Msserver On Hpdual Core With Vista[RESOLVED]

HPriser

By HPriser,
in Malware Removal

 Share Followers 0

Recommended Posts

HPriser

HPriser

Posted
Posted

I’m getting Pop-Unders and Pop-Ups I never had before. I've seen this before here so it's not new but I can't follow the fixes described for other computers. Please help.

Symptoms:

There is an additional entry added to my System Configuration startup list:

MSServer

Followed by the command:

rundll32.exe C:\Windows\System32\tuvvSjvX.dll,#1

and Location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I ran ATF Cleaner.

Here is my Hijack this file:

Logfile of HijackThis v1.99.1

Scan saved at 8:20:21 AM, on 11/23/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\iRotate\iRotate.exe

C:\Windows\system32\taskeng.exe

C:\Windows\firefox.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Windows\telnet.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Windows\System32\svchost.exe

C:\Program Files\SiteAdvisor\6253\SAService.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\HPriser\Downloads\KEEPERS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surflite.info/search.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\IESurfBar\SurfLite Toolbar\tbhelper.dll

O2 - BHO: TBSB01419 - {714758BE-281E-4BDA-9190-413BFBD3399B} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll

O2 - BHO: (no name) - {A878D9AC-C247-457D-AA2E-05D756334B4D} - C:\Windows\system32\mlJaWqQg.dll

O2 - BHO: pl - {B200799F-9538-403d-9A6E-36F5942EC540} - C:\Windows\System32\fklame32.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: (no name) - {91549F7B-90F9-4BBA-8599-7515EB4D87C1} - (no file)

O3 - Toolbar: SurfLite Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvvSJbX.dll,#1

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - Startup: iRotate.lnk = C:\Program Files\iRotate\iRotate.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: SurfLite Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll

O9 - Extra 'Tools' menuitem: SurfLite Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB

O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB

O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///E:/CDVIEWER/CdViewer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E8F4118-88CE-49D9-B170-C29BA859AB6E}: NameServer = 85.255.112.120;85.255.112.170

O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\System32\CTSVCCDA.EXE

O23 - Service: Network Service (firefox) - Unknown owner - C:\Windows\firefox.exe

O23 - Service: Logical Disk Service (flashget) - Unknown owner - C:\Windows\flashget.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdzmq.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Link to post
Share on other sites
HPriser

HPriser

Posted
  • Author
Posted (edited)

SOLVED

OK. I solved the problem. Here is what I did:

Downloaded Malwarebytes Anti-Malware (mbam) from http://www.besttechie.net/tools/mbam-setup.exe, and saved it.

* Double-click on Download_mbam-setup.exe to install the application.

* When the installation begins, follow the prompts and do not make any changes to default settings.

* When installation has finished, make sure you leave both of these checked:

o Update Malwarebytes' Anti-Malware

o Launch Malwarebytes' Anti-Malware

* Then click Finish.

* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.

My notes for using MBAM are:

Launch Malwarebytes’ Anti-Malware

Check the Update Tab and check for updates.

Click Scanner Tab and Check “Perform Full Scan.â€

· Click “Scanâ€

· Uncheck K drive and all other drives except C.

· click on the “Start Scan†button.

· The scan will begin and "Scan in progress" will show at the top. This will take about 1 hour 25 minutess to complete for C drive only.

· When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

· Click OK to close the message box and continue with the removal process.

· Back at the main Scanner screen, click on the Show Results button to see a list of any Malware that was found.

· Make sure that everything is checked, and click Remove Selected.

· When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

· The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

· Exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Edited by HPriser
Link to post
Share on other sites
Andro1d

Andro1d

Posted
Posted

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing