ComboFix 08-03-13.4 - Mark Callaghan 2008-03-13 23:44:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.156 [GMT 0:00] Running from: C:\Documents and Settings\Mark Callaghan\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM074d940e.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\fhkkj.ini C:\WINDOWS\system32\fhkkj.ini2 C:\WINDOWS\system32\firdbtbd.dll C:\WINDOWS\system32\kvskktai.dll C:\WINDOWS\system32\mpkqfaen.dll C:\WINDOWS\system32\nvldksev.dll C:\WINDOWS\system32\veskdlvn.ini C:\WINDOWS\system32\vpkippij.dll C:\WINDOWS\system32\yjwmyuer.dll . ((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))) . 2008-03-13 18:37 . 2008-03-13 18:37 d-------- C:\Deckard 2008-03-13 18:29 . 2008-03-13 18:29 d-------- C:\Program Files\DNA 2008-03-13 18:29 . 2008-03-13 23:48 d-------- C:\Documents and Settings\Mark Callaghan\Application Data\DNA 2008-03-10 22:01 . 2008-03-10 22:01 d-------- C:\Program Files\Trend Micro 2008-03-10 20:29 . 2008-03-10 20:29 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE 2008-03-10 20:05 . 2008-03-10 20:05 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-10 20:04 . 2008-03-11 16:18 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-10 20:04 . 2008-03-10 20:04 d-------- C:\Documents and Settings\Mark Callaghan\Application Data\SUPERAntiSpyware.com 2008-03-10 20:03 . 2008-03-10 20:03 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-10 18:32 . 2008-03-10 18:32 d-------- C:\Documents and Settings\Administrator.BOB\Application Data\Grisoft 2008-03-10 18:19 . 2008-03-10 18:19 d-------- C:\Documents and Settings\Mark Callaghan\Application Data\Grisoft 2008-03-10 18:16 . 2008-03-10 18:16 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-10 18:16 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-09 12:19 . 2008-03-10 17:51 1,307,921 ---hs---- C:\WINDOWS\system32\loqqticq.ini 2008-02-26 13:54 . 2008-02-26 13:54 d-------- C:\Documents and Settings\Mark Callaghan\Application Data\Leadertech 2008-02-26 13:38 . 2008-03-09 12:18 1,307,681 ---hs---- C:\WINDOWS\system32\fjlpbonf.ini 2008-02-26 13:36 . 2008-02-26 13:36 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-13 23:51 --------- d-----w C:\Documents and Settings\Mark Callaghan\Application Data\TwonkyMedia 2008-03-13 18:29 --------- d-----w C:\Program Files\BitTorrent_DNA 2008-03-13 18:29 --------- d-----w C:\Documents and Settings\Mark Callaghan\Application Data\BitTorrent DNA 2008-03-10 17:46 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys 2008-02-26 16:53 --------- d-----w C:\Program Files\Common Files\Scanner 2008-02-25 16:53 --------- d-----w C:\Documents and Settings\Mark Callaghan\Application Data\BitTorrent 2008-02-03 20:23 --------- d-----w C:\Program Files\TwonkyMedia 2008-02-03 20:07 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-26 18:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-18 19:44 --------- d-----w C:\Documents and Settings\Mark Callaghan\Application Data\Samsung 2007-10-17 18:47 92,064 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmmdm.sys 2007-10-17 18:47 9,232 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmmdfl.sys 2007-10-17 18:47 79,328 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmserd.sys 2007-10-17 18:47 66,656 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmbus.sys 2007-10-17 18:47 6,208 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmcmnt.sys 2007-10-17 18:47 5,936 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmwhnt.sys 2007-10-17 18:47 4,048 ----a-w C:\Documents and Settings\Mark Callaghan\mqdmcr.sys 2007-10-17 18:47 25,600 ----a-w C:\Documents and Settings\Mark Callaghan\usbsermptxp.sys 2007-10-17 18:47 22,768 ----a-w C:\Documents and Settings\Mark Callaghan\usbsermpt.sys 2007-10-14 15:27 20,632 ----a-w C:\Documents and Settings\Mark Callaghan\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-06-14 12:00 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-13 18:29 287040] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-11 16:18 1481968] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 13:09 61168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 15:50 4112384] "nwiz"="nwiz.exe" [2004-07-12 15:50 843776 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-12 15:50 81920] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 16:16 376912] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 17:49 2061552] "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 13:10 310000] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13:10 13552] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 13:09 61168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-06-14 12:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-11 16:18 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\BitTorrent_DNA\\dna.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\TwonkyMedia\\twonkymediaserver.exe"= "C:\\Program Files\\TwonkyMedia\\twonkymedia.exe"= "C:\\Program Files\\DNA\\btdna.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 10:45] R2 TwonkyMedia;TwonkyMedia;C:\Program Files\TwonkyMedia\TwonkyMedia.exe [2007-12-22 13:03] R3 slnt;Realtek RTL8139 PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys [2005-12-07 09:35] S1 ensqio;ensqio;C:\WINDOWS\system32\DRIVERS\ensqio.sys [] S1 es137140;SB AudioPCI 64V;C:\WINDOWS\system32\DRIVERS\es137140.sys [] S2 AotoLogon;System Performance Monitor;C:\WINDOWS\svchost.exe [] S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2005-06-14 12:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] \Shell\AutoRun\command - Z:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61bc1a4a-7b41-11dc-bc64-00304f10de7c}] \Shell\1\Command - F:\.\flashrun.exe \Shell\2\Command - F:\.\flashrun.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\flashrun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-13 23:52:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe . ************************************************************************** . Completion time: 2008-03-14 0:00:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-14 00:00:43 . 2008-03-12 13:22:28 --- E O F ---