Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Generic20.CLEL on Windows 7 machine


  • Please log in to reply
3 replies to this topic

#1 kingjay

kingjay

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 13 February 2011 - 08:45 AM

My otherwise lovely girlfriend decided to open up an attachment from an unwanted e-mail in Hotmail. After b*tch slapping here through the house, I'm now left with cleaning up the mess. Problem was a Palladium virus. That seems to be gone, but the leftover is AVG giving messages about several files being infected with the trojan horse Generic20.CLEL.

This forum seems to be the only place with a remedy in the form of ComboFix. I haven't run Malwarebytes or a similar product yet (should I do so?), but I've read that ComboFix is the best answer and that I shouldn't use it without guidance. So here I am, hoping someone can help me cleaning up her computer.

So far AVG has run complete scans (in normal and safe mode). It gives the messages it finds the file cbta.exe in this location:
USERS\[USERNAME]\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\[RANDOM FOLDER NAME]

It also finds files like 'vo3bddls.exe', 'iyrepUiq.exe', 'xF5cOrfPZ.exe', etc. in this location:
USERS\[USERNAME]\AppData\Roaming\

New ones keep popping up every several minutes.

I've seen several possible scans I could do and actions I can take, but if I've read them correctly it's best to do it with guidance. So here I am on my begging knees.

BC AdBot (Login to Remove)

 


#2 kingjay

kingjay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 13 February 2011 - 12:21 PM

Ok, I've run a scan with Malwarebytes. This is the scan log (sorry it's in dutch):


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 5754

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13-2-2011 18:18:47
mbam-log-2011-02-13 (18-18-35).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 355293
Verstreken tijd: 57 minuut/minuten, 28 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 2
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 15

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Startup (Trojan.Agent) -> Value: Startup -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Rogue.Palladium) -> Value: Shell -> No action taken.

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
c:\Users\Hilda\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\M1KB85K2\load[1].php (Spyware.Passwords.XGen) -> No action taken.
c:\Users\Hilda\AppData\Local\Temp\2971.tmp (Spyware.Passwords.XGen) -> No action taken.
c:\Users\Hilda\AppData\Roaming\TQHDZN.exe (Trojan.Downloader) -> No action taken.
c:\Users\Hilda\AppData\Roaming\ulbkq76.exe (Trojan.Downloader) -> No action taken.
c:\Users\Hilda\AppData\Roaming\vo3bddls.exe (Trojan.Downloader) -> No action taken.
c:\Users\Hilda\AppData\Roaming\wigbyL.exe (Trojan.Downloader) -> No action taken.
c:\Users\Hilda\AppData\Roaming\xd8gmc6exb.exe (Trojan.Downloader) -> No action taken.
c:\Users\Hilda\AppData\Roaming\xf5corfpz.exe (Trojan.Downloader) -> No action taken.
c:\Users\Hilda\AppData\Roaming\xsswqyxem.exe (Trojan.Downloader) -> No action taken.
c:\Users\Hilda\AppData\Roaming\ySkM2.exe (Trojan.Downloader) -> No action taken.
c:\Users\Hilda\AppData\Roaming\yvqq3a3e0.exe (Trojan.Downloader) -> No action taken.
c:\Users\Hilda\downloads\xvidsetup.exe (Adware.Hotbar) -> No action taken.
c:\Users\Hilda\downloads\post_express_label_ns.80913\post express label.exe (Trojan.Agent) -> No action taken.
c:\Users\Hilda\AppData\Roaming\temp.js (Trojan.Agent) -> No action taken.
c:\Users\Hilda\AppData\Roaming\startup.js (Trojan.Agent) -> No action taken.


#3 kingjay

kingjay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 13 February 2011 - 12:23 PM

Should I remove these files and the register keys? I'm unsure and I don't want to do more harm then good. Can anybody assist me please? Help?

#4 kingjay

kingjay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 13 February 2011 - 12:40 PM

Sorry, I should have read the manual. Here is the DDS scan results. How do I attach the other document? I really feel like a moron, but I can't find the attach button. I'll patiently wait now and refrain from posting more, again, sorry.



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Hilda at 18:27:31,45 on zo 13-02-2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.1788.428 [GMT 1:00]

AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\WScript.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Users\Hilda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hilda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hilda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Program Files (x86)\AVG\AVG9\avgcfgex.exe
C:\Users\Hilda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Hilda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hilda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Hilda\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2865317
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\tbuTor.dll
mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\tbuTor.dll
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=C:\Users\Hilda\AppData\Roaming\palladium.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Hilda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Startup] C:\Users\Hilda\AppData\Roaming\Startup.js
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Hilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.js
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
AppInit_DLLs-X64: avgrssta.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-9-18 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-18 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-9-18 317520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-2-2 254528]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-10-20 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-18 308136]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-9-5 228408]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-20 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-20 36408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-26 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2011-02-13 17:26:09 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\gwyxtAO.exe
2011-02-13 17:26:09 129 ----a-w- C:\Users\Hilda\AppData\Roaming\6281.bat
2011-02-13 17:18:11 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\y2S1cJ.exe
2011-02-13 17:18:11 127 ----a-w- C:\Users\Hilda\AppData\Roaming\6806.bat
2011-02-13 17:16:10 131 ----a-w- C:\Users\Hilda\AppData\Roaming\6789.bat
2011-02-13 17:16:09 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\kAialNs1.exe
2011-02-13 16:48:30 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\pjWkj1.exe
2011-02-13 16:43:07 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\o11ZjpB.exe
2011-02-13 16:38:09 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\B3T1d.exe
2011-02-13 16:16:11 -------- d-----w- C:\Users\Hilda\AppData\Roaming\Malwarebytes
2011-02-13 16:15:28 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-13 16:15:27 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-13 16:15:24 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-13 16:15:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-13 16:13:20 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\CojCT.exe
2011-02-13 16:13:13 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\PzaMCmc5T.exe
2011-02-13 15:12:24 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\XsSWqyXEM.exe
2011-02-13 15:07:25 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\kzSky.exe
2011-02-13 15:06:20 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\ulbkq76.exe
2011-02-13 14:42:23 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\xd8gmC6ExB.exe
2011-02-13 14:34:25 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\ySkM2.exe
2011-02-13 14:31:23 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\NhH34iPcq.exe
2011-02-13 14:01:23 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\GL0l3oUGBC.exe
2011-02-13 13:57:20 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\laVdPbd.exe
2011-02-13 13:42:22 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\iyrepUiq.exe
2011-02-13 13:37:21 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\yvQQ3a3E0.exe
2011-02-13 13:26:24 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\izTxP6o0oV.exe
2011-02-13 13:20:23 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\eDAx2t.exe
2011-02-13 13:13:28 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\vo3bddls.exe
2011-02-13 13:13:25 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\eP9pwd.exe
2011-02-13 13:02:48 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\TQHDZN.exe
2011-02-13 13:02:45 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\xF5cOrfPZ.exe
2011-02-13 12:04:10 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\pS4bWHY9aG.exe
2011-02-13 12:04:10 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\E2gfYshS57.exe
2011-02-13 11:43:32 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\wigbyL.exe
2011-02-12 22:56:56 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\I1QCEfZ5jc.exe
2011-02-12 22:29:45 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\HPWE6.exe
2011-02-12 22:22:42 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\Oy7Z0P.exe
2011-02-12 22:18:51 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\oEh1p1CMSA.exe
2011-02-12 22:15:45 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\Ffo2oSx.exe
2011-02-12 22:00:48 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\hOU6sK90.exe
2011-02-12 22:00:46 227840 ----a-w- C:\Users\Hilda\AppData\Roaming\cVpLrAnoI.exe
2011-02-12 17:50:35 -------- d-----w- C:\Program Files (x86)\Conduit
2011-02-12 17:50:26 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-02-12 17:50:16 -------- d-----w- C:\Program Files (x86)\uTorrentBar_NL
2011-02-12 17:50:06 -------- d-----w- C:\extensions
2011-02-12 17:43:32 -------- d--h--w- C:\$AVG
2011-02-09 17:43:25 -------- d-----w- C:\Users\Hilda\AppData\Roaming\Spotify
2011-02-09 17:43:25 -------- d-----w- C:\Users\Hilda\AppData\Local\Spotify
2011-02-09 13:57:52 -------- d-----w- C:\Program Files (x86)\Spotify
2011-02-02 18:38:54 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-02-02 18:38:41 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-02-02 17:03:17 -------- d-----w- C:\Program Files (x86)\Maxis
2011-02-02 16:52:29 -------- d-----w- C:\Users\Hilda\AppData\Roaming\DAEMON Tools Lite
2011-02-02 16:52:29 -------- d-----w- C:\PROGRA~3\DAEMON Tools Lite

==================== Find3M ====================

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 18:28:20,35 ===============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users