BookPusher Posted June 27, 2010 ID:275588 Share Posted June 27, 2010 BI apparently posted to the wrong area and got the standard "Try this" message (which appears to be full of great ideas), but I am unable to access any websites with my PC due to that nasty AV suite (why do those sociopaths do that anyway?). I'm really at a loss. I have MB installed, but not updated (current db info is 2/14) and cannot access the internet even in safe mode w/networking.Any suggestions? Link to post Share on other sites More sharing options...
MrCharlie Posted June 28, 2010 ID:275681 Share Posted June 28, 2010 If you can't connect to the internet, try this:Open up Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options. Now click on the Connections Now click on the Lan Settings Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet ExplorerMrC Link to post Share on other sites More sharing options...
BookPusher Posted June 28, 2010 Author ID:275685 Share Posted June 28, 2010 I Have tried this in both safe mode and regular. Unfortunately Apply is not an option in regular mode - it's not bright and I can't click the box. I Can choose OK, but the next time I go into LAN settings, the proxy server setting is checked again. Link to post Share on other sites More sharing options...
MrCharlie Posted June 28, 2010 ID:275686 Share Posted June 28, 2010 Let me do a little research and I'll get back to you, MrC Link to post Share on other sites More sharing options...
MrCharlie Posted June 28, 2010 ID:275688 Share Posted June 28, 2010 See if you can somehow download the attachment, uzip it, double click on it and allow it to merge into the registry.Let me know, MrCREGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyServer"=-"ProxyEnable"=- Link to post Share on other sites More sharing options...
BookPusher Posted June 28, 2010 Author ID:275692 Share Posted June 28, 2010 I can't download anything. I'm on my phone right now; my pc can't connect to the internet. Well except for the AV Suite site and those porno sites it keeps throwing at me. Link to post Share on other sites More sharing options...
MrCharlie Posted June 28, 2010 ID:275697 Share Posted June 28, 2010 I Have tried this in both safe mode and regular. Unfortunately Apply is not an option in regular mode - it's not bright and I can't click the box. I Can choose OK, but the next time I go into LAN settings, the proxy server setting is checked again.Do you have another computer that you could download on and then transfer it to a usb flash drive and then to the sick computer?Try this: Go to your Start button > Settings > Control Panel > Internet Options > open it upNow click on the Connections Now click on the Lan Settings Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Check to see if any of the other boxes are checked, Automatically detect settings and Use auto configuration,if so try it with them uncheckedThen press the OK button to close the Internet Options screen. (There's no apply)Now that you have disabled the proxy server you will be able to browse the web again with Internet ExplorerLet me know, MrC Link to post Share on other sites More sharing options...
BookPusher Posted June 28, 2010 Author ID:275702 Share Posted June 28, 2010 No, no other computer. I'm actually on vacation right now, so there is really no way for me to get the file, unless I can somehow use my phone.I can't open my internet options the way you described - it keeps giving me that security warning and the internet options screen goes away. I was hoping there might be some exe files I could go in and manually delete, even if it meant doing it from a dos prompt, just to get me to where I'm able to get to the internet. Link to post Share on other sites More sharing options...
MrCharlie Posted June 28, 2010 ID:275710 Share Posted June 28, 2010 Here's the two of the best examples of the malware and files associated with it:http://forums.malwarebytes.org/index.php?showtopic=53741http://www.bleepingcomputer.com/virus-remo...-security-suiteSee if you can locate and delete them.There's tools available to stop the malware but you can't download them...that's a big problem.I've updated that reg file if needed.Let me know, It's late where I'm at so that's it for tonight...be back tomorrow.MrC Link to post Share on other sites More sharing options...
BookPusher Posted June 28, 2010 Author ID:275904 Share Posted June 28, 2010 So far so good! I'm still working (I didn't have winzip installed - long story), but I'm hopeful! Deleting some of those values in my registry helped me to at least get this far. Thanks! I'll let you know when all is well, and MB is UPDATED. Link to post Share on other sites More sharing options...
MrCharlie Posted June 28, 2010 ID:275909 Share Posted June 28, 2010 Sounds GOOD MrC Link to post Share on other sites More sharing options...
BookPusher Posted June 28, 2010 Author ID:275927 Share Posted June 28, 2010 Yipee! Back in business! I have happily purchased my consumer license and registered. FYI, I had trouble with the Fix file. I had to download winzip (long story), but it said the file was invalid or corrupted. As it turns out, I was able to update MB after deleting those values from the registry, so the fix file wasn't really necessary (I hope). MrC, you are a beautiful, beautiful man. Thank you so much for your help, and thanks for being out there! Link to post Share on other sites More sharing options...
MrCharlie Posted June 28, 2010 ID:275933 Share Posted June 28, 2010 OK, Great!Yes...I had the same problem with that reg file, it must have gotten messed up during the zipping or upload.I'm going to replace it.Just to make sure your clean...lets take a look at a HJT log of the system.You can find info on that at the link below:http://forums.malwarebytes.org/index.php?s...st&p=275682Please post the HJT log, MrC Link to post Share on other sites More sharing options...
BookPusher Posted June 28, 2010 Author ID:275939 Share Posted June 28, 2010 Okay, here goes. I hope this means something to you! Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:26:07 AM, on 6/28/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\SetPoint\SetPoint.exeC:\Program Files\PdaNet for Android\PdaNetPC.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -tO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exeO4 - Global Startup: SetPoint.lnk = ?O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1266122816000O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazon...etect_intel.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dllO18 - Filter hijack: text/html - {11d3a0e3-9aa8-49cb-929c-1cd939610ad7} - C:\WINDOWS\msvideo.dllO20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exeO23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 7892 bytes Link to post Share on other sites More sharing options...
MrCharlie Posted June 28, 2010 ID:275942 Share Posted June 28, 2010 OK there's one showing, MBAM should have gotten it but please check:Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:O18 - Filter hijack: text/html - {11d3a0e3-9aa8-49cb-929c-1cd939610ad7} - C:\WINDOWS\msvideo.dllClick on Fix Checked when finished and exit HijackThis.Can you please also post the log from MBAM...ThanksJust open up MBAM > Logs > double click on the log > copy and paste it back here.---------------------------------------------Enable hidden files as described in the link below: (please hide them when we're done)http://www.bleepingcomputer.com/tutorials/...al62.html#winxpDelete this file if found:C:\WINDOWS\msvideo.dllPost back a fresh HijackThis log and we will take another look. MrC Link to post Share on other sites More sharing options...
BookPusher Posted June 29, 2010 Author ID:276239 Share Posted June 29, 2010 Okay, first the MBAM log:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.136/28/2010 9:41:55 AMmbam-log-2010-06-28 (09-41-55).txtScan type: Quick scanObjects scanned: 118182Time elapsed: 6 minute(s), 14 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 4Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\typqofus (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\typqofus (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\me\Local Settings\Application Data\htuvloqvu\brldsrbtssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot. Link to post Share on other sites More sharing options...
BookPusher Posted June 29, 2010 Author ID:276240 Share Posted June 29, 2010 I looked in the Windows directory, but no msvideo.dll there. There is one in both Windows\system and in windows\system32. Should I delete those? Link to post Share on other sites More sharing options...
BookPusher Posted June 29, 2010 Author ID:276243 Share Posted June 29, 2010 And the latest HiJackThis log (msvideo is still there, even after requesting a fix twice):Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:20:03 PM, on 6/28/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\SetPoint\SetPoint.exeC:\Program Files\PdaNet for Android\PdaNetPC.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -tO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exeO4 - Global Startup: SetPoint.lnk = ?O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1266122816000O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazon...etect_intel.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dllO18 - Filter hijack: text/html - {11d3a0e3-9aa8-49cb-929c-1cd939610ad7} - C:\WINDOWS\msvideo.dllO20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exeO23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 7810 bytes Link to post Share on other sites More sharing options...
MrCharlie Posted June 29, 2010 ID:276463 Share Posted June 29, 2010 Find those files (msvideo.dll) and upload them to each of these online virus scans:http://www.virustotal.com/http://virusscan.jotti.org/enPost back the results.If they are clean and nothing is found, just let me know , no need to post the results----------------------------also..........Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :fileC:\WINDOWS\System32\msvideo.dllC:\WINDOWS\System\msvideo.dll Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt MrC Link to post Share on other sites More sharing options...
BookPusher Posted June 29, 2010 Author ID:276645 Share Posted June 29, 2010 From virustotal:File MSVIDEO.DLL received on 2010.06.22 16:36:45 (UTC)Current status: finished Result: 0/41 (0.00%) Compact Print results Antivirus Version Last Update Result a-squared 5.0.0.30 2010.06.22 - AhnLab-V3 2010.06.22.00 2010.06.22 - AntiVir 8.2.2.6 2010.06.21 - Antiy-AVL 2.0.3.7 2010.06.22 - Authentium 5.2.0.5 2010.06.22 - Avast 4.8.1351.0 2010.06.21 - Avast5 5.0.332.0 2010.06.21 - AVG 9.0.0.787 2010.06.21 - BitDefender 7.2 2010.06.22 - CAT-QuickHeal 10.00 2010.06.22 - ClamAV 0.96.0.3-git 2010.06.22 - Comodo 5180 2010.06.22 - DrWeb 5.0.2.03300 2010.06.22 - eSafe 7.0.17.0 2010.06.20 - eTrust-Vet 36.1.7657 2010.06.22 - F-Prot 4.6.1.107 2010.06.21 - F-Secure 9.0.15370.0 2010.06.22 - Fortinet 4.1.133.0 2010.06.21 - GData 21 2010.06.22 - Ikarus T3.1.1.84.0 2010.06.22 - Jiangmin 13.0.900 2010.06.15 - Kaspersky 7.0.0.125 2010.06.22 - McAfee 5.400.0.1158 2010.06.22 - McAfee-GW-Edition 2010.1 2010.06.22 - Microsoft 1.5902 2010.06.22 - NOD32 5216 2010.06.21 - Norman 6.05.06 2010.06.21 - nProtect 2010-06-21.01 2010.06.21 - Panda 10.0.2.7 2010.06.21 - PCTools 7.0.3.5 2010.06.22 - Prevx 3.0 2010.06.22 - Rising 22.53.01.04 2010.06.22 - Sophos 4.54.0 2010.06.22 - Sunbelt 6483 2010.06.21 - Symantec 20101.1.0.89 2010.06.22 - TheHacker 6.5.2.0.302 2010.06.22 - TrendMicro 9.120.0.1004 2010.06.22 - TrendMicro-HouseCall 9.120.0.1004 2010.06.22 - VBA32 3.12.12.5 2010.06.22 - ViRobot 2010.6.21.3896 2010.06.22 - VirusBuster 5.0.27.0 2010.06.21 - Additional information File size: 126912 bytes MD5 : ad060cfce701410d7fa4b3461ab83ef5 SHA1 : 010c52713f67437441a0b8772cb3b2c723a1fa28 SHA256: 26171ecedee866c2932811c0f98590ee4b3164b9c91ec27b1e4eb14882a5b227 TrID : File type identificationWin32 Dynamic Link Library (generic) (87.9%)Generic Win/DOS Executable (6.0%)DOS Executable Generic (6.0%)Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ThreatExpert: http://www.threatexpert.com/report.aspx?md...fa4b3461ab83ef5 ssdeep: 1536:BmBs+u4CwJKokF1rx6gIJdz8zVPp2vvuOT9DKUlC25VXAIufmDcMQrz8dkeQgPV:4BIpwcok/8taVPaVy2zAI7DAz8O8 sigcheck: publisher....: Microsoft Corporationcopyright....: Copyright © Microsoft Corp. 1992-1994product......: Microsoft Video for Windowsdescription..: Microsoft Video for Windows DLLoriginal name: msvideo.dllinternal name: msvideo.dllfile version.: 1.15comments.....: n/asigners......: Microsoft Windows 2000 PublisherMicrosoft Windows Verification Intermediate PCAMicrosoft Root Authoritysigning date.: 8:05 PM 7/27/2000verified.....: -PEiD : - CWSandbox: http://research.sunbelt-software.com/partn...fa4b3461ab83ef5 RDS : NSRL Reference Data Set( Giant )Antispyware: msvideo.dll( Compaq )Compaq Operating System CD: msvideo.dll( NewTech Infosystems Inc. )CD-Maker Plus Edition: msvideo.dll( The Learning Company Inc. )Reader Rabbits Toddler: msvideo.dll( Dell )Dell Back-up Dell-installed Programs: msvideo.dllOperating System Reinstallation CD W2K + SP2: msvideo.dllReinstallation CD: msvideo.dllReinstallation CD Microsoft Windows XP Professional: msvideo.dllReinstallation CD W2K + SP2: msvideo.dllReinstallation CD W2K+SP3: msvideo.dll( Macromedia Inc. )Beta Windows NT Workstation 5.0 Checked/Debug Build: msvideo.dll( Connectix Corporation )Connectix Virtual PC for