Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32: onlinegames-DIK [trj] combofix

Started by destroyer , May 14 2008 11:36 AM

  • Please log in to reply

#1
destroyer
Posted 14 May 2008 - 11:36 AM

destroyer

    New Member

  • Member
  • Pip
  • 1 posts
ComboFix 08-05-12.1 - Cade Shillingford 2008-05-14 12:45:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.73 [GMT -4:00]
Running from: C:\Documents and Settings\Cade Shillingford\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\tmp0_873454586625.bk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Service_perfmons


((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-14 12:45 . 2008-05-14 12:45 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-02 22:19 . 2008-05-02 22:19 <DIR> d-------- C:\Program Files\A-one iPod PSP 3GP Video Converter
2008-05-02 22:19 . 2007-03-09 07:36 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2008-05-02 22:19 . 2006-03-28 22:35 475,136 --a------ C:\WINDOWS\system32\SkinCrafter.dll
2008-05-02 22:19 . 2007-03-09 07:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2008-05-02 22:19 . 2007-03-09 07:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2008-05-02 22:19 . 2007-03-09 07:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-05-02 15:16 . 2008-05-02 15:16 <DIR> d-------- C:\Temp
2008-05-02 03:07 . 2008-05-02 03:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-15 08:46 . 2008-04-15 08:46 <DIR> d-------- C:\Documents and Settings\Cade Shillingford\Application Data\Leadertech
2008-04-15 08:25 . 2008-04-15 08:25 <DIR> d-------- C:\Documents and Settings\Cade Shillingford\Application Data\AdobeUM
2008-04-14 14:55 . 2008-04-14 14:55 0 --a------ C:\WINDOWS\mngui.INI
2008-04-14 12:57 . 2008-04-14 12:58 <DIR> d-------- C:\Documents and Settings\Cade Shillingford\Application Data\Teleca
2008-04-14 12:53 . 2008-04-14 12:53 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-04-14 12:53 . 2008-04-14 12:54 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-04-14 12:53 . 2008-04-14 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-04-14 12:53 . 2008-04-14 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-04-14 12:42 . 2006-03-13 16:50 96,352 -ra------ C:\WINDOWS\system32\drivers\w300mdm.sys
2008-04-14 12:42 . 2006-03-13 16:50 87,824 -ra------ C:\WINDOWS\system32\drivers\w300mgmt.sys
2008-04-14 12:42 . 2006-03-13 16:50 85,696 -ra------ C:\WINDOWS\system32\drivers\w300obex.sys
2008-04-14 12:42 . 2006-03-13 16:50 9,264 -ra------ C:\WINDOWS\system32\drivers\w300mdfl.sys
2008-04-14 12:42 . 2006-03-13 16:49 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cmnt.sys
2008-04-14 12:42 . 2006-03-13 16:49 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cm.sys
2008-04-14 12:31 . 2008-04-14 12:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-14 12:25 . 2006-03-13 16:49 60,800 -ra------ C:\WINDOWS\system32\drivers\w300bus.sys
2008-04-14 12:25 . 2006-03-13 16:50 5,840 -ra------ C:\WINDOWS\system32\drivers\w300whnt.sys
2008-04-14 12:25 . 2006-03-13 16:50 5,840 -ra------ C:\WINDOWS\system32\drivers\w300wh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 16:25 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
2008-05-13 21:05 --------- d-----w C:\Documents and Settings\Cade Shillingford\Application Data\dvdcss
2008-05-02 04:37 --------- d-----w C:\Program Files\Java
2008-04-15 13:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-01 16:51 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-31 21:21 --------- d-----w C:\Program Files\BitLord
2008-03-31 20:59 --------- d-----w C:\Program Files\Ares
2008-03-27 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-31 23:52 15,997,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-31 23:52 1,027,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 10:33 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="C:\Program Files\Lenovo\TrackPoint\tp4serv.exe" [2007-11-08 10:56 92960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CLMLServer"="C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe" [2007-09-27 23:10 122880]
"CLJ"="0 (0x0)" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-11-19 14:23 487424]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19 94208]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 02:33 243248]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 16:28 868352]
"TP4EX"="tp4ex.exe" [2005-10-17 01:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 14:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--------- 2007-09-29 16:53 2680104 C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe"=

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family;C:\WINDOWS\system32\DRIVERS\cben5.sys [2002-02-26 17:10]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-02-04 11:53]
R3 S3GSavageMX;S3GSavageMX;C:\WINDOWS\system32\DRIVERS\s3gsavm.sys [2002-11-28 16:44]
R3 TNET1130;802.11 WLAN;C:\WINDOWS\system32\DRIVERS\tnet1130.sys [2004-06-17 22:41]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2007-11-08 10:56]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-05 02:44]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;C:\WINDOWS\system32\DRIVERS\tnet1130x.sys [2004-03-10 09:54]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12632980-0a28-11dd-a9fb-00e098d52d06}]
\Shell\AutoRun\command - E:\m9j.com
\Shell\explore\Command - E:\m9j.com
\Shell\open\Command - E:\m9j.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0b4dd41-fc54-11dc-a9e2-00e098d52d06}]
\Shell\1\Command - D:\RUNAUT~1\autorun.pif
\Shell\2\Command - D:\RUNAUT~1\autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 21:18:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-14 17:07:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 13:07:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CLJ = 63

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lenovo\TrackPoint\tp4servinst.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-05-14 13:19:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 17:18:42

Pre-Run: 35,263,188,992 bytes free
Post-Run: 35,606,179,840 bytes free

200 --- E O F --- 2008-05-07 22:06:49
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP