Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hacker making my files corrupt! - HJT log [RESOLVED]


  • This topic is locked This topic is locked

#1
Raymundo

Raymundo

    Member

  • Member
  • PipPip
  • 22 posts
Hello,
I had weird things going on in my computer and I need some help! :) Well so far i think that i have a hacker on my computer because I saw a new user account named "ADMINISTRATOR" that was password protected and the first time it came out I was using it normally and then it suddenly the screen goes black and I had to turn it off beacause it wouldnt let me do anything!!! the only way to let me use it is to go on safe mode but right now that user account isnt there anymore! I dont know why that account just deleted itself but every time i reboot ChkDsk says there is more and more corroupt files everytime I dont know why! Also, I supposed that i deleted Cpmsky and Adzgalore by SuperAntiSpyware but i think my computer might still be inffected :) Please Review! Well im new and i hope you guys help me! :) Any help would be appreciated! Thanks! :) Here is my HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:44, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
c:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.c...://es.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: adzgalore - {0ae36323-3974-aca2-9fcf-ec6a8756e1c9} - C:\WINDOWS\system32\nsl8E.dll (file missing)
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\ppctoolbar.dll_7.0.0.2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\ppctoolbar.dll_7.0.0.2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace...ronGameHost.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Documents and Settings\Raymundo\Desktop\Ares\chatServer.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
O24 - Desktop Component 0: (no name) - http://www.clubsanto...LDOORIGINAL.JPG

--
End of file - 12504 bytes









Here is my SuperAntiSpyware log:



SUPERAntiSpyware Scan Log
Generated 05/27/2008 at 08:19 PM

Application Version : 3.6.1000

Core Rules Database Version : 3468
Trace Rules Database Version: 1459

Scan type : Complete Scan
Total Scan Time : 01:50:41

Memory items scanned : 560
Memory threats detected : 0
Registry items scanned : 6632
Registry threats detected : 0
File items scanned : 56017
File threats detected : 77

Adware.Tracking Cookie
C:\Documents and Settings\Raymundo\Cookies\raymundo@media6degrees[1].txt
C:\Documents and Settings\Raymundo\Cookies\[email protected][1].txt
C:\Documents and Settings\Raymundo\Cookies\raymundo@apmebf[1].txt
C:\Documents and Settings\Raymundo\Cookies\[email protected][1].txt
C:\Documents and Settings\Raymundo\Cookies\raymundo@mediaplex[1].txt
C:\Documents and Settings\Raymundo\Cookies\raymundo@trafficmp[1].txt
C:\Documents and Settings\Raymundo\Cookies\raymundo@doubleclick[2].txt
C:\Documents and Settings\Raymundo\Cookies\[email protected][1].txt
C:\Documents and Settings\Raymundo\Cookies\raymundo@advertising[1].txt
C:\Documents and Settings\Raymundo\Cookies\[email protected][1].txt
C:\Documents and Settings\Raymundo\Cookies\raymundo@tribalfusion[1].txt
C:\Documents and Settings\Raymundo\Cookies\[email protected][1].txt
C:\Documents and Settings\Raymundo\Cookies\raymundo@specificclick[1].txt
C:\WINDOWS\Temp\Cookies\raymundo@adecn[2].txt
C:\WINDOWS\Temp\Cookies\[email protected][2].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\[email protected][2].txt
C:\WINDOWS\Temp\Cookies\raymundo@clicksor[2].txt
C:\WINDOWS\Temp\Cookies\[email protected][2].txt
C:\WINDOWS\Temp\Cookies\raymundo@directtrack[1].txt
C:\WINDOWS\Temp\Cookies\[email protected][2].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\raymundo@exitexchange[2].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\raymundo@imrworldwide[2].txt
C:\WINDOWS\Temp\Cookies\raymundo@insightexpressai[1].txt
C:\WINDOWS\Temp\Cookies\raymundo@interclick[2].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\[email protected][2].txt
C:\WINDOWS\Temp\Cookies\raymundo@media6degrees[1].txt
C:\WINDOWS\Temp\Cookies\raymundo@mediatraffic[2].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\[email protected][2].txt
C:\WINDOWS\Temp\Cookies\raymundo@precisionclick[1].txt
C:\WINDOWS\Temp\Cookies\[email protected][2].txt
C:\WINDOWS\Temp\Cookies\raymundo@revsci[1].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\[email protected][2].txt
C:\WINDOWS\Temp\Cookies\[email protected][2].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\raymundo@specificclick[2].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\[email protected][2].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\raymundo@yieldmanager[1].txt

Trojan.Downloader-AUPD
C:\DOCUMENTS AND SETTINGS\RAYMUNDO\LOCAL SETTINGS\TEMP\AUPD.EXE

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

Adware.AdRotator/AdsGalore
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP208\A0085877.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP230\A0090630.EXE
C:\WINDOWS\SYSTEM32\ADZGALORE-REMOVE.EXE

Adware.AdRotator/CPMSky
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP208\A0085882.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP223\A0089323.EXE

Trojan.Downloader-Gen/FotoMoto-B
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP230\A0090877.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP231\A0090879.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP231\A0090900.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP232\A0090920.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP233\A0090938.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP235\A0091004.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP236\A0091006.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP236\A0092024.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP237\A0092359.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP237\A0092393.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP238\A0094395.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP238\A0094414.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP238\A0095415.DLL
C:\WINDOWS\SYSTEM32\NSB72.DLL
C:\WINDOWS\SYSTEM32\NSH25E.DLL
C:\WINDOWS\SYSTEM32\NSL8E.DLL
C:\WINDOWS\SYSTEM32\NSS25.DLL
C:\WINDOWS\SYSTEM32\NSV83.DLL
C:\WINDOWS\SYSTEM32\NSZ360.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP233\A0090941.EXE

Adware.HotBar/ShopperReports (Low Risk)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B35583CC-77B8-4901-9457-B532D679AE82}\RP238\A0095449.DLL



Well once you reply I'll give you Malwarebytes log Thank you :)
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
Raymundo

Raymundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Please Help I think I have a hacker and took over my whole computer! I cant do anything you tell me because it says that i do not have the appropiate permissions to do that and now I cant do nothing is there a solution if I competely permanetly reboot my computer will that work? I don't care if I lose all my programs just please let me know how to!
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You should be able to run DSS if you ran HijackThis

Is your account an administrator ?
  • 0

#5
Raymundo

Raymundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I can't before everything happened I ran HJT but now I try to click on it but It Says that I do not have permission to do that I am thinking it is a hacker taking over my computer and now I have no admin rights. Look if it takes to completely reformat my computer to remove all this malware and hacker problems just tell me how to do it and I will do it.
Thank you
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Reformatting should fix it

I think you would be better off posting in the Windows XP forum as this doesn't seem to be malware related

If they can fix your permission problem, then we can fix any malware that is present
  • 0

#7
Raymundo

Raymundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello, Rorschach112
So if I completely reformatt my computer then it will remove any malware present?
Will it remove a Hacker if i have one?
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes
  • 0

#9
Raymundo

Raymundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
But if I do that will it remove my anti-virus protection?
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes unless you have the installers for them. They can be easily fixed though

If you want me to run through some security programs after you reformat, let me know
  • 0

#11
Raymundo

Raymundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I have the cd for it but it is protection for 3 pcs i have all pc's with the same anti-virus so if I have the cd after I reformat how would it let me install it again?
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Wouldn't you just insert the CD onto the 3 PC's and re-install it ?

This is more of a tech issue so if you have any further questions you would be better off posting in the Windows XP forum


Anything else ?
  • 0

#13
Raymundo

Raymundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello, Rorschach112
No I dont need anything else thanks for your support! :)
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP