Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusual Virus


  • Please log in to reply
5 replies to this topic

#1 WeTakinOver

WeTakinOver

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 23 August 2013 - 03:09 AM

Hey guys I just joined these forums to ask a single question. My computer is infected with a very unusual virus. The problem is that when I start up my PC, a window shows up telling me that windows has closed explorer.exe to protect my PC. But I just open Task manager to open it again. After that there are nearly 60 process open in the background according to Task manager. Some of these are: otlk.exe, spoolsv.exe and alot more exes. But the most annoying problem is this one: In task manager there is a unknown program named one of my programs and have mrgmrgmrgmrgmrg.exe in front of it. Like if I have opera running, there is also a program called operamrgmrgmrgmrgmrg.exe in the background. This happens with my every program. I tried running the Advance system care 2013 with antivirus pro and it detected thousands of viruses. It deleted all of them, but my PC wont start after I reboot. The desktop shows up without any icons and I cant even open task manager with the keyboard shortcut. After a while the PC shuts down and thats all. I reinstalled my windows but the virus is still there. Please help I even tried to run in Safe mode but it dosent work.

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:58 AM

Posted 23 August 2013 - 05:09 AM

I tried running the Advance system care 2013 with antivirus pro and it detected thousands of viruses.

If you ever had any Antivirus, then this is not a "real" result and shows why so many people do not trust IObit.

 

We would to look deeper to find anything -

 

Download Security Check by Screen317
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Directions Here

 

Also list the Make and Model of computer if known.

 

 

Thank You -



#3 WeTakinOver

WeTakinOver
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 23 August 2013 - 07:17 AM

You sure doing this wont give me a blank desktop like I explained later?

Please help guys.



#4 WeTakinOver

WeTakinOver
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 23 August 2013 - 07:37 AM

Well here is the result:

 

MiniToolBox by Farbar Version: 13-07-2013
Ran by Zohaib n Zain (administrator) on 23-08-2013 at 17:24:24
Running from "C:\Documents and Settings\Zohaib n Zain\My Documents"
Microsoft Windows XP Professional Service Pack 3, v.3244 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/23/2013 05:05:06 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (08/23/2013 05:05:06 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (08/23/2013 04:34:33 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (08/23/2013 04:34:18 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (08/23/2013 00:17:15 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (08/23/2013 00:16:58 PM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (08/23/2013 11:23:19 AM) (Source: .NET Runtime) (User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (08/23/2013 11:02:18 AM) (Source: Application Error) (User: )
Description: Faulting application enditall.exe, version 2.0.0.0, faulting module enditall.exe, version 2.0.0.0, fault address 0x000bc716.
Processing media-specific event for [enditall.exe!ws!]

Error: (08/23/2013 11:02:18 AM) (Source: Application Error) (User: )
Description: Faulting application enditall.exe, version 2.0.0.0, faulting module enditall.exe, version 2.0.0.0, fault address 0x000bc716.
Processing media-specific event for [enditall.exe!ws!]

Error: (08/23/2013 10:58:06 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.


System errors:
=============
Error: (08/04/2013 09:04:16 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/04/2013 09:03:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/04/2013 09:03:16 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/04/2013 09:03:07 AM) (Source: Service Control Manager) (User: )
Description: The FABS - Helping agent for MAGIX media database service failed to start due to the following error:
%%2

Error: (08/04/2013 09:03:07 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1053

Error: (08/04/2013 09:03:07 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.

Error: (08/04/2013 09:02:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Error: (08/04/2013 09:01:23 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Error: (08/04/2013 09:00:06 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Error: (08/03/2013 11:05:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (08/23/2013 05:05:06 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (08/23/2013 05:05:06 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (08/23/2013 04:34:33 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (08/23/2013 04:34:18 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (08/23/2013 00:17:15 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (08/23/2013 00:16:58 PM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (08/23/2013 11:23:19 AM) (Source: .NET Runtime)(User: )
Description: Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (08/23/2013 11:02:18 AM) (Source: Application Error)(User: )
Description: enditall.exe2.0.0.0enditall.exe2.0.0.0000bc716

Error: (08/23/2013 11:02:18 AM) (Source: Application Error)(User: )
Description: enditall.exe2.0.0.0enditall.exe2.0.0.0000bc716

Error: (08/23/2013 10:58:06 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.


=========================== Installed Programs ============================

Leawo AVI Converter version 5.1.0.0 (Version: 5.1.0.0)
µTorrent (Version: 3.2.1.28086)
3D Rad v7.22
7plugincoupon
7-Zip 9.22beta
AC3Filter 2.5b (Version: 2.5b)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.108)
Adobe Flash Player 11 Plugin (Version: 11.6.602.108)
Advanced RAR Repair v1.2
Aiseesoft Total Video Converter 6.2.56
Alky for Applications (Windows XP) (Version: 1.0)
ALPass (Version: 2.8)
ALTools Update
ALZip (Version: v8.0 beta1)
Amnesia - The Dark Descent (Version: 1.0.0)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
Audacity 1.3.4 (Unicode)
Bass Audio Decoder (remove only)
BBrowse22ssave (Version: )
blekko Anti-Phishing (Version: 1.0.0.0)
BootSkin
Boxoft Mp3 to WAV Converter (freeware)
BrowseToSave 1.74
CCleaner (Version: 4.04)
CD Audio Reader Filter (remove only)
Cheat Engine 6.3
Claro Chrome Toolbar (Version: 1.0.0.2)
Claro LTD toolbar
ContentSAFER for Wizmax
ContinueToSave 1.74
conTinueytossave (Version: )
DAEMON Tools Pro (Version: 5.2.0.0348)
DCoder Image Source (remove only)
Delta Chrome Toolbar
Delta toolbar (Version: 1.8.21.5)
DFX (Version: 11.111.0.0)
DirectVobSub (remove only)
Dropbox (Version: 2.2.3)
DScaler 5 Mpeg Decoders
EndItAll 2.0 (Version: 2.0)
EPSON Copy Utility
EPSON Photo Print
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ffdshow v1.2.4489 [2012-10-25] (Version: 1.2.4489.0)
FFMPEG Core Files (remove only)
Folder Guard (Version: 9.0)
FPS Creator Free
Free WMA to MP3 Converter 7.6.0
Funmoods
Gabest MPEG Splitter (remove only)
Gadget Extractor (Version: 3.0.0)
Game Maker 8.0
GameMaker 8.1
GameSpy Arcade
Google Update Helper (Version: 1.3.21.153)
GTASA Ultimate Editor 3.6.6 (Version: 3.6.6)
GTR 2 1.0.0.0 (Version: v1.0.0.0)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
iMesh (Version: 11.0.0.130706)
Inpaint 5.1
Intel® Graphics Media Accelerator Driver (Version: 0.0.0.0000)
Internet Download Manager
IrfanView (remove only) (Version: 4.35)
Java 7 Update 9 (Version: 7.0.90)
K-Lite Codec Pack 8.7.0 (Basic) (Version: 8.7.0)
Lame ACM MP3 Codec
LAV Filters 0.57.0 (Version: 0.57.0)
Left 4 Dead
Letasoft Sound Booster version 1.1 (Version: 1.1)
maComfort (Version: 1.6.0.0)
MadVR (remove only)
MAGIX Content and Soundpools (Version: 1.0.0.0)
MAGIX Music Maker 2013 Premium Soundpools (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download Version (Version: 18.0.0.42)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27)
Media converter
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobile Ringtone Converter 2.3.348 (Version: 2.3.348)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MP3 WAV Converter 2.65
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NCDownloader (Version: 1.0)
OGG to MP3 Converter
OpenAL
OpenMG Secure Module 5.0.00 (Version: 5.0.00.11280)
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Opera 12.11 (Version: 12.11.1661)
Overspeed: High Performance Street Racing version 1.0.0 (Version: 1.0.0)
Pazera Free MP4 to AVI Converter 1.6 (Version: 1.6)
PCSX2 - Playstation 2 Emulator
Pepakura Designer 3
PhotoFiltre 7
Postal 2 Complete
PrivitizeVPN (Version: 1.0.0)
Project IGI
RAR Password Recovery v1.1 RC16 (remove only)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.11.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6449)
RealUpgrade 1.1 (Version: 1.1.0)
RegClean Pro (Version: 6.21)
RGSS-RTP Standard (Version: 1.0.0)
RGSS-RTP Standard (Version: 1.04)
RPG MAKER VX Ace (Version: 1.01a)
RPG MAKER VX Ace RTP (Version: 1.00)
RPG Maker VX RTP (Version: 1.02)
RPG Maker XP (Version: 1.04)
RPGXP (Version: 1.0.0)
Safari (Version: 5.34.57.2)
San Andreas Mod Installer (Version: 1.1)
Sanny Builder 3.04
savenshaere (Version: 1.0.0.1954)
SaveShare 1.74
ScanToWeb
Search Assistant WebSearch 1.74
SearchNewTab (Version: 1.2.0.1840)
Search-Results Toolbar (Version: 1.0.0.12)
SketchUp 8 (Version: 3.0.16846)
SketchyPhysics3.1
Small Terrain Pack for 3D Rad 6.38 and later
Software Version Updater (Version: 1.1.3.6)
SonicStage 4.3 (Version: 4.3)
Sony Noise Reduction Plug-In 2.0h (Version: 2.0.451)
Sony Sound Forge 9.0 (Version: 9.0.441)
SpeeditupFree (Version: 7.99)
SpiceFX for Movie Maker
Street Legal Racing - Redline (Version: 2.2.1)
SWF Opener (Version: 1.3)
System Requirements Lab CYRI (Version: 5.0.6.0)
System Requirements Lab for Intel (Version: 4.5.15.0)
Text-To-Speech-Runtime (Version: 1.0.0.0)
THE_LEGEND_OF_ZELDA_25th_ANNIVERSARY
TornTV (Version: 2.1 Build 26473)
Tunngle beta
Unity Web Player (Version: )
Universal Extractor 1.6.1 (Version: 1.6.1)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Windows XP (KB898461) (Version: 1)
Vidmex 1.39
VLC media player 2.0.4 (Version: 2.0.4)
WavePad Sound Editor (Version: 5.48)
WBFS to ISO
WebFldrs XP (Version: 9.50.7523)
Windows Movie Maker 6.1
Windows Sidebar (Version: 6.0.6001.16510)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
Yahoo! Install Manager
Yahoo! Widgets (Version: 4.5.2.0)
YTD Video Downloader 4.0 (Version: 4.0)
zeckensack's Glide wrapper (remove only)
ZGame Toolbar (Version: 1.0.0.12)
ZIP RAR ACE Password Recovery (Version: 2.46.37)
Zoom Player (remove only)

========================= Memory info: ===================================

Percentage of memory in use: 68%
Total physical RAM: 1011.77 MB
Available physical RAM: 315.18 MB
Total Pagefile: 1615.5 MB
Available Pagefile: 977.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.27 MB

========================= Partitions: =====================================

1 Drive c: ( ) (Fixed) (Total:9.77 GB) (Free:0.13 GB) NTFS
2 Drive d: () (Fixed) (Total:9.77 GB) (Free:0.13 GB) NTFS
3 Drive e: () (Fixed) (Total:9.77 GB) (Free:0.06 GB) NTFS
4 Drive f: () (Fixed) (Total:9.77 GB) (Free:1.72 GB) NTFS
5 Drive g: () (Fixed) (Total:35.45 GB) (Free:0.75 GB) NTFS

========================= Users: ========================================

User accounts for \\ZOHAIB-F6605645

Administrator Apple ASPNET
fbwuser Guest HelpAssistant
SUPPORT_388945a0 Windows 7 Zohaib n Zain

========================= Minidump Files ==================================

No minidump file found


**** End of log ****



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:58 AM

Posted 23 August 2013 - 04:41 PM

Hi -

These are the most basic of checks to be sure you have no system problems.

 

None of these 3 scans has been known to cause a problem.

 

Could you post the other 2 scans, or ask for help if required.

 

 

Thank You -



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:58 AM

Posted 23 August 2013 - 06:47 PM

A very quick reply on what you have shown in just one scan (I need all 3 scans)

 

If you are concerned at all, then the programs listed below are what will cause more problems.
TornTV / RegClean Pro / Java 7 Update 9 (outdated) / Funmoods / EndItAll 2.0
Cheat Engine 6.3 / µTorrent (Version: 3.2.1.28086) / savenshaere / ContinueToSave 1.74
conTinueytossave (Version: ) = 60/ 100 Rating /

EndItAll 2.0 (Version: 2.0) - Review mentions : Installed other applications which I didn't want as well. Put 3 programs in the start up folder - wouldn't trust or recommend.

 

Is / was this computer situated in Europe / Germany area ? (Just a guess)

 

Shim database version C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory
These errors (10 in total) are related to .NET Framework 4 only.

 

NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.
This error (shows 6 times) and relates to .NETFramework2 only
I searched MSDN for ".NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a" and got 31 hits.
Unfortunately, none of the articles seem to have a quick fix for you.
In several of the threads, the error message you show was associated was associated with virus/malware infection, so you might want to make sure your AV and anti-malware software is up to date and do full syatem scans to see if anything appears.

 

NOTE : You have no Antivirus / Antimalware listed in programs ??

Please complete the other 2 scans requested, as I can not finish / add my full reply -

 

 

Thank You -






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users