BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Want to know the virus in my laptop. Application window (always on top) 3 hour count down
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Want to know the virus in my laptop. Application window (always on top) 3 hour count down  
Forum Quick Jump
 
You cannot post new topics in this forum. Locked Topic Printable version of : Want to know the virus in my laptop. Application window (always on top) 3 hour count down
[ << Previous Thread | Next Thread >> ]

humdinger_v
New Member


Date Joined Dec 2009
Total Posts : 5
 
   Posted 12/26/2009 7:17 PM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
I got my flash drive infected by a virus.. the folders became .exe. Norton tried to clean this and then I used my laptop. All of a sudden a weird window or application is showing that is always on top. It contains weird language and all I can understand is "Download Master". There is a countdown timer that starts at 2:59:59 in red font. The window/application is always on top and all applications i run are always behind it. Norton is open but closes so I assume it's disabled. Task manager is also disabled. My screen was also resized. Norton quick scan always runs and I was able to see a Trojan Horse - Userini.exe. That's it no more details.

Please help on what is this virus and how can i get rid of it without reformatting my hard disk. Is this a trojan horse and why didn't Norton detect this? :( My virus definition file is updated as of Dec 22, 2009. :(

Pleae help asap. Thanks!
Back to Top
 

Malik
New Member


Date Joined Dec 2009
Total Posts : 4
 
   Posted 12/26/2009 8:17 PM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
Same problem here, I think it is new virus... Any help??
Back to Top
 

Malik
New Member


Date Joined Dec 2009
Total Posts : 4
 
   Posted 12/26/2009 8:34 PM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
I have run in safe mod, please find below the log from Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 18:30:43, on 26/12/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 172.18.18.6 msteam-dev01
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEnterprise\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\aatif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\samnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\samnsp.dll
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://spl.mypredictor.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0C89E27C-DD69-44BB-A32E-4D093E859FB2} (strprint.trprints) - https://mcp.microsoft.com/mcp/tools/MCPTranscriptPrint.CAB
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1ABADF2C-C4E8-4B5F-A3A6-726B6B552554} (ucNSC.ucNC) - file://C:\Documents and Settings\aatif\Desktop\3.8.6\NASCInternal.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D39AFF5-CA00-4CEB-909B-9C4580BB3119} (ucNSC.ucNC) - https://www.2ehn.com/NASCregisterpro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131394350921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131398146031
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://powersite.agencylogic.com/UploaderControls/ImageUploader4.cab
O16 - DPF: {8D7AFAB7-42D6-4671-A53E-CD355673F026} (SonySncMView Control) - http://stealthtaktiks.dyndns.org:2220/SonySncMView.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://archer/tsweb/msrdp.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B9AF215D-2A27-4833-8527-B393DA237A13} (ucNSC.ucNC) - https://internal.nascreative.com/NASCInternal.CAB
O16 - DPF: {BAEE131D-290A-4541-A50A-8936F159563A} (Crystal Print Control 10.2) - http://support.businessobjects.com/CRforVS2005/PrintControl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.cric7.com/vjocx-en-black.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://remote.capita.co.uk/dana-cached/setup/JuniperSetup.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://cwa.capita.co.uk/dana-cached/sc/JuniperSetupClient.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\piwdzd.dll
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MailEnable List Connector (MELCS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - MailEnable Pty Ltd - C:\Program Files\Mail Enable\Bin\MESMTPC.EXE
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
Back to Top
 

humdinger_v
New Member


Date Joined Dec 2009
Total Posts : 5
 
   Posted 12/27/2009 3:49 AM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
Hi malik. How were you able to run HiJackthis? I'm having a hard time running apps or IE because the window is always on top and occupying most part of the screen?

Thanks.
Back to Top
 

humdinger_v
New Member


Date Joined Dec 2009
Total Posts : 5
 
   Posted 12/27/2009 4:43 AM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
Now, I'm trying to download HiJackThis and the laptop immediately shuts down. I can't download the application... :( boohooo...
Back to Top
 

Malik
New Member


Date Joined Dec 2009
Total Posts : 4
 
   Posted 12/27/2009 10:54 AM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
Hi,

I ran HiJackThis in safe mode, but it got worse last night as now network was gone in safe mode..... I will google a bit more and I guess format the disk or something....It is quite frustrating.... I can't find any suspicious entry in Hijackthis but that might be because it was in safe mode and it is neither service nor registry entry that triggers the virus as soon as you are logged in...
Back to Top
 

csc88
New Member


Date Joined Dec 2009
Total Posts : 2
 
   Posted 12/28/2009 4:45 PM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
yea.....i have the same problem here....is there any solution yet?i don wanna reformat my com!...PLS HELP!!
Back to Top
 

Malik
New Member


Date Joined Dec 2009
Total Posts : 4
 
   Posted 12/28/2009 10:19 PM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
I ended up restoring my hard drives from the backup (which I took in June 2009), so now updating my system....

Not sure what went wrong but I guess userini.exe caused the problem. I thought I removed all the traces of that but first message suggests that it caused the problem.
Back to Top
 

humdinger_v
New Member


Date Joined Dec 2009
Total Posts : 5
 
   Posted 12/29/2009 6:46 AM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
I was able to fix mine but i still needed to back up my file in Documents and Settings. The virus only resides in the profile so if you delete your user profile then create a new one, it will be fixed. Although, there's still some level of restoration of files but at least it didn't destroy any files. My other drives and installed application are still working....
Back to Top
 

csc88
New Member


Date Joined Dec 2009
Total Posts : 2
 
   Posted 12/29/2009 9:44 AM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
wat should i back up?everything in my user files?(document,music,desktop....)how to delete use profile and create a new one?just right click and delete it?
Back to Top
 

cauf
New Member


Date Joined Dec 2009
Total Posts : 1
 
   Posted 12/29/2009 1:02 PM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
Same problem here.
Tried the user change but no result.
Virus Scanning from LINUX cd rom also no result ??????
You can elliminate the timer by leaving the PC in stby, apparently its only reset by booting.
Anybody a solution besides "format C" . ?
Back to Top
 

kobik
New Member


Date Joined Dec 2009
Total Posts : 1
 
   Posted 12/30/2009 2:55 PM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
Same problem for me.
Would love to have a solution without formatting my disk.
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 1/1/2010 7:18 PM (GMT +2)    Quote: Want to know the virus in my laptop. Application window (always on top) 3 hour count downAlert an admin about: Want to know the virus in my laptop. Application window (always on top) 3 hour count down
Friends, it is very difficult to keep track of who is requesting assistance when you all post in one person's request thread. I only located this request trying to figure out exactly where to reply to humdinger_v's requests, since they seem to be everywhere. If each of you would click the New Topic button at the top of this forum:

http://forum.bullguard.com/forum/10/

And be patient, one of us will then respond there, and start some assistance. No more posting in this thread please unless you are the thread starter. Malik, I am sorry all the posting in this thread caused us to miss you request.
Back to Top
 
You cannot post new topics in this forum. Locked Topic Printable version of : Want to know the virus in my laptop. Application window (always on top) 3 hour count down
 
Forum Information
Currently it is Sunday, November 23, 2014 2:09 PM (GMT +2)
There are a total of 60,769 posts in 13,349 threads.
In the last 3 days there were 0 new threads and 3 reply posts. View Active Threads
Who's Online
This forum has 36820 registered members. Please welcome our newest member, clairebutler.
7 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Will the problems never end? (4)11/21/2014 8:06:59 AM (Deb1957)
Bgscan parameters (4)11/20/2014 7:17:53 PM (janis)