Mac Version 5: msvideo.dll( Microsoft )2261A: Supporting Users Running the Microsoft Windows XP Operating System: msvideo.dll2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: msvideo.dllApplications, Platforms: msvideo.dllApplications, Platforms: msvideo.dllApplications, Platforms, Servers: msvideo.dllApplications, SDK/DDK: msvideo.dllBackOffice Server 2000: msvideo.dllBackOffice Server Beta: msvideo.dllBackOffice Small Business Server: msvideo.dllBeta 2 Kit 2003: msvideo.dllBeta Windows NT Server 5.0 Beta2(Alpha): msvideo.dllBeta Windows NT Workstation 5.0 Beta 2(Alpha): msvideo.dllBeta Windows NT Workstation 5.0 Beta2(x86): msvideo.dllBeta Windows NT Workstation 5.0 Checked.Debug Build, Beta2(Alpha): msvideo.dllDell Reinstallation CD W2K and SP3: msvideo.dllDell reinstallation CD W2K SP1: msvideo.dllDeveloper Tools, Platforms, SDK/DDK, Applications: msvideo.dllGateway Operating System Backup CD Version 2000.1: msvideo.dllGateway Operating System W2K: msvideo.dllImplementing and Supporting Microsoft Windows XP Professional: msvideo.dllInstalled Vista Ultimate: msvideo.dllInternet Explorer: msvideo.dllInternet Explorer Versions: msvideo.dllInternet Explorer Versions: msvideo.dllMicrosoft Security Resource Kit: msvideo.dllMicrosoft TechNet Trial Software 2002 Volume 1: msvideo.dllMicrosoft Windows Rights Management Services Evaluation Kit: msvideo.dllMicrosoft Windows Server 2003 Web Edition RC2: msvideo.dllMicrosoft Windows XP Professional: msvideo.dllMSDN 2939: msvideo.dll, wmsvideo.dllMSDN BETA: msvideo.dllMSDN Development Platform Disc 10: msvideo.dllMSDN Development Platform Disc11: msvideo.dllMSDN Development Platform Disc2: msvideo.dllMSDN Development Platform Disc2: msvideo.dllMSDN Development Platform Disc4: msvideo.dllMSDN Disc 0527.1: msvideo.dllMSDN Disc 0527.2: msvideo.dllMSDN Disc 0783: msvideo.dllMSDN Disc 0784: msvideo.dllMSDN Disc 0785: msvideo.dllMSDN Disc 0786: msvideo.dllMSDN Disc 0787: msvideo.dllMSDN Disc 0953: msvideo.dllMSDN Disc 1780: msvideo.dllMSDN Disc 2041: msvideo.dllMSDN Disc 2053: msvideo.dllMSDN Disc 2085: msvideo.dllMSDN Disc 2307: msvideo.dllMSDN Disc 2360: msvideo.dllMSDN disc 2390: msvideo.dllMSDN Disc 2427.1: msvideo.dllMSDN Disc 2427.2: msvideo.dllMSDN Disc 2427.3: msvideo.dllMSDN Disc 2428: msvideo.dllMSDN Disc 2428.1: msvideo.dllMSDN Disc 2428.2: msvideo.dllMSDN Disc 2428.4: msvideo.dllMSDN Disc 2428.5: msvideo.dllMSDN Disc 2428.8: msvideo.dll, wmsvideo.dllMSDN Disc 2455: msvideo.dllMSDN Disc 2455.1: msvideo.dllMSDN disc 2455.2: msvideo.dllMSDN Disc 2455.4: msvideo.dllMSDN Disc 2455.6: msvideo.dll, wmsvideo.dllMSDN Disc 2464: msvideo.dllMSDN Disc 2464.1: msvideo.dllMSDN Disc 2464.2: msvideo.dllMSDN Disc 2464.5: msvideo.dllMSDN Disc 2465: msvideo.dllMSDN Disc 2465.2: msvideo.dllMSDN disc 2465.3: msvideo.dllMSDN Disc 2465.4: msvideo.dllMSDN Disc 2465.5: msvideo.dllMSDN Disc 2466: msvideo.dllMSDN Disc 2466.1: msvideo.dllMSDN Disc 2466.2: msvideo.dllMSDN Disc 2466.4: msvideo.dllMSDN Disc 2476: msvideo.dllMSDN Disc 2476.1: msvideo.dllMSDN Disc 2476.2: msvideo.dllMSDN Disc 2476.4: msvideo.dllMSDN Disc 2477.2: msvideo.dllMSDN Disc 2619: msvideo.dllMSDN Disc 2619.1: msvideo.dllMSDN Disc 2724: msvideo.dllMSDN Disc 2939.2: msvideo.dll, wmsvideo.dllMSDN Disc 2939.3: msvideo.dll, wmsvideo.dllMSDN Disc 2939.4: msvideo.dll, wmsvideo.dllMSDN Disc 2974: msvideo.dll, wmsvideo.dllMSDN Disc 2974: msvideo.dll, wmsvideo.dllMSDN Disc 3264: msvideo.dllMSDN Disc 3498: msvideo.dllMSDN Disc2365: msvideo.dllMSDN Disc2389: msvideo.dllMSDN Disc2428.3: msvideo.dllmsdn Internet Explorer/ windows2000 Server: msvideo.dllMSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: msvideo.dllMSDN Subscripitions Index Disc 0525: msvideo.dllMSDN Windows 2000 Advanced Server Disc6: msvideo.dllMSDN Windows 2000 Professional Disc 3: msvideo.dllMSDN Windows 2000 Server Disc5: msvideo.dllMSDN Windows Codename Whistler Personal Beta 1: msvideo.dllMSDN Windows Server 2003 Standard & Enterprise: msvideo.dllNT Server 5.0 Beta1: msvideo.dllOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: msvideo.dllOperating System Reinstallation CD W2K + SP3: msvideo.dllPlatforms: msvideo.dllPlatforms SDKs/DDKs: msvideo.dllPlatforms, SDK/DDK: msvideo.dllPlatforms, SDK/DDK, Developer Tools: msvideo.dllPlatforms, Servers, Applications: msvideo.dllPlatforms, Servers, Applications, SDK/DDK: msvideo.dllVirtual PC for Mac Windows 2000 Professional: msvideo.dllVirtual PC for Mac Windows XP Home Edition: msvideo.dllVirtual PC for Mac Windows XP Professional Edition: msvideo.dllWindow Server 2003: msvideo.dllWindows: msvideo.dllWindows: msvideo.dllWindows .NET Enterprise Serever Beta Build 3604.1: msvideo.dllWindows .NET Enterprise Server Beta Debug/Checked Build 3604.1: msvideo.dllWindows .NET Standard Server Beta Build 3604.1: msvideo.dllWindows .NET Web Server Beta 3 Build 3604.1: msvideo.dllWindows 2000: msvideo.dllWindows 2000: msvideo.dllWindows 2000 - Dell Reinstallation CD: msvideo.dllWindows 2000 - Release Candidate 2: msvideo.dllWindows 2000 Professional: msvideo.dllWindows 2000 Professional: msvideo.dllWindows 2000 Professional - Dell Reinstallation CD: msvideo.dllWindows 2000 Professional Debug/Checked Build: msvideo.dllWindows 2000 Professional Debug/Checked Build: msvideo.dllWindows 2000 Server: msvideo.dllWindows 2000 Server - Release Candidate 2: msvideo.dllWindows 2000 Versions: msvideo.dllWindows 98 Versions: msvideo.dllWindows CE .NET Evaluation Software: msvideo.dllWindows Codename Whistler: msvideo.dllWindows Codename Whistler: msvideo.dllWindows Codename Whistler: msvideo.dllWindows Codename Whistler Advanced Server: msvideo.dllWindows Codename Whistler Advanced Server: msvideo.dllWindows Codename Whistler Advanced Server Checked/Debug Build: msvideo.dllWindows Codename Whistler Debug/Checked Build: msvideo.dllWindows Codename Whistler Server: msvideo.dllWindows Codename Whistler Server: msvideo.dllWindows Codename WhistlerProfessional Checked/Debug Build: msvideo.dllWindows DDks: msvideo.dllWindows Professional Debug Checked Build: msvideo.dllWindows Server 2003 Enterprise Edition: msvideo.dllWindows Server 2003 Visual Studio.net Attendee Portfolio: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP: msvideo.dllWindows XP eMbedded Evaluation Software: msvideo.dllWindows XP Home Edition: msvideo.dllWindows XP Home Edition: msvideo.dllWindows XP Home Edition Release Candidate 1: msvideo.dllWindows XP Professional: msvideo.dllWindows XP Professional: msvideo.dllWindows XP Professional: msvideo.dllWindows XP Professional 2002 Service Pack 1: msvideo.dllWindows XP Professional Checked Build Release Candidate 1: msvideo.dllWindows XP Professional Checked/Debug Build: msvideo.dllWindows XP Professional Release Candidte 1: msvideo.dllWindows XP Tablet PC Edition: msvideo.dll( Gateway )Gateway Operating System Windows XP Pro Edition SP2: msvideo.dllGateway System Restoration Kit: msvideo.dll( Disney )Bowling for Screams: msvideo.dll Link to post Share on other sites More sharing options...
BookPusher Posted June 29, 2010 Author ID:276647 Share Posted June 29, 2010 From virusscan:This file has been scanned before. The results for this previous scan are listed below.--------------------------------------------------------------------------------Filename: MSVIDEO.DLL Status: Scan finished. 0 out of 19 scanners reported malware. Scan taken on: Mon 7 Jun 2010 12:09:51 (CET) Permalink Both results were from the system32 folder. I scanned the msvideo.dll from the system folder, and the results appeared to be the same. If you want me to go ahead and post them, I'll do so.I'm unsure of what the results mean...it appears they are not associated with malware. Am I correct? Link to post Share on other sites More sharing options...
BookPusher Posted June 29, 2010 Author ID:276650 Share Posted June 29, 2010 Oops. I just realized I posted the wrong results. Sorry about that. Here's the systemlook results:SystemLook v1.0 by jpshortstuff (11.01.10)Log created at 13:40 on 29/06/2010 by me (Administrator - Elevation successful)========== file ==========C:\WINDOWS\System32\msvideo.dll - File found and opened.MD5: AD060CFCE701410D7FA4B3461AB83EF5Created at 12:00 on 28/02/2006Modified at 12:00 on 28/02/2006Size: 126912 bytesAttributes: --a---FileDescription: Microsoft Video for Windows DLLFileVersion: 1.15ProductVersion: 1.15OriginalFilename: msvideo.dllInternalName: msvideo.dllProductName: Microsoft Video for WindowsCompanyName: Microsoft CorporationLegalCopyright: Copyright Link to post Share on other sites More sharing options...
MrCharlie Posted June 29, 2010 ID:276657 Share Posted June 29, 2010 OK, those files are OK, not to worry about them.Download REGSEARCH from one of the links below:http://www.bleepingcomputer.com/files/regsearch.phphttp://download.bleepingcomputer.com/steelwerx/regsearch.zipDownload and extract the contents of the zip file.Double-click the icon for RegSearch.exe to launch the program.Enter a string to search for and click "OK".11d3a0e3-9aa8-49cb-929c-1cd939610ad7 <-----enter thisAfter completion Notepad will be opened with all the found instances of the string.The resulting file is saved in the same location as RegSearch.exe. Copy the results back here. MrC Link to post Share on other sites More sharing options...
BookPusher Posted June 30, 2010 Author ID:276927 Share Posted June 30, 2010 I hope this is helpful...Windows Registry Editor Version 5.00; Registry Search 2.0 by Bobbi Flekman Link to post Share on other sites More sharing options...
BookPusher Posted June 30, 2010 Author ID:276928 Share Posted June 30, 2010 I noticed the space at the end of the search string, so I tried it again, deleting the space, and got this:Windows Registry Editor Version 5.00; Registry Search 2.0 by Bobbi Flekman Link to post Share on other sites More sharing options...
Recommended Posts