Thread: Re: I cannot get rid of Ping.exe - Vundo?
View Single Post
Old 01-06-2008, 07:57 PM   #1 (permalink)
Gibgab
Registered User
 
Join Date: Jan 2008
Location: San Antonio
Posts: 10
OS: XP


Re: I cannot get rid of Ping.exe - Vundo?
I have a constant HourGlass and ping.exe is accounting for 60-70% of my CPU usage. Vundo seems to be the main issue the ulilities are pointing to.
MarkB

Deckard's System Scanner v20071014.68
Run by MarkB on 2008-01-06 20:31:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2008-01-07 02:31:52 UTC - RP420 - Deckard's System Scanner Restore Point
102: 2008-01-06 07:07:04 UTC - RP419 - Last known good configuration
101: 2008-01-06 0745 UTC - RP418 - System Checkpoint
100: 2008-01-06 0745 UTC - RP417 - Last known good configuration
99: 2008-01-06 0744 UTC - RP416 - Last known good configuration


-- First Restore Point --
1: 2008-01-06 07:05:58 UTC - RP318 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as MarkB.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:49 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd .exe
C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Router\Router.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\Router\Router .exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MarkB\Desktop\dss.exe
C:\DOCUME~1\MarkB\Desktop\MarkB.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtuts.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C2A7AA16-678C-3F59-895A-3CE672845892} - C:\WINDOWS\system32\owvq.dll (file missing)
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\cb7294.dll
O2 - BHO: (no name) - {DC93C19C-7CAC-4B1B-89D9-AE17BBBE9412} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: {11619806-34c7-1d8b-ca24-efc4d9e85eff} - {ffe58e9d-4cfe-42ac-b8d1-7c4360891611} - C:\WINDOWS\system32\eqcyjdbv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [f49fc3c0] rundll32.exe "C:\WINDOWS\system32\ogurxwit.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Trto] "C:\DOCUME~1\MarkB\APPLIC~1\CROSOF~1.NET\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Llsbjso] "C:\Documents and Settings\MarkB\Application Data\?ymbols\w?nlogon.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1167322382734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199222661218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 7294 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 NTACCESS - e:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - e:\ntglm7x.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_0068&SUBSYS_57001462&REV_A3\3&13C0B0C5&0&12
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_0068&SUBSYS_57001462&REV_A3\3&13C0B0C5&0&12
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_11DE&DEV_6057&SUBSYS_7EFE1031&REV_02\4&3B1D9AB8&0&3840
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_11DE&DEV_6057&SUBSYS_7EFE1031&REV_02\4&3B1D9AB8&0&3840
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_E159&DEV_0001&SUBSYS_00038086&REV_00\4&3B1D9AB8&0&4040
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_E159&DEV_0001&SUBSYS_00038086&REV_00\4&3B1D9AB8&0&4040
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-06 03:00:05 490 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2008-01-02 13:50:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-06 and 2008-01-06 -----------------------------

2008-01-06 20:08:26 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-06 19:59:53 0 d-------- C:\Program Files\SpywareBlaster
2008-01-06 18:40:41 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-06 18:40:22 8576 --a------ C:\WINDOWS\system32\drivers\vmkyrcnnhiau.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-06 18:02:02 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 18:02:01 0 d-------- C:\WINDOWS\LastGood
2008-01-02 20:57:59 28478 --ahs---- C:\WINDOWS\system32\stutv.ini2
2008-01-02 20:57:48 335872 -----n--- C:\WINDOWS\system32\vtuts.dll
2008-01-02 20:55:04 339456 --a------ C:\WINDOWS\system32\vtuts.exe
2008-01-02 20:18:51 0 d-------- C:\VundoFix Backups
2008-01-01 14:39:27 0 d-------- C:\Documents and Settings\MarkB\Application Data\SpywareBot
2008-01-01 14:39:18 0 d-------- C:\Program Files\SpywareBot
2007-12-31 12:54:35 0 d-------- C:\Program Files\Router
2007-12-31 12:49:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-12-31 12:49:44 0 d--hs---- C:\WINDOWS\TWFyayBCcmFiYW50
2007-12-31 12:43:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 1239 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2007-12-31 11:54:53 0 d-------- C:\Program Files\Lavasoft
2007-12-31 11:54:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-31 11:35:58 0 d-------- C:\Program Files\STOPzilla!
2007-12-31 11:35:58 0 d-------- C:\Program Files\Common Files\iS3
2007-12-31 11:35:57 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-12-31 11:14:22 0 d-------- C:\Program Files\Spyware Doctor
2007-12-31 05:25:18 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-12-30 21:49:27 2012 --ah----- C:\Documents and Settings\All Users\Application Data\index0.dat
2007-12-30 21:47:11 0 d-------- C:\WINDOWS\mobgslti
2007-12-30 21:33:43 0 d-------- C:\Program Files\Temporary
2007-12-30 21:30:20 40448 -----n--- C:\WINDOWS\system32\cbxxxxx.dll
2007-12-30 21:30:16 2 --a------ C:\WINDOWS\system32\wapisvit32.exe
2007-12-30 21:30:14 0 d-------- C:\Documents and Settings\MarkB\Application Data\?ymbols
2007-12-30 21:30:08 40183 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2007-12-30 21:30:08 0 d-------- C:\Documents and Settings\MarkB\Application Data\??crosoft.NET
2007-12-28 19:46:01 0 d-------- C:\Program Files\Disney
2007-12-28 10:04:07 19088 --a------ C:\Documents and Settings\MarkB\Application Data\GDIPFONTCACHEV1.DAT
2007-12-20 05:04:32 293888 --a------ C:\WINDOWS\b148.exe
2007-12-15 10:39:12 0 d-------- C:\WINDOWS\.jagex_cache_32


