Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3869
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: SOMEONE PLEASE HELP ME  (Read 9687 times)

0 Members and 1 Guest are viewing this topic.

blodflekk

  • SCF Advanced Member
  • ***
  • Posts: 103
  • KARMA: 12
  • Gender: Male
  • And War, War Never Changes.....
SOMEONE PLEASE HELP ME
« on: 28. April 2008., 09:43:08 »
I HAVE POSTED THIS MESSAGE IN MY THREAD "SOME HELP" BUT I HAVE STARTED A NEW TOPIC IN HOPE

I am in dire need of some help, somehow while i was out, someone was using my computer and it was infected with this "spyware destructor" program and now my computer is going nuts, it restarts my pc frequently, and has blocked many of my virus and antispyware scanner from updating, i have run its uninstaller and even deleted its remaining files and links with HijackThis! and still i have probelms, what should i do
~KING~

Samker's Computer Forum - SCforum.info

SOMEONE PLEASE HELP ME
« on: 28. April 2008., 09:43:08 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: SOMEONE PLEASE HELP ME
« Reply #1 on: 28. April 2008., 09:50:16 »

Hi again, Blodflekk.


Don't worry we will fix this, now please follow next instruction se we can do that son as possible:

1. Provide us all possible details related to yours problems / infection.

2. Run Kaspersky Online AntiVirus Scan: http://scforum.info/index.php/topic,734.0.html

3. Download & run HijackThis: http://scforum.info/index.php/topic,785.0.html

4. Provide us logs from HijackThis & Kaspersky Online Scan


We will wait your reply (with logs).

Regards,

SCF Team

blodflekk

  • SCF Advanced Member
  • ***
  • Posts: 103
  • KARMA: 12
  • Gender: Male
  • And War, War Never Changes.....
Re: SOMEONE PLEASE HELP ME
« Reply #2 on: 28. April 2008., 13:24:07 »
Thank you, I have just been running at boot-time scan with avast! which showed up that there were no infected files, I shall run these online scanners you showed me and see what the result is. As for HijackThis! I ran that earlier and it showed nothingI dont recognise, but i can still send you a log if you wish?
~KING~

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: SOMEONE PLEASE HELP ME
« Reply #3 on: 28. April 2008., 15:16:40 »
I shall run these online scanners you showed me and see what the result is. As for HijackThis! I ran that earlier and it showed nothingI dont recognise, but i can still send you a log if you wish?

Yes, please provide us Kaspersky & HJT log because Avast (for me) isn't show real condition of your PC.

cya,

Samker

blodflekk

  • SCF Advanced Member
  • ***
  • Posts: 103
  • KARMA: 12
  • Gender: Male
  • And War, War Never Changes.....
Re: SOMEONE PLEASE HELP ME
« Reply #4 on: 29. April 2008., 04:08:32 »
Ok, here is my HJT logfile, I would also like to say i have downloaded and ran AVG8.0 Free edition, and it picked up over 400 trojans, adware and loggers. I have cleared them out and things seem to be a bit better, but still not perfect.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:52 p.m., on 29/04/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\INSTAL~1\APPLIC~1\AVG8.0\avgwdsvc.exe
D:\INSTAL~1\APPLIC~1\AVG8.0\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
D:\Installed\Applications\ZoneAlarm\zlclient.exe
D:\INSTAL~1\APPLIC~1\AVG8.0\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Installed\Applications\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Installed\Applications\Spybot - Search & Destroy\SpybotSD.exe
D:\Installed\Applications\HijackThis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Installed\Applications\AVG8.0\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\INSTAL~1\APPLIC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Installed\Applications\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] D:\INSTAL~1\APPLIC~1\AVG8.0\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\INSTAL~1\APPLIC~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\INSTAL~1\APPLIC~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208945341718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208945461062
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5282/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Installed\Applications\AVG8.0\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\INSTAL~1\APPLIC~1\AVG8.0\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6327 bytes
~KING~

Samker's Computer Forum - SCforum.info

Re: SOMEONE PLEASE HELP ME
« Reply #4 on: 29. April 2008., 04:08:32 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: SOMEONE PLEASE HELP ME
« Reply #5 on: 29. April 2008., 06:10:42 »
Quote
Ok, here is my HJT logfile, I would also like to say i have downloaded and ran AVG8.0 Free edition, and it picked up over 400 trojans, adware and loggers.

???



Ok blodflekk,

I'll analyze your HJT log in the next few hours, until that please provide me also Kaspersky Online Scan log I need them for final conclusion. :police:

cya,

S.

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: SOMEONE PLEASE HELP ME
« Reply #6 on: 01. May 2008., 18:05:43 »
Blodflekk,

I'm still waiting for your Kaspersky log to continue with "cleaning"! 

Do you have some problem to provide me that log?

S.

blodflekk

  • SCF Advanced Member
  • ***
  • Posts: 103
  • KARMA: 12
  • Gender: Male
  • And War, War Never Changes.....
Re: SOMEONE PLEASE HELP ME
« Reply #7 on: 02. May 2008., 12:43:06 »
no, I dont. Sorry, I just went ahead and reinstalled windows, I needed to use my computer iand it was still going crazy
~KING~

Samker's Computer Forum - SCforum.info

Re: SOMEONE PLEASE HELP ME
« Reply #7 on: 02. May 2008., 12:43:06 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising