Post reply

Name:
Email:
Subject:
Message icon:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 17. February 2012., 16:52:05 »

Quote from: devnullius on 17. February 2012., 09:56:01
I've seen it ; )) Two captains on one ship - we might still make it to port after all ; pp

In any case, We'll do that better than "Captain Coward": http://www.dailymail.co.uk/news/article-2087704/Costa-Concordia-Captain-Francesco-Schettino-I-left-I-FELL-lifeboat.html ;)



@Jade

My friend, We're still waiting reply from YOU ?!

 
Posted by: devnullius
« on: 17. February 2012., 09:56:01 »

I've seen it ; )) Two captains on one ship - we might still make it to port after all ; pp
Posted by: Samker
« on: 16. February 2012., 12:02:52 »

Quote from: devnullius on 16. February 2012., 11:27:46
Turning off system restore is smart - virus will hide there too (and it takes long to scan).

In cases like these, I do not trust NOD32 enough. I almost insist on Superantispyware. Run them both?

For which antivirus program to use in the future, see this thread (to be posted when I have time): http://scforum.info/index.php/topic,7429.0.html .

You have no use for CCleaner IF your run Cleanup! by Steven Gould. It does a better cleanup and scan. CCleaner's name stands for Crap Cleaner. I agree, it's a crap Cleaner ;p

On my systems, I use some custom scripts; when one is interested I'll post them online (with instructions).

Quote
provide us New logs from HJT
Running Combofix creates a log which has all info and more. It combines all requested here, plus some extras... Should be enough, and it's only a single log to post ;p

@devnullius

It look that you didn't notice this part:  :P

Quote
Lets go, after you finish with instructions provided by Devvie... follow my additonal instructions and after that provide us New logs from HJT and BitDefender Online Scaner:


@jade0220

Here you have "The Best AntiVirus" Topic: http://scforum.info/index.php/topic,100.0.html

and here you have The Best FREE AV - Avast, Avira, AVG, Panda (tested by SCF Team): http://scforum.info/index.php/board,10.0.html



Posted by: devnullius
« on: 16. February 2012., 11:27:46 »

Turning off system restore is smart - virus will hide there too (and it takes long to scan).

In cases like these, I do not trust NOD32 enough. I almost insist on Superantispyware. Run them both?

For which antivirus program to use in the future, see this thread (to be posted when I have time): http://scforum.info/index.php/topic,7429.0.html .

You have no use for CCleaner IF your run Cleanup! by Steven Gould. It does a better cleanup and scan. CCleaner's name stands for Crap Cleaner. I agree, it's a crap Cleaner ;p

On my systems, I use some custom scripts; when one is interested I'll post them online (with instructions).

Quote
provide us New logs from HJT
Running Combofix creates a log which has all info and more. It combines all requested here, plus some extras... Should be enough, and it's only a single log to post ;p
Posted by: Samker
« on: 15. February 2012., 11:01:57 »

Quote from: jade0220 on 14. February 2012., 22:08:24
at last...here are the logs...


C:\Users\JACKSON0220\AppData\Roaming\IDM\DwnlData\JACKSON0220\chatvibes108_135\chatvibes108.exe   a variant of Win32/MessengerPlus.A application   deleted - quarantined
D:\applications\programs\Cyberlink POWER DIRECTOR Ultra v7.00.1628(NEW-with serial keys)\Cyberlink PowerDirector Ultra v7.00.1628.rar   probably a variant of Win32/Agent.JAMZZKT trojan   deleted - quarantined
D:\applications\utilities\Gamebooster 2.3 [Adrianus217].exe   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
D:\applications\utilities\IObit GameBooster Premium 2.4.1.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
D:\applications\utilities\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
D:\applications\utilities\HDD Regenerator 2011\hr2011.exe   NSIS/TrojanDownloader.FakeAlert.DK trojan   deleted - quarantined
D:\downloads\dell\drivers\chatvibes108.exe   a variant of Win32/MessengerPlus.A application   deleted - quarantined
D:\downloads\Microsoft Office 2010 Activator [ kk ]\Microsoft Office 2010 Activator [ kk ].rar   Win32/HackKMS.A application   deleted - quarantined
F:\antivirus\bitdefender 2012\BitDefender 2012 Crack.rar   a variant of MSIL/Injector.JU trojan   deleted - quarantined
F:\applications\programs\Cyberlink PowerDirector Ultra v7.00.1628.rar   probably a variant of Win32/Agent.JAMZZKT trojan   deleted - quarantined
F:\applications\programs\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
F:\applications\programs\MS OFFICE PRO 2010\Microsoft Office 2010 Activator [ kk ]\Microsoft Office 2010 Activator [ kk ].rar   Win32/HackKMS.A application   deleted - quarantined
F:\applications\utilities\Gamebooster 2.3 [Adrianus217].exe   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
F:\applications\utilities\Product Key_awal.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
F:\Autorun.inf\ImmunityFolder...\antivirus.lnk   Win32/Dorkbot.D worm   cleaned by deleting - quarantined
F:\OS\windows7\Crack\SLIC Dump ToolKit v2.0\SLIC_Dump_ToolKit.EXE   a variant of Win32/Packed.FlyStudio application   cleaned by deleting - quarantined



Jade, don't worry most of these things are irrelevant... IMO, this one, marked with red letters, cause all this mess. ;)

Lets go, after you finish with instructions provided by Devvie... follow my additonal instructions and after that provide us New logs from HJT and BitDefender Online Scaner:

1. Turn-Off System Restore:

Quote

Steps to turn off System Restore

1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.

Do you want to turn off System Restore?
After a few moments, the System Properties dialog box closes.


2. Go to Safe Mode with Networking option:

Quote

To start the computer in safe mode
1.
You should print these instructions before continuing. They will not be available after you shut your computer down in step 2.

2.
Click Start and then click Shut Down.

3.
In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.

4.
As your computer restarts but before Windows launches, press F8.
On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.

5.
Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.

6.
If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER.


Note•
If Windows launches before you can choose a safe mode, restart your computer and try again.

In safe mode, you have access to only basic files and drivers (mouse, monitor, keyboard, mass storage, base video, default system services, and no network connections). You can choose the Safe Mode with Networking option, which loads all of the above files and drivers and the essential services and drivers to start networking, or you can choose the Safe Mode with Command Prompt option, which is exactly the same as safe mode except that a command prompt is started instead of the graphical user interface. You can also choose Last Known Good Configuration, which starts your computer using the registry information that was saved at the last shutdown.

Safe mode helps you diagnose problems. If a symptom does not reappear when you start in safe mode, you can eliminate the default settings and minimum device drivers as possible causes. If a newly added device or a changed driver is causing problems, you can use safe mode to remove the device or reverse the change.

There are circumstances where safe mode will not be able to help you, such as when Windows system files that are required to start the system are corrupted or damaged. In this case, the Recovery Console may help you.

NUM LOCK must be off before the arrow keys on the numeric keypad will function.


3. Download and Run NOD32 AV Online Scaner (during Safe Mode): http://scforum.info/index.php/topic,734.0.html

4. Download and use CCleaner: http://scforum.info/index.php/topic,1133.0.html (be careful, select everything except Desktop Shortcuts & Hotfix Uninstallers)
 
5. As I mention at the start, provide us new logs and information did you still experience problems with your PC??


cya later,

S.
Posted by: jade0220
« on: 15. February 2012., 01:24:56 »

thanks devnullius! be trying your option also...so do you suggest i change to  another anti virus?ad will it fix my shortcut folder and recycler problem?tnx alot
Posted by: devnullius
« on: 14. February 2012., 22:39:28 »

Sounds like we are being trolled? User is just 'worried' if problem will remain... Is it remaing? I guess not?

War!

Dev Nullius
Posted by: devnullius
« on: 14. February 2012., 22:36:46 »

C:\Users\JACKSON0220\AppData\Roaming\IDM\DwnlData\JACKSON0220\chatvibes108_135\chatvibes108.exe   a variant of Win32/MessengerPlus.A application   deleted - quarantined
--> I don't know it. Google?

D:\applications\programs\Cyberlink POWER DIRECTOR Ultra v7.00.1628(NEW-with serial keys)\Cyberlink PowerDirector Ultra v7.00.1628.rar   probably a variant of Win32/Agent.JAMZZKT trojan   deleted - quarantined
--> Unless you downloaded a portable collection of softwares with torrents, I guess this is a false warning.

