smitfraud-c.generic

[nyc1973]

A few days ago, some audio ads started playing on my computer. I ran Spybot as administrador mode and came up with smitfraud-c.generic in C://Windows/svhost.exe. Spybot removed it, but after rebooting my laptop, the smitfraud-c.generic warning was still coming back. I tried Malwarebytes, it didn’t work. I read on Spybot Forum several posting about his same issue and I downloaded and ran ERUNT and DDS. This is what I got from DDS.txt. Help Please.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by ASUS at 19:38:18 on 2012-07-18
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8103.6695 [GMT -4:00]
.
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1QzuyEtDtByD0CtBtB0DyE0DyEzytB0BtD0DtN0D0TzutBtDtCtBtDyCtCtA&cr=512778901
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9194649F-7143-4308-90C1-D6A35B0E354E} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - No File
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ASUS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{44A55483-1089-40DB-B576-928FDA8874BD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{44A55483-1089-40DB-B576-928FDA8874BD}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{44A55483-1089-40DB-B576-928FDA8874BD}\34F627E656C6C60275962756C6563737 : DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
TCP: Interfaces\{44A55483-1089-40DB-B576-928FDA8874BD}\7514C4C454 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{44A55483-1089-40DB-B576-928FDA8874BD}\75A5355553 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{44A55483-1089-40DB-B576-928FDA8874BD}\942796378623 : DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
TCP: Interfaces\{44A55483-1089-40DB-B576-928FDA8874BD}\C696E6B6379737 : DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1 167.206.251.129 167.206.251.130
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9194649F-7143-4308-90C1-D6A35B0E354E} - No File
BHO-X64: BHO_PROJECT - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {c585d593-e7f4-4852-a200-561686ee02e4} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-16 44808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-7-17 133912]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-16 1153368]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-1 2666880]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 250056]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-18 18:26:45 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-07-18 18:26:28 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-18 18:26:15 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-18 18:04:54 20480 ----a-w- C:\Windows\svchost.exe
2012-07-18 17:47:55 -------- d-----w- C:\$RECYCLE.BIN
2012-07-18 04:31:22 -------- d-----w- C:\Users\ASUS\AppData\Local\CrashDumps
2012-07-18 02:40:42 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AFEABFC-E0D8-4A28-A553-5533683380DF}\mpengine.dll
2012-07-17 18:56:31 98816 ----a-w- C:\Windows\sed.exe
2012-07-17 18:56:31 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-17 18:56:31 256000 ----a-w- C:\Windows\PEV.exe
2012-07-17 18:56:31 208896 ----a-w- C:\Windows\MBR.exe
2012-07-17 16:08:27 142128 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-07-17 16:08:15 266776 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-07-17 16:08:15 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-07-17 16:08:14 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-07-17 16:05:15 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-17 16:04:48 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-16 22:36:00 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-16 22:36:00 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-16 20:36:40 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-16 20:36:33 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-16 20:36:27 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-16 20:34:59 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-16 20:34:49 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-16 20:34:49 -------- d-----w- C:\Program Files\AVAST Software
2012-07-16 20:01:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-16 20:01:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-16 16:48:14 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2012-07-14 01:33:39 -------- d-----w- C:\Program Files (x86)\Vid-Saver
2012-07-11 13:09:30 -------- d-----w- C:\ProgramData\Uniblue
2012-07-11 12:42:27 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 12:42:27 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 12:42:27 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 12:42:26 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 12:42:26 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 12:42:26 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 12:41:54 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-11 12:41:54 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 12:41:54 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-11 12:41:54 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-11 12:41:53 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 12:41:53 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-11 12:41:53 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 12:41:53 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 12:41:53 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-11 12:37:19 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-08 03:20:50 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-07-08 03:20:04 -------- d-----w- C:\ProgramData\MAGIX
2012-07-08 03:18:04 -------- d-----w- C:\Program Files (x86)\PC Speed Up
2012-07-08 03:17:57 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2012-07-08 02:42:00 -------- d-----w- C:\Program Files (x86)\Hofmann
2012-07-08 02:39:32 -------- d-----w- C:\ProgramData\Tarma Installer
2012-07-07 23:57:34 165376 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-07-06 20:47:23 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-03 12:24:30 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-03 03:10:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-03 03:09:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-02 04:20:49 767960 ----a-w- C:\Windows\BDTSupport.dll0757.old
2012-07-02 04:20:49 767960 ----a-w- C:\Windows\BDTSupport.dll0731.old
2012-07-02 04:20:49 767960 ----a-w- C:\Windows\BDTSupport.dll0708.old
2012-07-02 04:20:49 767960 ----a-w- C:\Windows\BDTSupport.dll0701.old
2012-07-02 04:20:49 149464 ----a-w- C:\Windows\SGDetectionTool.dll0757.old
2012-07-02 04:20:49 149464 ----a-w- C:\Windows\SGDetectionTool.dll0731.old
2012-07-02 04:20:49 149464 ----a-w- C:\Windows\SGDetectionTool.dll0708.old
2012-07-02 04:20:49 149464 ----a-w- C:\Windows\SGDetectionTool.dll0701.old
2012-07-02 04:20:48 2267096 ----a-w- C:\Windows\PCTBDCore.dll0757.old
2012-07-02 04:20:48 2267096 ----a-w- C:\Windows\PCTBDCore.dll0731.old
2012-07-02 04:20:48 2267096 ----a-w- C:\Windows\PCTBDCore.dll0708.old
2012-07-02 04:20:48 2267096 ----a-w- C:\Windows\PCTBDCore.dll0701.old
2012-07-02 04:19:49 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-07-02 04:18:34 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-07-02 04:18:34 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-02 04:18:21 -------- d-----w- C:\ProgramData\PC Tools
2012-07-02 03:52:28 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-06-26 19:27:19 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-26 19:27:01 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-26 19:26:45 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-26 19:26:36 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-26 00:21:46 -------- d-----w- C:\ProgramData\PC Optimizer Pro
2012-06-26 00:04:35 -------- d-----w- C:\Windows\System32\appmgmt
2012-06-25 23:53:47 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-21 18:11:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 18:10:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 18:10:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 18:10:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 05:34:10 -------- d-----w- C:\Windows\en
2012-06-19 05:32:18 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-06-19 05:30:55 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-06-19 05:28:43 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2012-06-19 05:28:43 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-06-19 05:28:38 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-06-19 05:28:38 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-06-19 05:26:16 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-06-19 05:26:16 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-06-19 05:24:55 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dc30b9ae1cd4ddb03\MeshBetaRemover.exe
2012-06-19 05:24:48 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7fc27fa1cd4ddb02\DSETUP.dll
2012-06-19 05:24:48 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7fc27fa1cd4ddb02\DXSETUP.exe
2012-06-19 05:24:48 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7fc27fa1cd4ddb02\dsetup32.dll
2012-06-19 05:24:37 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cf59cb4d1cd4ddb01\DSETUP.dll
2012-06-19 05:24:37 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cf59cb4d1cd4ddb01\DXSETUP.exe
2012-06-19 05:24:37 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cf59cb4d1cd4ddb01\dsetup32.dll
.
==================== Find3M ====================
.
2012-07-12 15:48:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 15:48:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-10 21:35:14 4198712 ----a-w- C:\Windows\uninst.exe
2012-06-09 19:58:31 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-09 18:36:15 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-09 18:36:14 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 19:38:41.12 ===============

[JonTom]

Hello nyc1973 and

My name is JonTom

• Malware Logs can sometimes take a lot of time to research and interpret.
  
• Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  
• Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  
• PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

You appear to have ran Combofix on this machine.

While you may see ComboFix being used quite often and without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool).

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

That being said, the log produced by ComboFix contains important information for us. Kindly post the contents of the C:\ComboFix.txt

1. aswMBR
   
   
   
   • Download aswMBR.exe to your desktop.
   • Double click the aswMBR.exe to run it.
   • When asked if you want to download Avast's virus definitions please select Yes.
   • Click the "Scan" button to start scan.
   
   
   
   
   
   • On completion of the scan click save log, save it to your desktop and post in your next reply.
   
   
   
   
   
   I would also like to see the log generated from the following tool.
   
   When you run this tool it may give you the option of cleaning what it has detected.
   
   At this time do not instruct it to clean anything (I would like to review the log before we deicide on the best course of action).
   
   
2. TDSS Killer
   
   
   
   • Please read carefully and follow these steps.
   • Download TDSSKiller and save it to your Desktop.
   • Extract its contents to your desktop.
   • Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
   • When the window opens, click on Change Parameters.
   • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
   • Click on OK and then on Start Scan.
   • If an infected file is detected, the default action will be Cure, click on Skip.
   • If a suspicious file is detected, the default action will be Skip, click on Continue.
   • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
   • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
   
   
   Please post the Combofix log, the aswMBR log and the TDSSKiller log in your next reply.

[JonTom]

Do you still need help?

[JonTom]

Due to lack of response, this topic is now closed.

If you are the topic starter and need this topic reopened, please PM a staff member (include the address of this thread in your request).

Everyone else please start a new topic.