Samker's Computer Forum - SCforum.info

SCF Support Area: => ### PC Help Center !!! ### => Topic started by: blodflekk on 28. April 2008., 09:43:08

Title: SOMEONE PLEASE HELP ME
Post by: blodflekk on 28. April 2008., 09:43:08
I HAVE POSTED THIS MESSAGE IN MY THREAD "SOME HELP" BUT I HAVE STARTED A NEW TOPIC IN HOPE

I am in dire need of some help, somehow while i was out, someone was using my computer and it was infected with this "spyware destructor" program and now my computer is going nuts, it restarts my pc frequently, and has blocked many of my virus and antispyware scanner from updating, i have run its uninstaller and even deleted its remaining files and links with HijackThis! and still i have probelms, what should i do
Title: Re: SOMEONE PLEASE HELP ME
Post by: Samker on 28. April 2008., 09:50:16

Hi again, Blodflekk.


Don't worry we will fix this, now please follow next instruction se we can do that son as possible:

1. Provide us all possible details related to yours problems / infection.

2. Run Kaspersky Online AntiVirus Scan: http://scforum.info/index.php/topic,734.0.html

3. Download & run HijackThis: http://scforum.info/index.php/topic,785.0.html

4. Provide us logs from HijackThis & Kaspersky Online Scan


We will wait your reply (with logs).

Regards,

SCF Team
Title: Re: SOMEONE PLEASE HELP ME
Post by: blodflekk on 28. April 2008., 13:24:07
Thank you, I have just been running at boot-time scan with avast! which showed up that there were no infected files, I shall run these online scanners you showed me and see what the result is. As for HijackThis! I ran that earlier and it showed nothingI dont recognise, but i can still send you a log if you wish?
Title: Re: SOMEONE PLEASE HELP ME
Post by: Samker on 28. April 2008., 15:16:40
I shall run these online scanners you showed me and see what the result is. As for HijackThis! I ran that earlier and it showed nothingI dont recognise, but i can still send you a log if you wish?

Yes, please provide us Kaspersky & HJT log because Avast (for me) isn't show real condition of your PC.

cya,

Samker
Title: Re: SOMEONE PLEASE HELP ME
Post by: blodflekk on 29. April 2008., 04:08:32
Ok, here is my HJT logfile, I would also like to say i have downloaded and ran AVG8.0 Free edition, and it picked up over 400 trojans, adware and loggers. I have cleared them out and things seem to be a bit better, but still not perfect.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:52 p.m., on 29/04/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\INSTAL~1\APPLIC~1\AVG8.0\avgwdsvc.exe
D:\INSTAL~1\APPLIC~1\AVG8.0\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
D:\Installed\Applications\ZoneAlarm\zlclient.exe
D:\INSTAL~1\APPLIC~1\AVG8.0\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Installed\Applications\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Installed\Applications\Spybot - Search & Destroy\SpybotSD.exe
D:\Installed\Applications\HijackThis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Installed\Applications\AVG8.0\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\INSTAL~1\APPLIC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Installed\Applications\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] D:\INSTAL~1\APPLIC~1\AVG8.0\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\INSTAL~1\APPLIC~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\INSTAL~1\APPLIC~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208945341718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208945461062
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5282/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Installed\Applications\AVG8.0\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\INSTAL~1\APPLIC~1\AVG8.0\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6327 bytes
Title: Re: SOMEONE PLEASE HELP ME
Post by: Samker on 29. April 2008., 06:10:42
Quote
Ok, here is my HJT logfile, I would also like to say i have downloaded and ran AVG8.0 Free edition, and it picked up over 400 trojans, adware and loggers.

???



Ok blodflekk,

I'll analyze your HJT log in the next few hours, until that please provide me also Kaspersky Online Scan log I need them for final conclusion. :police:

cya,

S.
Title: Re: SOMEONE PLEASE HELP ME
Post by: Samker on 01. May 2008., 18:05:43
Blodflekk,

I'm still waiting for your Kaspersky log to continue with "cleaning"! 

Do you have some problem to provide me that log?

S.
Title: Re: SOMEONE PLEASE HELP ME
Post by: blodflekk on 02. May 2008., 12:43:06
no, I dont. Sorry, I just went ahead and reinstalled windows, I needed to use my computer iand it was still going crazy