Thread: Re: I cannot get rid of Ping.exe - Vundo?
View Single Post
Old 01-09-2008, 09:38 AM   #5 (permalink)
Gibgab
Registered User
 
Join Date: Jan 2008
Location: San Antonio
Posts: 10
OS: XP


Re: I cannot get rid of Ping.exe - Vundo?
It looks like Spybot interfered with the log.
Reran with Spybot out of the startup routine.
MarkB

ComboFix 08-01-09.2 - MarkB 2008-01-09 10:16:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.406 [GMT -6:00]
Running from: C:\Documents and Settings\MarkB\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-09 06:41 . 2008-01-09 06:41 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-08 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 04:02 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-08 03:28 . 2006-08-21 03:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-08 03:28 . 2006-08-21 03:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-08 03:28 . 2006-08-21 06:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-08 03:09 . 2008-01-08 03:09 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-07 19:36 . 2008-01-07 19:36 <DIR> d-------- C:\Program Files\Viewpoint
2008-01-07 19:36 . 2008-01-07 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-07 19:36 . 2008-01-07 19:36 37,027 --a------ C:\WINDOWS\atmoUn.exe
2008-01-07 03:38 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-07 03:17 . 2007-06-26 00:08 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-01-06 20:46 . 2006-05-19 06:59 111,616 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-01-06 20:46 . 2006-05-19 06:59 94,720 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-01-06 20:45 . 2008-01-09 06:41 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-06 20:45 . 2007-08-21 00:15 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-01-06 20:45 . 2007-04-25 08:21 144,896 -----c--- C:\WINDOWS\system32\dllcache\schannel.dll
2008-01-06 20:31 . 2008-01-06 20:31 <DIR> d-------- C:\Deckard
2008-01-06 20:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 20:08 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-06 20:08 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-06 20:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-06 20:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-06 20:08 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-06 19:59 . 2008-01-06 19:59 <DIR> d-------- C:\SpywareBlaster
2008-01-06 19:59 . 2008-01-06 19:59 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-06 19:59 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-06 18:40 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-06 18:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\vmkyrcnnhiau.sys
2008-01-06 18:02 . 2008-01-06 19:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 18:02 . 2008-01-06 18:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-06 18:02 . 2008-01-06 18:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-06 18:02 . 2008-01-06 18:02 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-02 20:18 . 2008-01-03 05:28 <DIR> d-------- C:\VundoFix Backups
2008-01-01 14:39 . 2008-01-02 21:09 <DIR> d-------- C:\SpywareBot
2008-01-01 14:39 . 2008-01-08 20:19 <DIR> d-------- C:\Program Files\SpywareBot
2008-01-01 14:39 . 2008-01-06 20:42 <DIR> d-------- C:\Documents and Settings\MarkB\Application Data\SpywareBot
2007-12-31 12:49 . 2007-12-31 13:14 <DIR> d--hs---- C:\WINDOWS\TWFyayBCcmFiYW50
2007-12-31 12:43 . 2007-12-31 12:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 12:06 . 2007-12-31 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2007-12-31 11:54 . 2007-12-31 11:54 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-31 11:54 . 2007-12-31 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-31 11:35 . 2007-12-31 12:32 <DIR> d-------- C:\Program Files\STOPzilla!
2007-12-31 11:35 . 2007-12-31 11:35 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-12-31 11:35 . 2007-12-31 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-12-31 11:14 . 2007-12-31 12:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-30 21:49 . 2007-12-31 11:08 2,012 --ah----- C:\Documents and Settings\All Users\Application Data\index0.dat
2007-12-30 21:47 . 2007-12-30 21:47 <DIR> d-------- C:\WINDOWS\mobgslti
2007-12-30 21:30 . 2007-12-31 13:27 380,416 --a------ C:\WINDOWS\mrofinu11.exe.tmp
2007-12-28 19:46 . 2007-12-28 19:46 <DIR> d-------- C:\Program Files\Disney
2007-12-28 10:04 . 2007-12-28 10:04 19,088 --a------ C:\Documents and Settings\MarkB\Application Data\GDIPFONTCACHEV1.DAT
2007-12-26 21:24 . 2007-12-26 21:24 3,470,360 --a------ C:\fallout_boy_saturday.mp3
2007-12-15 10:39 . 2007-12-17 18:44 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 02:19 --------- d-----w C:\Program Files\iTunes
2008-01-09 02:19 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-09 02:18 --------- d-----w C:\Program Files\QuickTime
2008-01-08 01:36 --------- d-----w C:\Documents and Settings\MarkB\Application Data\AdobeUM
2008-01-07 00:50 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2008-01-06 03:48 --------- d-----w C:\Documents and Settings\MarkB\Application Data\U3
2007-12-31 18:37 10 ----a-w C:\Program Files\.autoreg
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2005-07-29 22:24 472 --sha-r C:\WINDOWS\TWFyayBCcmFiYW50\nqIVuV1FwAI2sqcX.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-01-08_20.21.56.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-08 09:17:53 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-01-09 09:02:25 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-01-08 09:18:01 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-01-09 09:02:28 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-01-09 09:02:44 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5508cc55\CustomMarshalers.dll
+ 2008-01-09 09:03:29 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_14f5e881\mscorlib.dll
+ 2008-01-09 09:03:22 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_88c8d35c\System.Design.dll
+ 2008-01-09 09:02:47 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0c06d6dd\System.Drawing.Design.dll
+ 2008-01-09 09:03:25 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_19c63547\System.Drawing.dll
+ 2008-01-09 09:03:01 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_14ba1c46\System.Windows.Forms.dll
+ 2008-01-09 09:03:13 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_6e185381\System.Xml.dll
+ 2008-01-09 09:02:43 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_9828733d\System.dll
+ 2008-01-08 09:21:56 3,379,200 ------w C:\WINDOWS\assembly\temp\39FLRX39EK\mscorlib.dll
+ 2008-01-08 09:20:06 3,014,656 ------w C:\WINDOWS\assembly\temp\8FKQW28EKQ\System.Windows.Forms.dll
+ 2008-01-08 09:18:58 1,953,792 ------w C:\WINDOWS\assembly\temp\9FLRX39EKQ\System.dll
+ 2008-01-08 09:20:43 2,088,960 ------w C:\WINDOWS\assembly\temp\KQW27DJPV1\System.Xml.dll
+ 2008-01-08 09:21:38 835,584 ------w C:\WINDOWS\assembly\temp\U17CIOU06C\System.Drawing.dll
+ 2008-01-08 09:17:53 1,257,472 ------w C:\WINDOWS\assembly\temp\X49FLRX39E\System.Web.dll
+ 2008-01-08 09:18:01 1,224,704 ------w C:\WINDOWS\assembly\temp\Y5BHNSY4AG\System.dll
- 2008-01-08 22:59:18 28,923 ----a-w C:\WINDOWS\hpoins03.dat
+ 2008-01-09 02:21:32 28,923 ----a-w C:\WINDOWS\hpoins03.dat
- 2004-07-15 07:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 03:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 07:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 03:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 06:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 02:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 01:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 02:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 06:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 02:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 06:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 02:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 20:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-14 02:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 01:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 02:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-15 06:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 02:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 06:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 02:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 22:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 22:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 07:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_aspnet_isapi.dll
+ 2004-07-15 06:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_CORPerfMonExt.dll
+ 2004-07-15 06:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_fusion.dll
+ 2004-07-15 06:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorjit.dll
+ 2004-07-15 20:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorlib.dll
+ 2003-02-21 01:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorsn.dll
+ 2004-07-15 06:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorsvr.dll
+ 2004-07-15 06:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorwks.dll
+ 2003-02-21 10:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_msvcr71.dll
+ 2004-07-15 06:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_PerfCounter.dll
- 2004-07-15 20:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 03:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 20:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 03:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2005-09-23 12:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2006-12-22 19:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A7AA16-678C-3F59-895A-3CE672845892}]
C:\WINDOWS\system32\owvq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffe58e9d-4cfe-42ac-b8d1-7c4360891611}]
C:\WINDOWS\system32\eqcyjdbv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-08 05:30 1694208]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-08 05:29 171464]
"Trto"="C:\DOCUME~1\MarkB\APPLIC~1\CROSOF~1.NET\ping.exe" [ ]
"Llsbjso"="C:\Documents and Settings\MarkB\Application Data\?ymbols\w?nlogon.exe" [ ]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"SpywareBot"="C:\Program Files\SpywareBot\SpywareBot.exe" [2008-01-08 05:30 6362352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2008-01-08 05:29 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-08 05:29 241664]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2008-01-08 05:29 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-08 05:29 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-08 05:29 271672]
"f49fc3c0"="C:\WINDOWS\system32\ogurxwit.dll" [ ]

C:\Documents and Settings\MarkB\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2006-05-23 15:17:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1b47c87-3a5d-11dc-89f5-001217699e83}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 19:50:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-09 09:00:01 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 10:17:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-09 10:18:19
ComboFix-quarantined-files.txt 2008-01-09 16:18:11
ComboFix2.txt 2008-01-09 02:22:18
.
2008-01-09 09:02:35 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:10 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\MarkB\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C2A7AA16-678C-3F59-895A-3CE672845892} - C:\WINDOWS\system32\owvq.dll (file missing)
O2 - BHO: {11619806-34c7-1d8b-ca24-efc4d9e85eff} - {ffe58e9d-4cfe-42ac-b8d1-7c4360891611} - C:\WINDOWS\system32\eqcyjdbv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [f49fc3c0] rundll32.exe "C:\WINDOWS\system32\ogurxwit.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Trto] "C:\DOCUME~1\MarkB\APPLIC~1\CROSOF~1.NET\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Llsbjso] "C:\Documents and Settings\MarkB\Application Data\?ymbols\w?nlogon.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1167322382734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199222661218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 6333 bytes
Gibgab is offline