Solve : msnmgnr.exe problem..? – InterviewSolution

InterviewSolution

1.	Solve : msnmgnr.exe problem..?
Answer» hello, everyone...i'm a newbie. can anybody help me with this worm. missing file msnmgnr.exe keeps showing up every start up. at first i thought i need to replace my BIOS battery because my date and time setting always resets.and then after some time my monitor turns on and off when it is only a month old. here is my LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:17:07 PM, on 7/14/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SEARCH Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {86053272-2825-7434-6472-5599ca323026} - (no file) O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office GENUINE Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/BookWorm/Images/stg_drm.ocx O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative TOOLBOX Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/BookWorm/Images/armhelper.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe LTD. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9a059b2e3af89) (gupdate1c9a059b2e3af89) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/XP2/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 10562 bytes THANK YOU VERY MUCH .. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/14/2009 at 01:49 PM Application Version : 4.26.1006 Core Rules Database Version : 3992 Trace Rules Database Version: 1932 Scan type : Quick Scan Total Scan Time : 00:16:36 Memory items scanned : 488 Memory threats detected : 0 Registry items scanned : 493 Registry threats detected : 11 File items scanned : 5793 File threats detected : 4 Adware.Tracking Cookie C:\Documents and Settings\XP2\Cookies\[emailprotected][8].txt C:\Documents and Settings\XP2\Cookies\[emailprotected][11].txt ads.revsci.net [ C:\Documents and Settings\XP2\Application Data\Mozilla\Firefox\Profiles\k10ihc17.default\cookies.txt ] counter.hitslink.com [ C:\Documents and Settings\XP2\Application Data\Mozilla\Firefox\Profiles\k10ihc17.default\cookies.txt ] Adware.HBHelper HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID Browser Hijacker.Deskbar HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32 HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Discussion

No Comment Found

Related InterviewSolutions