msnmsgrsc, how do i get rid of this virus??

ok.. so after almost 6 months of no virus or spyware issues i finally got this annoying spyware, virus or worm thig.. the process is called " msnmsgrsc " and if i close i in the task manager i have no more trouble. but i cant find the damn thing anywhere and therefore cant get rid of it.. ive also tried ad-aware, AVG, search & destroy, some online scans and Kapersky, but none of them find anything.
is there anyone out there who knows about msnmsgrsc? or how i can get rid of it?

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above if you still have a problem:


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

ok, im on it

 

Will be awaiting results and HJT log.

 

ok, i ran a scan and this is what i got:

 

O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe

these and a few more are the ones that are causing the trouble, i think

 

sorry.. here it is as an attachement

 

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.


Now, Please run the below online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

After running the online scans, reboot and post a fresh HJT log.

 

allright, ill get to it!
thanks a lot for the assistance!

 

Your Welcome!

Will be awaiting HJT log.

 

all this scanning takes forever!
but some infected files have been found so far

 

so after all the scanning and the removal of worms and stuff which i never knew of, the same damn virus that started it all is still there.... any ideas?

here is the newes highjack log

 

Download Pocket KillBox
(Don't run it yet)

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Locate PocketKillbox

Now, Copy and Paste C:\WINDOWS\System32\msnmsgrsc.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\System32\repcale.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\System32\palsp.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.


Now, Allow Killbox to reboot your system, after you have rebooted and windows has loaded attach a fresh HJT log.

 

i done all the scans and stuff u said.. i think it worked since the virus doesnt seem to show anymore. thanks a lot for the help dude!

just in case ive added the newest log file

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

MessengerPlus! 3


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dkaemcgsjupllua.com/xQPqTqKCosdomYF/PAlICrqDwKIs1QTTQ7cO9_1YV4XYn6wv1 R_c10RpQAaR2OSh.html

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [MessengerPlus3] "C:\olley\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\olley\MessengerPlus! 3 ←–– Delete this whole folder if it exist!

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Locate PocketKillbox

Now, Copy and Paste C:\WINDOWS\Syetem32\msnmsgrsc.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.


Now allow Killbox to reboot your system, after you have rebooted post a fresh HJT log.