ComboFix 08-03-13.4 - Mark Callaghan 2008-03-13 23:44:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.156 [GMT 0:00]
Running from: C:\Documents and Settings\Mark Callaghan\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM074d940e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\fhkkj.ini
C:\WINDOWS\system32\fhkkj.ini2
C:\WINDOWS\system32\firdbtbd.dll
C:\WINDOWS\system32\kvskktai.dll
C:\WINDOWS\system32\mpkqfaen.dll
C:\WINDOWS\system32\nvldksev.dll
C:\WINDOWS\system32\veskdlvn.ini
C:\WINDOWS\system32\vpkippij.dll
C:\WINDOWS\system32\yjwmyuer.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.
2008-03-13 18:37 . 2008-03-13 18:37
d-------- C:\Deckard
2008-03-13 18:29 . 2008-03-13 18:29 d-------- C:\Program Files\DNA
2008-03-13 18:29 . 2008-03-13 23:48 d-------- C:\Documents and Settings\Mark Callaghan\Application Data\DNA
2008-03-10 22:01 . 2008-03-10 22:01 d-------- C:\Program Files\Trend Micro
2008-03-10 20:29 . 2008-03-10 20:29 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-03-10 20:05 . 2008-03-10 20:05 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 20:04 . 2008-03-11 16:18 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 20:04 . 2008-03-10 20:04 d-------- C:\Documents and Settings\Mark Callaghan\Application Data\SUPERAntiSpyware.com
2008-03-10 20:03 . 2008-03-10 20:03 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 18:32 . 2008-03-10 18:32 d-------- C:\Documents and Settings\Administrator.BOB\Application Data\Grisoft
2008-03-10 18:19 . 2008-03-10 18:19 d-------- C:\Documents and Settings\Mark Callaghan\Application Data\Grisoft
2008-03-10 18:16 . 2008-03-10 18:16 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 18:16 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-09 12:19 . 2008-03-10 17:51 1,307,921 ---hs---- C:\WINDOWS\system32\loqqticq.ini
2008-02-26 13:54 . 2008-02-26 13:54 d-------- C:\Documents and Settings\Mark Callaghan\Application Data\Leadertech
2008-02-26 13:38 . 2008-03-09 12:18 1,307,681 ---hs---- C:\WINDOWS\system32\fjlpbonf.ini
2008-02-26 13:36 . 2008-02-26 13:36 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 23:51 --------- d-----w C:\Documents and Settings\Mark Callaghan\Application Data\TwonkyMedia
2008-03-13 18:29 --------- d-----w C:\Program Files\BitTorrent_DNA
2008-03-13 18:29 --------- d-----w C:\Documents and Settings\Mark Callaghan\Application Data\BitTorrent DNA
2008-03-10 17:46 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-02-26 16:53 --------- d-----w C:\Program Files\Common Files\Scanner
2008-02-25 16:53 --------- d-----w C:\Documents and Settings\Mark Callaghan\Application Data\BitTorrent
2008-02-03 20:23 --------- d-----w C:\Program Files\TwonkyMedia
2008-02-03 20:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-26 18:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 19:44 --------- d-----w C:\Documents and Settings\Mark Callaghan\Application Data\Samsung
2007-10-17 18:47 92,064 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmmdm.sys
2007-10-17 18:47 9,232 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmmdfl.sys
2007-10-17 18:47 79,328 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmserd.sys
2007-10-17 18:47 66,656 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmbus.sys
2007-10-17 18:47 6,208 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmcmnt.sys
2007-10-17 18:47 5,936 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmwhnt.sys
2007-10-17 18:47 4,048 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmcr.sys
2007-10-17 18:47 25,600 ----a-w C:\Documents and Settings\Mark Callaghan\usbsermptxp.sys
2007-10-17 18:47 22,768 ----a-w C:\Documents and Settings\Mark Callaghan\usbsermpt.sys
2007-10-14 15:27 20,632 ----a-w C:\Documents and Settings\Mark Callaghan\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-06-14 12:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-13 18:29 287040]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-11 16:18 1481968]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 13:09 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 15:50 4112384]
"nwiz"="nwiz.exe" [2004-07-12 15:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-12 15:50 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 16:16 376912]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 17:49 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 13:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13:10 13552]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 13:09 61168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-06-14 12:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-11 16:18 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\TwonkyMedia\\twonkymediaserver.exe"=
"C:\\Program Files\\TwonkyMedia\\twonkymedia.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 10:45]
R2 TwonkyMedia;TwonkyMedia;C:\Program Files\TwonkyMedia\TwonkyMedia.exe [2007-12-22 13:03]
R3 slnt;Realtek RTL8139 PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys [2005-12-07 09:35]
S1 ensqio;ensqio;C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 es137140;SB AudioPCI 64V;C:\WINDOWS\system32\DRIVERS\es137140.sys []
S2 AotoLogon;System Performance Monitor;C:\WINDOWS\svchost.exe []
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2005-06-14 12:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61bc1a4a-7b41-11dc-bc64-00304f10de7c}]
\Shell\1\Command - F:\.\flashrun.exe
\Shell\2\Command - F:\.\flashrun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\flashrun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 23:52:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
.
**************************************************************************
.
Completion time: 2008-03-14 0:00:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-14 00:00:43
.
2008-03-12 13:22:28 --- E O F ---