Thread: Re: I cannot get rid of Ping.exe - Vundo?
View Single Post
Old 01-10-2008, 02:30 PM   #11 (permalink)
Gibgab
Registered User
 
Join Date: Jan 2008
Location: San Antonio
Posts: 10
OS: XP


Re: I cannot get rid of Ping.exe - Vundo?
Wow, great, that worked. Thank you. Here are the logs.
Hijacked log and Kaspersky log attached due to line of text exceeded.
MarkB

ComboFix 08-01-09.2 - MarkB 2008-01-10 8:50:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510 [GMT -6:00]
Running from: C:\Documents and Settings\MarkB\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MarkB\Desktop\CFscript.txt
* Created a new restore point

FILE
C:\Documents and Settings\MarkB\Desktop\VirtumundoBeGone.exe
C:\Documents and Settings\MarkB\Local Settings\Temp\nsn6B.tmp
C:\WINDOWS\mrofinu11.exe.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\STOPzilla!
C:\Documents and Settings\All Users\Application Data\STOPzilla!\sb.dat
C:\Documents and Settings\All Users\Application Data\STOPzilla!\sc.dat
C:\Documents and Settings\All Users\Application Data\STOPzilla!\sgdefs.db
C:\Documents and Settings\All Users\Application Data\STOPzilla!\sztrgwc.db
C:\Documents and Settings\All Users\Application Data\STOPzilla!\Target.Log
C:\Documents and Settings\All Users\Application Data\STOPzilla!\targets.db
C:\Documents and Settings\All Users\Application Data\STOPzilla!\userdata.db
C:\Documents and Settings\All Users\Application Data\STOPzilla!\zilla5.log
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Documents and Settings\MarkB\Desktop\VirtumundoBeGone.exe
C:\Program Files\Spyware Doctor
C:\Program Files\Spyware Doctor\alert.wav
C:\Program Files\Spyware Doctor\bpo-sdhelp.chm
C:\Program Files\Spyware Doctor\ChineseSimp.lng
C:\Program Files\Spyware Doctor\ChineseTrad.lng
C:\Program Files\Spyware Doctor\csi-sdhelp.chm
C:\Program Files\Spyware Doctor\ctr-sdhelp.chm
C:\Program Files\Spyware Doctor\czech.chm
C:\Program Files\Spyware Doctor\Czech.lng
C:\Program Files\Spyware Doctor\danish.chm
C:\Program Files\Spyware Doctor\Danish.lng
C:\Program Files\Spyware Doctor\deu-sdhelp.chm
C:\Program Files\Spyware Doctor\Deutsch.lng
C:\Program Files\Spyware Doctor\Dutch.lng
C:\Program Files\Spyware Doctor\eng-sdhelp.chm
C:\Program Files\Spyware Doctor\English.lng
C:\Program Files\Spyware Doctor\EnglishBritish.lng
C:\Program Files\Spyware Doctor\esp-sdhelp.chm
C:\Program Files\Spyware Doctor\euk-sdhelp.chm
C:\Program Files\Spyware Doctor\FileStorage.sdp
C:\Program Files\Spyware Doctor\finnish.chm
C:\Program Files\Spyware Doctor\Finnish.lng
C:\Program Files\Spyware Doctor\fre-sdhelp.chm
C:\Program Files\Spyware Doctor\French.lng
C:\Program Files\Spyware Doctor\greek.chm
C:\Program Files\Spyware Doctor\Greek.lng
C:\Program Files\Spyware Doctor\history\syslog.dad
C:\Program Files\Spyware Doctor\history\syslog.das
C:\Program Files\Spyware Doctor\history\userlog.dad
C:\Program Files\Spyware Doctor\history\userlog.das
C:\Program Files\Spyware Doctor\homepage.url
C:\Program Files\Spyware Doctor\IDBLib.sdp
C:\Program Files\Spyware Doctor\Immunizer.sdp
C:\Program Files\Spyware Doctor\ita-sdhelp.chm
C:\Program Files\Spyware Doctor\Italian.lng
C:\Program Files\Spyware Doctor\jap-sdhelp.chm
C:\Program Files\Spyware Doctor\Japanese.lng
C:\Program Files\Spyware Doctor\klg.dat
C:\Program Files\Spyware Doctor\kor-sdhelp.chm
C:\Program Files\Spyware Doctor\Korean.lng
C:\Program Files\Spyware Doctor\Languages.xml
C:\Program Files\Spyware Doctor\Localizer.sdp
C:\Program Files\Spyware Doctor\LuLng\ChineseSimp.lng
C:\Program Files\Spyware Doctor\LuLng\ChineseTrad.lng
C:\Program Files\Spyware Doctor\LuLng\Czech.lng
C:\Program Files\Spyware Doctor\LuLng\Danish.lng
C:\Program Files\Spyware Doctor\LuLng\Deutsch.lng
C:\Program Files\Spyware Doctor\LuLng\Dutch.lng
C:\Program Files\Spyware Doctor\LuLng\English.lng
C:\Program Files\Spyware Doctor\LuLng\EnglishBritish.lng
C:\Program Files\Spyware Doctor\LuLng\Finnish.lng
C:\Program Files\Spyware Doctor\LuLng\French.lng
C:\Program Files\Spyware Doctor\LuLng\Greek.lng
C:\Program Files\Spyware Doctor\LuLng\Italian.lng
C:\Program Files\Spyware Doctor\LuLng\Japanese.lng
C:\Program Files\Spyware Doctor\LuLng\Korean.lng
C:\Program Files\Spyware Doctor\LuLng\Norwegian.lng
C:\Program Files\Spyware Doctor\LuLng\Polski.lng
C:\Program Files\Spyware Doctor\LuLng\Portuguese.lng
C:\Program Files\Spyware Doctor\LuLng\PortugueseBrazilian.lng
C:\Program Files\Spyware Doctor\LuLng\Russian.lng
C:\Program Files\Spyware Doctor\LuLng\Spanish.lng
C:\Program Files\Spyware Doctor\LuLng\Swedish.lng
C:\Program Files\Spyware Doctor\LuLng\Thai.lng
C:\Program Files\Spyware Doctor\LuLng\Turkish.lng
C:\Program Files\Spyware Doctor\ned-sdhelp.chm
C:\Program Files\Spyware Doctor\NfyMan.sdp
C:\Program Files\Spyware Doctor\norwegian.chm
C:\Program Files\Spyware Doctor\Norwegian.lng
C:\Program Files\Spyware Doctor\PCToolsComponents.bpl
C:\Program Files\Spyware Doctor\plugins\Browsers.SDP
C:\Program Files\Spyware Doctor\plugins\cookie.sdp
C:\Program Files\Spyware Doctor\plugins\grfiles.SDP
C:\Program Files\Spyware Doctor\plugins\grregistry.SDP
C:\Program Files\Spyware Doctor\plugins\KLGuard.SDP
C:\Program Files\Spyware Doctor\plugins\Network.SDP
C:\Program Files\Spyware Doctor\plugins\Process.SDP
C:\Program Files\Spyware Doctor\plugins\ScriptEngine.SDP
C:\Program Files\Spyware Doctor\plugins\SDNET.SDP
C:\Program Files\Spyware Doctor\plugins\StartUp.SDP
C:\Program Files\Spyware Doctor\pol-sdhelp.chm
C:\Program Files\Spyware Doctor\Polski.lng
C:\Program Files\Spyware Doctor\por-sdhelp.chm
C:\Program Files\Spyware Doctor\Portuguese.lng
C:\Program Files\Spyware Doctor\PortugueseBrazilian.lng
C:\Program Files\Spyware Doctor\quarantine.sdp
C:\Program Files\Spyware Doctor\RebootManager.sdp
C:\Program Files\Spyware Doctor\RefDB.bin2
C:\Program Files\Spyware Doctor\rtl100.bpl
C:\Program Files\Spyware Doctor\rus-sdhelp.chm
C:\Program Files\Spyware Doctor\Russian.lng
C:\Program Files\Spyware Doctor\scaneng.sdp
C:\Program Files\Spyware Doctor\sdextra.sdp
C:\Program Files\Spyware Doctor\SDInfo.sdp
C:\Program Files\Spyware Doctor\sdnet\MANIFEST.1
C:\Program Files\Spyware Doctor\sdSTasks.def
C:\Program Files\Spyware Doctor\Settings.sdp
C:\Program Files\Spyware Doctor\Spanish.lng
C:\Program Files\Spyware Doctor\stasks.sdp
C:\Program Files\Spyware Doctor\swedish.chm
C:\Program Files\Spyware Doctor\Swedish.lng
C:\Program Files\Spyware Doctor\SystemMonitor.sdp
C:\Program Files\Spyware Doctor\thai.chm
C:\Program Files\Spyware Doctor\Thai.lng
C:\Program Files\Spyware Doctor\turkish.chm
C:\Program Files\Spyware Doctor\Turkish.lng
C:\Program Files\Spyware Doctor\unins000.dat
C:\Program Files\Spyware Doctor\vcl100.bpl
C:\Program Files\Spyware Doctor\whitelist.sdp
C:\Program Files\STOPzilla!
C:\Program Files\STOPzilla!\roar.wav
C:\Program Files\STOPzilla!\snore.wav
C:\Program Files\STOPzilla!\STOPzillaHelp.chm
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AtmoHWConfig.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AvatarsDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\BookmarksDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\DefaultAvatarIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\DefaultWorldIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\InternetChatHelp.url
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VETsdk.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AtmoHWConfig.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Atmosphere.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AvatarsDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\BlueStreak.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\BookmarksDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultAvatarIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultWorldIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\ExtremeShot.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\InternetChatHelp.url
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Mts2Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VETsdk.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\cbxxxxx.dll.bad
C:\VundoFix Backups\eqcyjdbv.dll.bad
C:\VundoFix Backups\kuvrleyx.dll.bad
C:\VundoFix Backups\mrofinu11.exe.bad
C:\VundoFix Backups\nvixycow.dll.bad
C:\VundoFix Backups\ogurxwit.dll.bad
C:\VundoFix Backups\stutv.ini.bad
C:\VundoFix Backups\stutv.ini2.bad
C:\VundoFix Backups\tiwxrugo.ini.bad
C:\VundoFix Backups\vtuts.dll.bad
C:\VundoFix Backups\vtuts.exe.bad
C:\VundoFix Backups\xyelrvuk.ini.bad
C:\WINDOWS\mrofinu11.exe.tmp
C:\WINDOWS\TWFyayBCcmFiYW50
C:\WINDOWS\TWFyayBCcmFiYW50\nqIVuV1FwAI2sqcX.vbs

.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-10 08:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 04:02 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-08 03:28 . 2006-08-21 03:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-08 03:28 . 2006-08-21 03:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-08 03:28 . 2006-08-21 06:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-08 03:09 . 2008-01-08 03:09 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-07 19:36 . 2008-01-07 19:36 37,027 --a------ C:\WINDOWS\atmoUn.exe
2008-01-07 03:38 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-07 03:17 . 2007-06-26 00:08 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-01-06 20:46 . 2006-05-19 06:59 111,616 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-01-06 20:46 . 2006-05-19 06:59 94,720 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-01-06 20:45 . 2008-01-10 03:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-06 20:45 . 2007-08-21 00:15 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-01-06 20:45 . 2007-04-25 08:21 144,896 -----c--- C:\WINDOWS\system32\dllcache\schannel.dll
2008-01-06 20:31 . 2008-01-06 20:31 <DIR> d-------- C:\Deckard
2008-01-06 20:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 20:08 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-06 20:08 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-06 20:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-06 20:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-06 20:08 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-06 19:59 . 2008-01-06 19:59 <DIR> d-------- C:\SpywareBlaster
2008-01-06 19:59 . 2008-01-06 19:59 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-06 19:59 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-06 18:40 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-06 18:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\vmkyrcnnhiau.sys
2008-01-06 18:02 . 2008-01-06 19:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 18:02 . 2008-01-06 18:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-06 18:02 . 2008-01-06 18:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-06 18:02 . 2008-01-06 18:02 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-01 14:39 . 2008-01-02 21:09 <DIR> d-------- C:\SpywareBot
2008-01-01 14:39 . 2008-01-10 03:00 <DIR> d-------- C:\Documents and Settings\MarkB\Application Data\SpywareBot
2007-12-31 12:43 . 2007-12-31 12:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 12:06 . 2007-12-31 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2007-12-31 11:54 . 2007-12-31 11:54 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-31 11:54 . 2007-12-31 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-31 11:35 . 2007-12-31 11:35 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-12-30 21:49 . 2007-12-31 11:08 2,012 --ah----- C:\Documents and Settings\All Users\Application Data\index0.dat
2007-12-30 21:47 . 2007-12-30 21:47 <DIR> d-------- C:\WINDOWS\mobgslti
2007-12-28 19:46 . 2007-12-28 19:46 <DIR> d-------- C:\Program Files\Disney
2007-12-28 10:04 . 2007-12-28 10:04 19,088 --a------ C:\Documents and Settings\MarkB\Application Data\GDIPFONTCACHEV1.DAT
2007-12-26 21:24 . 2007-12-26 21:24 3,470,360 --a------ C:\fallout_boy_saturday.mp3
2007-12-15 10:39 . 2007-12-17 18:44 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 14:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 14:43 --------- d-----w C:\Program Files\StarWarsGalaxies
2008-01-09 02:19 --------- d-----w C:\Program Files\iTunes
2008-01-09 02:19 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-09 02:18 --------- d-----w C:\Program Files\QuickTime
2008-01-08 01:36 --------- d-----w C:\Documents and Settings\MarkB\Application Data\AdobeUM
2008-01-07 00:50 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2008-01-06 03:48 --------- d-----w C:\Documents and Settings\MarkB\Application Data\U3
2007-12-31 18:37 10 ----a-w C:\Program Files\.autoreg
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\mobgslti ----

2007-12-31 08:47 857 --a------ C:\WINDOWS\mobgslti\poloska3.png
2007-12-31 08:47 839 --a------ C:\WINDOWS\mobgslti\8.png
2007-12-31 08:47 835 --a------ C:\WINDOWS\mobgslti\9.png
2007-12-31 08:47 822 --a------ C:\WINDOWS\mobgslti\6.png
2007-12-31 08:47 810 --a------ C:\WINDOWS\mobgslti\5.png
2007-12-31 08:47 800 --a------ C:\WINDOWS\mobgslti\frame-h1bg.gif
2007-12-31 08:47 794 --a------ C:\WINDOWS\mobgslti\7.png
2007-12-31 08:47 721 --a------ C:\WINDOWS\mobgslti\frame-bg.gif
2007-12-31 08:47 670 --a------ C:\WINDOWS\mobgslti\3.png
2007-12-31 08:47 667 --a------ C:\WINDOWS\mobgslti\2.png
2007-12-31 08:47 663 --a------ C:\WINDOWS\mobgslti\4.png
2007-12-31 08:47 662 --a------ C:\WINDOWS\mobgslti\1.png
2007-12-31 08:47 5228 --a------ C:\WINDOWS\mobgslti\promo13.html
2007-12-31 08:47 4907 --a------ C:\WINDOWS\mobgslti\promo11.html
2007-12-31 08:47 4819 --a------ C:\WINDOWS\mobgslti\frame-bottom-left.gif
2007-12-31 08:47 4763 --a------ C:\WINDOWS\mobgslti\promo5.html
2007-12-31 08:47 4525 --a------ C:\WINDOWS\mobgslti\promo18.html
2007-12-31 08:47 4319 --a------ C:\WINDOWS\mobgslti\promo15.html
2007-12-31 08:47 4001 --a------ C:\WINDOWS\mobgslti\promo6.html
2007-12-31 08:47 3917 --a------ C:\WINDOWS\mobgslti\head.png
2007-12-31 08:47 3913 --a------ C:\WINDOWS\mobgslti\main.css
2007-12-31 08:47 3600 --a------ C:\WINDOWS\mobgslti\promo1.html
2007-12-31 08:47 3595 --a------ C:\WINDOWS\mobgslti\download.gif
2007-12-31 08:47 3493 --a------ C:\WINDOWS\mobgslti\promo3.html
2007-12-31 08:47 3405 --a------ C:\WINDOWS\mobgslti\promo8.html
2007-12-31 08:47 3282 --a------ C:\WINDOWS\mobgslti\promo14.html
2007-12-31 08:47 3175 --a------ C:\WINDOWS\mobgslti\promo2.html
2007-12-31 08:47 314 --a------ C:\WINDOWS\mobgslti\bottom-rc.gif
2007-12-31 08:47 2994 --a------ C:\WINDOWS\mobgslti\promo17.html
2007-12-31 08:47 2830 --a------ C:\WINDOWS\mobgslti\memory-prots.png
2007-12-31 08:47 2539 --a------ C:\WINDOWS\mobgslti\config.png
2007-12-31 08:47 2527 --a------ C:\WINDOWS\mobgslti\reg.png
2007-12-31 08:47 2400 --a------ C:\WINDOWS\mobgslti\net.png
2007-12-31 08:47 2332 --a------ C:\WINDOWS\mobgslti\promo4.html
2007-12-31 08:47 2281 --a------ C:\WINDOWS\mobgslti\pc.gif
2007-12-31 08:47 2252 --a------ C:\WINDOWS\mobgslti\promo9.html
2007-12-31 08:47 225 --a------ C:\WINDOWS\mobgslti\repair.png
2007-12-31 08:47 21564 --a------ C:\WINDOWS\mobgslti\scr-1.png
2007-12-31 08:47 2112 --a------ C:\WINDOWS\mobgslti\promo7.html
2007-12-31 08:47 2053 --a------ C:\WINDOWS\mobgslti\content.png
2007-12-31 08:47 2038 --a------ C:\WINDOWS\mobgslti\styles.css
2007-12-31 08:47 1956 --a------ C:\WINDOWS\mobgslti\promo10.html
2007-12-31 08:47 19371 --a------ C:\WINDOWS\mobgslti\scr-2.png
2007-12-31 08:47 1931 --a------ C:\WINDOWS\mobgslti\vline.gif
2007-12-31 08:47 1928 --a------ C:\WINDOWS\mobgslti\pc-mag.gif
2007-12-31 08:47 1855 --a------ C:\WINDOWS\mobgslti\promo16.html
2007-12-31 08:47 1814 --a------ C:\WINDOWS\mobgslti\promo12.html
2007-12-31 08:47 17396 --a------ C:\WINDOWS\mobgslti\index.html
2007-12-31 08:47 1638 --a------ C:\WINDOWS\mobgslti\icon.png
2007-12-31 08:47 1616 --a------ C:\WINDOWS\mobgslti\wp.png
2007-12-31 08:47 1582 --a------ C:\WINDOWS\mobgslti\poloska1.png
2007-12-31 08:47 1499 --a------ C:\WINDOWS\mobgslti\poloska2.png
2007-12-31 08:47 1470 --a------ C:\WINDOWS\mobgslti\start.png
2007-12-31 08:47 128 --a------ C:\WINDOWS\mobgslti\top-rc.gif


((((((((((((((((((((((((((((( snapshot_2008-01-09_10.17.59.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
- 2008-01-09 02:10:38 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-10 14:49:53 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-09 02:10:39 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-10 14:49:53 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-09 02:10:39 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-10 14:49:53 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-09 02:10:39 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-10 14:49:53 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-09 02:10:39 1,843,200 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-10 14:49:53 1,900,544 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-09 02:10:40 172,032 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-10 14:49:53 172,032 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-09 02:21:32 28,923 ----a-w C:\WINDOWS\hpoins03.dat
+ 2008-01-10 11:28:41 28,923 ----a-w C:\WINDOWS\hpoins03.dat
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2007-12-02 21:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-08 05:30 1694208]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-08 05:29 171464]
"Trto"="C:\DOCUME~1\MarkB\APPLIC~1\CROSOF~1.NET\ping.exe" [ ]
"Llsbjso"="C:\Documents and Settings\MarkB\Application Data\?ymbols\w?nlogon.exe" [ ]
"Router"="C:\Program Files\Router\Router.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2008-01-08 05:29 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-08 05:29 241664]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2008-01-08 05:29 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-08 05:29 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-08 05:29 271672]

C:\Documents and Settings\MarkB\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2006-05-23 15:17:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1b47c87-3a5d-11dc-89f5-001217699e83}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 19:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 11:28:03 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 08:54:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 8:56:11 - machine was rebooted [MarkB]
ComboFix-quarantined-files.txt 2008-01-10 14:56:02
ComboFix2.txt 2008-01-09 16:18:20
ComboFix3.txt 2008-01-09 02:22:18
.
2008-01-10 09:04:58 --- E O F ---
Attached Files
File Type: txt hijackthis_1_10_08.txt (6.2 KB, 1 views)
File Type: txt Kaspersky.txt (158.2 KB, 2 views)
Gibgab is offline