Following is the most recent malwarebytes log:
Malwarebytes' Anti-Malware 1.36
Database version: 2142
Windows 5.1.2600 Service Pack 3
5/16/2009 6:26:55 PM
mbam-log-2009-05-16 (18-26-55).txt
Scan type: Quick Scan
Objects scanned: 90256
Time elapsed: 6 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f08a6e57-eb60-4b0c-ab88-dbc108dcf991} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\peksyusg (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f08a6e57-eb60-4b0c-ab88-dbc108dcf991} (Trojan.Vundo.H) -> Delete on reboot.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\windows\system32\vbikbgf.dll (Trojan.Vundo.H) -> Delete on reboot.
Looking through topics and suggestions here I have also downloaded:
VundoFix.exe (nothing found)
VundoFix V7.0.6
Scan started at 6:27:33 PM 5/16/2009
Listing files found while scanning....
No infected files were found.
and VirtumundoBegone (nothing found also)
[05/16/2009, 19:32:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\testuser\Desktop\VirtumundoBeGone.exe" )
[05/16/2009, 19:32:21] - Detected System Information:
[05/16/2009, 19:32:21] - Windows Version: 5.1.2600, Service Pack 3
[05/16/2009, 19:32:21] - Current Username: testuser (Admin)
[05/16/2009, 19:32:21] - Windows is in NORMAL mode.
[05/16/2009, 19:32:21] - Searching for Browser Helper Objects:
[05/16/2009, 19:32:21] - BHO 1: {f08a6e57-eb60-4b0c-ab88-dbc108dcf991} ()
[05/16/2009, 19:32:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2009, 19:32:21] - Checking for HKLM\...\Winlogon\Notify\vbikbgf
[05/16/2009, 19:32:21] - Key not found: HKLM\...\Winlogon\Notify\vbikbgf, continuing.
[05/16/2009, 19:32:21] - Finished Searching Browser Helper Objects
[05/16/2009, 19:32:21] - Finishing up...
[05/16/2009, 19:32:21] - Nothing found! Exiting...
Right or wrong, I have downloaded and run ComboFix as well, but at this point I will stop and await any suggestions. Here is the log from this:
ComboFix 09-05-16.04 - testuser 05/16/2009 17:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.557 [GMT -4:00]
Running from: c:\documents and settings\testuser\Desktop\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.
2009-05-16 20:48 . 2009-05-16 20:48 61440 ----a-w c:\windows\system32\drivers\jehpw.sys
2009-05-16 19:26 . 2009-05-16 19:43 2080 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-16 18:48 . 2009-05-16 18:48 33360 ----a-w c:\documents and settings\testuser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 18:48 . 2009-05-16 19:33 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-05-16 18:41 . 2009-05-16 18:41 -------- d-----w c:\documents and settings\testuser\Local Settings\Application Data\Downloaded Installations
2009-05-16 18:35 . 2009-05-16 18:35 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-05-16 18:14 . 2009-05-16 18:14 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-16 14:14 . 2009-05-16 14:14 -------- d-----w c:\documents and settings\testuser\Application Data\Malwarebytes
2009-05-16 14:14 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 14:14 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 14:14 . 2009-05-16 14:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 14:14 . 2009-05-16 14:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 13:58 . 2009-05-16 13:59 -------- d-----w c:\documents and settings\testuser\Local Settings\Application Data\Adobe
2009-05-16 12:22 . 2009-05-16 12:22 -------- d-----w c:\documents and settings\testuser\Application Data\jkqfuixl
2009-05-16 12:22 . 2009-05-16 12:22 -------- d-----w c:\documents and settings\testuser\Local Settings\Application Data\jkqfuixl
2009-05-16 08:10 . 2004-08-04 00:56 577024 ----a-w c:\windows\system32\user32.dll
2009-05-16 04:22 . 2009-05-16 04:22 -------- d-----w c:\documents and settings\testuser\Local Settings\Application Data\Apple Computer
2009-05-16 04:22 . 2009-05-16 04:22 -------- d-----w c:\documents and settings\testuser\Application Data\GTek
2009-05-16 04:22 . 2009-05-16 04:22 -------- d-----w c:\documents and settings\testuser\Local Settings\Application Data\SupportSoft
2009-05-14 16:43 . 2009-05-16 14:31 -------- d-----w c:\windows\system32\218538
2009-05-09 18:04 . 2009-05-09 18:04 190976 ----a-w C:\kinkerc.exe
2009-05-09 18:04 . 2009-05-09 18:04 46 ----a-w C:\p2hhr.bat
2009-05-09 18:04 . 2009-05-09 18:04 7680 ----a-w C:\pbouj.exe
2009-05-09 18:03 . 2009-05-09 18:03 22016 ----a-w C:\occda.exe
2009-05-09 18:03 . 2009-05-09 18:03 37376 ----a-w C:\slqpfq.exe
2009-05-02 16:34 . 2009-05-02 16:34 578560 ----a-w c:\windows\system32\dllcache\user32.dll
2009-04-26 06:55 . 2009-04-26 06:55 -------- d-----w c:\documents and settings\christina bees\Application Data\PC-FAX TX
2009-04-26 06:53 . 2009-04-26 06:53 -------- d-----w c:\documents and settings\christina bees\Application Data\ScanSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 20:48 . 2009-05-16 20:48 666 ----a-w c:\program files\zlrjabfv.txt
2009-05-16 19:43 . 2009-05-16 19:26 1244 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-14 17:16 . 2006-02-22 05:34 33360 ----a-w c:\documents and settings\christina bees\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 06:31 . 2009-05-11 06:31 0 ----a-w c:\windows\system32\anefanim.tmp
2009-05-09 18:04 . 2005-08-16 10:18 14336 ----a-w c:\windows\system32\svchost.exe
2009-05-01 04:34 . 2009-02-01 04:34 50688 --sha-w c:\windows\system32\misahavu.exe
2009-04-26 06:40 . 2008-12-08 16:25 50 ----a-w c:\windows\system32\bridf06a.dat
2009-04-25 20:20 . 2009-01-25 20:20 50688 --sha-w c:\windows\system32\kahasuha.exe
2009-04-21 14:46 . 2009-01-21 14:46 52736 --sha-w c:\windows\system32\gevumabo.exe
2009-03-27 12:48 . 1601-01-01 00:12 61440 --sha-w c:\windows\system32\bafosimo.exe
2009-03-27 00:47 . 1601-01-01 00:12 61440 --sha-w c:\windows\system32\desiyizi.exe
2009-03-23 18:14 . 2005-08-17 02:54 -------- d-----w c:\program files\GemMaster
2009-03-22 20:01 . 2006-02-24 05:27 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-22 20:01 . 2006-02-24 05:27 56 --sh--r c:\windows\system32\5305BDB36B.sys
.
------- Sigcheck -------
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-10 11:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-08-04 00:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\system32\user32.dll
[-] 2009-05-02 16:34 578560 EAA38B4BDB964CC8E373B161BC09859E c:\windows\system32\dllcache\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f08a6e57-eb60-4b0c-ab88-dbc108dcf991}]
c:\windows\system32\vbikbgf.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-02-14 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-23 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-2-13 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\peksyusg]
vbikbgf.dll [BU]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\tmproxy.exe"=
"c:\\WINDOWS\\system32\\wpgldfsh.scr"=
R0 xlktdmpm;xlktdmpm;c:\windows\system32\drivers\xlktdmpm.sys [8/16/2005 6:18 AM 23424]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 6:36 PM 205328]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 6:36 PM 36368]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 6:36 PM 290889]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 6:36 PM 585792]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 6:36 PM 262215]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/13/2006 8:22 PM 29744]
S3 MUD;Driver for Magellan Jupiter USB Device;c:\windows\system32\drivers\MUD.sys [1/22/2008 2:50 PM 55808]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xvsdnjil
.
Contents of the 'Scheduled Tasks' folder
2009-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 17:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1016)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Completion time: 2009-05-16 17:49
ComboFix-quarantined-files.txt 2009-05-16 21:49
ComboFix2.txt 2009-05-16 21:08
ComboFix3.txt 2009-05-16 15:42
Pre-Run: 37,358,501,888 bytes free
Post-Run: 37,346,492,416 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
181 --- E O F --- 2009-03-17 17:01
Thanks for any help that can be provided.