maxpaynekh92 Posted September 4, 2011 ID:472769 Share Posted September 4, 2011 hello guys(sorry for my bad english and computer xp )i think i have been hacked after downloading some files... now i cant see my start menu and task bar .. i cant download any antivirus .. the hacker contacted me by opening a chat dialog and wanted me to give him 15$ but i refused i think he have a full access to my information .actually he stole one of my gaming accounts and i think he stole my pre paid credit card information...i cant download or run any anti virus but i will post the log from HJT ... here is it :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:33:31 AM, on 9/5/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\explorer.exeC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\program files\real\realplayer\update\realsched.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Cyberlink\Shared Files\brs.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\DAEMON Tools Lite\DTLite.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\jordan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=dfR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRun2.dllO2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll (file missing)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: RuneScape - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRun2.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\prxtbRun2.dllO3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll (file missing)O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\WinDir\Svchost.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Windows Update] C:\Documents and Settings\jordan\Local Settings\Temp\Winlogin.exeO4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [svchost] C:\Documents and Settings\jordan\Application Data\svchost.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\jordan\My Documents\Downloads\RRT.exe autoO4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfilesO4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststartO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exeO4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStartO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\WinDir\Svchost.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [svchost.exe] "C:\Documents and Settings\jordan\Local Settings\Temp\svchost.exe"O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jordan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\jordan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorunO4 - HKCU\..\Run: [Allmyapps] "C:\Program Files\Allmyapps\AllmyappsNotifier.exe" startupO4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\WinDir\Svchost.exeO4 - HKLM\..\Policies\Explorer\Run: [svchost] C:\Documents and Settings\jordan\Application Data\svchost.exeO4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\WinDir\Svchost.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')O4 - HKUS\S-1-5-21-790525478-1078145449-839522115-1003\..\Run: [HKCU] C:\WINDOWS\system32\WinDir\Svchost.exe (User '?')O4 - HKUS\S-1-5-21-790525478-1078145449-839522115-1003\..\Run: [Google Update] "C:\Documents and Settings\jordan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')O4 - HKUS\S-1-5-21-790525478-1078145449-839522115-1003\..\Run: [Facebook Update] "C:\Documents and Settings\jordan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?')O4 - HKUS\S-1-5-21-790525478-1078145449-839522115-1003\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')O4 - HKUS\S-1-5-21-790525478-1078145449-839522115-1003\..\Run: [Allmyapps] "C:\Program Files\Allmyapps\AllmyappsNotifier.exe" startup (User '?')O4 - HKUS\S-1-5-21-790525478-1078145449-839522115-1003\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\WinDir\Svchost.exe (User '?')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - S-1-5-21-790525478-1078145449-839522115-1003 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI699F~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Quatro Casino - ³r@¼r`إr€خr ×rبàrèérَr0ür`sˆs°sذ sً)s3s(<sHEshNsˆWs¨`sبisگ - C:\Microgaming\Casino\QuatroCasino\casinogame.exe (file missing) (HKCU)O9 - Extra button: Captain Cooks Casino - {0ECA608B-09BC-4988-93DA-844F907381E2} - C:\Microgaming\Casino\CaptainCooks\casinogame.exe (HKCU)O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocxO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocxO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///G:/CDVIEWER/CdViewer.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/jordan/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg--End of file - 12977 bytes Link to post Share on other sites More sharing options...
ALLEN2 Posted September 5, 2011 ID:472810 Share Posted September 5, 2011 PnkBster? that doesnt sound like the name for punkbuster because the real punkbuster names are: pbsetup, pbserv. Link to post Share on other sites More sharing options...
maxpaynekh92 Posted September 5, 2011 Author ID:472933 Share Posted September 5, 2011 what should i do ? i cant run malwarebytes anti-malware neither most of anti-viruses ...it gives me run-time error 372failed to load control 'vbalgrid' from vbalsgird6.ocx Link to post Share on other sites More sharing options...
maxpaynekh92 Posted September 5, 2011 Author ID:472936 Share Posted September 5, 2011 also i don't have sound in my computer now, just a 'beep' from computer case when an error happensis there an infection with?C:\WINDOWS\System32\svchost.exe Link to post Share on other sites More sharing options...
Staff screen317 Posted September 7, 2011 Staff ID:473721 Share Posted September 7, 2011 Hi and welcome to Malwarebytes.Disconnect from the Internet on this computer and transfer all needed files from a different computer.Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted September 28, 2011 Staff ID:480199 Share Posted September 28, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 12, 2011 Root Admin ID:484767 Share Posted October 12, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts