1. You are not to create any new threads regarding the similar topic as it will waste another helper's time.
   
2. You are not to install any new software in your system, as it may hinder our process thus making this futile.

1. You are not to modify the logs in any way. Failure to do so will instantly deprive you of this service.
   
2. You are to paste each log separately at PasteBin as it is. That is correct, no syntax highlighting, no editing - just the log purely. Post back the links for each log. You shall not hide them under spoiler codes.
   
3. You are to provide the complete set of requested logs.
   
4. You are to respond to every step I ask you to do using the format provided at the end of my post.
   
5. You agree that I have the right to discontinue the analysis at any time, upon a violation of a single rule.
   

• Pre-Step
  
  Click 'here' to download Temp File Cleaner by OldTimer. Save it to your Desktop.

• • Close any open windows.
    
  • Double-click TFC.exe and select 'Run' when prompted to execute the program. It will close all open programs itself in order to run.
    
  • Click the Start button to begin the cleaning process.
    
  • Please let the program run uninterruptedly.
    
  • Once the cleaning has been done, your computer should automatically reboot. Otherwise, please do so when it does not.

• Prerequisite
  
  If you are having a problem running HijackThis as Administrator, please follow the steps below.

• • Go to My Computer and navigate to your default disc drive (C: is the most common).
    
  • Go to Program Files > Trend Micro > HijackThis.
    
  • Right-click HiJackThis.exe and run it as Administrator.

• Step 1
  
  Please run HijackThis as Administrator. Click 'Do a system scan only' and place a check next to the following line(s) if present:
  
  F2 - REGystem.ini: Shell=Explorer.exe "C:\Users\Zay\AppData\Roaming\smss.exe"
  F2 - REGystem.ini: UserInit=userinit.exe
  O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
  O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
  O4 - HKLM\..\Run: [Advance adf Bot.exe] C:\Users\Zay\Downloads\Advance adf Bot.exe
  O4 - HKLM\..\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
  O4 - HKLM\..\Run: [MSWUpdate] "C:\Users\Zay\AppData\Roaming\smss.exe"
  O4 - HKLM\..\Run: [HKLM] C:\install\server.exe
  O4 - HKLM\..\Run: [System Restore] C:\Users\Zay\AppData\Roaming\Explorer.exe
  O4 - HKLM\..\Run: [Updator] C:\Users\Zay\AppData\Roaming\IwHsh54WE.exe
  O4 - HKLM\..\Run: [Windows System] C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
  O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
  O4 - HKCU\..\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
  O4 - HKCU\..\Run: [Testing] C:\Users\Zay\Desktop\Svg64.exe
  O4 - HKCU\..\Run: [Windows Update] C:\Users\Zay\AppData\Local\Microsoft\svchost.exe
  O4 - HKCU\..\Run: [Q7NZMT7RLB] C:\Users\Zay\AppData\Local\Temp\Rzf.exe
  O4 - HKCU\..\Run: [MSWUpdate] "C:\Users\Zay\AppData\Roaming\smss.exe"
  O4 - HKCU\..\Run: [HKCU] C:\install\server.exe
  O4 - HKCU\..\Run: [winupdater] C:\Windupdt\winupdate.exe
  O4 - HKCU\..\Run: [Form1] C:\Users\Zay\AppData\Roaming\binary.exe
  O4 - HKCU\..\Run: [Microsoft] C:\Users\Zay\AppData\Roaming
  O4 - HKCU\..\Run: [Java] C:\Users\Zay\AppData\Roaming\@off@\csrss.exe
  O4 - HKCU\..\Run: [System Restore] C:\Users\Zay\AppData\Roaming\Explorer.exe
  O4 - HKCU\..\Run: [Updator] C:\Users\Zay\AppData\Roaming\IwHsh54WE.exe
  O4 - HKCU\..\Run: [Windows System] C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
  O4 - HKLM\..\Policies\Explorer\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
  O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\install\server.exe
  O4 - HKLM\..\Policies\Explorer\Run: [System Restore] C:\Users\Zay\AppData\Roaming\Explorer.exe
  O4 - HKLM\..\Policies\Explorer\Run: [Windows System] C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
  O4 - HKCU\..\Policies\Explorer\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
  O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\install\server.exe
  
  Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.

• Step 2
  
  Please download the OTM File Mover from 'here'.
  • Save it to your Desktop.
    
  • Please double-click OTM.exe to run it.
    
  • Copy the lines inside the Code box below to the Clipboard by highlighting all of the content and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    
    
    Code:

    :Processes
explorer.exe

:Files
C:\Users\Zay\AppData\Roaming\smss.exe
C:\Users\Zay\Downloads\Advance adf Bot.exe
C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
C:\install\server.exe
C:\Users\Zay\AppData\Roaming\Explorer.exe
C:\Users\Zay\AppData\Roaming\IwHsh54WE.exe
C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
C:\Users\Zay\Desktop\Svg64.exe
C:\Users\Zay\AppData\Local\Microsoft\svchost.exe
C:\Users\Zay\AppData\Local\Temp\Rzf.exe
C:\Windupdt\winupdate.exe
C:\Users\Zay\AppData\Roaming\binary.exe
C:\Users\Zay\AppData\Roaming\@off@\csrss.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• • Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
    
  • Click the red MoveIt! button.
    
  • Copy everything in the Results window to the Clipboard by highlighting all of the content and by pressing CTRL + C (or, after highlighting, right-click and choose Copy).
    
  • Paste it in your next reply.
    
  • Close OTM.
  
  
  Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad) and click File > Open. In the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present. Copy and paste the contents of that document back here in your next post.

• Step 3
  
  Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.

• • Double-click esetsmartinstaller_enu.exe to execute the program.
    
  • Tick 'YES, I accept the Terms of Use'.
    
  • Click 'Start'.
    
  • If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
    
  • Database download may take some time.
    
  • When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
    • Scan for potentially unwanted applications
      
    • Enable Anti-Stealth Technology
  • Click 'Start'.
    
  • Wait for the scan to finish.
    
  • Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
    
  • Copy and paste that log as a reply to this topic.

• Step 4

• • Please download Malwarebytes' Anti-Malware 'here'.
    
  • Double-click mbam-setup.exe to install the application.
    
  • Make sure a checkmark is placed next to 'Malwarebytes' Anti-Malware' and 'Launch Malwarebytes' Anti-Malware', then click 'Finish'.
    
  • If an update is found, it will download and install the latest version.
    
  • Once the program has loaded, select 'Perform Full Scan', then click 'Scan'. The scan may take some time to finish, so please be patient.
    
  • When the scan is complete, click 'OK', then 'Show Results' to view the results.
    
  • Make sure that everything is checked, and click 'Remove Selected'.
    
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
    
  • The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the 'Logs' tab in the interface.
    
  • Copy and paste the entire report in your next reply.

• Step 5
  
  Download DDS.scr by sUBs from one of the following links & save it to your desktop.
  Link 1
  Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
    
  • Shortly after two logs will appear, DDS.txt & Attach.txt
    
  • A window will open instructing you save & post the logs.
    
  • Save the logs to a convenient place such as your desktop.
    
  • Copy the contents of both logs & post in your next reply.

• In your next post, please provide the following:
  • A Fresh HijackThis (HJT) Log
    
  • Deckard's System Scanner (DDS) Logs
    • DDS.txt
      
    • Attach.txt
  • ESET Scan Log
    
  • Malwarebytes' Anti-Malware Scan Log
    
  • OTM Scan Log

• Format of Response
  
  As part of my service terms, you are to fill this up every time you respond to your log. Copy and paste the content inside the code box and write directly after the closing tags. Do not add spaces as they are already provided. An exception applies to the numbers, as they are to be written after the # sign.
  
  Step #1: Change the number accordingly.
  Problems Encountered: Put N/A if the operation went smoothly.
  
  Link To Requested Logs: Post the links to the logs I have asked you to produce.
  
  
  Example: (Click to View)

  
  Step #1
  Problems Encountered: N/A
  
  Step #2
  Problems Encountered: N/A
  
  Step #3
  Problems Encountered: The scan did not finish.
  
  Link To Requested Logs:
  
  http://pastebin.com/YyptHtA0
  http://pastebin.com/ZDeE1fqK
  http://pastebin.com/tapuuLjz
  http://pastebin.com/jiXCzueq

• Code:

  [color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]

[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]

[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]

[color=#00BFFF][b]Link To Requested Logs:[/b][/color]

(04-12-2011, 08:04 AM)Quintus Wrote: If he wants to avoid all the hassle, yes, I would recommend that. Him having a BSOD gives me a glimpse that his system is heavily infected (the logs do show numerous infections as well). However, if he wants to recover something from here, I can try to remedy that problem.

(04-12-2011, 09:24 AM)RDCA Wrote: Well he has another computer being fixed right now ( he said it should be here today or so) , so that could be a pretty beneficial as to recovory right?

Quote:If not I am pretty sure he is going to just get the disc wiped.