Jump to content


Photo

a few viruses to clear up.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Lord Dewtain

Lord Dewtain

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 23 May 2007 - 10:39 PM

I got back to my parents computer, and went about cleaning it.

------------------------
this is what I did:

Updated mcAfee: it found 2 viruses
ishost.exe --> was a purper virus
ssttrst.dll --> downloader-AWX

I updated spybot, it found a bunch of stuff including 3 virueses:
Smitfraud-C
TagASaurus
Zlob.BigDown

I installed and updated AVG antiSpyware (Ewido), and it found nothing left.

-------------------------

current symptoms and problems

Currently things are running fine. We use firefox instead of IE, but IE seems to have several search bars added on, which I would like to get rid of (AOL bar and viewpoint bar). We also have google toolbar, but I like that one.


So now I would just like a checkup to see if I have cleaned everything so far, I'd like advice getting rid of any further spyware, and anything else that isn't needed. Also, this computer is slow to startup, and I am sure there is stuff there I don't need, so I included that log too.

I ran the HJT log through an analyzer and it highlighted O4 - ... ...ctfmon.exe as a CoolWebSearch virus. I want to confirm this, because I have had CoolWebSearch on this computer before.

whenever I shut down, a McAfee based program known as RUlaunch doesn't like to quit right away, and needs to be forcefully ended before I can shut down.
Also, McAfee doesn't like to autoupdate, it just won't connect or something. But I was able to update it recently by downloading the huge database files.

Oh, and before I get on with the logs, I want to make sure that I got rid of those nasty viruses, I don't want them coming back, how can I make sure they are gone for good?


--------------------------------------------------------------------------------------------------
=================================================
--------------------------------------------------------------------------------------------------


Ewido log:
nothing new was found


--------------------------------------------------------------------------------------------------
=================================================
--------------------------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 10:35:14 PM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CRW\shwicon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\WINDOWS\System\hppropty.exe
C:\WINDOWS\System32\hphmon04.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\user\Desktop\WUTEMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.16e058] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.16e058"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP LaserJet ToolBox] hppropty.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...784/mcfscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)


--------------------------------------------------------------------------------------------------
=================================================
--------------------------------------------------------------------------------------------------


Also, I ran HJT's startup log, I'll post it if you want it, but this section stood out:

-------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\gbsetup.exe
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 26 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 29 May 2007 - 01:03 AM

Hi Lord Dewtain,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.


I ran the HJT log through an analyzer and it highlighted O4 - ... ...ctfmon.exe as a CoolWebSearch virus. I want to confirm this, because I have had CoolWebSearch on this computer before.

The results from any automatic HijackThis analyzer are, at best, unreliable. They are prone to false positives, and even worse, false negatives as well.

These analyzers are not to be trusted, and should be kept at arms length. :)

OK, letís go malware hunting, shall we? :)

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". This will change from what we know in 2006, read this article: http://www.clickz.co...cle.php/3561546

Additional info: http://vil.nai.com/v...nt/v_137262.htm

I suggest you remove the program now. Go to Start -> Control Panel -> Add/Remove Programs and remove the following programs (if present):

Viewpoint
Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar



If you have problems with Viewpoint regenerating after uninstallation, then please follow these instructions:

Open AOL and go to Help on the toolbar. Select About AOL. Next is the SECRET STEP. You must then press Ctrl + D to access a "secret" panel to disable all of the desktop and IM fancy features that are associated with viewpoint. This is the only way to prevent AOL from re-installing Viewpoint at AOL startup.



NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please go to Start -> Run and type (or copy and paste) the following lines in the "Open" field, ONE AT A TIME, then click "OK":

sc stop "Viewpoint Manager Service"

sc delete "Viewpoint Manager Service"



NEXT:

Using Windows Explorer (right-click your "Start" button and select "Explore"), please navigate to and delete the following FOLDERS (if they exist):

C:\Program Files\Viewpoint


NEXT:

Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind.

Please download CCleaner (freeware) and save it to your desktop:
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Once installed, run CCleaner and click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  • Then, click the "Applications" tab:
    • UNCHECK everything there.
  • Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  • When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you donít know how to use it, you may cause irreparable damage to your system.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  • Click on "Kaspersky Online Scanner".
  • You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "Next".
  • Now click on "Scan Settings".
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click "OK".
  • Now under select a target to scan:
    • Select "My Computer".
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan.
  • The log from the Kaspersky scan.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#4 Lord Dewtain

Lord Dewtain

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 29 May 2007 - 07:35 PM

=================================
=================================
ComboFix Scan Log
=================================
=================================



"user" - 2007-05-29 16:04:12 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Program Files\Mozilla Firefox\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\components\flx0.dll"
"C:\WINDOWS\system32\components\flx10.dll"
"C:\WINDOWS\system32\components\flx12.dll"
"C:\WINDOWS\system32\components\flx13.dll"
"C:\WINDOWS\system32\components\flx14.dll"
"C:\WINDOWS\system32\components\flx15.dll"
"C:\WINDOWS\system32\components\flx17.dll"
"C:\WINDOWS\system32\components\flx18.dll"
"C:\WINDOWS\system32\components\flx19.dll"
"C:\WINDOWS\system32\components\flx2.dll"
"C:\WINDOWS\system32\components\flx20.dll"
"C:\WINDOWS\system32\components\flx21.dll"
"C:\WINDOWS\system32\components\flx22.dll"
"C:\WINDOWS\system32\components\flx23.dll"
"C:\WINDOWS\system32\components\flx24.dll"
"C:\WINDOWS\system32\components\flx25.dll"
"C:\WINDOWS\system32\components\flx26.dll"
"C:\WINDOWS\system32\components\flx27.dll"
"C:\WINDOWS\system32\components\flx28.dll"
"C:\WINDOWS\system32\components\flx29.dll"
"C:\WINDOWS\system32\components\flx3.dll"
"C:\WINDOWS\system32\components\flx30.dll"
"C:\WINDOWS\system32\components\flx31.dll"
"C:\WINDOWS\system32\components\flx32.dll"
"C:\WINDOWS\system32\components\flx33.dll"
"C:\WINDOWS\system32\components\flx34.dll"
"C:\WINDOWS\system32\components\flx35.dll"
"C:\WINDOWS\system32\components\flx36.dll"
"C:\WINDOWS\system32\components\flx37.dll"
"C:\WINDOWS\system32\components\flx38.dll"
"C:\WINDOWS\system32\components\flx39.dll"
"C:\WINDOWS\system32\components\flx4.dll"
"C:\WINDOWS\system32\components\flx40.dll"
"C:\WINDOWS\system32\components\flx41.dll"
"C:\WINDOWS\system32\components\flx42.dll"
"C:\WINDOWS\system32\components\flx43.dll"
"C:\WINDOWS\system32\components\flx44.dll"
"C:\WINDOWS\system32\components\flx45.dll"
"C:\WINDOWS\system32\components\flx46.dll"
"C:\WINDOWS\system32\components\flx47.dll"
"C:\WINDOWS\system32\components\flx48.dll"
"C:\WINDOWS\system32\components\flx49.dll"
"C:\WINDOWS\system32\components\flx5.dll"
"C:\WINDOWS\system32\components\flx6.dll"
"C:\WINDOWS\system32\components\flx7.dll"
"C:\WINDOWS\system32\components\flx8.dll"
"C:\WINDOWS\system32\components\flx9.dll"
"C:\WINDOWS\system32\system\mcafeepf.dll"
"C:\DOCUME~1\user\Desktop.\internet explorer.lnk"
"C:\WINDOWS\system32\components"
"C:\WINDOWS\system32\system"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_IPRIP
-------\LEGACY_NETWORK_MONITOR
-------\Iprip


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 ))))))))))))))))))))))))))))))))))


2007-05-26 00:46 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\vlc
2007-05-25 21:00 <DIR> d-------- C:\Program Files\VideoLAN
2007-05-24 22:49 <DIR> d-------- C:\DeusEx
2007-05-22 17:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-17 20:54 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-05-17 20:54 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-05-17 20:54 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-05-17 20:53 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-16 21:44 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2007-05-16 21:44 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\IDMComp
2007-05-15 23:48 <DIR> d-------- C:\Program Files\Black Isle
2007-05-15 23:39 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-05-15 23:36 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-29 20:10:01 1,367 ----a-w C:\WINDOWS\system32\HPA.DAT
2007-05-22 21:43:13 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-05-22 02:52:33 3,888 ----a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-05-18 19:58:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-14 03:57:46 -------- d-----w C:\Program Files\HP
2007-05-11 17:18:44 -------- d-----w C:\DOCUME~1\user\APPLIC~1\AdobeUM
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvListnr"="C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe" []
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-20 18:54]
"ShowIcon_The Company_CRW Series Driver v1.16e058"="C:\Program Files\CRW\shwicon.exe" [2002-11-06 14:56]
"Alogserv"="C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe" [2002-01-04 06:02]
"HP LaserJet ToolBox"="hppropty.exe" []
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2003-12-24 16:54]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 04:51]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 13:01 C:\WINDOWS\system32\P0630Pin.dll]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
"@"="" []
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2002-01-09 00:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-08-10 10:50]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 11:29]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk.disabled
backup=C:\WINDOWS\pss\Billminder.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=C:\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=C:\WINDOWS\pss\TextBridge Instant Access OCR.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1143389709\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070529-155750-768
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

backup-20070529-155750-478
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

backup-20070529-155750-988
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 16:13:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-29 16:16:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-29 16:16

--- E O F ---

---------------------------------------------------------------
---------------------------------------------------------------

Edited by Lord Dewtain, 29 May 2007 - 07:37 PM.


#5 Lord Dewtain

Lord Dewtain

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 29 May 2007 - 07:38 PM

============================================
============================================
Kaspersky Scans
============================================
============================================



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 29, 2007 8:30:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/05/2007
Kaspersky Anti-Virus database records: 333790
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 91796
Number of viruses found: 3
Number of infected objects: 280 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:10:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\AOL OCP\AIM\Storage\data\thebecker1998\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF752F.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx10.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx12.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx13.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx14.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx15.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx17.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx18.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx19.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx2.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx20.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx21.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx22.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx23.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx24.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx25.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx26.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx27.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx28.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx29.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx30.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx31.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx32.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx33.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx34.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx35.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx36.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx37.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx38.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx39.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx4.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx40.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx41.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx42.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx43.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx44.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx45.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx46.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx47.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx48.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx49.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx7.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx8.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx9.dll.vir Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1019\A0112271.exe Infected: Trojan-Downloader.Win32.Zlob.xw skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112793.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112794.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112795.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112796.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112797.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112798.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112799.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112800.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112801.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112802.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112803.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112804.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112805.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112806.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112807.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112808.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112809.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112810.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112811.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112813.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112814.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112815.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112816.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112817.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112818.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112819.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112820.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112821.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112822.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112823.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112824.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112825.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112826.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112827.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112828.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112829.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112830.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112831.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112832.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112833.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112836.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112837.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\A0112838.dll Infected: Trojan-Downloader.Win32.Zlob.za skipped
C:\System Volume Information\_restore{8BD0005D-F689-4A4B-90C2-DD5CAEE6AE6E}\RP1024\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.100\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.101\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.102\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.103\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.104\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.105\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.106\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.107\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.108\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.109\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.110\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.111\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.112\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.113\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.114\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.115\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.116\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.117\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.118\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.119\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.120\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.121\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.122\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.123\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.124\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.125\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.126\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.127\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.128\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.129\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.130\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.131\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.132\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.133\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.134\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.135\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.136\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.137\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.138\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.139\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.140\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.141\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.142\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.143\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.144\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.145\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.146\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.147\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.148\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.149\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.150\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.151\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.152\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.153\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.154\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.155\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.156\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.157\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.158\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.159\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.160\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.161\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.162\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.163\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.164\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.165\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.166\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.167\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.168\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.169\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.17\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.170\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.171\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.172\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.173\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.174\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.175\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.176\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.177\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.178\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.179\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.18\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.180\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.181\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.182\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.183\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.184\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.185\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.186\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.187\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.188\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.189\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.19\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.190\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.191\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.192\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.20\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.21\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.22\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.23\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.24\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.25\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.26\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.27\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.28\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.29\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.30\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.31\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.32\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.33\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.34\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.35\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.36\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.37\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.38\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.39\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.40\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.41\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.42\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.43\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.44\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.45\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.46\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.47\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.48\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.49\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.50\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.51\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.52\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.53\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.54\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.55\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.56\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.57\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.58\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.59\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.60\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.61\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.62\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.63\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.64\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.65\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.66\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.67\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.68\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.69\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.70\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.71\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.72\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.73\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.74\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.75\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.76\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.77\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.78\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.79\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.80\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.81\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.82\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.83\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.84\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.85\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.86\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.87\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.88\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.89\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.90\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.91\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.92\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.93\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.94\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.95\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.96\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.97\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.98\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.99\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\Downloaded Program Files\gdnUS2218.exe.tcf Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#6 Lord Dewtain

Lord Dewtain

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 29 May 2007 - 07:39 PM

========================================
========================================
Hijack This Log
========================================
========================================

Logfile of HijackThis v1.99.1
Scan saved at 8:34:33 PM, on 5/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\WINDOWS\System\hppropty.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\Desktop\WUTEMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.16e058] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.16e058"
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [HP LaserJet ToolBox] hppropty.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...784/mcfscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

#7 Lord Dewtain

Lord Dewtain

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 29 May 2007 - 09:33 PM

HI! :wave:

you guys don't need to apologise for taking a while, I know you are busy volunteers, and it doesn't bother me. the computer still works fine (or seems too). It makes me wonder what the point of these viruses are. I don't notice them doing anything.

my computer is running as well as it did before, though the toolbars are gone from IE (though I don't use them)

removing viewpoint worked wonderfully.

The scanner's found a bunch of Zlob and Obfusticated virus (I remember ovfusticated from before), and I'll do whatever needed to get rid of them.

Had problems starting the kaspersky scan on IE, then I turned off my popup blocker, and it worked fine.



Thanks for the help,

--Lord Dewtain

#8 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 30 May 2007 - 04:51 AM

Hi Lord Dewtain, :wave:

Youíre most welcome, Lord Dewtain. Iím glad to hear that things are working better now. :)

A good deal of what Kaspersky flagged are in the ComboFix quarantine folder and in your system restore points. These are not active, and donít pose any danger to your system. Weíll clean up your system restore points later when your system is clean.

The other infections are in your downloaded program files folders. Weíll clean those out in this fix.

For this next step, please ensure that ComboFix.exe is on your desktop:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


    File::
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.10\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.100\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.101\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.102\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.103\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.104\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.105\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.106\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.107\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.108\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.109\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.11\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.110\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.111\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.112\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.113\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.114\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.115\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.116\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.117\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.118\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.119\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.12\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.120\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.121\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.122\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.123\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.124\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.125\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.126\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.127\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.128\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.129\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.13\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.130\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.131\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.132\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.133\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.134\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.135\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.136\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.137\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.138\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.139\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.14\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.140\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.141\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.142\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.143\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.144\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.145\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.146\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.147\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.148\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.149\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.15\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.150\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.151\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.152\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.153\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.154\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.155\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.156\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.157\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.158\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.159\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.16\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.160\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.161\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.162\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.163\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.164\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.165\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.166\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.167\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.168\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.169\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.17\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.170\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.171\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.172\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.173\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.174\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.175\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.176\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.177\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.178\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.179\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.18\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.180\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.181\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.182\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.183\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.184\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.185\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.186\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.187\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.188\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.189\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.19\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.190\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.191\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.192\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.20\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.21\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.22\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.23\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.24\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.25\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.26\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.27\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.28\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.29\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.30\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.31\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.32\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.33\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.34\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.35\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.36\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.37\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.38\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.39\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.40\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.41\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.42\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.43\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.44\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.45\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.46\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.47\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.48\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.49\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.5\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.50\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.51\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.52\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.53\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.54\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.55\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.56\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.57\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.58\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.59\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.6\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.60\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.61\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.62\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.63\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.64\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.65\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.66\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.67\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.68\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.69\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.7\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.70\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.71\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.72\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.73\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.74\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.75\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.76\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.77\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.78\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.79\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.8\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.80\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.81\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.82\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.83\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.84\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.85\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.86\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.87\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.88\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.89\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.9\gdnUS2218.exe.tcf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.90\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.91\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.92\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.93\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.94\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.95\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.96\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.97\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.98\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.99\gdnUS2218.exe
    C:\WINDOWS\Downloaded Program Files\gdnUS2218.exe.tcf
    

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Posted Image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#9 Lord Dewtain

Lord Dewtain

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 30 May 2007 - 07:36 PM

==========================================
ComboFix-Do scan
==========================================


"user" - 2007-05-30 20:16:38 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\user\"
Command switches used :: ""C:\Documents and Settings\user\Desktop\ComboFix-Do.txt""


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.10\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.100\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.101\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.102\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.103\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.104\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.105\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.106\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.107\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.108\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.109\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.11\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.110\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.111\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.112\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.113\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.114\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.115\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.116\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.117\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.118\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.119\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.12\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.120\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.121\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.122\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.123\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.124\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.125\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.126\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.127\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.128\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.129\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.13\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.130\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.131\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.132\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.133\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.134\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.135\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.136\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.137\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.138\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.139\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.14\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.140\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.141\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.142\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.143\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.144\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.145\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.146\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.147\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.148\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.149\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.15\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.150\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.151\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.152\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.153\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.154\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.155\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.156\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.157\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.158\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.159\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.16\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.160\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.161\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.162\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.163\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.164\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.165\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.166\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.167\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.168\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.169\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.17\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.170\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.171\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.172\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.173\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.174\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.175\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.176\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.177\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.178\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.179\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.18\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.180\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.181\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.182\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.183\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.184\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.185\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.186\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.187\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.188\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.189\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.19\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.190\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.191\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.192\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.20\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.21\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.22\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.23\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.24\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.25\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.26\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.27\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.28\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.29\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.30\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.31\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.32\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.33\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.34\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.35\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.36\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.37\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.38\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.39\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.40\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.41\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.42\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.43\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.44\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.45\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.46\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.47\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.48\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.49\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.5\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.50\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.51\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.52\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.53\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.54\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.55\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.56\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.57\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.58\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.59\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.6\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.60\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.61\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.62\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.63\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.64\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.65\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.66\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.67\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.68\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.69\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.7\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.70\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.71\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.72\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.73\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.74\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.75\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.76\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.77\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.78\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.79\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.8\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.80\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.81\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.82\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.83\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.84\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.85\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.86\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.87\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.88\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.89\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.9\gdnUS2218.exe.tcf"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.90\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.91\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.92\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.93\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.94\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.95\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.96\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.97\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.98\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\CONFLICT.99\gdnUS2218.exe"
"C:\WINDOWS\Downloaded Program Files\gdnUS2218.exe.tcf"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))


2007-05-30 19:44 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-29 17:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-29 16:16 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-26 00:46 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\vlc
2007-05-25 21:00 <DIR> d-------- C:\Program Files\VideoLAN
2007-05-24 22:49 <DIR> d-------- C:\DeusEx
2007-05-22 17:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-17 20:54 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-05-17 20:54 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-05-17 20:54 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-05-17 20:53 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-16 21:44 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2007-05-16 21:44 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\IDMComp
2007-05-15 23:48 <DIR> d-------- C:\Program Files\Black Isle
2007-05-15 23:39 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-05-15 23:36 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-26 01:24 <DIR> d--hs---- C:\WINDOWS\ftpcache


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-30 05:30:57 1,367 ----a-w C:\WINDOWS\system32\HPA.DAT
2007-05-22 21:43:13 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-05-22 02:52:33 3,888 ----a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-05-18 19:58:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-14 03:57:46 -------- d-----w C:\Program Files\HP
2007-05-11 17:18:44 -------- d-----w C:\DOCUME~1\user\APPLIC~1\AdobeUM
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvListnr"="C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe" []
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-20 18:54]
"ShowIcon_The Company_CRW Series Driver v1.16e058"="C:\Program Files\CRW\shwicon.exe" [2002-11-06 14:56]
"Alogserv"="C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe" [2002-01-04 06:02]
"HP LaserJet ToolBox"="hppropty.exe" []
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2003-12-24 16:54]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 04:51]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 13:01 C:\WINDOWS\system32\P0630Pin.dll]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
"@"="" []
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2002-01-09 00:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-08-10 10:50]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 11:29]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk.disabled
backup=C:\WINDOWS\pss\Billminder.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=C:\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=C:\WINDOWS\pss\TextBridge Instant Access OCR.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1143389709\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-30 20:22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

Completion time: 2007-05-30 20:23:30
C:\ComboFix-quarantined-files.txt ... 2007-05-30 20:22
C:\ComboFix2.txt ... 2007-05-29 16:16

--- E O F ---

#10 Lord Dewtain

Lord Dewtain

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 30 May 2007 - 07:38 PM

===================================
Hijack THis Log
===================================

Logfile of HijackThis v1.99.1
Scan saved at 8:31:48 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\WINDOWS\System\hppropty.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
C:\Documents and Settings\user\Desktop\WUTEMP\HijackThis.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.16e058] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.16e058"
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [HP LaserJet ToolBox] hppropty.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...784/mcfscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

#11 Lord Dewtain

Lord Dewtain

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 30 May 2007 - 07:40 PM

the computer mgiht be running a little faster, but then again it never expressed much symptoms that I noticed (and I'm not the computer's primary user, just its repair guy).

In other news, once this one is done I'll get started on another family computer, I'll start a new topic when I'm ready for it.

Oh, I just discovered one more thing. Not a virus, but whenever I attach my thumbdrive, Adobe Photo Downloader tries to go through it looking for pictures or something. This is infuriating as it takes forever, and I don't care. Any ideas on turning it off?

--Lord Dewtain

Edited by Lord Dewtain, 30 May 2007 - 09:10 PM.


#12 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 31 May 2007 - 03:02 AM

Hi Lord Dewtain, :wave:

You can resolve your autostart issue when you insert your thumb drive by using Tweak UI:
http://www.microsoft...ppowertoys.mspx

Download the Tweak UI installer from the right pane and run it.

Once installed, run Tweak UI and explore the tool. There is an option there to disable thumb drive startups when you insert your thumb drive.

Let me know if you have trouble running the app.


NEXT:

Just some loose ends to tie up, and then we can let you go home. :)

To create a new system restore point:
  • Go to Start Menu -> All Programs -> Accessories -> System Tools -> System Restore.
  • Click "Create A Restore Point" then click "Next". Give it a name and then click "Create".
  • When the confirmation screen shows the restore point has been created click "Close".
  • Then go to Start -> Run and type cleanmgr.
  • Disk Cleanup will open and start calculating the amount of space that can be freed.
  • Once thatís finished it will open the Disk Cleanup options screen, click the "More Options" tab.
  • Click "Clean Up" in the "System Restore" section and choose "Yes" at the confirmation window.
This will remove all previous restore points except the newly created one.


NEXT:

Everything looks great --- your HijackThis log appears to be clean. :)

Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!)
    It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there.

  • Firewall (a must!)
    It is definitely a must have. Some good FREE versions are Comodo, Outpost, or ZoneAlarm.
    Test your Firewall and make sure it is working properly.
    Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

  • Also make sure to run your antivirus software regularly, and to keep it up-to-date.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you do decide to install Firefox, please take a moment to read Switching from IE to Firefox.

  • SpywareBlaster
    This is a great FREE prevention tool to keep nasties from installing on your system.
    Tutorial: How to use!

  • IE-SPYAD
    This FREE tool puts over 5000 sites in your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    Tutorial: How to use!

  • Spybot - Search & Destroy
    This is a very powerful FREE tool that can search for and annihilate nasties that make it onto your system. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features for realtime protection.
    Tutorial: How to use!

  • Ad-Aware SE
    This is another very powerful FREE tool that searches for and kills nasties that infect your system. Ad-Aware SE and Spybot Search & Destroy compliment each other very well.
    Tutorial: How to use!

  • AVG Anti-Spyware
    This is an excellent FREE scanner to look for trojans and other nasties that might be residing in your system.
    User Manual: How to use!

  • SUPERAntiSpyware
    This is another excellent FREE scanner to look for nasties that might be lurking in your system. SUPERAntiSpyware and AVG Anti-Spyware compliment each other very well.
    Quick Guide: How to use!

  • I suggest you perform an online virus scan once in a while because what one virus scanner can't find, another one maybe can:
    BitDefender Online Scanner
    F-Secure Online Scanner
    Panda ActiveScan
Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection.

Hopefully this should take care of your problems! Good luck! :D
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#13 Lord Dewtain

Lord Dewtain

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 03 June 2007 - 02:53 PM

first of all:

1) I have downloaded, and seem to have installed the TweakUI, but can't find it to run it. I'll continue looking.

2) I don't htink I can get windows updates, as this computer doesn't have a valid copy of windows. We got it about 4 years ago reformatted from a friend, and sicne we didn't think it mattered we just bypassed the windows validation number with some fake one. At this point it isn't worth it to buy a product key since this computer would only last another year or two.

3) I'll see if I can get ZoneAlarm working for a firewall.

4) we use firefox, and I'll take a look through all the other programs you mentioned.


5) the cleanup went well.

6) my mcAfee expired a while ago, and no longer updates automatically. can you suggest one of the free ones?

--Lord Dewtain.

Edited by Lord Dewtain, 03 June 2007 - 03:10 PM.


#14 MannyL

MannyL

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 03 June 2007 - 07:18 PM

first of all:

1) I have downloaded, and seem to have installed the TweakUI, but can't find it to run it. I'll continue looking.


6) my mcAfee expired a while ago, and no longer updates automatically. can you suggest one of the free ones?

--Lord Dewtain.


I hope this doesn't step on any toes as I am not a helper but I can address questions 1 and 6

1) Look in Control Panel for TweakUI

6) I use the Free version of AVG.

#15 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 03 June 2007 - 11:44 PM

Hi Lord Dewtain, :wave:


I have downloaded, and seem to have installed the TweakUI, but can't find it to run it. I'll continue looking.

Launch Tweak UI, in the left panel select My Computer -> Autoplay -> Types. From there you should be able to disable autoplay for removeable drives.


I don't htink I can get windows updates, as this computer doesn't have a valid copy of windows. We got it about 4 years ago reformatted from a friend, and sicne we didn't think it mattered we just bypassed the windows validation number with some fake one. At this point it isn't worth it to buy a product key since this computer would only last another year or two.

Okey-dokey. Just so you know that out-of-date Windows is vulnerable to all sorts of malware exploits. :)


my mcAfee expired a while ago, and no longer updates automatically. can you suggest one of the free ones?

Sure, no problem. :)

Anti-Virus (a must!)
It is also a must have. I would recommend this excellent and FREE program, Active Virus Shield Powered by Kaspersky (NOTE: please do NOT install the Security Toolbar that comes with it).
Other good and FREE alternatives are AntiVir, Avast!, and AVG.

Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#16 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 06 July 2007 - 05:03 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button