D:\applications\utilities\Gamebooster 2.3 [Adrianus217].exe   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
D:\applications\utilities\IObit GameBooster Premium 2.4.1.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
--> Gamebooster should be legit too.

D:\applications\utilities\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
--> Should be legit... Upload to online multi virus scanner.

D:\applications\utilities\HDD Regenerator 2011\hr2011.exe   NSIS/TrojanDownloader.FakeAlert.DK trojan   deleted - quarantined
--> Should be legit... Upload to online multi virus scanner.

D:\downloads\dell\drivers\chatvibes108.exe   a variant of Win32/MessengerPlus.A application   deleted - quarantined
--> Again, don't know it. Upload to online multi virus scanner?

D:\downloads\Microsoft Office 2010 Activator [ kk ]\Microsoft Office 2010 Activator [ kk ].rar   Win32/HackKMS.A application   deleted - quarantined
Legit warez. Keep it, needed for Office activation. Add to ignore list of anti-virus.

F:\antivirus\bitdefender 2012\BitDefender 2012 Crack.rar   a variant of MSIL/Injector.JU trojan   deleted - quarantined
F:\applications\programs\Cyberlink PowerDirector Ultra v7.00.1628.rar   probably a variant of Win32/Agent.JAMZZKT trojan   deleted - quarantined
F:\applications\programs\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
F:\applications\programs\MS OFFICE PRO 2010\Microsoft Office 2010 Activator [ kk ]\Microsoft Office 2010 Activator [ kk ].rar   Win32/HackKMS.A application   deleted - quarantined
F:\applications\utilities\Gamebooster 2.3 [Adrianus217].exe   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
F:\applications\utilities\Product Key_awal.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
F:\Autorun.inf\ImmunityFolder...\antivirus.lnk   Win32/Dorkbot.D worm   cleaned by deleting - quarantined
F:\OS\windows7\Crack\SLIC Dump ToolKit v2.0\SLIC_Dump_ToolKit.EXE   a variant of Win32/Packed.FlyStudio application   cleaned by deleting - quarantined
-->  -->  -->  -->  -->  I guess the story is the same for all that follows above. Probably legit, just triggered by ignorant anti-virus programs.

I'll take a look an what your problems actually were ;)

Peace!

Devvie

Posted by: devnullius
« on: 14. February 2012., 22:30:39 »

When you re-post and all looks clean, I'll add some more tricks to prevent sheit in the future. Including some custom scripts and how to schedule them. All depending on your system, thus your feedback.

Peace!

Devvie
Posted by: devnullius
« on: 14. February 2012., 22:25:05 »

Sigh... All those people... Trying their best...

Try my approach, this is what I do :(

FIRST start cmd prompt with admin right, type: chkdsk c: /f /v /x
Reboot your computer, confirm that check disk has NO errors. Keep looking, information at the last 5 seconds before auto-reboot is important.

Hard drive ok?

Download:
- combofix http://www.bleepingcomputer.com/download/anti-virus/combofix
- Superantispyware http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
- Cleanup! by Steven Gould http://stevengould.org/downloads/cleanup/CleanUp452.exe

Install & run Cleanup! It proposes to run in DEMO mode. Say no. Configure Cleanup! to Cleanup all users. Also, use last tab of Options to Scan drive for files matching filter. Run it for real (not demo), and log off (just to be sure when you are infected with virii).

After this, scan times will greatly be reduced. You could finish up with a Microsoft Disk Cleanup - it does other things like compressing files. For virii related stuff, all temp sheit is handled by Cleanup! by ~

After log-on again, install Superantispyware. The program is a little paranoid, but not too much. In cases like these, I always run it - just keep a careful eye on what is removed (and might need to be re-installed by you - either falsely, or due to infection).

Scan the complete system. Remove whatever, just be done with it.

Reboot computer, user F8 to boot into safe mode.

In safe mode, run Combofix. Ignore warnings about installed anti-virus solutions. When on XP, install Recovery Console and continue (registry backup). Then, a blue DOS screen will appear showing you approx. 50 steps. CHECK if every step runs successful. If it does, just look at the log file that will appear after the reboot. Look especially at the last part - and post it here anyways? ; p

After these steps, 90% of systems is completely cured. Rare cases exist where Combofix will just hang. I  know of 2 cases on Dell machines where nobody has an answer about why. Including me :s

Let us know - I'll check when I have time ; )

peace!

Devvie


~~~ notemail@facebook.com ~~~

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-012 by DevNullius)
Posted by: jade0220
« on: 14. February 2012., 22:11:52 »

where do i get those viruses? do i need to change antivirus software?tnx so mch...
Posted by: jade0220
« on: 14. February 2012., 22:08:24 »

at last...here are the logs...


C:\Users\JACKSON0220\AppData\Roaming\IDM\DwnlData\JACKSON0220\chatvibes108_135\chatvibes108.exe   a variant of Win32/MessengerPlus.A application   deleted - quarantined
D:\applications\programs\Cyberlink POWER DIRECTOR Ultra v7.00.1628(NEW-with serial keys)\Cyberlink PowerDirector Ultra v7.00.1628.rar   probably a variant of Win32/Agent.JAMZZKT trojan   deleted - quarantined
D:\applications\utilities\Gamebooster 2.3 [Adrianus217].exe   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
D:\applications\utilities\IObit GameBooster Premium 2.4.1.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
D:\applications\utilities\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
D:\applications\utilities\HDD Regenerator 2011\hr2011.exe   NSIS/TrojanDownloader.FakeAlert.DK trojan   deleted - quarantined
D:\downloads\dell\drivers\chatvibes108.exe   a variant of Win32/MessengerPlus.A application   deleted - quarantined
D:\downloads\Microsoft Office 2010 Activator [ kk ]\Microsoft Office 2010 Activator [ kk ].rar   Win32/HackKMS.A application   deleted - quarantined
F:\antivirus\bitdefender 2012\BitDefender 2012 Crack.rar   a variant of MSIL/Injector.JU trojan   deleted - quarantined
F:\applications\programs\Cyberlink PowerDirector Ultra v7.00.1628.rar   probably a variant of Win32/Agent.JAMZZKT trojan   deleted - quarantined
F:\applications\programs\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key\Advanced SystemCare Pro 4.0.1.200 Final ML Software + Serial Key.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
F:\applications\programs\MS OFFICE PRO 2010\Microsoft Office 2010 Activator [ kk ]\Microsoft Office 2010 Activator [ kk ].rar   Win32/HackKMS.A application   deleted - quarantined
F:\applications\utilities\Gamebooster 2.3 [Adrianus217].exe   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
F:\applications\utilities\Product Key_awal.rar   a variant of Win32/Toolbar.Widgi application   deleted - quarantined
F:\Autorun.inf\ImmunityFolder...\antivirus.lnk   Win32/Dorkbot.D worm   cleaned by deleting - quarantined
F:\OS\windows7\Crack\SLIC Dump ToolKit v2.0\SLIC_Dump_ToolKit.EXE   a variant of Win32/Packed.FlyStudio application   cleaned by deleting - quarantined



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:56:27 AM, on 2/15/2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe
C:\Program Files (x86)\uTorrent Turbo Accelerator\uTorrent Turbo Accelerator.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - (no file)
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - (no file)
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C1770C9-4604-4B9F-9EF5-B9CC2ADCCAC0}: NameServer = 202.126.40.5 222.127.143.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7209F9-7AF1-477E-AC68-2C5F189018AE}: NameServer = 202.126.40.5 222.127.143.5
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9802 bytes

Posted by: Samker
« on: 14. February 2012., 20:52:45 »

Quote from: jade0220 on 14. February 2012., 14:57:35
sorry my connection is a little slow, still scanning i'll send you the log right away...tnx


No problem, We'll be here... ;)

Posted by: jade0220
« on: 14. February 2012., 14:57:35 »

sorry my connection is a little slow, still scanning i'll send you the log right away...tnx
Posted by: Samker
« on: 14. February 2012., 13:08:13 »

Quote from: Samker on 12. February 2012., 21:13:32
Quote from: jade0220 on 12. February 2012., 21:04:24
i have bit defender total security 2012 will this do?

In that case use Panda or ESET Online Scanner.

Jade, did you finish this Online AV Scans??

We're still waiting for your log...
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising