Jump to content

AV Security - major problems


Recommended Posts

BI apparently posted to the wrong area and got the standard "Try this" message (which appears to be full of great ideas), but I am unable to access any websites with my PC due to that nasty AV suite (why do those sociopaths do that anyway?). I'm really at a loss. I have MB installed, but not updated (current db info is 2/14) and cannot access the internet even in safe mode w/networking.

Any suggestions?

Link to post
Share on other sites

If you can't connect to the internet, try this:

  • Open up Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Now click on the Connections
  • Now click on the Lan Settings
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen.
  • Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer

MrC

Link to post
Share on other sites

See if you can somehow download the attachment, uzip it, double click on it and allow it to merge into the registry.

Let me know, MrC

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-
"ProxyEnable"=-

Link to post
Share on other sites

I Have tried this in both safe mode and regular. Unfortunately Apply is not an option in regular mode - it's not bright and I can't click the box. I Can choose OK, but the next time I go into LAN settings, the proxy server setting is checked again.

Do you have another computer that you could download on and then transfer it to a usb flash drive and then to the sick computer?

Try this: Go to your Start button > Settings > Control Panel > Internet Options > open it up

  • Now click on the Connections
  • Now click on the Lan Settings
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen.
    Check to see if any of the other boxes are checked, Automatically detect settings and Use auto configuration,
    if so try it with them unchecked
    Then press the OK button to close the Internet Options screen. (There's no apply)
  • Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer

Let me know, MrC

Link to post
Share on other sites

No, no other computer. I'm actually on vacation right now, so there is really no way for me to get the file, unless I can somehow use my phone.

I can't open my internet options the way you described - it keeps giving me that security warning and the internet options screen goes away.

I was hoping there might be some exe files I could go in and manually delete, even if it meant doing it from a dos prompt, just to get me to where I'm able to get to the internet.

Link to post
Share on other sites

Here's the two of the best examples of the malware and files associated with it:

http://forums.malwarebytes.org/index.php?showtopic=53741

http://www.bleepingcomputer.com/virus-remo...-security-suite

See if you can locate and delete them.

There's tools available to stop the malware but you can't download them...that's a big problem.

I've updated that reg file if needed.

Let me know, It's late where I'm at so that's it for tonight...be back tomorrow.

MrC

Link to post
Share on other sites

Yipee! Back in business! I have happily purchased my consumer license and registered. FYI, I had trouble with the Fix file. I had to download winzip (long story), but it said the file was invalid or corrupted. As it turns out, I was able to update MB after deleting those values from the registry, so the fix file wasn't really necessary (I hope).

MrC, you are a beautiful, beautiful man. Thank you so much for your help, and thanks for being out there!

Link to post
Share on other sites

OK, Great!

Yes...I had the same problem with that reg file, it must have gotten messed up during the zipping or upload.

I'm going to replace it.

Just to make sure your clean...lets take a look at a HJT log of the system.

You can find info on that at the link below:

http://forums.malwarebytes.org/index.php?s...st&p=275682

Please post the HJT log, MrC

Link to post
Share on other sites

Okay, here goes. I hope this means something to you! :)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:26:07 AM, on 6/28/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\PdaNet for Android\PdaNetPC.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe

O4 - Global Startup: SetPoint.lnk = ?

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1266122816000

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazon...etect_intel.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Filter hijack: text/html - {11d3a0e3-9aa8-49cb-929c-1cd939610ad7} - C:\WINDOWS\msvideo.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 7892 bytes

Link to post
Share on other sites

OK there's one showing, MBAM should have gotten it but please check:

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O18 - Filter hijack: text/html - {11d3a0e3-9aa8-49cb-929c-1cd939610ad7} - C:\WINDOWS\msvideo.dll

Click on Fix Checked when finished and exit HijackThis.

Can you please also post the log from MBAM...Thanks

Just open up MBAM > Logs > double click on the log > copy and paste it back here.

---------------------------------------------

Enable hidden files as described in the link below: (please hide them when we're done)

http://www.bleepingcomputer.com/tutorials/...al62.html#winxp

Delete this file if found:

C:\WINDOWS\msvideo.dll

Post back a fresh HijackThis log and we will take another look. MrC

Link to post
Share on other sites

Okay, first the MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

6/28/2010 9:41:55 AM

mbam-log-2010-06-28 (09-41-55).txt

Scan type: Quick scan

Objects scanned: 118182

Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\typqofus (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\typqofus (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\me\Local Settings\Application Data\htuvloqvu\brldsrbtssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot.

Link to post
Share on other sites

And the latest HiJackThis log (msvideo is still there, even after requesting a fix twice):

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:20:03 PM, on 6/28/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\PdaNet for Android\PdaNetPC.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe

O4 - Global Startup: SetPoint.lnk = ?

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1266122816000

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazon...etect_intel.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Filter hijack: text/html - {11d3a0e3-9aa8-49cb-929c-1cd939610ad7} - C:\WINDOWS\msvideo.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 7810 bytes

Link to post
Share on other sites

Find those files (msvideo.dll) and upload them to each of these online virus scans:

http://www.virustotal.com/

http://virusscan.jotti.org/en

Post back the results.

If they are clean and nothing is found, just let me know , no need to post the results

----------------------------

also..........

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :file
    C:\WINDOWS\System32\msvideo.dll
    C:\WINDOWS\System\msvideo.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

From virustotal:

File MSVIDEO.DLL received on 2010.06.22 16:36:45 (UTC)

Current status: finished

Result: 0/41 (0.00%)

Compact Print results

Antivirus Version Last Update Result

a-squared 5.0.0.30 2010.06.22 -

AhnLab-V3 2010.06.22.00 2010.06.22 -

AntiVir 8.2.2.6 2010.06.21 -

Antiy-AVL 2.0.3.7 2010.06.22 -

Authentium 5.2.0.5 2010.06.22 -

Avast 4.8.1351.0 2010.06.21 -

Avast5 5.0.332.0 2010.06.21 -

AVG 9.0.0.787 2010.06.21 -

BitDefender 7.2 2010.06.22 -

CAT-QuickHeal 10.00 2010.06.22 -

ClamAV 0.96.0.3-git 2010.06.22 -

Comodo 5180 2010.06.22 -

DrWeb 5.0.2.03300 2010.06.22 -

eSafe 7.0.17.0 2010.06.20 -

eTrust-Vet 36.1.7657 2010.06.22 -

F-Prot 4.6.1.107 2010.06.21 -

F-Secure 9.0.15370.0 2010.06.22 -

Fortinet 4.1.133.0 2010.06.21 -

GData 21 2010.06.22 -

Ikarus T3.1.1.84.0 2010.06.22 -

Jiangmin 13.0.900 2010.06.15 -

Kaspersky 7.0.0.125 2010.06.22 -

McAfee 5.400.0.1158 2010.06.22 -

McAfee-GW-Edition 2010.1 2010.06.22 -

Microsoft 1.5902 2010.06.22 -

NOD32 5216 2010.06.21 -

Norman 6.05.06 2010.06.21 -

nProtect 2010-06-21.01 2010.06.21 -

Panda 10.0.2.7 2010.06.21 -

PCTools 7.0.3.5 2010.06.22 -

Prevx 3.0 2010.06.22 -

Rising 22.53.01.04 2010.06.22 -

Sophos 4.54.0 2010.06.22 -

Sunbelt 6483 2010.06.21 -

Symantec 20101.1.0.89 2010.06.22 -

TheHacker 6.5.2.0.302 2010.06.22 -

TrendMicro 9.120.0.1004 2010.06.22 -

TrendMicro-HouseCall 9.120.0.1004 2010.06.22 -

VBA32 3.12.12.5 2010.06.22 -

ViRobot 2010.6.21.3896 2010.06.22 -

VirusBuster 5.0.27.0 2010.06.21 -

Additional information

File size: 126912 bytes

MD5 : ad060cfce701410d7fa4b3461ab83ef5

SHA1 : 010c52713f67437441a0b8772cb3b2c723a1fa28

SHA256: 26171ecedee866c2932811c0f98590ee4b3164b9c91ec27b1e4eb14882a5b227

TrID : File type identification

Win32 Dynamic Link Library (generic) (87.9%)

Generic Win/DOS Executable (6.0%)

