -------- d-----w- c:\program files (x86)\Oracle
    2012-07-17 16:04 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-07-17 16:02 . 2012-07-17 16:02 -------- d-----w- c:\programdata\McAfee
    2012-07-16 22:36 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-16 22:36 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-16 20:36 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-16 20:36 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-16 20:36 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-07-16 20:36 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-16 20:36 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-16 20:36 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-16 20:36 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-07-16 20:34 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-16 20:34 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-07-16 20:34 . 2012-07-16 20:34 -------- d-----w- c:\programdata\AVAST Software
    2012-07-16 20:34 . 2012-07-16 20:34 -------- d-----w- c:\program files\AVAST Software
    2012-07-16 20:01 . 2012-07-16 22:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-07-16 20:01 . 2012-07-16 20:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-07-16 16:48 . 2012-07-16 16:48 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2012-07-14 01:33 . 2012-07-14 21:04 -------- d-----w- c:\program files (x86)\Vid-Saver
    2012-07-11 13:09 . 2012-07-11 13:09 -------- d-----w- c:\programdata\Uniblue
    2012-07-11 12:53 . 2012-07-11 12:53 -------- d-----w- c:\windows\Sun
    2012-07-11 12:42 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-11 12:42 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-11 12:42 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2012-07-11 12:42 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 12:42 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 12:42 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-11 12:41 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-07-11 12:41 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-07-11 12:41 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-07-11 12:41 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-07-11 12:41 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-07-11 12:41 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 12:41 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-07-11 12:41 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 12:41 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-11 12:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 12:20 . 2012-07-11 12:20 -------- d-----w- c:\programdata\Winferno
    2012-07-09 02:52 . 2012-07-11 15:44 -------- d-----w- c:\program files (x86)\Real
    2012-07-08 03:20 . 2012-07-11 15:44 -------- d-----w- c:\program files (x86)\Ask.com
    2012-07-08 03:20 . 2012-07-11 15:44 -------- d-----w- c:\programdata\MAGIX
    2012-07-08 03:18 . 2012-07-11 15:44 -------- d-----w- c:\program files (x86)\PC Speed Up
    2012-07-08 03:17 . 2012-07-11 15:44 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
    2012-07-08 02:42 . 2012-07-08 02:42 -------- d-----w- c:\program files (x86)\Hofmann
    2012-07-08 02:39 . 2012-07-09 02:46 -------- d-----w- c:\programdata\Tarma Installer
    2012-07-07 23:57 . 2010-03-15 10:31 165376 ----a-w- c:\windows\SysWow64\unrar.dll
    2012-07-07 04:37 . 2012-07-11 15:45 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-07-07 04:37 . 2012-07-11 15:44 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2012-07-03 12:24 . 2012-07-04 23:28 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-07-03 03:10 . 2012-07-05 05:49 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-03 03:09 . 2012-07-17 15:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-02 04:20 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll0757.old
    2012-07-02 04:20 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll0731.old
    2012-07-02 04:20 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll0708.old
    2012-07-02 04:20 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll0701.old
    2012-07-02 04:20 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll0757.old
    2012-07-02 04:20 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll0731.old
    2012-07-02 04:20 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll0708.old
    2012-07-02 04:20 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll0701.old
    2012-07-02 04:20 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll0757.old
    2012-07-02 04:20 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll0731.old
    2012-07-02 04:20 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll0708.old
    2012-07-02 04:20 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll0701.old
    2012-07-02 04:19 . 2012-07-11 15:39 -------- d-----w- c:\program files (x86)\PC Tools
    2012-07-02 04:18 . 2012-07-11 15:44 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-07-02 04:18 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-07-02 04:18 . 2012-07-08 00:29 -------- d-----w- c:\programdata\PC Tools
    2012-07-02 03:52 . 2012-07-02 03:52 -------- d-----w- c:\program files (x86)\TeamViewer
    2012-06-26 19:27 . 2012-07-17 14:18 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-06-26 19:27 . 2012-07-17 14:15 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-06-26 19:26 . 2012-07-17 14:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-06-26 19:26 . 2012-06-26 19:26 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-06-26 00:21 . 2012-06-26 00:21 -------- d-----w- c:\programdata\PC Optimizer Pro
    2012-06-26 00:04 . 2012-07-17 18:33 -------- d-----w- c:\windows\system32\appmgmt
    2012-06-25 23:53 . 2012-06-25 23:53 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-06-21 18:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 18:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 18:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 18:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 18:10 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 18:10 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 18:10 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 18:10 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 18:10 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 05:34 . 2012-06-19 05:34 -------- d-----w- c:\windows\en
    2012-06-19 05:32 . 2012-06-19 05:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2012-06-19 05:30 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2012-06-19 05:29 . 2012-06-19 05:30 -------- d-----w- c:\program files\Windows Live
    2012-06-19 05:28 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
    2012-06-19 05:28 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
    2012-06-19 05:28 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
    2012-06-19 05:28 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
    2012-06-19 05:26 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
    2012-06-19 05:26 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
    2012-06-19 05:24 . 2012-06-19 05:24 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dc30b9ae1cd4ddb03\MeshBetaRemover.exe
    2012-06-19 05:24 . 2012-06-19 05:24 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d7fc27fa1cd4ddb02\DSETUP.dll
    2012-06-19 05:24 . 2012-06-19 05:24 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d7fc27fa1cd4ddb02\DXSETUP.exe
    2012-06-19 05:24 . 2012-06-19 05:24 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d7fc27fa1cd4ddb02\dsetup32.dll
    2012-06-19 05:24 . 2012-06-19 05:24 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cf59cb4d1cd4ddb01\DSETUP.dll
    2012-06-19 05:24 . 2012-06-19 05:24 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cf59cb4d1cd4ddb01\DXSETUP.exe
    2012-06-19 05:24 . 2012-06-19 05:24 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cf59cb4d1cd4ddb01\dsetup32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 15:48 . 2012-06-09 16:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 15:48 . 2012-06-09 16:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-06 02:06 . 2012-06-14 02:28 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-10 21:35 . 2012-06-10 21:35 4198712 ----a-w- c:\windows\uninst.exe
    2012-06-09 19:58 . 2012-06-09 18:05 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-06-09 18:36 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-06-09 18:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-06-09 16:58 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-09 16:39 . 2012-06-09 16:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-06-09 16:39 . 2012-06-09 16:39 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-06-09 16:39 . 2012-06-09 16:39 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-06-09 16:39 . 2012-06-09 16:39 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-06-09 16:39 . 2012-06-09 16:39 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-06-09 16:39 . 2012-06-09 16:39 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-06-09 16:39 . 2012-06-09 16:39 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-06-09 16:39 . 2012-06-09 16:39 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-06-09 16:39 . 2012-06-09 16:39 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-06-09 16:39 . 2012-06-09 16:39 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-06-09 16:39 . 2012-06-09 16:39 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-06-09 16:39 . 2012-06-09 16:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-06-09 16:39 . 2012-06-09 16:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-06-09 16:39 . 2012-06-09 16:39 448512 ----a-w- c:\windows\system32\html.iec
    2012-06-09 16:39 . 2012-06-09 16:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-06-09 16:39 . 2012-06-09 16:39 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-06-09 16:39 . 2012-06-09 16:39 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-06-09 16:39 . 2012-06-09 16:39 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-06-09 16:39 . 2012-06-09 16:39 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-06-09 16:39 . 2012-06-09 16:39 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-06-09 16:39 . 2012-06-09 16:39 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-06-09 16:39 . 2012-06-09 16:39 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-06-09 16:39 . 2012-06-09 16:39 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-06-09 16:39 . 2012-06-09 16:39 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-06-09 16:39 . 2012-06-09 16:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-06-09 16:39 . 2012-06-09 16:39 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-06-09 16:39 . 2012-06-09 16:39 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-06-09 16:39 . 2012-06-09 16:39 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-06-09 16:39 . 2012-06-09 16:39 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-06-09 16:39 . 2012-06-09 16:39 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-06-09 16:39 . 2012-06-09 16:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-06-09 16:39 . 2012-06-09 16:39 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-05-31 16:25 . 2012-06-09 15:49 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-04 11:06 . 2012-06-13 00:16 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 00:16 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 00:16 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-13 00:16 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:55 . 