system infected with security suite

[karman]

yes..of course...

Hi ,
I am sorry that I cudnt reply immediately. I have problems in connecting to Internet.

right now I am replying from my friends laptop Will bring my laptop to my friends home and post the logs if I cudnt post it from my home.

I will post the logs tomorrow. Please do not close this thread.

 

[ken545]

Not to worry, I will keep this thread open for you.

 

[karman]

successfully removed !!!

Hi ,

At last the entries are gone

I have discovered some hidden secrets in your fix.:crowned:

You havent deleted 3 entries and they are still there....am i right?

I think you are trying to check if this solution is going to work..and now i think it has worked. I am posting the OTL scan log (run in safe mode with all radios NONE - including the FileAge radios)

***OTL Run Scan Log***
OTL logfile created on: 11/15/2010 7:52:37 PM - Run 9
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 171.68 Gb Free Space | 60.58% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS

Computer Name: MANJULA-HOME | User Name: Home | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

MsConfig:64bit - StartUpFolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe - (Stardock Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinUpdate.lnk - C:\Users\Home\AppData\Roaming\Template\VCLUPL~1\msftstp.exe - ()
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Lvgciejlkc - hkey= - key= - C:\Users\Home\AppData\Local\Temp\cmd.exe File not found
MsConfig:64bit - StartUpReg: Lvgciejlpe - hkey= - key= - C:\Users\Home\AppData\Local\Temp\csrss.exe File not found
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Search Protection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig:64bit - StartUpReg: SightSpeed - hkey= - key= - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
MsConfig:64bit - StartUpReg: sppobv - hkey= - key= - C:\Users\Home\AppData\Local\Temp\mskpwvmx.DLL File not found
MsConfig:64bit - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found
MsConfig:64bit - StartUpReg: YSearchProtection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

< End of report >

 

[ken545]

Hi,

I put this in incorrectly

Run this fix again and then run msconfig like you did with OTL and lets see if there gone

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sppobv]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlkc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpe]

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this

 

[karman]

its gone...

hi,


i ran the fix and the entries are gone now...

otl log below...

OTL logfile created on: 11/15/2010 8:54:30 PM - Run 10
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 171.56 Gb Free Space | 60.54% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS

Computer Name: MANJULA-HOME | User Name: Home | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

MsConfig:64bit - StartUpFolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe - (Stardock Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinUpdate.lnk - C:\Users\Home\AppData\Roaming\Template\VCLUPL~1\msftstp.exe - ()
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Search Protection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig:64bit - StartUpReg: SightSpeed - hkey= - key= - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
MsConfig:64bit - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found
MsConfig:64bit - StartUpReg: YSearchProtection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

< End of report >

 

[ken545]

Been at this to close to seven years and 64bit windows is another animal, lots to learn myself with this new operating system

How is everything running now, did you get your internet problem fixed ?

 

[karman]

thanks a million

yes...system is working fine...the internet problem is fixed...that is with the network connection and not related to our system...

thanks a million for cleaning all the traces.:thanks:..i am happy to close this thread if you are....

Advanced Merry Christmas and Happy New year...resent:

 

[ken545]

Great, glad things are back to normal for you. Its been my pleasure helping you. Happy Holidays to you and your family as well

Open OTL and click on the Cleanup feature and it will remove most of or all the programs we used to clean your system.

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[ken545]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.