DOS Executable Generic (6.0%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ThreatExpert: http://www.threatexpert.com/report.aspx?md...fa4b3461ab83ef5

ssdeep: 1536:BmBs+u4CwJKokF1rx6gIJdz8zVPp2vvuOT9DKUlC25VXAIufmDcMQrz8dkeQgPV:4BIpwcok/8taVPaVy2zAI7DAz8O8

sigcheck: publisher....: Microsoft Corporation

copyright....: Copyright © Microsoft Corp. 1992-1994

product......: Microsoft Video for Windows

description..: Microsoft Video for Windows DLL

original name: msvideo.dll

internal name: msvideo.dll

file version.: 1.15

comments.....: n/a

signers......: Microsoft Windows 2000 Publisher

Microsoft Windows Verification Intermediate PCA

Microsoft Root Authority

signing date.: 8:05 PM 7/27/2000

verified.....: -

PEiD : -

CWSandbox: http://research.sunbelt-software.com/partn...fa4b3461ab83ef5

RDS : NSRL Reference Data Set

( Giant )

Antispyware: msvideo.dll

( Compaq )

Compaq Operating System CD: msvideo.dll

( NewTech Infosystems Inc. )

CD-Maker Plus Edition: msvideo.dll

( The Learning Company Inc. )

Reader Rabbits Toddler: msvideo.dll

( Dell )

Dell Back-up Dell-installed Programs: msvideo.dllOperating System Reinstallation CD W2K + SP2: msvideo.dllReinstallation CD: msvideo.dllReinstallation CD Microsoft Windows XP Professional: msvideo.dllReinstallation CD W2K + SP2: msvideo.dllReinstallation CD W2K+SP3: msvideo.dll

( Macromedia Inc. )

Beta Windows NT Workstation 5.0 Checked/Debug Build: msvideo.dll

( Connectix Corporation )

Connectix Virtual PC for Mac Version 5: msvideo.dll

( Microsoft )

2261A: Supporting Users Running the Microsoft Windows XP Operating System: msvideo.dll2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: msvideo.dllApplications, Platforms: msvideo.dllApplications, Platforms: msvideo.dllApplications, Platforms, Servers: msvideo.dllApplications, SDK/DDK: msvideo.dllBackOffice Server 2000: msvideo.dllBackOffice Server Beta: msvideo.dllBackOffice Small Business Server: msvideo.dllBeta 2 Kit 2003: msvideo.dllBeta Windows NT Server 5.0 Beta2(Alpha): msvideo.dllBeta Windows NT Workstation 5.0 Beta 2(Alpha): msvideo.dllBeta Windows NT Workstation 5.0 Beta2(x86): msvideo.dllBeta Windows NT Workstation 5.0 Checked.Debug Build, Beta2(Alpha): msvideo.dllDell Reinstallation CD W2K and SP3: msvideo.dllDell reinstallation CD W2K SP1: msvideo.dllDeveloper Tools, Platforms, SDK/DDK, Applications: msvideo.dllGateway Operating System Backup CD Version 2000.1: msvideo.dllGateway Operating System W2K: msvideo.dllImplementing and Supporting Microsoft Windows XP Professional: msvideo.dllInstalled Vista Ultimate: msvideo.dllInternet Explorer: msvideo.dllInternet Explorer Versions: msvideo.dllInternet Explorer Versions: msvideo.dllMicrosoft Security Resource Kit: msvideo.dllMicrosoft TechNet Trial Software 2002 Volume 1: msvideo.dllMicrosoft Windows Rights Management Services Evaluation Kit: msvideo.dllMicrosoft Windows Server 2003 Web Edition RC2: msvideo.dllMicrosoft Windows XP Professional: msvideo.dllMSDN 2939: msvideo.dll, wmsvideo.dllMSDN BETA: msvideo.dllMSDN Development Platform Disc 10: msvideo.dllMSDN Development Platform Disc11: msvideo.dllMSDN Development Platform Disc2: msvideo.dllMSDN Development Platform Disc2: msvideo.dllMSDN Development Platform Disc4: msvideo.dllMSDN Disc 0527.1: msvideo.dllMSDN Disc 0527.2: msvideo.dllMSDN Disc 0783: msvideo.dllMSDN Disc 0784: msvideo.dllMSDN Disc 0785: msvideo.dllMSDN Disc 0786: msvideo.dllMSDN Disc 0787: msvideo.dllMSDN Disc 0953: msvideo.dllMSDN Disc 1780: msvideo.dllMSDN Disc 2041: msvideo.dllMSDN Disc 2053: msvideo.dllMSDN Disc 2085: msvideo.dllMSDN Disc 2307: msvideo.dllMSDN Disc 2360: msvideo.dllMSDN disc 2390: msvideo.dllMSDN Disc 2427.1: msvideo.dllMSDN Disc 2427.2: msvideo.dllMSDN Disc 2427.3: msvideo.dllMSDN Disc 2428: msvideo.dllMSDN Disc 2428.1: msvideo.dllMSDN Disc 2428.2: msvideo.dllMSDN Disc 2428.4: msvideo.dllMSDN Disc 2428.5: msvideo.dllMSDN Disc 2428.8: msvideo.dll, wmsvideo.dllMSDN Disc 2455: msvideo.dllMSDN Disc 2455.1: msvideo.dllMSDN disc 2455.2: msvideo.dllMSDN Disc 2455.4: msvideo.dllMSDN Disc 2455.6: msvideo.dll, wmsvideo.dllMSDN Disc 2464: msvideo.dllMSDN Disc 2464.1: msvideo.dllMSDN Disc 2464.2: msvideo.dllMSDN Disc 2464.5: msvideo.dllMSDN Disc 2465: msvideo.dllMSDN Disc 2465.2: msvideo.dllMSDN disc 2465.3: msvideo.dllMSDN Disc 2465.4: msvideo.dllMSDN Disc 2465.5: msvideo.dllMSDN Disc 2466: msvideo.dllMSDN Disc 2466.1: msvideo.dllMSDN Disc 2466.2: msvideo.dllMSDN Disc 2466.4: msvideo.dllMSDN Disc 2476: msvideo.dllMSDN Disc 2476.1: msvideo.dllMSDN Disc 2476.2: msvideo.dllMSDN Disc 2476.4: msvideo.dllMSDN Disc 2477.2: msvideo.dllMSDN Disc 2619: msvideo.dllMSDN Disc 2619.1: msvideo.dllMSDN Disc 2724: msvideo.dllMSDN Disc 2939.2: msvideo.dll, wmsvideo.dllMSDN Disc 2939.3: msvideo.dll, wmsvideo.dllMSDN Disc 2939.4: msvideo.dll, wmsvideo.dllMSDN Disc 2974: msvideo.dll, wmsvideo.dllMSDN Disc 2974: msvideo.dll, wmsvideo.dllMSDN Disc 3264: msvideo.dllMSDN Disc 3498: msvideo.dllMSDN Disc2365: msvideo.dllMSDN Disc2389: msvideo.dllMSDN Disc2428.3: msvideo.dllmsdn Internet Explorer/ windows2000 Server: msvideo.dllMSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: msvideo.dllMSDN Subscripitions Index Disc 0525: msvideo.dllMSDN Windows 2000 Advanced Server Disc6: msvideo.dllMSDN Windows 2000 Professional Disc 3: msvideo.dllMSDN Windows 2000 Server Disc5: msvideo.dllMSDN Windows Codename Whistler Personal Beta 1: msvideo.dllMSDN Windows Server 2003 Standard & Enterprise: msvideo.dllNT Server 5.0 Beta1: msvideo.dllOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: msvideo.dllOperating System Reinstallation CD W2K + SP3: msvideo.dllPlatforms: msvideo.dllPlatforms SDKs/DDKs: msvideo.dllPlatforms, SDK/DDK: msvideo.dllPlatforms, SDK/DDK, Developer Tools: msvideo.dllPlatforms, Servers, Applications: msvideo.dllPlatforms, Servers, Applications, SDK/DDK: msvideo.dllVirtual PC for Mac Windows 2000 Professional: msvideo.dllVirtual PC for Mac Windows XP Home Edition: msvideo.dllVirtual PC for Mac Windows XP Professional Edition: msvideo.dllWindow Server 2003: msvideo.dllWindows: msvideo.dllWindows: msvideo.dllWindows .NET Enterprise Serever Beta Build 3604.1: msvideo.dllWindows .NET Enterprise Server Beta Debug/Checked Build 3604.1: msvideo.dllWindows .NET Standard Server Beta Build 3604.1: msvideo.dllWindows .NET Web Server Beta 3 Build 3604.1: msvideo.dllWindows 2000: msvideo.dllWindows 2000: msvideo.dllWindows 2000 - Dell Reinstallation CD: msvideo.dllWindows 2000 - Release Candidate 2: msvideo.dllWindows 2000 Professional: msvideo.dllWindows 2000 Professional: msvideo.dllWindows 2000 Professional - Dell Reinstallation CD: msvideo.dllWindows 2000 Professional Debug/Checked Build: msvideo.dllWindows 2000 Professional Debug/Checked Build: msvideo.dllWindows 2000 Server: msvideo.dllWindows 2000 Server - Release Candidate 2: msvideo.dllWindows 2000 Versions: msvideo.dllWindows 98 Versions: msvideo.dllWindows CE .NET Evaluation Software: msvideo.dllWindows Codename Whistler: msvideo.dllWindows Codename Whistler: msvideo.dllWindows Codename Whistler: msvideo.dllWindows Codename Whistler Advanced Server: msvideo.dllWindows Codename Whistler Advanced Server: msvideo.dllWindows Codename Whistler Advanced Server Checked/Debug Build: msvideo.dllWindows Codename Whistler Debug/Checked Build: msvideo.dllWindows Codename Whistler Server: msvideo.dllWindows Codename Whistler Server: msvideo.dllWindows Codename WhistlerProfessional Checked/Debug Build: msvideo.dllWindows DDks: msvideo.dllWindows Professional Debug Checked Build: msvideo.dllWindows Server 2003 Enterprise Edition: msvideo.dllWindows Server 2003 Visual Studio.net Attendee Portfolio: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP eMbedded Evaluation Software: msvideo.dllWindows XP Home Edition: msvideo.dllWindows XP Home Edition: msvideo.dllWindows XP Home Edition Release Candidate 1: msvideo.dllWindows XP Professional: msvideo.dllWindows XP Professional: msvideo.dllWindows XP Professional: msvideo.dllWindows XP Professional 2002 Service Pack 1: msvideo.dllWindows XP Professional Checked Build Release Candidate 1: msvideo.dllWindows XP Professional Checked/Debug Build: msvideo.dllWindows XP Professional Release Candidte 1: msvideo.dllWindows XP Tablet PC Edition: msvideo.dll

( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: msvideo.dllGateway System Restoration Kit: msvideo.dll

( Disney )

Bowling for Screams: msvideo.dll

Link to post
Share on other sites

From virusscan:

This file has been scanned before. The results for this previous scan are listed below.

--------------------------------------------------------------------------------

Filename: MSVIDEO.DLL

Status: Scan finished. 0 out of 19 scanners reported malware.

Scan taken on: Mon 7 Jun 2010 12:09:51 (CET) Permalink

Both results were from the system32 folder. I scanned the msvideo.dll from the system folder, and the results appeared to be the same. If you want me to go ahead and post them, I'll do so.

I'm unsure of what the results mean...it appears they are not associated with malware. Am I correct?

Link to post
Share on other sites

Oops. I just realized I posted the wrong results. Sorry about that.

Here's the systemlook results:

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 13:40 on 29/06/2010 by me (Administrator - Elevation successful)

========== file ==========

C:\WINDOWS\System32\msvideo.dll - File found and opened.

MD5: AD060CFCE701410D7FA4B3461AB83EF5

Created at 12:00 on 28/02/2006

Modified at 12:00 on 28/02/2006

Size: 126912 bytes

Attributes: --a---

FileDescription: Microsoft Video for Windows DLL

FileVersion: 1.15

ProductVersion: 1.15

OriginalFilename: msvideo.dll

InternalName: msvideo.dll

ProductName: Microsoft Video for Windows

CompanyName: Microsoft Corporation

LegalCopyright: Copyright

Link to post
Share on other sites

OK, those files are OK, not to worry about them.

Download REGSEARCH from one of the links below:

http://www.bleepingcomputer.com/files/regsearch.php

http://download.bleepingcomputer.com/steelwerx/regsearch.zip

Download and extract the contents of the zip file.

Double-click the icon for RegSearch.exe to launch the program.

Enter a string to search for and click "OK".

11d3a0e3-9aa8-49cb-929c-1cd939610ad7 <-----enter this

After completion Notepad will be opened with all the found instances of the string.

The resulting file is saved in the same location as RegSearch.exe.

Copy the results back here. MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.