Jump to content

EbiomzPamws

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here are addition and frst.txt. Enjoy. Addition.txt FRST.txt
  2. Hello, i have no idea what p2p software or pirated/cracked software I'd have on here. If any support could be granted, that would be appreciated. Does steam count as p2p? Origin? uhm....arc? All of those are gaming platform thingys where you add friends and stuff, but idk if that's p2p. I use resource hacker to modify splash screens and text for programs, but that is a binary thingy (I'm not sure what it's called, i just follow YouTube tutorials on how to use it and then i made it my own thing) I have quite a few free to play games, but again I'm not sure if that counts.
  3. Please help, i downloaded a file via mis-click and I'm 110% sure i have an infection now. I have tried everything, and nothing works. Re-installing windows is NOT an option. I have tried MB-anti root kit thing, Chameleon failed, chrome is slower, some advisory addon with a redirection error was on my PC, each of my internet browsers randomly ask to be default (Does not normally happen) Files like the .log have locks and them and are invisible and hard to get to, I'm locked out of some files, though I am admin even when i try and change permissions it fails. I used JTR, MBAR, rKill, Msert. None of them worked. Alright, so this started after i downloaded a file and i knew it was an error, I went and downloaded Mbam 2.0 and ran it, but it detected nothing (I have a license, but Idk if i do now because i got a 1.7v to work and it said i was no longer registered...w.e) Then upon restart the windows start up took 2-3 minutes, way longer then normal. I had a strange add-on that people claimed was a virus, i attempted to remove it. I removed other files via dual-linux/ubuntu boot. Mbam 2.0 Would not start, no matter what method i tried, even via chameleon...it's uninstalled now. When i try and re-install it I get run time errors and if it succeeds it still won't open. My computer is still slow, and i have a feeling it's a rootkit or trojan, but nothing can find it. Please help. Here is my Hijack this log. Excuse my un-professionalism, but I'm scared, nervous and the whole 9 yards. HiJackThis: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:07:51 AM, on 4/6/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.16521)Boot mode: Normal Running processes:C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.audio4fun.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.search.yahoo.com/?type=198484&fr=spigot-yhp-ieR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: (no name) - {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - (no file)O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabO16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9379E447-BBF0-4D9A-B4C5-E5A3ECEC3906}: NameServer = 192.168.0.130O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Protocol: WSIEChrome - (no CLSID) - (no file)O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeO23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exeO23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exeO23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exeO23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exeO23 - Service: Razer Surround Audio Service (RzMaelstromVADStreamingService) - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) --End of file - 8886 bytes Here is the startup log: StartupList report, 4/6/2014, 12:20:37 AMStartupList version: 1.52.2Started from : C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.EXEDetected: Windows 7 SP1 (WinNT 6.00.3505)Detected: Internet Explorer v11.0 (11.00.9600.16521)* Using default options================================================== Running processes: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = userinit.exe, -------------------------------------------------- Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\Run amd_dc_opt = C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe(Default) = Razer Synapse = "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" -------------------------------------------------- Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run [AutorunsDisabled]APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" -------------------------------------------------- File association entry for .HTA:HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\Windows\SysWOW64\mshta.exe "%1" %* -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=*INI section not found*SCRNSAVE.EXE=*INI section not found*drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exeSCRNSAVE.EXE=*Registry value not found*drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found*HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - (no file) - {43D9786F-A485-683B-9B5B-ACC97ABC17FC}(no name) - C:\Program Files (x86)\Java\jre7\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}ArcPluginIEBHO - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F}(no name) - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}(no name) - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}(no name) - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9} -------------------------------------------------- Enumerating Task Scheduler jobs: Adobe Flash Player Updater.jobGoogleUpdateTaskUserS-1-5-21-234947849-84365881-2129188560-1001Core.jobGoogleUpdateTaskUserS-1-5-21-234947849-84365881-2129188560-1001UA.job -------------------------------------------------- Enumerating Download Program Files: [shockwave Flash Object]InProcServer32 = C:\Windows\SysWOW64\Macromed\Flash\Flash32_12_0_0_77.ocxCODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [{D4B68B83-8710-488B-A692-D74B50BA558E}]CODEBASE = http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab [Creative Software AutoUpdate 2]InProcServer32 = C:\PROGRA~2\Creative\SHARED~1\SOFTWA~1\CTSUEng.ocxCODEBASE = http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab [Creative Software AutoUpdate Support Package]InProcServer32 = C:\PROGRA~2\Creative\SHARED~1\SOFTWA~1\CTPID.ocxCODEBASE = http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\NLAapi.dllNameSpace #2: C:\Windows\system32\napinsp.dllNameSpace #3: C:\Windows\system32\pnrpnsp.dllNameSpace #4: C:\Windows\system32\pnrpnsp.dllNameSpace #7: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLLNameSpace #8: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLLNameSpace #9: C:\Program Files (x86)\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: Windows NT checkdisk command:BootExecute = autocheck autochk * Windows NT 'Wininit.ini':PendingFileRenameOperations: C:\Users\Eric\AppData\Local\Temp\_iu14D2N.tmp|||L -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: *Registry key not found* --------------------------------------------------End of report, 6,647 bytesReport generated in 0.031 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.