2012-06-13 00:15 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-13 00:16 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-13 00:16 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-13 00:16 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-13 00:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-13 00:15 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-13 00:15 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 00:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-13 00:15 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 00:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-17_19.07.17 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-06-09 16:31 . 2012-07-18 17:49 46172 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-18 17:49 34300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-07-17 18:49 . 2012-07-18 03:01 3370 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-98320343-1389948819-1873048862-1001_UserData.bin
    - 2012-07-17 19:05 . 2012-07-17 19:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-18 17:47 . 2012-07-18 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-17 19:05 . 2012-07-17 19:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-18 17:47 . 2012-07-18 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-18 12:40 . 2012-07-18 17:48 393216 c:\windows\Temp\Cookies\index.dat
    - 2012-06-18 12:40 . 2012-07-17 19:06 393216 c:\windows\Temp\Cookies\index.dat
    + 2009-07-14 02:36 . 2012-07-18 03:02 624178 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-17 16:17 624178 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-17 16:17 106522 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-07-18 03:02 106522 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-07-17 19:05 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-18 17:46 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-07-18 04:52 . 2012-07-18 04:52 563030 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-98320343-1389948819-1873048862-1002-8192.dat
    + 2012-07-18 02:49 . 2012-07-18 02:49 583480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-98320343-1389948819-1873048862-1001-8192.dat
    + 2012-06-18 12:40 . 2012-07-18 17:48 12255232 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-06-18 12:40 . 2012-07-17 19:06 12255232 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-06-18 12:40 . 2012-07-17 19:06 16187392 c:\windows\Temp\History\History.IE5\index.dat
    + 2012-06-18 12:40 . 2012-07-18 17:48 16187392 c:\windows\Temp\History\History.IE5\index.dat
    - 2012-06-26 02:06 . 2012-07-17 19:05 10051772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2012-06-26 02:06 . 2012-07-17 19:17 10051772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-09 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 15:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1QzuyEtDtByD0CtBtB0DyE0DyEzytB0BtD0DtN0D0TzutBtDtCtBtDyCtCtA&cr=512778901
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{9194649F-7143-4308-90C1-D6A35B0E354E} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,38,12,84,37,34,
    43,18,6a,45,07,d2,ee,c0,91,e1,d2,8c,31
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{11111111-1111-1111-1111-110011441179}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
    15,23,5f,7f,54,6e,07,52,40,14,1a,55,6d
    "{1631550F-191D-4826-B069-D9439253D926}"=hex:51,66,7a,6c,4c,1d,38,12,61,56,22,
    12,2f,57,48,0d,cf,7f,9a,03,97,0d,9d,32
    "{26D675AC-D925-4BBF-A720-62C2AA4A81EB}"=hex:51,66,7a,6c,4c,1d,38,12,c2,76,c5,
    22,17,97,d1,0e,d8,36,21,82,af,14,c5,ff
    "{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,38,12,75,3e,1c,
    2e,3b,47,9a,0a,cd,64,23,dc,cb,3e,10,f3
    "{472F6BB8-3D5A-BC24-4155-3192C7AC8CF6}"=hex:51,66,7a,6c,4c,1d,38,12,d6,68,3c,
    43,68,73,4a,f9,3e,43,72,d2,c2,f2,c8,e2
    "{5AB7104A-B71F-49AD-9154-F7F8806AE848}"=hex:51,66,7a,6c,4c,1d,38,12,24,13,a4,
    5e,2d,f9,c3,0c,ee,42,b4,b8,85,34,ac,5c
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{7F6AFBF1-E065-4627-A2FD-810366367D01}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f8,79,
    7b,57,ae,49,03,dd,eb,c2,43,63,68,39,15
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{C585D593-E7F3-4852-A200-561686EE02E4}"=hex:51,66,7a,6c,4c,1d,38,12,fd,d6,96,
    c1,c1,a9,3c,0d,dd,16,15,56,83,b0,46,f0
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{C585D593-E7F4-4852-A200-561686EE02E4}"=hex:51,66,7a,6c,4c,1d,38,12,fd,d6,96,
    c1,c6,a9,3c,0d,dd,16,15,56,83,b0,46,f0
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:ca,1b,c2,cb,8c,60,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\\.\globalroot\systemroot\svchost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-18 13:52:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-18 17:52
    ComboFix2.txt 2012-07-18 03:19
    ComboFix3.txt 2012-07-17 19:52
    ComboFix4.txt 2012-07-17 19:15
    .
    Pre-Run: 695,646,183,424 bytes free
    Post-Run: 695,683,620,864 bytes free
    .
    - - End Of File - - FD525BE846263C896D643DCDA5B0708C
  2. 2012-07-18, 20:51 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,614

    Default

    Hello nyc1973,

    In case you missed it please see the sticky which includes guidelines for this forum and instructions in post #2 on how to provide the preliminary "DDS" logs used for analysis. http://forums.spybot.info/showthread.php?t=288

    Please do NOT run 'FIXES' (ComboFix etc) without being asked

    Please start a new topic providing the DDS logs as shown in the FAQ and a volunteer analyst will advise you when available.

    Best regards.
    UNITE-ASAP

    Microsoft MVP. Consumer Security 2006-2013

    Please help us improve Spybot, download our distributed testing client
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules