Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 jog267

jog267

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 24 December 2008 - 02:28 PM

Hello all,

My computer is running slowly and producing and saving file with an .idx extension. I don't know what to make of it. Below is a hijackthis log:

Scan saved at 8:11:56 PM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsearches.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsearches.net/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com;localhost
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [58c28543.exe] C:\Documents and Settings\Charles Johnson\Local Settings\Application Data\58c28543.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [notepad.exe] msmsgs.exe
O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\atmclk.exe
O4 - HKUS\S-1-5-21-1343184177-630981194-1139353285-1008\..\Run: [Sonic RecordNow!] (User 'Diane Johnson')
O4 - HKUS\S-1-5-21-1343184177-630981194-1139353285-1008\..\Run: [System Kernal Support] system.exe (User 'Diane Johnson')
O4 - HKUS\S-1-5-21-1343184177-630981194-1139353285-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Diane Johnson')
O4 - HKUS\S-1-5-21-1343184177-630981194-1139353285-1008\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Diane Johnson')
O4 - HKUS\S-1-5-21-1343184177-630981194-1139353285-1008\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 (User 'Diane Johnson')
O4 - HKUS\S-1-5-21-1343184177-630981194-1139353285-1011\..\Run: [Sonic RecordNow!] (User 'Ingrid Johnson')
O4 - HKUS\S-1-5-21-1343184177-630981194-1139353285-1011\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Ingrid Johnson')
O4 - HKUS\S-1-5-21-1343184177-630981194-1139353285-1011\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Ingrid Johnson')
O4 - S-1-5-21-1343184177-630981194-1139353285-1008 Startup: .protected (User 'Diane Johnson')
O4 - S-1-5-21-1343184177-630981194-1139353285-1008 User Startup: .protected (User 'Diane Johnson')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {01D3561C-4F9A-0913-C6B0-490941FA15F6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {02BBE933-53B4-53CD-D295-513A251C8C77} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {02F217D6-51C6-74EF-191D-46564220BC45} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {03016089-6058-4962-139A-19773C7FFB9C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {03B3FF8C-0B90-1E78-B27E-3C4006992C7B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0582F429-4950-5A7A-E5E8-520D6BF178F2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06169416-0525-6129-1BE2-09BB60B47F3A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0993701D-1025-0D3E-D646-5C8841B602BA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0AAA3030-EC9D-4075-9FA4-52B918508B2E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0B1E0DFE-FA6E-206E-584F-2BCA1857D2A4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0BBBB2F6-E882-3368-81F6-1F8F1603167B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0D631E3D-72B5-5F96-7E4A-40412E2DB38D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F89439C-3058-60BD-BC2F-0F4140464ABB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0FB98E38-5A99-4085-71D7-2CF00402D4D8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0FD2C954-1001-0EC3-A2E8-60605ABA46DD} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {11D2AE2A-43B0-0CAD-88C1-3E59143BF1AC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {12F524CC-9D13-46D0-900B-31426F020346} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {147E3D1F-A44F-1AE1-A6E0-67BE7C6D0199} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {170C21F6-EF79-46B7-26D7-01196673A6A0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1859F5A9-379B-79D0-1AB8-46F0550C95BF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19331CC3-43B4-133F-AFCC-661B2F98D4FC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1FD9984A-E88C-73DC-27F4-7402662ADDE5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {20DF91E9-84C6-1815-7B40-24EB48CED079} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {223BFB04-8DCF-3322-4527-141003123751} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2255D99E-A486-2CB2-A6EA-637D369C7608} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {23FFA132-7631-2607-E413-2B7C28794699} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {259F06DA-1215-5AE9-749E-292D2ECC8DB2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2657E496-27F6-4393-4CCF-1AFE5D1E8C73} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {270852DA-786C-32B4-013E-72BD477E0176} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2807FF94-DE28-46F6-3781-0C91478380CC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {285EE935-1A2C-28FC-469E-78E8094499B5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {292BB7C9-EF81-64CA-90A8-452D2EB5F7A7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2A798FAA-B4E3-7586-C309-759C37E0B5AB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2B937567-4F68-5694-824C-18737DF721A1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2BEA57E4-539A-4812-849D-683C5B11D6F3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2C5797F9-C8BA-0EA3-CC4C-446358F4C897} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2E3FA0E5-60A8-4B16-9C7D-2ABD4CAB109E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3014CEED-826C-41A3-E5A3-57160B31436C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3295790E-0B15-02AC-B080-38232BCA3774} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3357B719-13DB-4F5A-CE47-3D8F0BECA666} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {33958316-DE23-7CBE-9B5B-3B824D4724AD} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {342358FB-EDB3-277E-7C50-648A41C5129B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3440BFEC-6772-080B-FB93-037A70BBBA66} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3467AF2E-E62F-74E2-0C91-703A03C86316} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {35D02D80-CCCA-74E8-37FB-5D11362A50C2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {370BC82E-82F6-2E0A-6759-42BB2DE12157} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {376BF421-E94E-16B9-E0E5-7C392E87C94D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {37E9BE3E-DCF6-583A-F045-372A17E55BDF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {382461F9-4592-473F-B53F-40AD2CAA45DF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {398F8222-08C6-5A7E-F3D3-7D66130E5F3F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3A190231-8C43-2188-52E8-56D90F5390F0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3AEB80BB-7E8E-29AA-716A-237D0F3C9627} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3BA68D79-4E3A-1365-0E06-4AFA3CCB9309} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3CB793F7-4D97-3BE1-D426-17227355B7FA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3E6D7BF5-33C9-209A-85E9-433935A73C33} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3F18065B-6C84-06CD-E354-1C020E997B6C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3FEA01D5-1B5C-0DE5-FF37-32837A8D4730} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {41B118BD-E99D-572D-E7F7-30E51A9AAE1D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4225D2E7-B7E6-5972-C315-13DE0A3E7FA3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4433EB1A-4A5B-2140-83B8-11783301CC4B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {46D713F0-F405-6F87-A124-2AB56C350D84} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {487BEEC1-1470-087C-26F0-395315D80719} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {49CE7333-96D6-7B8B-DF7C-5AD02ED82771} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4A1BCAEF-7877-4414-4262-3CE05AE6671E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4F395BA0-2223-7F00-E808-404C09191D5A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4F9051E0-5127-5F83-B3C8-5DFD4F627B6D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4FFBD682-49D0-7796-E05E-2A975213421B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5041330D-D747-7D8E-8163-59790EE68A9F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5045836A-C48E-5667-A58A-3EFF3B0A7348} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {50B5C0D4-7FCA-5856-BC56-71872B168562} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {516C53A4-750C-7426-0FBD-5F213C5ACB7D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {52CD368A-B542-3F3B-7063-0DF64992D345} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {532B0975-E780-34B0-45A3-0A7454786B3C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {546EB5CC-8825-5EF5-1F1F-627D10B8501C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {547F1FFB-B040-5F83-6EFA-224413009E10} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5551EBA0-284F-36F0-1906-52C0495C45EE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {574D7E30-7D4A-7F25-68B9-427B3046C2AF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {57684306-40B4-6568-3DCA-1EFC0277F4EB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5ABA8B45-1CE3-2FAE-6CC6-5F5F3B773E3F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5B23563F-1C0D-136D-88A7-0BDB1DD1FDA7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C05EA28-13E4-6DB6-4F37-50E025EE81B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5CF5004D-E508-4A0D-D2C5-3EA3487B5408} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5F075F8A-777F-62FB-BE3A-06AC35E12E73} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5F6C3A71-1097-6779-9A41-73F210B160E8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5FACFAA1-BAF3-78D0-1456-6AC47546E859} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5FEC4A3C-5799-4DCB-FC9F-636A4533E379} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6025FF25-0B8C-0920-C835-1CFE0ECA3F8E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {607B5672-0B03-3489-D877-48BA68BE5931} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {61B388D7-B57F-303F-C332-2EAF190DC873} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {629C4160-8DED-5D9F-1355-4C1F07B66F4A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {62C3D649-3C51-0B3F-C280-2FDB726A9972} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {64B4F90D-3F2E-1865-3A6D-51F25AA2A930} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {65A4BB4A-3EC3-72A4-1649-695301762A8C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {65BE2E02-600D-13C3-893E-74CC7AD058D3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {66618185-0E10-2D41-D3EE-244D7E6FFB0A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {66748FC1-EBCA-6784-2EB8-08B41240FC9F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {67446081-9C0D-21D9-EFC0-37C653D23B96} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {680436F7-1D3A-09F4-D7B2-4D6E5DB435EA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69683B92-781D-7225-1E83-68661E6DD6FB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69722E1B-6369-6ECC-BF7B-035417114B5D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69765BA2-43B2-2D8C-E3C3-080437DB7B00} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69C88226-0812-65FE-ADF3-0B7633CFB7DB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DE5BEEE-96EE-6690-807F-54E0635D73B2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6E193C4C-EFE0-3768-4214-43187DEE6460} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6E4DE3A4-7705-08B3-FAC8-22E872EE6AC4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6E61E188-C688-56FB-DDEE-763A5BAE6326} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6FEDEDEA-2AF4-77EF-B646-7EA22D92EF16} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {703515B5-0644-6D2D-ECB3-52742FAC539D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7180E38F-D673-1609-A48D-342A3EB4EF5A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {72A800A4-933C-1BB7-E8ED-632B5D42C907} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {73B67AA5-F9F3-55FD-88B6-7C5C0889BD7E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {74724E93-30CA-65AF-4D22-5B017C37CCFA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {74E891A3-1956-2432-4C40-217019993A87} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {762D8201-B866-7BE1-CBE0-35C15D6C0F29} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7706790D-AD3E-0B3A-07E7-13931FB1F982} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {77A9556A-ED34-1D09-0EF0-05C57A41F173} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {77BD2241-D3FB-729E-78F6-0A5348E764B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7929DE4B-5C73-686B-7D46-7F356193B3D9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {79CC9C4A-0F16-4C6F-EC21-75AB618BF827} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7B4014CA-274B-5065-92C8-6FEF4FAC2E8E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7B54BB07-E476-7408-CF83-7B550BDA6460} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7C3AE7D9-4C0C-1BA3-184F-391937C6C756} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7DE91B83-3521-1BAE-99B8-08FD72F05FC1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7DF0BB0D-EAD3-5712-F547-29AE61710312} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O22 - SharedTaskScheduler: forevouched - {6af69c4d-420a-4c95-b34f-e4635f84f53b} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


What is gdnUS2218.exe, what does it do and why are there multiple occurences of this file? Is there anything I can do to improve the performance of this machine?

Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 05 January 2009 - 06:55 AM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O16 - DPF: {01D3561C-4F9A-0913-C6B0-490941FA15F6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {02BBE933-53B4-53CD-D295-513A251C8C77} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {02F217D6-51C6-74EF-191D-46564220BC45} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {03016089-6058-4962-139A-19773C7FFB9C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {03B3FF8C-0B90-1E78-B27E-3C4006992C7B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0582F429-4950-5A7A-E5E8-520D6BF178F2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06169416-0525-6129-1BE2-09BB60B47F3A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0993701D-1025-0D3E-D646-5C8841B602BA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0AAA3030-EC9D-4075-9FA4-52B918508B2E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0B1E0DFE-FA6E-206E-584F-2BCA1857D2A4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0BBBB2F6-E882-3368-81F6-1F8F1603167B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0D631E3D-72B5-5F96-7E4A-40412E2DB38D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F89439C-3058-60BD-BC2F-0F4140464ABB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0FB98E38-5A99-4085-71D7-2CF00402D4D8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0FD2C954-1001-0EC3-A2E8-60605ABA46DD} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {11D2AE2A-43B0-0CAD-88C1-3E59143BF1AC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {12F524CC-9D13-46D0-900B-31426F020346} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {147E3D1F-A44F-1AE1-A6E0-67BE7C6D0199} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {170C21F6-EF79-46B7-26D7-01196673A6A0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1859F5A9-379B-79D0-1AB8-46F0550C95BF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19331CC3-43B4-133F-AFCC-661B2F98D4FC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1FD9984A-E88C-73DC-27F4-7402662ADDE5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {20DF91E9-84C6-1815-7B40-24EB48CED079} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {223BFB04-8DCF-3322-4527-141003123751} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2255D99E-A486-2CB2-A6EA-637D369C7608} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {23FFA132-7631-2607-E413-2B7C28794699} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {259F06DA-1215-5AE9-749E-292D2ECC8DB2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2657E496-27F6-4393-4CCF-1AFE5D1E8C73} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {270852DA-786C-32B4-013E-72BD477E0176} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2807FF94-DE28-46F6-3781-0C91478380CC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {285EE935-1A2C-28FC-469E-78E8094499B5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {292BB7C9-EF81-64CA-90A8-452D2EB5F7A7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2A798FAA-B4E3-7586-C309-759C37E0B5AB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2B937567-4F68-5694-824C-18737DF721A1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2BEA57E4-539A-4812-849D-683C5B11D6F3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2C5797F9-C8BA-0EA3-CC4C-446358F4C897} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2E3FA0E5-60A8-4B16-9C7D-2ABD4CAB109E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3014CEED-826C-41A3-E5A3-57160B31436C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3295790E-0B15-02AC-B080-38232BCA3774} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3357B719-13DB-4F5A-CE47-3D8F0BECA666} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {33958316-DE23-7CBE-9B5B-3B824D4724AD} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {342358FB-EDB3-277E-7C50-648A41C5129B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3440BFEC-6772-080B-FB93-037A70BBBA66} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3467AF2E-E62F-74E2-0C91-703A03C86316} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {35D02D80-CCCA-74E8-37FB-5D11362A50C2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {370BC82E-82F6-2E0A-6759-42BB2DE12157} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {376BF421-E94E-16B9-E0E5-7C392E87C94D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {37E9BE3E-DCF6-583A-F045-372A17E55BDF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {382461F9-4592-473F-B53F-40AD2CAA45DF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {398F8222-08C6-5A7E-F3D3-7D66130E5F3F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3A190231-8C43-2188-52E8-56D90F5390F0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3AEB80BB-7E8E-29AA-716A-237D0F3C9627} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3BA68D79-4E3A-1365-0E06-4AFA3CCB9309} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3CB793F7-4D97-3BE1-D426-17227355B7FA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3E6D7BF5-33C9-209A-85E9-433935A73C33} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3F18065B-6C84-06CD-E354-1C020E997B6C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3FEA01D5-1B5C-0DE5-FF37-32837A8D4730} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {41B118BD-E99D-572D-E7F7-30E51A9AAE1D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4225D2E7-B7E6-5972-C315-13DE0A3E7FA3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4433EB1A-4A5B-2140-83B8-11783301CC4B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {46D713F0-F405-6F87-A124-2AB56C350D84} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {487BEEC1-1470-087C-26F0-395315D80719} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {49CE7333-96D6-7B8B-DF7C-5AD02ED82771} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4A1BCAEF-7877-4414-4262-3CE05AE6671E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4F395BA0-2223-7F00-E808-404C09191D5A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4F9051E0-5127-5F83-B3C8-5DFD4F627B6D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4FFBD682-49D0-7796-E05E-2A975213421B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5041330D-D747-7D8E-8163-59790EE68A9F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5045836A-C48E-5667-A58A-3EFF3B0A7348} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {50B5C0D4-7FCA-5856-BC56-71872B168562} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {516C53A4-750C-7426-0FBD-5F213C5ACB7D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {52CD368A-B542-3F3B-7063-0DF64992D345} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {532B0975-E780-34B0-45A3-0A7454786B3C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {546EB5CC-8825-5EF5-1F1F-627D10B8501C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {547F1FFB-B040-5F83-6EFA-224413009E10} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5551EBA0-284F-36F0-1906-52C0495C45EE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {574D7E30-7D4A-7F25-68B9-427B3046C2AF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {57684306-40B4-6568-3DCA-1EFC0277F4EB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5ABA8B45-1CE3-2FAE-6CC6-5F5F3B773E3F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5B23563F-1C0D-136D-88A7-0BDB1DD1FDA7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C05EA28-13E4-6DB6-4F37-50E025EE81B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5CF5004D-E508-4A0D-D2C5-3EA3487B5408} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5F075F8A-777F-62FB-BE3A-06AC35E12E73} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5F6C3A71-1097-6779-9A41-73F210B160E8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5FACFAA1-BAF3-78D0-1456-6AC47546E859} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5FEC4A3C-5799-4DCB-FC9F-636A4533E379} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6025FF25-0B8C-0920-C835-1CFE0ECA3F8E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {607B5672-0B03-3489-D877-48BA68BE5931} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {61B388D7-B57F-303F-C332-2EAF190DC873} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {629C4160-8DED-5D9F-1355-4C1F07B66F4A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {62C3D649-3C51-0B3F-C280-2FDB726A9972} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {64B4F90D-3F2E-1865-3A6D-51F25AA2A930} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {65A4BB4A-3EC3-72A4-1649-695301762A8C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {65BE2E02-600D-13C3-893E-74CC7AD058D3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {66618185-0E10-2D41-D3EE-244D7E6FFB0A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {66748FC1-EBCA-6784-2EB8-08B41240FC9F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {67446081-9C0D-21D9-EFC0-37C653D23B96} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {680436F7-1D3A-09F4-D7B2-4D6E5DB435EA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69683B92-781D-7225-1E83-68661E6DD6FB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69722E1B-6369-6ECC-BF7B-035417114B5D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69765BA2-43B2-2D8C-E3C3-080437DB7B00} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69C88226-0812-65FE-ADF3-0B7633CFB7DB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DE5BEEE-96EE-6690-807F-54E0635D73B2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6E193C4C-EFE0-3768-4214-43187DEE6460} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6E4DE3A4-7705-08B3-FAC8-22E872EE6AC4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6E61E188-C688-56FB-DDEE-763A5BAE6326} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6FEDEDEA-2AF4-77EF-B646-7EA22D92EF16} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {703515B5-0644-6D2D-ECB3-52742FAC539D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7180E38F-D673-1609-A48D-342A3EB4EF5A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {72A800A4-933C-1BB7-E8ED-632B5D42C907} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {73B67AA5-F9F3-55FD-88B6-7C5C0889BD7E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {74724E93-30CA-65AF-4D22-5B017C37CCFA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {74E891A3-1956-2432-4C40-217019993A87} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {762D8201-B866-7BE1-CBE0-35C15D6C0F29} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7706790D-AD3E-0B3A-07E7-13931FB1F982} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {77A9556A-ED34-1D09-0EF0-05C57A41F173} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {77BD2241-D3FB-729E-78F6-0A5348E764B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7929DE4B-5C73-686B-7D46-7F356193B3D9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {79CC9C4A-0F16-4C6F-EC21-75AB618BF827} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7B4014CA-274B-5065-92C8-6FEF4FAC2E8E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7B54BB07-E476-7408-CF83-7B550BDA6460} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7C3AE7D9-4C0C-1BA3-184F-391937C6C756} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7DE91B83-3521-1BAE-99B8-08FD72F05FC1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7DF0BB0D-EAD3-5712-F547-29AE61710312} - http://85.255.113.214/1/gdnUS2218.exe


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 12 January 2009 - 03:07 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users