Virus (pop-up and all files missing/hiding)

Posted 1/29/2012 9:48 PM
#93229
User avatar

HkSwtiE Advanced member

Date Joined Nov 2016
Total Posts: 32
There are windows pop up then the computer will log off itself. And files disappear even in Safe Mode. <br/>Please help. <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 1:13:49 PM, on 1/29/2012 <br/>Platform: Unknown Windows (WinNT 6.01.3504) <br/>MSIE: Internet Explorer v8.00 (8.00.7600.16385) <br/>Boot mode: Safe mode with network support. <br/> <br/>Running processes: <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\system32\ctfmon.exe <br/>C:\Users\VonnieK\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\VonnieK\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Users\VonnieK\AppData\Roaming\pipi\JfCheck.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll <br/>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [KndCLIWLJesl.exe] C:\ProgramData\KndCLIWLJesl.exe <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [Google Update] "C:\Users\VonnieK\AppData\Local\Google\Update\GoogleUpdate.exe" /c <br/>O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background <br/>O4 - HKCU\..\Run: [PPS Accelerator] C:\Users\VonnieK\Desktop\PPStream v2.7.0.1292\ppsap.exe <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll <br/>O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe <br/>O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll <br/>O13 - Gopher Prefix: <br/>O15 - ESC Trusted Zone: http://*.update.microsoft.com <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe <br/>O23 - Service: PIPIStartSvr - Unknown owner - C:\pipi\PIPIStartSvr.exe (file missing) <br/>O23 - Service: Realtek11nSU - Realtek - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe <br/> <br/>-- <br/>End of file - 5675 bytes <br/> <br/> <br/>========================================== <br/> <br/> <br/> <br/>Malwarebytes Anti-Malware 1.60.0.1800 <br/>www.malwarebytes.org <br/> <br/>Database version: v2012.01.28.06 <br/> <br/>Windows 7 x86 NTFS (Safe Mode/Networking) <br/>Internet Explorer 8.0.7600.16385 <br/>VonnieK :: VONNIEK-PC [administrator] <br/> <br/>1/29/2012 1:18:58 PM <br/>mbam-log-2012-01-29 (13-18-58).txt <br/> <br/>Scan type: Full scan <br/>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM <br/>Scan options disabled: P2P <br/>Objects scanned: 256030 <br/>Time elapsed: 17 minute(s), 56 second(s) <br/> <br/>Memory Processes Detected: 0 <br/>(No malicious items detected) <br/> <br/>Memory Modules Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Keys Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Values Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Data Items Detected: 0 <br/>(No malicious items detected) <br/> <br/>Folders Detected: 0 <br/>(No malicious items detected) <br/> <br/>Files Detected: 0 <br/>(No malicious items detected) <br/> <br/>(end)
Posted 1/29/2012 9:55 PM
#93230
User avatar

HkSwtiE Advanced member

Date Joined Nov 2016
Total Posts: 32
Under Normal mode, once window starts.. many pop-up window "Windows - Delayed Write Failed" messages shows" Failed to save all the components for the file \\System32\\00007b5b. The file is corrupted or unreadable. This error may be caused by a PC hardware problem" <br/> <br/>and below is another hijackthis log under normal mode: <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 1:54:45 PM, on 1/29/2012 <br/>Platform: Unknown Windows (WinNT 6.01.3504) <br/>MSIE: Internet Explorer v8.00 (8.00.7600.16385) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\system32\taskhost.exe <br/>C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe <br/>C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe <br/>C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe <br/>C:\Program Files\Common Files\Java\Java Update\jusched.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\ProgramData\KndCLIWLJesl.exe <br/>C:\Program Files\Windows Live\Messenger\msnmsgr.exe <br/>C:\Users\VonnieK\Desktop\PPStream v2.7.0.1292\ppsap.exe <br/>C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe <br/>C:\Users\VonnieK\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe <br/>C:\Users\VonnieK\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Windows\system32\attrib.exe <br/>C:\Windows\system32\conhost.exe <br/>C:\Users\VonnieK\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Program Files\Trend Micro\HijackThis\hijackthis.exe <br/>C:\Windows\system32\DllHost.exe <br/> <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Users\VonnieK\AppData\Roaming\pipi\JfCheck.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll <br/>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [KndCLIWLJesl.exe] C:\ProgramData\KndCLIWLJesl.exe <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [Google Update] "C:\Users\VonnieK\AppData\Local\Google\Update\GoogleUpdate.exe" /c <br/>O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background <br/>O4 - HKCU\..\Run: [PPS Accelerator] C:\Users\VonnieK\Desktop\PPStream v2.7.0.1292\ppsap.exe <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll <br/>O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe <br/>O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll <br/>O13 - Gopher Prefix: <br/>O15 - ESC Trusted Zone: http://*.update.microsoft.com <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe <br/>O23 - Service: PIPIStartSvr - Unknown owner - C:\pipi\PIPIStartSvr.exe (file missing) <br/>O23 - Service: Realtek11nSU - Realtek - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe <br/> <br/>-- <br/>End of file - 6380 bytes
Posted 1/30/2012 12:24 AM
#93231
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :smile: <br/> <br/> <br/> <br/> <br/> <br/> <br/>It looks like you´ve got a fraudulent security program infection. <br/> <br/> <br/> <br/> <br/>[color=#000000>[3]<SPAN lang=en-GB>After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:<SPAN lang=en-GB> <br/>Exit all windows that are currently open on your computer.[/3]</FONT> <br/> <br/>[3]To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.[/3]</FONT> <br/> <br/> <br/> <br/> <br/>[color=#000000>[color=#000000> <br/> <br/>[color=#000000>[color=#000000><FONT]<FONT][3]<SPAN lang=en-GB>When finished, it will produce a logfile located at [/3][/color][/color][color=#000000>[color=#000000>Post the contents of that log in your next reply [/3][/color][/color] <br/> <br/> <br/> <br/> <br/>[color=#000000><FONT][3]The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.[/3][/color]</FONT>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/2/2012 3:13 AM
#93244
User avatar

HkSwtiE Advanced member

Date Joined Nov 2016
Total Posts: 32
I could not perform Combo Fix earlier, but now my friend someone fixed a little. I do not have the pop up at start-up now. <br/>But there is still virus I believe, because there are files that are hidden at the start menu (like Microsoft words, it will say the folder is empty but i can open word file still), and under google search, when i click on the link from the result it will become another link (not the one it is suppose to be) <br/> <br/>Should I try ComboFix again now? <br/> <br/>Here is the new Hijack log and the Malware bytes did not find anything: <br/> <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 1:13:49 PM, on 1/29/2012 <br/>Platform: Unknown Windows (WinNT 6.01.3504) <br/>MSIE: Internet Explorer v8.00 (8.00.7600.16385) <br/>Boot mode: Safe mode with network support <br/> <br/>Running processes: <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\system32\ctfmon.exe <br/>C:\Users\VonnieK\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\VonnieK\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Users\VonnieK\AppData\Roaming\pipi\JfCheck.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll <br/>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [KndCLIWLJesl.exe] C:\ProgramData\KndCLIWLJesl.exe <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [Google Update] "C:\Users\VonnieK\AppData\Local\Google\Update\GoogleUpdate.exe" /c <br/>O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background <br/>O4 - HKCU\..\Run: [PPS Accelerator] C:\Users\VonnieK\Desktop\PPStream v2.7.0.1292\ppsap.exe <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll <br/>O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe <br/>O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll <br/>O13 - Gopher Prefix: <br/>O15 - ESC Trusted Zone: http://*.update.microsoft.com <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe <br/>O23 - Service: PIPIStartSvr - Unknown owner - C:\pipi\PIPIStartSvr.exe (file missing) <br/>O23 - Service: Realtek11nSU - Realtek - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe <br/> <br/>-- <br/>End of file - 5675 bytes
Posted 2/2/2012 4:14 AM
#93245
User avatar

Advanced member

Save Unhide.exe from here and run it: http://download.bleepingcomputer.com/grinler/unhide.exe <br/>Allow it to run (it can take quite some time) and it will restore all your hidden files.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 2/3/2012 2:33 AM
#93253
User avatar

HkSwtiE Advanced member

Date Joined Nov 2016
Total Posts: 32
i just tried it doesn't work. <br/>Folder is there, but files not there. <br/>Also any help on the virus that when I google search something, the link i clicked in the result is not directing me to the correct site.
Posted 2/3/2012 6:10 AM
#93255
User avatar

Advanced member

If you ran Unhide correctly (and it said that your files should be visible at the end) then if the folder is there and the file is not, then the file is actually not there. <br/>What did your McAffee scan say?
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 2/3/2012 6:22 AM
#93256
User avatar

HkSwtiE Advanced member

Date Joined Nov 2016
Total Posts: 32
i did run it, it did say all the files should be unhide now. but all the files have been actually deleted in the C:\ProgramData\Microsoft\Windows\Start Menu\Programs. Is there anyway to recover all the files? or I will have to manually create the shortcuts myself. another problem now, my webpage keeps being hijack and redirect to random websites. I scan with Malwarebyte and CCleaner and Avira, it doesnt fix it, any help?
Posted 2/3/2012 10:29 PM
#93257
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi there, <br/> <br/>I am afraid that you will have to manually add the shortcuts. <br/> <br/>Regarding the redirect issue, I recommend you to check this post and follow the steps outlined there. Let us know if the issue persists. <br/> <br/>Cheers!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 7:43 PM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.