Hello, Dan:
Below, please find the following new log postings of Combofix, Installed Programs List, Malwarebytes, Eset, and HighjackThis.
Once again, THANK YOU for your help and support.
COMBOFIX:ComboFix 08-05-21.3 - Jeff 2008-05-25 13:37:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT -6:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeff\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\pmnmjggF.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Google\googletoolbar1.dll
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\HOSTS
C:\SDFix\backups_old\backupreg.zip
C:\SDFix\backups_old\backups.zip
C:\SDFix\backups_old\catchme.log
C:\SDFix\backups_old\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\Report_old_1.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\system32\pmnmjggF.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.
2008-05-22 13:37 . 2008-05-22 13:37 <DIR> d-------- C:\Program Files\Killbox
2008-05-22 13:37 . 2008-05-22 13:37 <DIR> d-------- C:\!KillBox
2008-05-22 11:51 . 2008-05-25 13:33 <DIR> d-------- C:\Program Files\ComboFix
2008-05-18 15:08 . 2008-05-18 15:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-16 18:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-16 18:34 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-16 18:33 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-16 18:32 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-16 18:31 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-16 18:30 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-05-16 18:29 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-16 18:28 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-05-16 18:27 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-16 18:26 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-05-16 18:25 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-05-16 18:24 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-05-16 18:24 . 2001-08-17 12:20 126,080 --a--c--- C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
2008-05-16 18:24 . 2001-08-17 12:20 87,040 --a--c--- C:\WINDOWS\system32\dllcache\nm6wdm.sys
2008-05-16 18:24 . 2001-08-17 12:11 65,278 --a--c--- C:\WINDOWS\system32\dllcache\netflx3.sys
2008-05-16 18:24 . 2001-08-17 12:50 39,264 --a--c--- C:\WINDOWS\system32\dllcache\neo20xx.sys
2008-05-16 18:24 . 2001-08-17 12:12 32,840 --a--c--- C:\WINDOWS\system32\dllcache\ngrpci.sys
2008-05-16 18:24 . 2004-08-03 23:00 28,672 --a--c--- C:\WINDOWS\system32\dllcache\nscirda.sys
2008-05-16 18:24 . 2001-08-17 13:47 9,344 --a--c--- C:\WINDOWS\system32\dllcache\ntapm.sys
2008-05-16 18:24 . 2001-08-17 13:53 7,552 --a--c--- C:\WINDOWS\system32\dllcache\nsmmc.sys
2008-05-16 18:22 . 2001-08-17 13:28 797,500 --a--c--- C:\WINDOWS\system32\dllcache\ltsmt.sys
2008-05-16 18:21 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-16 18:20 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-05-16 18:19 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-05-16 18:18 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-16 18:17 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-05-16 18:16 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-16 18:15 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-16 18:14 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-16 18:13 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-16 18:12 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-16 18:06 . 2008-05-16 18:06 215 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-16 17:59 . 2008-05-25 13:21 <DIR> d-------- C:\Program Files\Hijack This
2008-05-16 01:48 . 2008-05-16 01:46 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-16 01:48 . 2008-05-16 01:48 2,540 --a------ C:\WINDOWS\unins000.dat
2008-05-16 01:47 . 2008-05-16 01:47 94 --a------ C:\WINDOWS\wininit.ini
2008-05-15 23:53 . 2008-05-18 16:59 <DIR> d--hs---- C:\Documents and Settings\Jeff\!
2008-05-15 23:52 . 2008-05-18 15:27 <DIR> d-------- C:\Temp
2008-05-08 14:59 . 2008-05-08 15:00 <DIR> d-------- C:\Program Files\CCleanerNEW
2008-05-01 20:57 . 2004-08-04 06:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-01 20:57 . 2008-05-01 21:02 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-01 20:57 . 2008-05-01 21:02 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-04-25 11:00 . 2008-04-25 11:00 <DIR> d-------- C:\Program Files\Thunderbird
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 19:37 --------- d-----w C:\Program Files\Google
2008-05-25 19:18 --------- d-----w C:\Documents and Settings\Jeff\Application Data\AVG7
2008-05-25 05:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 21:12 --------- d-----w C:\Program Files\LimeWirePro
2008-05-21 21:07 --------- d-----w C:\Documents and Settings\Jeff\Application Data\LimeWire
2008-05-20 03:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-03 03:22 --------- d-----w C:\Program Files\GammonEmpire
2008-05-02 03:17 --------- d-----w C:\Documents and Settings\Jeff\Application Data\dvdcss
2008-05-02 03:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 22:53 --------- d-----w C:\Program Files\Java
2008-03-30 21:28 --------- d-----w C:\Program Files\Common Files\Java
2008-03-30 19:51 --------- d-----w C:\Program Files\Advanced Windows Care
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-07 18:57 293,248 ----a-w C:\Program Files\ImportContacts.exe
2007-10-23 00:15 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2002-03-01 11:15 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-10-02 13:58 36,864 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-09-28 13:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-27 13:11 167,936 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-01-18 21:13 12,400 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-22_12.35.42.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 18:32:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-25 19:17:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 09:25 579584]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 06:05 16239616 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-02 15:38 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-05 15:45 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 09:25 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 06:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-05-11 17:07:05 45056]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-11 16:49:58 113664]
AT&T Plug&Share 108Mbps Wireless PCI Adapter Utility.lnk - C:\Program Files\AT&T Plug&Share 108Mbps Wireless PCI Adapter\WLANMON.exe [2007-08-06 16:44:56 811008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
--a------ 2002-03-01 05:11 90112 C:\PROGRA~1\VISION~2\ONETOU~2.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2007-09-14 14:15]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
*Newly Created Service* - CATCHME
*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 02:22:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-25 13:38:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-25 13:40:20
ComboFix-quarantined-files.txt 2008-05-25 19:40:18
ComboFix2.txt 2008-05-22 18:35:53
Pre-Run: 17,018,224,640 bytes free
Post-Run: 17,005,846,528 bytes free
233 --- E O F --- 2008-05-17 00:07:04
INSTALLED PROGRAMS LIST:Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
Advanced WindowsCare Personal
Apple Mobile Device Support
Apple Software Update
AT&T Plug&Share 108Mbps Wireless PCI Adapter
AVG 7.5
Calculator Powertoy for Windows XP
CCleaner (remove only)
Comcast High-Speed Internet Install Wizard
Desktop Doctor
DVD Shrink 3.2
e-Sword
GammonEmpire
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HWiNFO32 Version 1.77
iTunes
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Linksys Wireless-G PCI Network Adapter with SpeedBooster
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Thunderbird (1.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 6 Ultra Edition
neroxml
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OneTouch Version 3.0
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
System Requirements Lab
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.6d
Webshots Desktop
Webshots Toolbar
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
MALWAREBYTES:Malwarebytes' Anti-Malware 1.12
Database version: 786
Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 181104
Time elapsed: 22 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8a290466-39bd-419b-93db-0e9599506654} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Jeff\My Documents\CD's\MS Server 2003\EN_WS03VL (E)\ENGLISH\WIN2003_VLP\ENT\I386\DBGHELP.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeff\My Documents\CD's\MS Server 2003\EN_WS03VL (E)\ENGLISH\WIN2003_VLP\STANDARD\I386\DBGHELP.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeff\My Documents\My Documents\CD's\MS Server 2003\EN_WS03VL (E)\ENGLISH\WIN2003_VLP\ENT\I386\DBGHELP.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeff\My Documents\My Documents\CD's\MS Server 2003\EN_WS03VL (E)\ENGLISH\WIN2003_VLP\STANDARD\I386\DBGHELP.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{862E848C-5D75-4456-8D33-BE0EE1310D86}\RP315\A0033838.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{862E848C-5D75-4456-8D33-BE0EE1310D86}\RP316\A0037690.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{862E848C-5D75-4456-8D33-BE0EE1310D86}\RP316\A0037702.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
ESET:# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3128 (20080523)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=dd46b056b54c7e478df85949a81665d8
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-05-25 09:21:11
# local_time=2008-05-25 03:21:11 (-0700, Mountain Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=847789
# found=3
# scan_time=3212
C:\Documents and Settings\Jeff\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.61137 Win32/TrojanDropper.VB.NDE trojan B0AC8759185A75E3B9DBA2B277D5DEE9
C:\QooBox\Quarantine\C\SDFix\backups_old\backups.zip.vir Win32/Adware.AdMedia application F5868ADE616596ED24FC96C5159E1BCF
C:\QooBox\Quarantine\C\SDFix\backups_old\backups.zip.vir »ZIP »backups/yayYrssS.dll Win32/Adware.AdMedia application 00000000000000000000000000000000
NEW HIGHJACKTHIS:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:48 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AT&T Plug&Share 108Mbps Wireless PCI Adapter\WLANMON.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.awmi.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Plug&Share 108Mbps Wireless PCI Adapter Utility.lnk = ?
O8 - Extra context menu item: &Webshots Photo Search -
res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
--
End of file - 6429 bytes