Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Exploit-DcomRpc.gen virus. HELP!

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
I have a virus and i need help. my comp is soo slow at the moment and i keep having to restart

ive been to this link but to be honest its no help atall as now i cant even open norton antivirus.


admin...help please!!!
  • 0





  • Retired Staff
  • 11,413 posts
Hi MJMad. Welcome to Geeks to Go.

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
here are the result. hope you can help <_<

Logfile of HijackThis v1.98.2
Scan saved at 13:16:15, on 04/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Documents and Settings\Owner\Application Data\ttuh.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\James Work\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA880F} - (no file)
O4 - HKLM\..\Run: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\Run: [Systesms.exe] Systesms.exe
O4 - HKLM\..\Run: [Registry Checkup] winreg.exe
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Windows Media Player Update] jqshyrd.exe
O4 - HKLM\..\Run: [security service] syss.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [OEM Tools 32] tres32.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [uporxn] C:\WINDOWS\System32\krpaja.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\bfpoye.exe
O4 - HKLM\..\Run: [Windows Hic Bk Systems] inetform.exe
O4 - HKLM\..\Run: [netservices] recall.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\Run: [Services] C:\kirby.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\dpzchu.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\w32dlli.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\ihnvmsko.exe
O4 - HKLM\..\RunServices: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\RunServices: [Systesms.exe] Systesms.exe
O4 - HKLM\..\RunServices: [Registry Checkup] winreg.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
O4 - HKLM\..\RunServices: [Windows Media Player Update] jqshyrd.exe
O4 - HKLM\..\RunServices: [security service] syss.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [OEM Tools 32] tres32.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Windows Hic Bk Systems] inetform.exe
O4 - HKLM\..\RunServices: [netservices] recall.exe
O4 - HKLM\..\RunServices: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunOnce: [Windows Hic Bk Systems] inetform.exe
O4 - HKLM\..\RunOnce: [netservices] recall.exe
O4 - HKLM\..\RunOnce: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [Systesms.exe] Systesms.exe
O4 - HKCU\..\Run: [Registry Checkup] winreg.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Windows Media Player Update] jqshyrd.exe
O4 - HKCU\..\Run: [OEM Tools 32] tres32.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Windows Hic Bk Systems] inetform.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [netservices] recall.exe
O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\RunServices: [Windows Media Player Update] jqshyrd.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...9b844b3bca43e7d
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...ildAppNonUS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{245EBFBC-00CE-4747-9CF2-279515761560}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{245EBFBC-00CE-4747-9CF2-279515761560}: NameServer =
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Gffmbnib.dll
  • 0



    Founder Geek

  • Administrator
  • 24,490 posts
If you're able, please run a free online virus scan here (tick the "Auto Clean" checkbox):

And a free trojan scan here:

When finished, reboot and post a fresh Hijack This log in this same topic. <_<
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP