1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PROBLEM WITH "mgrs.exe"

Discussion in 'Virus & Other Malware Removal' started by nfgbum13, Jul 9, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. nfgbum13

    nfgbum13 Thread Starter

    Joined:
    Jul 9, 2007
    Messages:
    4
    I was receiving many pop-ups and i would click on programs and they would just fail to open, and there was a big red sign that took over my desktop picture that said" YOUR PRIVACY IS IN DANGER!!!".We found alot of spy ware and got rid of it using Spy No More, Avg. Anti Virus, Spybot, Adware, Spyware Blaster, NOD32, and Counter spy.
    Everything seemed ok for about a day and then programs started hanging after they are opened, and its very slow, and it keeps trying to open Windows Explorer even though i always use Firefox. I looked through the running processes to see if there was anything running that i didn't know about and the only one that i didn't recognize was "mgrs.exe". I was looking through this forum and saw that some other people had problems with this program too.

    I have already downloaded HiJackThis and am ready to accept any help you can give.

    Thank you in advance!!!

    - nfgbum13
     
  2. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hello and wecome to . My name is DFW and I will be assisting you with your malware issues .

    Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
    As I am still on training, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.
    • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
    • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
    • Please bookmark or favourite this page. In case you need it as reference or etc.



    Please follow the instructions below to download, install, create a desktop shortcut and post your hijackthis log.

    Go to Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.
    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch HijackThis.
    Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Paste the log in your next reply.
    If you haven't already posted then register & start a new thread in the Malware Removal section
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. nfgbum13

    nfgbum13 Thread Starter

    Joined:
    Jul 9, 2007
    Messages:
    4
    Here is the log that u need.


    Logfile of HijackThis v1.99.1
    Scan saved at 1:16:14 PM, on 7/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: MSVPS System - {100B21CD-3B97-44FB-B1C0-EA6249E482E8} - C:\WINDOWS\ddesupport.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: msole - {F3159084-C71C-49EB-99CE-538CD8E8AB96} - C:\WINDOWS\msole.dll (file missing)
    O21 - SSODL: msdde - {41C55E1B-5D87-4789-A1E3-07FFBB30D571} - C:\WINDOWS\msdde.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    Hope this Helps!!! thanks

    -NFGBUM13
     
  4. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi nfgbum13




    Make a uninstall list using HijackThis To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.

    [​IMG]5.

    Click on the Save list... button and specify where you would like to save this file.

    When you press Save button a notepad will open with the contents of that file.
    Simply copy and paste the contents of that notepad here on your next reply.









    As you have Nod32 install please read note at the bottom of next part, you may need to turn of IMON scanning to download this fix, then turn it back on again.

    Please download SmitfraudFix (by S!Ri)

    Double-click SmitfraudFix.exe.
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes.
    Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

    http://www.beyondlogic.org/consulting/proc...processutil.htm



    Please post the Uninstall list and the SmitfraudFix Log
     
  5. nfgbum13

    nfgbum13 Thread Starter

    Joined:
    Jul 9, 2007
    Messages:
    4
    This is the "HijackThis" log


    Ad-Aware SE Professional
    Adobe Flash Player ActiveX
    AIM 6
    Apple Software Update
    AVG Anti-Spyware 7.5
    BitTorrent 5.0.7
    Broadcom Advanced Control Suite
    Combined Community Codec Pack 2007-02-22
    Hijackthis 1.99.1
    HijackThis 1.99.1
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB926239)
    Intel(R) PRO Ethernet Adapter and Software
    iTunes
    J2SE Runtime Environment 5.0 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    LimeWire 4.12.11
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mozilla Firefox (2.0.0.3)
    Mozilla Firefox (2.0.0.4)
    NOD32 antivirus system
    NOD32 FiX v2.1
    QuickTime
    RealPlayer
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    SoundMAX
    Spybot - Search & Destroy 1.4
    SpyNoMore 2.56
    SpywareBlaster v3.5.1
    Sunbelt CounterSpy
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB936357)
    VideoLAN VLC media player 0.8.6b
    Viewpoint Media Player
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinRAR archiver
    XVideo Support
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger


    This is the "SmitFraudFix" report


    SmitFraudFix v2.202

    Scan done at 13:23:15.64, Wed 07/11/2007
    Run from C:\Documents and Settings\Paul\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\mgrs.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\mgrs.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Paul\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\DOCUME~1\Paul\Desktop\Spyware?Malware Protection.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"=""
    "SubscribedURL"=""
    "FriendlyName"="Privacy Protection"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.0.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9AC65B51-9DE7-40B8-928C-3003C71AE930}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{9AC65B51-9DE7-40B8-928C-3003C71AE930}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{9AC65B51-9DE7-40B8-928C-3003C71AE930}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End



    Thanks

    NFGBUM13
     
  6. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at
    certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below.
    If there's anything that you don't understand, ask your question(s) before moving on with the fixes.



    Please UPDATE you AVG Antispyware, as we will put it to use soon




    You are running a P2P filesharing program.
    • BitTorrent 5.0.7
      LimeWire 4.12.11

    • Many of these programs come with unwanted components bundled with them.
    • If you wish to find out whether the one you're using does click here.
    My recommendation is you uninstall it.






    Reconfigure Windows XP to show hidden files:
    Double-click the My Computer icon on the Windows desktop.
    Select the Tools menu and click Folder Options. Select the View Tab.

    Under the Hidden files and folders heading select "Show hidden files and folders".
    Uncheck the "Hide protected operating system files (recommended)" option.
    Uncheck the "Hide file extensions for known file types" option.
    Click Yes to confirm. Click OK.






    Update SmitfraudFix definitions
    Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
    Select option #4 - Update by typing 4 and press Enter
    Note: If there has been no more than a day since your downloaded SmitfraudFix there is no need to update.




    We Now Need To Boot Into Safemode Now

    Restart your computer.
    When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory,
    hard drives installed etc (BOOT SCREEEN).
    At this point you should gently tap the F8 key repeatedly until you are presented with a Options menu.
    Select the option for Safe Mode using the arrow keys.
    Then press enter on your keyboard to boot into Safe Mode.

    INFO http://www.bleepingcomputer.com/tutorials/tutorial61.html




    Once in Safe Mode, double-click on SmitfraudFix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to
    remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y
    and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into safe mode.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.








    We need you to remove programs from the Add/Remove Programs List

    Please go to: Start Menu\Settings\Control Panel\Add/Remove Programs

    Find and remove these programs (if they are present)


    Viewpoint Media Player
    XVideo Support


    BitTorrent 5.0.7 <<<<if you decide to uninstall
    LimeWire 4.12.11 <<<<if you decide to uninstall





    Open up Hijackthis
    Click on do a system scan only.
    Place a checkmark next to these lines(if still present)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <http://gomyron.com/NjU2NA==/2/3560/homepage/>
    O2 - BHO: MSVPS System - {100B21CD-3B97-44FB-B1C0-EA6249E482E8} - C:\WINDOWS\ddesupport.dll
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O21 - SSODL: msole - {F3159084-C71C-49EB-99CE-538CD8E8AB96} - C:\WINDOWS\msole.dll (file missing)
    O21 - SSODL: msdde - {41C55E1B-5D87-4789-A1E3-07FFBB30D571} - C:\WINDOWS\msdde.dll (file missing)


    Then close all windows except Hijackthis and click Fix Checked





    Delete suspect files/folders
    Using Windows Explorer, browse for the following files/folders and delete as instructed
    NB Some files may have already been deleted by earlier actions so don't worry if you do not see them:



    FILES

    C:\WINDOWS\ddesupport.dll
    C:\WINDOWS\avp.exe
    C:\WINDOWS\msole.dll
    C:\WINDOWS\msdde.dll

    Folders

    C:\Program Files\Viewpoint Media Player


    Now we need to do a search.
    Start > Search > For Files and Folders.
    Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
    Paste this into the Search for files and folders named box:

    mgrs.exe

    And Delete It







    Navigate to C:\Windows\Temp Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp Click Edit, click Select All, press the DELETE key,
    and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Clean out your Temporary Internet files. Proceed like this:

    Quit Internet Explorer and quit any instances of Windows Explorer.

    Click Start, click Control Panel, and then double-click Internet Options.

    On the General tab, click Delete Files under Temporary Internet Files.

    In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    Click OK.

    Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button.
    Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar.
    If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.




    Restart your PC in Normal Mode



    Now Run A AVG AS Scan

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may
    interfere with the scanning process:
    2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
    5. If you have any infections you will be prompted. Then select "Apply all actions."
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left- hand of the screen and save it to a text file on your system
    (make sure to remember where you saved that file. This is important).
    8. Close AVG Anti-Spyware.




    Double-click SmitfraudFix.exe
    Select option #3 - Delete Trusted zone by typing 3 and press Enter.
    Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

    Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster,
    run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection
    .




    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java(TM) SE Runtime Environment 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.






    Please post the AVG AS log, the SmitfraudFix.exe
    which is here, C:\rapport.txt and a new HJT log.


    .
     
  7. nfgbum13

    nfgbum13 Thread Starter

    Joined:
    Jul 9, 2007
    Messages:
    4
    Sorry for the delay!!! I'm having some trouble with my internet connection but its all figured out now! I should have what you need posted by tomorrow. Sorry again!



    NFGBUM13
     
  8. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi nfgbum13

    Thats fine..
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593846

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice