It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

VIRUS ALERT. *** HEEELP !!!!!!! ***

page: 2
0
<< 1   >>

log in

join
share:
GEORGETHEGREEK

posted on Jan, 30 2009 @ 09:44 PM
link   
O2 - BHO: Google Gears Helper - [E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53] - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - [E7E6F031-17CE-4C07-BC86-EABFE594F69C] - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - [F4971EE7-DAA0-4053-9964-665D8EE6A077] - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - [2318C2B1-4965-11d4-9B18-009027A5CD4F] - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Adobe PDF - [47833539-D0C5-4125-9FA8-0819E2EAAC93] - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - [517BDDE4-E3A7-4570-B21E-2B52B6139FC7] - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - [0FBB9689-D3D7-4f7a-A2E2-585B10099BFC] - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Ask Toolbar - [3041d03e-fd4b-44e0-b742-2d9b88305f98] - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MbWzdFPAP-EXL540] E:\PdtGuide.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe"
O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_[79662E04-7C6C-4d9f-84C7-88D8A56B10AA]] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\GEORGE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Ανοιξε την τρέχουσα σελίδα με τον Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Ανοιξε τον στόχο του συνδέσμου με τον Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Βάλε στην ουρά την τρέχουσα σελίδα με τον Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Βάλε στην ουρά τον στόχο του συνδέσμου με τον Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - [09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5] - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Ρυθμίσεις Gears - [09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5] - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Create Mobile Favorite - [2EAF5BB1-070F-11D3-9307-00C04FAE2D4F] - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - [2EAF5BB2-070F-11D3-9307-00C04FAE2D4F] - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Δημιουργία Αγαπημένου κινητής συσκευής... - [2EAF5BB2-070F-11D3-9307-00C04FAE2D4F] - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - [77BF5300-1474-4EC7-9980-D32B190E9B07] - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Έρευνα - [92780B25-18CC-41C8-B9BE-3C9C571A8263] - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - [FB5F1910-F110-11d2-BB9E-00C04F795683] - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - [FB5F1910-F110-11d2-BB9E-00C04F795683] - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: [1E54D648-B804-468d-BC78-4AFFED8E262E] (System Requirements Lab) - www.nvidia.com...
O16 - DPF: [6414512B-B978-451D-A0D8-FCFDF33E833C] (WUWebControl Class) - www.update.microsoft.com...
O16 - DPF: [74DBCB52-F298-4110-951D-AD2FF67BC8AB] (NVIDIA Smart Scan) - www.nvidia.com...
O16 - DPF: [D27CDB6E-AE6D-11CF-96B8-444553540000] (Shockwave Flash Object) - fpdownload2.macromedia.com...
O18 - Protocol: bwfile-8876480 - [9462A756-7B47-47BC-8C80-C34B9B80B32B] - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - [FFC8B962-9B40-4DFF-9458-1830C7DD7F5D] - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1c97c01fb3ed52) (gupdate1c97c01fb3ed52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 19255 bytes


GEORGETHEGREEK

posted on Jan, 30 2009 @ 09:47 PM
link   

Originally posted by n0b0DY
Your welcome!

Also I would suggest looking in your system32 folder for .dll files that seem odd.

I usually find ones that dont make any sense to actually be part of the virus.

Such as yyytttueueue.dll or xlreaper.dll.

Another way to check the .dll files is arrange them by date and find all the ones that were created on the date you got the virus and delete them.

If you cant delete them, i.e. the usual access denied box, use a program called Unlocker to unlock it from its operation and then useEraser to wipe it.

Works everytime!


you are a genious!!!!!
I hope i am carefull enough and not make any further damage myself.

THANK YOU!


n0b0DY

posted on Jan, 30 2009 @ 10:02 PM
link   
I suggest deleteing these as it the only two that seem out of place.

O4 - HKLM\..\Run: [MbWzdFPAP-EXL540] E:\PdtGuide.exe
O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file)

Other then that it seems okay. I'll keep looking.


GEORGETHEGREEK

posted on Jan, 30 2009 @ 10:07 PM
link   
by the way the only means that helped me indeed manage a thorough back up of what i needed is GoodSync.
Its a free trial that will do your job when required.
My copy was a present from my friend Tor'en Di.

Its propably that friend of mine that also broke another couple of discs of mine in the past while i was away...

Anyway GoodSync works wonders and is easy to use.


n0b0DY

posted on Jan, 30 2009 @ 10:10 PM
link   
So after the Hijack scan It seems that it is a hardware issue.

Try to write down all of the model numbers from your Motherboard, Graphics card, Ethernet Card, HDD and CPU and other devices which dont seem to be working.

Send it to me via U2U and I'll dig for the appropriate firmware and drivers.

Also it looks like you have a heck of allot of softwer running at once.
Try to get rid of the programs you dont need for now.

Best fo Luck!


GEORGETHEGREEK

posted on Jan, 30 2009 @ 10:17 PM
link   

Originally posted by n0b0DY
I suggest deleteing these as it the only two that seem out of place.

O4 - HKLM\..\Run: [MbWzdFPAP-EXL540] E:\PdtGuide.exe
O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file)

Other then that it seems okay. I'll keep looking.






i have done so my friend but accessing the drives the normal way still doesn t work...

Do you think i will need a restart? I fear restarting


Virus scan now at 77% still has found nothing...


oh and i cannot express how obliged i am for your time & knowledge...

[edit on 30/1/2009 by GEORGETHEGREEK]


Anonymous ATS

posted on Jan, 30 2009 @ 10:23 PM
link   
reply to post by GEORGETHEGREEK
 


1. just because the error msg had .com in the name doesn't mean that its a virus. .com is a windows file format.

2. windows doesnt have set error msgs for every possible error. When it doesn't know what happened, it just spits out a whole bunch of technical data assuming your a hardcore programmer/debugger, e.g the file that is corrupt and the data thats corrupted in the file.

3. You had a storm the night before, therefor its logical to conclude that its most likly the storm since a fresh install still had problems. Your motherboard may have been damaged, resulting with an unstable harddrive controller

Conclusion:

If you haver the money, replace the entire computer and that will instantly fix your problem. You probably don't have the money though, so a thorough format of the hdd, and complete erase of the data from the old drive, so dont restore a backup, because maybe it is a virus. If you absolutly have to have the old data, then I reccomend scanning it with trendmicro housecall, or dlling and installing avast then scanning with that.
Good luck!


Anonymous ATS

posted on Jan, 31 2009 @ 01:23 AM
link   
its a virus (vundu virus to be specific) mate i have the same problem, download and install the free program which is called 'malwarebytes' and it will detect and delete it, as i am doing right now lol. It works and it has never let me down goodluck


kingbusta


apex

posted on Feb, 4 2009 @ 12:12 PM
link   
Some of your issues sound like you just need the correct drivers for your hardware, in which case going on start -> right click on my computer -> manage and then going through looking for ones that just say "Generic _____ device" or similar and then letting Windows search for and download them for you. Though that doesn't help with the etherent, you would need to get that off the manufacturer through another computer/internet connection.

if your old HD still works and can get enough internet to download a CD image and burn it to disk, you can use this guide to recover the files (for free) off your old Hard drive
www.psychocats.net...




top topics



 
0
<< 1   >>

log in

join


The Above Top Secret Web site is a wholly owned social content community of AboveTopSecret.com.

This content community relies on user-generated content from our member contributors. The opinions of our members are not those of site ownership who maintains strict editorial agnosticism and simply provides a collaborative venue for free expression.

All content copyright 2024, AboveTopSecret.com