Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Help...... I Think I Maybe Infected :'(
#1
Okay Soo Here Uhmm Here Is What Is Been Happening There Are No Icons For My Programs

There Is Also Is An Error With The Registry I Think And I Get Blue Screen of Death

My Log:





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:39:23 PM, on 4/9/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\windows\SysWOW64\explorer.exe
C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Zay\AppData\Local\Microsoft\svchost.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Users\Zay\AppData\Roaming\binary.exe
C:\Users\Zay\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zay\AppData\Roaming\smss.exe
C:\Users\Zay\AppData\Roaming\IwHsh54WE.exe
C:\Users\Zay\AppData\Roaming\@off@\csrss.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\Zay\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\Zay\AppData\Roaming\smss.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\taskmgr.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
R3 - URLSearchHook: IncrediMail MediaBar 4 Toolbar - {90eee664-34b1-422a-a782-779af65cdf6d} - C:\Program Files (x86)\IncrediMail_MediaBar_4\tbIncr.dll
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
F2 - REGConfusedystem.ini: Shell=Explorer.exe "C:\Users\Zay\AppData\Roaming\smss.exe"
F2 - REGConfusedystem.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IncrediMail MediaBar 4 Toolbar - {90eee664-34b1-422a-a782-779af65cdf6d} - C:\Program Files (x86)\IncrediMail_MediaBar_4\tbIncr.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: IncrediMail MediaBar 4 Toolbar - {90eee664-34b1-422a-a782-779af65cdf6d} - C:\Program Files (x86)\IncrediMail_MediaBar_4\tbIncr.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Advance adf Bot.exe] C:\Users\Zay\Downloads\Advance adf Bot.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSWUpdate] "C:\Users\Zay\AppData\Roaming\smss.exe"
O4 - HKLM\..\Run: [HKLM] C:\install\server.exe
O4 - HKLM\..\Run: [System Restore] C:\Users\Zay\AppData\Roaming\Explorer.exe
O4 - HKLM\..\Run: [Updator] C:\Users\Zay\AppData\Roaming\IwHsh54WE.exe
O4 - HKLM\..\Run: [Windows System] C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
O4 - HKCU\..\Run: [Testing] C:\Users\Zay\Desktop\Svg64.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Windows Update] C:\Users\Zay\AppData\Local\Microsoft\svchost.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Q7NZMT7RLB] C:\Users\Zay\AppData\Local\Temp\Rzf.exe
O4 - HKCU\..\Run: [MSWUpdate] "C:\Users\Zay\AppData\Roaming\smss.exe"
O4 - HKCU\..\Run: [HKCU] C:\install\server.exe
O4 - HKCU\..\Run: [winupdater] C:\Windupdt\winupdate.exe
O4 - HKCU\..\Run: [Form1] C:\Users\Zay\AppData\Roaming\binary.exe
O4 - HKCU\..\Run: [Microsoft] C:\Users\Zay\AppData\Roaming
O4 - HKCU\..\Run: [Java] C:\Users\Zay\AppData\Roaming\@off@\csrss.exe
O4 - HKCU\..\Run: [System Restore] C:\Users\Zay\AppData\Roaming\Explorer.exe
O4 - HKCU\..\Run: [Updator] C:\Users\Zay\AppData\Roaming\IwHsh54WE.exe
O4 - HKCU\..\Run: [Windows System] C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
O4 - HKLM\..\Policies\Explorer\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\install\server.exe
O4 - HKLM\..\Policies\Explorer\Run: [System Restore] C:\Users\Zay\AppData\Roaming\Explorer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows System] C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
O4 - HKCU\..\Policies\Explorer\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\install\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Zay\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Dyyno Service (Dyyno Launcher) - Unknown owner - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HideMyIpSRV - HideMyIP - C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe
O23 - Service: VpnProxyServer - Unknown owner - c:\program files (x86)\vpnproxy\Proxy.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18318 bytes
Reply
#2
Greetings,

Whilst I am in the process of scrutinizing your complete set of provided logs for any possible infections or problems, I ask for your forbearance. Understand that the process of analysis requires time and careful examination hence the need for a cautious response. Accuracy is of the essence. Once I come across infections, I shall present the finest methods of removal for your convenience.

In return for this service, I propose to you two conditions:
  1. You are not to create any new threads regarding the similar topic as it will waste another helper's time.
  2. You are not to install any new software in your system, as it may hinder our process thus making this futile.
In accordance to my terms, I also ask of you six things, stated below:
  1. You are not to modify the logs in any way. Failure to do so will instantly deprive you of this service.
  2. You are to paste each log separately at PasteBin as it is. That is correct, no syntax highlighting, no editing - just the log purely. Post back the links for each log. You shall not hide them under spoiler codes.
  3. You are to provide the complete set of requested logs.
  4. You are to respond to every step I ask you to do using the format provided at the end of my post.
  5. You agree that I have the right to discontinue the analysis at any time, upon a violation of a single rule.
Provided that you will continue with this service, you hereby agree to the above statements. If you deem the conditions are portraying equality, I will willingly perform the analysis without further delay. Should you have any concerns or problems with the above conditions, or if you feel that I have overlooked your log, do inform me through a Private Message.

Thank you.

Genuinely yours,
Quintus
  • Pre-Step

    Click 'here' to download Temp File Cleaner by OldTimer. Save it to your Desktop.
    • Close any open windows.
    • Double-click TFC.exe and select 'Run' when prompted to execute the program. It will close all open programs itself in order to run.
    • Click the Start button to begin the cleaning process.
    • Please let the program run uninterruptedly.
    • Once the cleaning has been done, your computer should automatically reboot. Otherwise, please do so when it does not.
  • Prerequisite

    If you are having a problem running HijackThis as Administrator, please follow the steps below.
    • Go to My Computer and navigate to your default disc drive (C: is the most common).
    • Go to Program Files > Trend Micro > HijackThis.
    • Right-click HiJackThis.exe and run it as Administrator.
  • Step 1

    Please run HijackThis as Administrator. Click 'Do a system scan only' and place a check next to the following line(s) if present:

    F2 - REGConfusedystem.ini: Shell=Explorer.exe "C:\Users\Zay\AppData\Roaming\smss.exe"
    F2 - REGConfusedystem.ini: UserInit=userinit.exe
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [Advance adf Bot.exe] C:\Users\Zay\Downloads\Advance adf Bot.exe
    O4 - HKLM\..\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
    O4 - HKLM\..\Run: [MSWUpdate] "C:\Users\Zay\AppData\Roaming\smss.exe"
    O4 - HKLM\..\Run: [HKLM] C:\install\server.exe
    O4 - HKLM\..\Run: [System Restore] C:\Users\Zay\AppData\Roaming\Explorer.exe
    O4 - HKLM\..\Run: [Updator] C:\Users\Zay\AppData\Roaming\IwHsh54WE.exe
    O4 - HKLM\..\Run: [Windows System] C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
    O4 - HKCU\..\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
    O4 - HKCU\..\Run: [Testing] C:\Users\Zay\Desktop\Svg64.exe
    O4 - HKCU\..\Run: [Windows Update] C:\Users\Zay\AppData\Local\Microsoft\svchost.exe
    O4 - HKCU\..\Run: [Q7NZMT7RLB] C:\Users\Zay\AppData\Local\Temp\Rzf.exe
    O4 - HKCU\..\Run: [MSWUpdate] "C:\Users\Zay\AppData\Roaming\smss.exe"
    O4 - HKCU\..\Run: [HKCU] C:\install\server.exe
    O4 - HKCU\..\Run: [winupdater] C:\Windupdt\winupdate.exe
    O4 - HKCU\..\Run: [Form1] C:\Users\Zay\AppData\Roaming\binary.exe
    O4 - HKCU\..\Run: [Microsoft] C:\Users\Zay\AppData\Roaming
    O4 - HKCU\..\Run: [Java] C:\Users\Zay\AppData\Roaming\@off@\csrss.exe
    O4 - HKCU\..\Run: [System Restore] C:\Users\Zay\AppData\Roaming\Explorer.exe
    O4 - HKCU\..\Run: [Updator] C:\Users\Zay\AppData\Roaming\IwHsh54WE.exe
    O4 - HKCU\..\Run: [Windows System] C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
    O4 - HKLM\..\Policies\Explorer\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\install\server.exe
    O4 - HKLM\..\Policies\Explorer\Run: [System Restore] C:\Users\Zay\AppData\Roaming\Explorer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Windows System] C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
    O4 - HKCU\..\Policies\Explorer\Run: [TJFAXKBT38DW9] C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\install\server.exe


    Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.
  • Step 2

    Please download the OTM File Mover from 'here'.
    • Save it to your Desktop.
    • Please double-click OTM.exe to run it.
    • Copy the lines inside the Code box below to the Clipboard by highlighting all of the content and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes
      explorer.exe

      :Files
      C:\Users\Zay\AppData\Roaming\smss.exe
      C:\Users\Zay\Downloads\Advance adf Bot.exe
      C:\Users\Zay\AppData\Roaming\QZW7PO92F.exe
      C:\install\server.exe
      C:\Users\Zay\AppData\Roaming\Explorer.exe
      C:\Users\Zay\AppData\Roaming\IwHsh54WE.exe
      C:\Users\Zay\AppData\Roaming\NL2AH7GTSQ.exe
      C:\Users\Zay\Desktop\Svg64.exe
      C:\Users\Zay\AppData\Local\Microsoft\svchost.exe
      C:\Users\Zay\AppData\Local\Temp\Rzf.exe
      C:\Windupdt\winupdate.exe
      C:\Users\Zay\AppData\Roaming\binary.exe
      C:\Users\Zay\AppData\Roaming\@off@\csrss.exe

      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
    • Click the red MoveIt! button.
    • Copy everything in the Results window to the Clipboard by highlighting all of the content and by pressing CTRL + C (or, after highlighting, right-click and choose Copy).
    • Paste it in your next reply.
    • Close OTM.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad) and click File > Open. In the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present. Copy and paste the contents of that document back here in your next post.
  • Step 3

    Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.
    • Double-click esetsmartinstaller_enu.exe to execute the program.
    • Tick 'YES, I accept the Terms of Use'.
    • Click 'Start'.
    • If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
    • Database download may take some time.
    • When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
      • Scan for potentially unwanted applications
      • Enable Anti-Stealth Technology
    • Click 'Start'.
    • Wait for the scan to finish.
    • Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
    • Copy and paste that log as a reply to this topic.
  • Step 4
    • Please download Malwarebytes' Anti-Malware 'here'.
    • Double-click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to 'Malwarebytes' Anti-Malware' and 'Launch Malwarebytes' Anti-Malware', then click 'Finish'.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Full Scan', then click 'Scan'. The scan may take some time to finish, so please be patient.
    • When the scan is complete, click 'OK', then 'Show Results' to view the results.
    • Make sure that everything is checked, and click 'Remove Selected'.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
    • The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the 'Logs' tab in the interface.
    • Copy and paste the entire report in your next reply.
  • Step 5

    Download DDS.scr by sUBs from one of the following links & save it to your desktop.
    Link 1
    Link 2
    • Double-Click on dds.scr and a command window will appear. This is normal
    • Shortly after two logs will appear, DDS.txt & Attach.txt
    • A window will open instructing you save & post the logs.
    • Save the logs to a convenient place such as your desktop.
    • Copy the contents of both logs & post in your next reply.
  • In your next post, please provide the following:
    • A Fresh HijackThis (HJT) Log
    • Deckard's System Scanner (DDS) Logs
      • DDS.txt
      • Attach.txt
    • ESET Scan Log
    • Malwarebytes' Anti-Malware Scan Log
    • OTM Scan Log
  • Format of Response

    As part of my service terms, you are to fill this up every time you respond to your log. Copy and paste the content inside the code box and write directly after the closing tags. Do not add spaces as they are already provided. An exception applies to the numbers, as they are to be written after the # sign.

    Step #1: Change the number accordingly.
    Problems Encountered: Put N/A if the operation went smoothly.

    Link To Requested Logs: Post the links to the logs I have asked you to produce.

  • Code:
    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Link To Requested Logs:[/b][/color]
Reply
#3
Hello Quintus,
This is my friend. I refereed him to here to get help, so now he has run into a problem. Were he can no longer post so he asked me to post his problems. At the moment we are talking over xbox live. So here is his problem.
This is according to him. " I turn on my computer, I get to the login screen. Then I try logging in and I get a BSOD. I think its a registry error." Thats according to him. He also was talking about taking it to a shop and having him just wipe the disc clean and installing windows 7 again. Do you think he should?
Reply
#4
If he wants to avoid all the hassle, yes, I would recommend that. Him having a BSOD gives me a glimpse that his system is heavily infected (the logs do show numerous infections as well). However, if he wants to recover something from here, I can try to remedy that problem.
Reply
#5
(04-12-2011, 08:04 AM)Quintus Wrote: If he wants to avoid all the hassle, yes, I would recommend that. Him having a BSOD gives me a glimpse that his system is heavily infected (the logs do show numerous infections as well). However, if he wants to recover something from here, I can try to remedy that problem.

Well he has another computer being fixed right now ( he said it should be here today or so) , so that could be a pretty beneficial as to recovory right?

If not I am pretty sure he is going to just get the disc wiped.
Reply
#6
(04-12-2011, 09:24 AM)RDCA Wrote: Well he has another computer being fixed right now ( he said it should be here today or so) , so that could be a pretty beneficial as to recovory right?

Well, if he goes to a repair shop, they can do the same thing. If he wants to do it with me guiding him; it is also fine.

Quote:If not I am pretty sure he is going to just get the disc wiped.

If he does not have sensitive data then he can do just that, prior a clean re-install.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  I am Infected Give some good suggestions heartylover 11 4,657 03-12-2015, 03:19 AM
Last Post: TobyCordova
  Infected - Can't Start System Restore srcstcbstrd 2 1,716 08-17-2014, 11:39 PM
Last Post: Autopost
  [Think You're Infected?! LOOK HERE] Infested Cleaner [White Hat Heper] Infested Terran 11 5,144 02-08-2012, 08:39 PM
Last Post: AceInfinity
  Help. Infected with Adware.Toolbar.Dealio Resistance 3 3,690 11-27-2011, 11:47 AM
Last Post: Resistance
  i may be infected can you analyze this otl log please helpplease 6 3,146 11-23-2011, 08:58 PM
Last Post: Brandenx781

Forum Jump:


Users browsing this thread: 4 Guest(s)