compbr11
2008-05-30, 11:33
Hi, I am new to this forum, I just have been very annoyed by what Spybot has picked up as "Virtumonde," and decided to do a little research. I have read many other peoples posts and such, an ran a log via Combo Fix.
Here is my ComboFix log:
ComboFix 08-05-29.1 - Kyle 2008-05-30 0:48:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.862 [GMT -7:00]
Running from: C:\Documents and Settings\Kyle\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMeb0b5c63.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\CLVGOqru.ini
C:\WINDOWS\system32\CLVGOqru.ini2
C:\WINDOWS\system32\efikmnnn.ini2
C:\WINDOWS\system32\enwdpmjo.dll
C:\WINDOWS\system32\iilRtBeg.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnqdtvyf.dll
C:\WINDOWS\system32\pdxdttdu.ini
C:\WINDOWS\system32\udttdxdp.dll
C:\WINDOWS\system32\urqOGVLC.dll
C:\WINDOWS\system32\yJPAKRqr.ini2
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.
2008-05-30 00:36 . 2008-05-30 00:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-30 00:28 . 2008-05-30 00:28 <DIR> d-------- C:\_OTMoveIt
2008-05-29 00:42 . 2008-05-30 00:16 <DIR> d-------- C:\Documents and Settings\Kyle\Parts
2008-05-28 18:44 . 2008-05-28 18:44 58,368 --a------ C:\WINDOWS\system32\fccBqoLb.dll
2008-05-28 18:06 . 2008-05-28 18:06 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-28 09:31 . 2004-03-01 23:05 407,104 --a------ C:\WINDOWS\system32\MSHFLXGD.OCX
2008-05-28 09:31 . 2002-02-13 11:20 2,362 --a------ C:\WINDOWS\system32\mscomct2.dep
2008-05-28 09:30 . 2008-05-28 09:30 645,120 --a------ C:\WINDOWS\system32\config.gms
2008-05-28 09:00 . 2008-05-28 09:00 <DIR> d-------- C:\Program Files\MATLAB
2008-05-27 22:23 . 2008-05-27 22:23 <DIR> d-------- C:\Program Files\Sun
2008-05-27 22:23 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:22 . 2008-05-27 22:23 <DIR> d-------- C:\Program Files\Java
2008-05-27 22:21 . 2008-05-27 22:21 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-19 15:59 . 2008-05-27 22:30 <DIR> d-------- C:\Internship_Data
2008-05-19 15:50 . 2008-05-19 15:50 <DIR> d-------- C:\Program Files\MATLAB 5
2008-05-17 16:03 . 2008-05-17 16:05 <DIR> d-------- C:\Program Files\keyclone
2008-05-08 15:45 . 2008-05-08 15:45 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-08 15:45 . 2008-05-08 15:45 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-08 15:45 . 2008-05-08 15:45 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-08 15:45 . 2008-05-08 15:45 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-08 15:42 . 2008-05-08 15:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-08 15:18 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-13 17:12 . 2008-04-13 17:12 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-04-13 17:11 . 2008-04-13 17:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --a------ C:\WINDOWS\system32\kbdpash.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --a------ C:\WINDOWS\system32\kbdnepr.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --a------ C:\WINDOWS\system32\kbdiultn.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --a------ C:\WINDOWS\system32\kbdbhc.dll
2008-04-13 11:56 . 2008-04-13 11:56 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 11:56 . 2008-04-13 11:56 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 11:46 . 2008-04-13 11:46 121,984 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 11:46 . 2008-04-13 11:46 37,888 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 11:46 . 2008-04-13 11:46 36,480 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 11:46 . 2008-04-13 11:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 11:45 . 2008-04-13 11:45 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-04-13 11:45 . 2008-04-13 11:45 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-04-13 11:43 . 2008-04-13 11:43 14,208 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 11:43 . 2008-04-13 11:43 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 11:43 . 2008-04-13 11:43 9,728 --a------ C:\WINDOWS\system32\comsdupd.exe
2008-04-13 11:40 . 2008-04-13 11:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 11:36 . 2008-04-13 11:36 5,888 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008-04-13 11:14 . 2008-04-13 11:14 76,800 --a------ C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 10:27 . 2008-04-13 10:27 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-04-13 10:27 . 2008-04-13 10:27 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-11 17:57 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys
2008-04-11 17:57 . 2001-08-17 13:47 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys
2008-04-11 17:56 . 2001-08-17 22:36 324,608 --a------ C:\WINDOWS\system32\hpojwia.dll
2008-04-11 17:56 . 2001-08-17 22:36 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
2008-04-11 17:56 . 2008-04-13 11:39 206,976 --a------ C:\WINDOWS\system32\drivers\dot4.sys
2008-04-11 17:56 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys
2008-04-11 17:56 . 2001-08-17 13:47 23,808 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys
2008-04-11 17:56 . 2001-07-21 20:27 18,411 --a------ C:\WINDOWS\system32\hpo5500a.aio
2008-04-11 17:56 . 2001-07-21 20:27 18,411 --a------ C:\WINDOWS\system32\hpo5400a.aio
2008-04-11 17:56 . 2001-07-21 20:27 18,411 --a------ C:\WINDOWS\system32\hpo5300a.aio
2008-04-11 17:56 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\system32\drivers\Dot4scan.sys
2008-04-11 17:56 . 2001-08-17 13:47 8,704 --a--c--- C:\WINDOWS\system32\dllcache\dot4scan.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 07:16 --------- d-----w C:\Documents and Settings\Kyle\Application Data\uTorrent
2008-05-29 17:51 --------- d-----w C:\Program Files\Yahoo!
2008-05-29 01:00 --------- d-----w C:\Program Files\NetBattle
2008-05-29 00:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\MakeMusic
2008-05-28 05:51 --------- d-----w C:\Documents and Settings\Kyle\Application Data\Vso
2008-05-21 20:55 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-13 19:02 --------- d-----w C:\Program Files\World of Warcraft
2008-05-08 06:38 --------- d-----w C:\Program Files\DivX
2008-04-14 12:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 12:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 12:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:46 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-13 18:39 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
2008-04-13 18:39 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{203EF231-7D93-4C7D-9197-05451D3A4FE3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4A2C076-8C74-4AF2-B75E-9BA86C633BB4}]
2008-05-30 01:10 370176 --a------ C:\WINDOWS\system32\xxyVoNHX.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1BC0AAB-2C35-40DF-8F1D-4FD437DF432E}]
2008-05-28 18:44 58368 --a------ C:\WINDOWS\system32\fccBqoLb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"Aim6"="" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01 392832]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 17:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-02-20 12:39 839680]
"ShowLOMControl"="1 (0x1)" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 15:35 397312 C:\WINDOWS\stsystra.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 03:48 157592]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 01:21 90112]
"workflo"="D:\install\workflow.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BMeb0b5c63"="C:\WINDOWS\system32\dsspison.dll" [2008-05-30 01:11 126976]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 02:35:22 10872]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 17:46:00 1724416]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E1BC0AAB-2C35-40DF-8F1D-4FD437DF432E}"= C:\WINDOWS\system32\fccBqoLb.dll [2008-05-28 18:44 58368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccBqoLb]
fccBqoLb.dll 2008-05-28 18:44 58368 C:\WINDOWS\system32\fccBqoLb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-01-08 14:01 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I263"= I263_32.drv
"vidc.avrn"= AvidAVICodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau C:\WINDOWS\system32\xxyVoNHX
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=
"C:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=
"C:\\Program Files\\MATLAB_SV71\\bin\\win32\\MATLAB.exe"=
"C:\\Documents and Settings\\Kyle\\My Documents\\Downloads\\#apps\\old\\utorrent.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\WINDOWS\\system32\\igfxsrvc.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Documents and Settings\\Kyle\\My Documents\\Downloads\\#apps\\magicg\\Magic\\Manalink.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\keyclone\\keyclone.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:wow
"6881:TCP"= 6881:TCP:port6881
"6882:TCP"= 6882:TCP:port6882
"6112:TCP"= 6112:TCP:port6112
"3689:TCP"= 3689:TCP:ppooo
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S2 DirectX multi version;DirectX multi version;C:\WINDOWS\system32\dxcombin.exe []
S3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2005-12-09 16:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\.\Nurseust.exe
\Shell\dxinst\command - E:\.\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24b6e5f3-6ac8-11db-b307-0015c54752e1}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-13 15:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 01:05:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\fccBqoLb.dll
-> C:\WINDOWS\system32\NavLogon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\dsspison.dll
-> C:\WINDOWS\system32\xxyVoNHX.dll
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-05-30 1:15:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 08:14:55
Pre-Run: 16,135,729,152 bytes free
Post-Run: 16,069,066,752 bytes free
332 --- E O F --- 2008-05-16 12:32:59
Thanks for any help!!
Here is my ComboFix log:
ComboFix 08-05-29.1 - Kyle 2008-05-30 0:48:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.862 [GMT -7:00]
Running from: C:\Documents and Settings\Kyle\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMeb0b5c63.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\CLVGOqru.ini
C:\WINDOWS\system32\CLVGOqru.ini2
C:\WINDOWS\system32\efikmnnn.ini2
C:\WINDOWS\system32\enwdpmjo.dll
C:\WINDOWS\system32\iilRtBeg.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnqdtvyf.dll
C:\WINDOWS\system32\pdxdttdu.ini
C:\WINDOWS\system32\udttdxdp.dll
C:\WINDOWS\system32\urqOGVLC.dll
C:\WINDOWS\system32\yJPAKRqr.ini2
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.
2008-05-30 00:36 . 2008-05-30 00:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-30 00:28 . 2008-05-30 00:28 <DIR> d-------- C:\_OTMoveIt
2008-05-29 00:42 . 2008-05-30 00:16 <DIR> d-------- C:\Documents and Settings\Kyle\Parts
2008-05-28 18:44 . 2008-05-28 18:44 58,368 --a------ C:\WINDOWS\system32\fccBqoLb.dll
2008-05-28 18:06 . 2008-05-28 18:06 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-28 09:31 . 2004-03-01 23:05 407,104 --a------ C:\WINDOWS\system32\MSHFLXGD.OCX
2008-05-28 09:31 . 2002-02-13 11:20 2,362 --a------ C:\WINDOWS\system32\mscomct2.dep
2008-05-28 09:30 . 2008-05-28 09:30 645,120 --a------ C:\WINDOWS\system32\config.gms
2008-05-28 09:00 . 2008-05-28 09:00 <DIR> d-------- C:\Program Files\MATLAB
2008-05-27 22:23 . 2008-05-27 22:23 <DIR> d-------- C:\Program Files\Sun
2008-05-27 22:23 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:22 . 2008-05-27 22:23 <DIR> d-------- C:\Program Files\Java
2008-05-27 22:21 . 2008-05-27 22:21 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-19 15:59 . 2008-05-27 22:30 <DIR> d-------- C:\Internship_Data
2008-05-19 15:50 . 2008-05-19 15:50 <DIR> d-------- C:\Program Files\MATLAB 5
2008-05-17 16:03 . 2008-05-17 16:05 <DIR> d-------- C:\Program Files\keyclone
2008-05-08 15:45 . 2008-05-08 15:45 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-08 15:45 . 2008-05-08 15:45 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-08 15:45 . 2008-05-08 15:45 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-08 15:45 . 2008-05-08 15:45 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-08 15:42 . 2008-05-08 15:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-08 15:18 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-13 17:12 . 2008-04-13 17:12 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-04-13 17:11 . 2008-04-13 17:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --a------ C:\WINDOWS\system32\kbdpash.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --a------ C:\WINDOWS\system32\kbdnepr.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --a------ C:\WINDOWS\system32\kbdiultn.dll
2008-04-13 17:09 . 2008-04-13 17:09 6,144 --a------ C:\WINDOWS\system32\kbdbhc.dll
2008-04-13 11:56 . 2008-04-13 11:56 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 11:56 . 2008-04-13 11:56 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 11:46 . 2008-04-13 11:46 121,984 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 11:46 . 2008-04-13 11:46 37,888 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 11:46 . 2008-04-13 11:46 36,480 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 11:46 . 2008-04-13 11:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 11:45 . 2008-04-13 11:45 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-04-13 11:45 . 2008-04-13 11:45 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-04-13 11:43 . 2008-04-13 11:43 14,208 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 11:43 . 2008-04-13 11:43 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 11:43 . 2008-04-13 11:43 9,728 --a------ C:\WINDOWS\system32\comsdupd.exe
2008-04-13 11:40 . 2008-04-13 11:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 11:36 . 2008-04-13 11:36 5,888 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008-04-13 11:14 . 2008-04-13 11:14 76,800 --a------ C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 10:27 . 2008-04-13 10:27 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-04-13 10:27 . 2008-04-13 10:27 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-11 17:57 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys
2008-04-11 17:57 . 2001-08-17 13:47 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys
2008-04-11 17:56 . 2001-08-17 22:36 324,608 --a------ C:\WINDOWS\system32\hpojwia.dll
2008-04-11 17:56 . 2001-08-17 22:36 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
2008-04-11 17:56 . 2008-04-13 11:39 206,976 --a------ C:\WINDOWS\system32\drivers\dot4.sys
2008-04-11 17:56 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys
2008-04-11 17:56 . 2001-08-17 13:47 23,808 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys
2008-04-11 17:56 . 2001-07-21 20:27 18,411 --a------ C:\WINDOWS\system32\hpo5500a.aio
2008-04-11 17:56 . 2001-07-21 20:27 18,411 --a------ C:\WINDOWS\system32\hpo5400a.aio
2008-04-11 17:56 . 2001-07-21 20:27 18,411 --a------ C:\WINDOWS\system32\hpo5300a.aio
2008-04-11 17:56 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\system32\drivers\Dot4scan.sys
2008-04-11 17:56 . 2001-08-17 13:47 8,704 --a--c--- C:\WINDOWS\system32\dllcache\dot4scan.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 07:16 --------- d-----w C:\Documents and Settings\Kyle\Application Data\uTorrent
2008-05-29 17:51 --------- d-----w C:\Program Files\Yahoo!
2008-05-29 01:00 --------- d-----w C:\Program Files\NetBattle
2008-05-29 00:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\MakeMusic
2008-05-28 05:51 --------- d-----w C:\Documents and Settings\Kyle\Application Data\Vso
2008-05-21 20:55 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-13 19:02 --------- d-----w C:\Program Files\World of Warcraft
2008-05-08 06:38 --------- d-----w C:\Program Files\DivX
2008-04-14 12:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 12:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 12:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:46 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-13 18:39 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
2008-04-13 18:39 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{203EF231-7D93-4C7D-9197-05451D3A4FE3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4A2C076-8C74-4AF2-B75E-9BA86C633BB4}]
2008-05-30 01:10 370176 --a------ C:\WINDOWS\system32\xxyVoNHX.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1BC0AAB-2C35-40DF-8F1D-4FD437DF432E}]
2008-05-28 18:44 58368 --a------ C:\WINDOWS\system32\fccBqoLb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"Aim6"="" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01 392832]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 17:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-02-20 12:39 839680]
"ShowLOMControl"="1 (0x1)" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 15:35 397312 C:\WINDOWS\stsystra.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 03:48 157592]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 01:21 90112]
"workflo"="D:\install\workflow.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BMeb0b5c63"="C:\WINDOWS\system32\dsspison.dll" [2008-05-30 01:11 126976]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 02:35:22 10872]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 17:46:00 1724416]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E1BC0AAB-2C35-40DF-8F1D-4FD437DF432E}"= C:\WINDOWS\system32\fccBqoLb.dll [2008-05-28 18:44 58368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccBqoLb]
fccBqoLb.dll 2008-05-28 18:44 58368 C:\WINDOWS\system32\fccBqoLb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-01-08 14:01 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I263"= I263_32.drv
"vidc.avrn"= AvidAVICodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau C:\WINDOWS\system32\xxyVoNHX
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=
"C:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=
"C:\\Program Files\\MATLAB_SV71\\bin\\win32\\MATLAB.exe"=
"C:\\Documents and Settings\\Kyle\\My Documents\\Downloads\\#apps\\old\\utorrent.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\WINDOWS\\system32\\igfxsrvc.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Documents and Settings\\Kyle\\My Documents\\Downloads\\#apps\\magicg\\Magic\\Manalink.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\keyclone\\keyclone.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:wow
"6881:TCP"= 6881:TCP:port6881
"6882:TCP"= 6882:TCP:port6882
"6112:TCP"= 6112:TCP:port6112
"3689:TCP"= 3689:TCP:ppooo
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S2 DirectX multi version;DirectX multi version;C:\WINDOWS\system32\dxcombin.exe []
S3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2005-12-09 16:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\.\Nurseust.exe
\Shell\dxinst\command - E:\.\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24b6e5f3-6ac8-11db-b307-0015c54752e1}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-13 15:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 01:05:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\fccBqoLb.dll
-> C:\WINDOWS\system32\NavLogon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\dsspison.dll
-> C:\WINDOWS\system32\xxyVoNHX.dll
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-05-30 1:15:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 08:14:55
Pre-Run: 16,135,729,152 bytes free
Post-Run: 16,069,066,752 bytes free
332 --- E O F --- 2008-05-16 12:32:59
Thanks for any help!!