-- Find3M Report ---------------------------------------------------------------

2008-01-06 20:08:46 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-06 18:50:18 0 d-------- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2008-01-06 18:49:38 0 d-------- C:\Program Files\iTunes
2008-01-06 18:47:09 0 d-------- C:\Program Files\DAEMON Tools
2008-01-06 01:08:43 28923 --a------ C:\WINDOWS\hpoins03.dat
2008-01-06 01:05:49 0 d-------- C:\Program Files\QuickTime
2008-01-06 01:05:36 0 d-------- C:\Documents and Settings\MarkB\Application Data\??crosoft.NET
2008-01-06 01:05:35 0 d-------- C:\Program Files\Messenger
2008-01-05 21:48:50 0 d-------- C:\Documents and Settings\MarkB\Application Data\U3
2007-12-31 16:03:00 0 d-------- C:\Documents and Settings\MarkB\Application Data\?ymbols
2007-12-31 12:43:54 0 d-------- C:\Program Files\Common Files
2007-12-31 12:37:22 10 --a------ C:\Program Files\.autoreg


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A7AA16-678C-3F59-895A-3CE672845892}]
C:\WINDOWS\system32\owvq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}]
12/30/2007 09:30 PM 40448 --------- C:\WINDOWS\system32\cbxxxxx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC93C19C-7CAC-4B1B-89D9-AE17BBBE9412}]
01/02/2008 08:57 PM 335872 --------- C:\WINDOWS\system32\vtuts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffe58e9d-4cfe-42ac-b8d1-7c4360891611}]
C:\WINDOWS\system32\eqcyjdbv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 11:22 AM]
"nwiz"="nwiz.exe" [10/22/2006 11:22 AM C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [01/02/2008 08:54 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/02/2008 08:55 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 11:22 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [01/02/2008 08:55 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [01/02/2008 08:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [01/06/2008 01:05 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/02/2008 08:55 PM]
"f49fc3c0"="C:\WINDOWS\system32\ogurxwit.dll" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [01/06/2008 01:05 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [01/06/2008 01:05 AM]
"Trto"="C:\DOCUME~1\MarkB\APPLIC~1\CROSOF~1.NET\ping.exe" [12/31/2007 12:33 PM]
"Llsbjso"="C:\Documents and Settings\MarkB\Application Data\?ymbols\w?nlogon.exe" []
"Router"="C:\Program Files\Router\Router.exe" [01/06/2008 01:05 AM]
"SpywareBot"="C:\Program Files\SpywareBot\SpywareBot.exe" [01/06/2008 01:05 AM]

C:\Documents and Settings\MarkB\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [5/23/2006 3:17:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 1:20:40 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}"= C:\WINDOWS\system32\cbxxxxx.dll [12/30/2007 09:30 PM 40448]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtuts

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1b47c87-3a5d-11dc-89f5-001217699e83}]
AutoRun\command- H:\LaunchU3.exe -a

*Newly Created Service* - GTNDIS5
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK
*Newly Created Service* - VMKYRCNNHIAU



-- End of Deckard's System Scanner: finished at 2008-01-06 20:33:32 ------------


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cbxxxxx.dll
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\MarkB\Application Data\Mozilla\Firefox\Profiles\dai0ln3y.default\cookies.txt[ad.yieldmanager.com/]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\MarkB\Application Data\??crosoft.NET\ping .exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MarkB\Cookies\markb@atdmt[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\MarkB\Cookies\markb@ehg-dig.hitbox[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\MarkB\Cookies\markb@go[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\MarkB\Cookies\markb@tribalfusion[1].txt
Virus:Generic Worm Disinfected C:\Documents and Settings\MarkB\Desktop\Supreme.Commander\crack and keygen\crack and keygen\Hatred.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MarkB\Desktop\VirtumundoBeGone.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MarkB\Local Settings\Temp\nsn6B.tmp
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\cbxxxxx.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\eqcyjdbv.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\kuvrleyx.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nvixycow.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ogurxwit.dll.bad
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\b128.exe
Virus:Trj/Downloader.PLQ Disinfected C:\WINDOWS\b138.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\TWFyayBCcmFiYW50\nqIVuV1FwAI2sqcX.vbs
Attached Files
File Type: txt extra.txt (12.5 KB, 5 views)
Gibgab is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here