Please help me .. !!!

[dieforoman]

\\\

 

do i need to worry ?? !!

i downloaded a patch file last two days .. i want to activate the Microsoft Office .. cause it seemd it is not genuine ...

 

 

today ... when i enter the facebook .. they said .. that somebody tried to enter your account from different acount ... and they told me it is in Belrin :shock:

 

 

 

anyway ... i do the system report to identify the holes .. it it is not secure >>>

 

(( run ,,, system.ini )) .. and it seemd that my laptop is hacked :(

 

 

 

 

i do the Iobit Hijack Scan .. and this is the report ...

 

pleast help me .. i do not want to worry ... and i do not want to format my pc

thanx in advance ...

 

 

 

 

Logfile of IObit HijackScan v0.2.0.0

Scan saved at 21:50:24, on 2010-10-23

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\Alwil Software\Avast5\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10}Microsoft.wlsc.WrapperAX.2 - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: DCOM Server Process Launcher - Unknown -

O23 - Service: Diagnostic Policy Service - Unknown -

O23 - Service: Group Policy Client - Unknown -

O23 - Service: Windows CardSpace - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Net.Tcp Port Sharing Service - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Quality Windows Audio Video Experience - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) - Unknown -

O23 - Service: Security Accounts Manager - Unknown -

O23 - Service: Secondary Logon - Unknown - %windir%\system32\svchost.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Distributed Link Tracking Client - Unknown -

O23 - Service: Windows Modules Installer - Unknown -

O23 - Service: TuneUp Drive Defrag Service - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: Block Level Backup Engine Service - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host - Unknown -

O23 - Service: Diagnostic System Host - Unknown -

O23 - Service: Windows Media Player Network Sharing Service - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

[TheViking]

Yes!

 

do i need to worry ?? !!

i downloaded a patch file last two days .. i want to activate the Microsoft Office .. cause it seemd it is not genuine ..

 

 

 

This confirms that you are using pirated software. Because of such use you will not get any help

[itsmejjj]

and i do not want to format my pc ????

This confirms that you are using pirated software. ??? I hope for your sake its not the case...be it not my business any how.what any one installed.

 

do i need to worry ?? !! you are asking you sure Do !

 

well .you have what seems a possible big problem..

if i understand this you downloaded a patch? from where? if this is not a crack and a genuine patch .then you have problems..i hope its not the case

but since you are asking.

 

". i want to activate the Microsoft Office " sure its easy just install the genuine application. then link to MS let it verify the installed Application..

 

and end of problem..but you now need to format and reinstall your system..

or face more hacking..

 

hope this is of help.sorry but that is what happens with .non genuine verified application"s

 

if we read this wrong that check where you downloaded the patch to fix this..if its from the correct source MS...and not a rouge source..this can happen..

itsmejjj..

[fredvries]

Well, probably he is using pirated software but he DOES have a problem if someone tried to hijack his Facebook account.

 

This topic should be moved to 'Spyware-Malware Removal Help'.

 

In the mean time these entries should viewed with some suspicion:

O23 - Service: Quality Windows Audio Video Experience - Unknown - %windir%\system32\svchost.exe

O23 - Service: Secondary Logon - Unknown - %windir%\system32\svchost.exe

[enoskype]

Hi fredvries,

 

Please correct me if I am wrong, but most of the security-malware fighter in other forums too will intervene if a pirated software is in question.

 

Originally, that's why I have moved the thread from Spyware-Malware Removal Help! section to here, so he may get help from others.

 

If a Malware Fighter requests the move, I will certainly do that, or if you think it should be moved there anyway, please do so.:-)

 

Thank you and cheers.

[So_sad]

Hi guys,

 

Fred : I don't think there's anything wrong with those two lines (Services). It's just the way Hijackscan enumerates them that make them look suspicious, perhaps. First one looks like qWAVE and the second one would be SecLogon ; both of these are whitelisted in HijackThis , which is why they stick out here (Hijackscan doesn't whitelist them...).

 

Probably a rooted backdoor on that machine, and our friend's FaceBook account was hacked no doubt.

 

Whether we help with these or not is sometimes dictated by a forum's Terms of Use. If the forum doesn't allow helping with pirated software, then out they go. If it is left to the helper's discretion, then helping is possible.

 

====

[itsmejjj]

Whether we help with these or not is sometimes dictated by a forum's Terms of Use.

 

nice way you put this ,i like the wording..! better then i put it..its the truth of it ,you the user are at risk if using this type of software.not alleyways the case but its very risky..just depends who and what sort of Pearson puts this software as a bundled download..if its a someone with a nasty chip then you have problems..and there are many.as this poster found out..

 

that's is why the purpose of our reply are there as to warn you and not help.

why? the answer is already posted.

 

(i want to activate the Microsoft Office (yes don't we all like it for free...?? cause it seems it is not genuine ..)

 

not that it is or is not..but the point is it was dirty (ROUGE) as you found out.

now faced with what to do..

and our reasoning is its your own fault.by risking the download and then getting hacked..

 

 

so he may get help from others. i am rather summarized its still here on the forum,but then understand it as its a warning to any one to take or ignore..

 

itsmejjj

 

 

.

[So_sad]

Hi jjj,

 

That's pretty much how I feel about the issue as well. Leaving this topic visible can only help deter the behavior, hopefully. Wishful thinking perhaps...

 

For me, I kinda split these into two categories :

 

1) A visitor comes asking for help with pirated software like, say, a cracked MS Office or Adobe CS4 (or CS5). I won't help with these, even if the forum administration says I can. If another volunteer wants to pick up the topic, fine.

 

2) A visitor shows up infected and has an illegal operating system (Windows). Copied, patched, keygenned, whatever. Sometimes I'll help, but it depends on a few things I look for : is there an obvious infection I can treat quickly to prevent that machine from infecting other machines ? To prevent that machine from participating on a Botnet that attacks other sites or distributes other malware or even highly illegal files ? Is the visitor open to hearing our warnings and change the bad habits ?

If I get the impression the behavior will continue no matter what I say, then I'm out, fast. And I'm not saying I never get suckered in by a smooth talker either ; it happens I'm sure, but I at least stick to my own rules and do what I think is best for everyone involved.

 

Over 85% of freebies offered online - that shouldn't be freebies - are infected. When I say infected, I mean the file you download is pure malware, not even close to what you wished it was (keygen, crack, patched full program, etc...). Peer-to-peer networks and torrents are ideal for malware distribution, and so are "risky" sites. If you stop and think that maybe you shouldn't be there or shouldn't be downloading, then you're probably swimming in shark infested waters already... and should get out fast.

 

Collecting freebies which shouldn't be freebies can quickly get addictive, because you can get away with it if you're really lucky, for a while. Easy stealing. Some think they can always detect bad files, but that just isn't true. Proof of this can be found on security forums everywhere. Many of the newer infections really hit machines hard, crashing some of them beyond easy repair, meaning a format is required. Many families of infections install backdoors that allow remote access and stealing of everything found on the computer, including financial/banking information, passwords and PIN numbers, etc...

 

It's ugly out there, if you hang out in the wrong places.

 

====