Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please Help, this is really serious - comp dialling weird number[CLOSE

Started by bobsleighman , Feb 09 2008 06:33 AM

  • This topic is locked This topic is locked

#16
bobsleighman
Posted 11 February 2008 - 01:19 PM

bobsleighman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Dr Web Report:

kavwebscan.dll;c:\windows\system32\kaspersky lab\kaspersky on-line scanner;Probably BACKDOOR.Trojan;Incurable.Deleted.;
GTDownDE_87.ocx;C:\WINDOWS\system32;Adware.Gdown;Incurable.Moved.;
  • 0

Advertisements

#17
RatHat
Posted 11 February 2008 - 04:42 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Could you run Combofix for me again, and post me the log.

Thanks,
RatHat
  • 0

#18
RatHat
Posted 16 February 2008 - 07:46 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you still require assistance with this log?

Regards
RatHat
  • 0

#19
bobsleighman
Posted 17 February 2008 - 01:09 PM

bobsleighman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
sorry! i have been completely snowed under with work, i will post the log A.S.A.P!
  • 0

#20
bobsleighman
Posted 19 February 2008 - 08:24 AM

bobsleighman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry for the delay - heres the combofix log:

ComboFix 08-02-19.2 - Alexander 2008-02-19 14:03:34.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.609 [GMT 0:00]
Running from: C:\Documents and Settings\Alexander\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.

2008-02-11 17:48 . 2008-02-11 17:48 <DIR> d-------- C:\Documents and Settings\Alexander\DoctorWeb
2008-02-09 17:42 . 2008-02-09 17:43 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-09 17:39 . 2008-02-09 18:00 <DIR> d-------- C:\SDFix
2008-02-04 14:30 . 2008-02-09 14:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-04 14:30 . 2008-02-04 14:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-22 17:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-22 17:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-01-22 16:55 . 2008-01-22 16:55 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-01-22 16:55 . 2008-01-22 16:55 <DIR> d-------- C:\Program Files\WMA-MP3.com
2008-01-22 16:55 . 2008-01-22 16:55 <DIR> d-------- C:\Program Files\Stop Motion Pro v5
2008-01-22 16:55 . 2008-01-22 16:55 <DIR> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-01-22 16:55 . 2008-01-22 16:55 <DIR> d-------- C:\Program Files\SmartFTP Client
2008-01-22 16:55 . 2008-02-19 12:57 <DIR> d-------- C:\Program Files\LogMeIn
2008-01-22 16:55 . 2008-01-22 16:55 <DIR> d-------- C:\Program Files\HyCam2
2008-01-22 16:55 . 2008-01-22 16:55 <DIR> d-------- C:\Program Files\Allume Systems
2008-01-22 16:43 . 2008-01-22 16:44 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-01-22 16:43 . 2008-01-22 16:43 <DIR> d-------- C:\Program Files\AOL Companion
2008-01-22 16:43 . 2008-01-22 16:44 <DIR> d-------- C:\Program Files\AOL 9.0
2008-01-20 20:57 . 2005-05-10 10:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-01-20 20:57 . 2008-01-22 16:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-01-20 20:17 . 2008-01-22 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2008-01-20 20:17 . 2008-01-22 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-02-09 17:19 --------- d-----w C:\Program Files\Kontiki
2008-02-09 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-09 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-09 15:40 --------- d-----w C:\Program Files\MSN Messenger
2008-02-09 15:40 --------- d-----w C:\Program Files\iTunes
2008-02-09 15:40 --------- d-----w C:\Program Files\Download Manager
2008-02-09 15:40 --------- d-----w C:\Program Files\AIM6
2008-02-09 15:32 --------- d-----w C:\Program Files\TrojanHunter 4.2
2008-02-09 15:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-09 15:32 --------- d-----w C:\Program Files\QuickTime
2008-02-09 12:51 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-09 12:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-09 12:48 --------- d-----w C:\Program Files\EA GAMES
2008-02-07 21:27 15,360 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-02-07 21:27 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-01-22 16:55 --------- d-----w C:\Program Files\GoFTP
2008-01-22 16:55 --------- d-----w C:\Program Files\Furcadia
2008-01-22 16:55 --------- d-----w C:\Program Files\Dell
2008-01-22 16:53 --------- d-----w C:\Program Files\SpacialAudio
2008-01-22 16:53 --------- d-----w C:\Program Files\LogMeIn(2)
2008-01-22 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
2008-01-22 16:51 --------- dc----w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-22 16:43 --------- d-----w C:\Program Files\Windows Live
2008-01-22 16:43 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-21 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-10 16:20 --------- d-----w C:\Documents and Settings\Alexander\Application Data\IGN_DLM
2008-01-01 03:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 03:09 --------- d-----w C:\Program Files\Giant
2008-01-01 03:00 --------- d-----w C:\Program Files\Electronic Arts
2008-01-01 03:00 --------- d-----w C:\Program Files\Buzan's iMindMap
2007-12-28 00:08 --------- d-----w C:\Program Files\iPod
2007-12-27 23:58 --------- d-----w C:\Program Files\Apple Software Update
2007-12-22 11:14 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-04-15 20:47 262 ----a-w C:\Documents and Settings\Alexander\imm.dat
2006-03-06 16:09 24,192 ----a-w C:\Documents and Settings\Alexander\usbsermptxp.sys
2006-03-06 16:09 22,768 ----a-w C:\Documents and Settings\Alexander\usbsermpt.sys
2005-09-19 15:41 28,445 ----a-w C:\WINDOWS\Fonts\habbofont.zip
2007-03-30 22:42 2,516 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2007-08-13 19:15 32,768 --sha-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-07 21:27 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [ ]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [ ]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [ ]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [ ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [ ]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [ ]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-07 21:27 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2005-05-28 15:24:53 327765]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Office2K\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-10-18 20:47 75064 C:\WINDOWS\SYSTEM32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-02-16 13:04 147456 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 00:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 19:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-06-04 19:15 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 12:03 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-17 12:03 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
C:\WINDOWS\system32\SSEMBL~1\dvdplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 16:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 00:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 00:05]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 10:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 10:20]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 11:10]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 00:05]
S3 pnicml;pnicml;C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\pnicml.sys []
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9564158-d4bc-11db-81f4-000e50c9c162}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 23:37:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-09 13:59:20 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ALEX-Alexander).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 14:09:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

**************************************************************************
.
Completion time: 2008-02-19 14:11:40
ComboFix-quarantined-files.txt 2008-02-19 14:10:48
ComboFix2.txt 2008-02-11 18:23:14
ComboFix3.txt 2008-02-09 17:27:23
ComboFix4.txt 2008-02-09 16:29:20
ComboFix5.txt 2008-02-09 15:50:34
.
2008-02-09 12:15:18 --- E O F ---
  • 0

#21
RatHat
Posted 20 February 2008 - 08:38 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint

Driver::
pnicml

DirLook::
C:\Program Files\WMA-MP3.com


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Regards,
RatHat
  • 0

#22
RatHat
Posted 03 March 2008 - 04:00 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact myself or another staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP