Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

k... so i got another virus >:(


  • Please log in to reply
3 replies to this topic

#1 f0xh0und

f0xh0und

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 08 June 2012 - 01:49 PM

Mod EDIT: Moved to Virus, Trojan, Spyware, and Malware Removal Logs as OP posted an HJT log~~boopme

so... i was using ie again *le sigh* to browse some images on google (yah... of cars bleeps... been watching too much top gear ;) ) n i got one of those drive-by viruses (virii?) -- again, on a FULLY updated windows 7 pc with ie9 (WITH smartscreen enabled (HA! *smart*screen *pfft* )... also, FULLY updated java and flash and microsoft security essentials (which is *essentially* CRAP if it keeps letting these backdoor trojan viruses and rootkits dig their claws into my system (via NO interaction by me AT ALL)!



don't worry... i'm not in the wrong thread (i'm not asking how to remove it (already did that... actually it was oddly like it just removed itself (i booted into safe mode and ran mse, mrt (malicious software remov...blahblahblah (great name micro$haft!), malwarebytes, superantispyware, sfc, chkdsk... even a rootkit remover (unhackme -- no offense... but that proggy looks AND runs like it was written by a hack (not gonna lie... i never could create something like that (not that i would want to, though, the way that thing ran :S ) but kudos to the guy who wrote it)... anyway... rebooted into 'normal' mode aaaand *POOF* there it was... something called 'live security platinum' ... FAKE virus scanning... so i opened processexplorer to close it (cuz it wouldn't let me open taskmgr(.exe)... and it disappeared :S WTF... idk... idc really... just sayin).

(also, i love how mse says it's "quarenteened" (sp?) the virus' files, BUT IT STILL LETS THEM RUN/EXECUTE IN THE FIRST PLACE!!! WTF M$?!?!)



ANYway... so... got rid of the virus, and, now, the taskbar (system tray... err... wtf ever m$ calls that botton-right area now (notifications? w/e :\ )... well, it's acting like it did in xp (and 9x?) when u DIDN'T reinstall windows EVERY other day (i.e., randomly, some icons will not appear after logging in -- i was 99% sure that this was fixed in win7 (i mean 6.1 -- FFS m$!)

also, my desktop icons will NOT retain their size/orientation (ascending by date (with descending by name then size ticked first -- yes... it makes a difference) after rebooting/logging in :S



if i have to run something... stop... i had to run 'unhide.exe' after my last infection (tdss family) and it UNHID all my specially hidden, protected, system folders n files (that NEVER showed up before -- even with 'show hidden files/folders...' enabled)... yah (for some reason... nobody on this forum seems to get that THAT proggy does that (even after numerous people have said it does)... but, oh well, it did get me back my shortcuts (even if the taskbar ones have a "2" in em that absolutely CANNOT be taken out :S )

so... my question is: how 'bout this: if i repair windows (the old-fashioned way -- with the dvd (y'know... the one that ACTUALLY works -- not that hokie f8-repair bullsh*t) -- will i lose right-click actions or my clonedrives (i believe theyre just drivers with software... i know... not lookin too good :( ) or my shell (explorer)-embedded actions (like 'create iso' or 'open command promt here')? cuz, if that's the case... forget what i said earlier... maybe tell me about any software that'll fix my taskbar/desktop problems (n any OTHER problems this fake/rogue virus causes)



i'm so fed up with windows (ESPECIALLY "7" cuz it looks/runs like CRAP (with usually (or seemingly) about a DOZEN different ways to do ONE thing in the ui and reversed alt+tab or w/e and those g*dd*amn FSCKING annoying "peek" or "preview" -- or wtf ever they're called -- "windows" in my taskbar... WITH Xs (close boxes) ON THEM -- WHO THE FSCK THOUGHT THAT WAS A GOOD IDEA?!?)... idt i'll EVER buy ANOTHER m$ product again (they seem to be ignoring mainstream users left and right with their tablet-centric win8 os and their 'dance n dodge the balls' kinect (or however u freakin spell it) games all over xbx... don't even get me started on win7 "phone" ... or *ZUNE* (*god* :S )



*i just gotta keep telling myself... one day i WILL have a mac, one day i WILL have a mac (or, one day google WILL have a proper desktop os, or one day android WILL have proper media players and office/productivity suites and file browsers)!! :D heh... heh :'( *

p.s., i apologize for the wall (i needed to rant... but i REALLY need to know the answer to my question)... so:

tldr: will repairing windows (7) (the old fashioned way -- with the system disc (yes... i've tried... it will appear to work with an oem (dell) system repair disc) make all my fake drives (cd/dvdroms -- clonedrives) and iso recorder actions (built (installed) into the windows shell (explorer) or other right-click specific actions (e.g., run ccleaner, play with vlc, etc.) disappear??? :(

Edited by boopme, 09 June 2012 - 08:06 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,866 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:10 PM

Posted 08 June 2012 - 03:19 PM

You talk about "repairing"...I'm not convinced that your malware has been neutralized.

I'm moving this topic to Am I Infected for a deeper look.

Louis

#3 f0xh0und

f0xh0und
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 08 June 2012 - 06:57 PM

You talk about "repairing"...I'm not convinced that your malware has been neutralized.

I'm moving this topic to Am I Infected for a deeper look.

Louis


k... just ran hijackthis aaand... nothing (checked it myself)

now, i know ur gonna ask, so... for your appeasement, the log file:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:46 PM, on 6/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Desktops.exe
C:\Program Files (x86)\Shareaza\Shareaza.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Sysinternals Desktops] C:\Desktops.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files (x86)\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [510F55363591206FA62D93956775BB61D067DC97._service_run] "C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [chromium] C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKCU\..\Run: [Google Update] "C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [7 Taskbar Tweaker] "C:\Users\admin\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe" -hidewnd
O4 - HKCU\..\Run: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe
O4 - Startup: Dropbox.lnk = admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2352CAAE-8A54-4F53-A496-15FE47242701}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2352CAAE-8A54-4F53-A496-15FE47242701}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{2352CAAE-8A54-4F53-A496-15FE47242701}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14782 bytes[/b]



also, this was just a simple rogue fake antivirus virus... so... no hidden rootkits (besides, like i said, i checked)

so... how 'bout my question? ;)


#4 f0xh0und

f0xh0und
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 09 June 2012 - 10:13 PM

oh well... guess nobody knows (guess i'll just live with it -- i'm not gonna risk losing all my shell (ui) settings/elements :\

(btw... i think i must've been me logging in too fast when it comes to the 'notification area' issue -- guess m$ didn't fix that after all (at least not all the way :\ )




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users