[MJMAD]

I have a virus and i need help. my comp is soo slow at the moment and i keep having to restart

ive been to this link but to be honest its no help atall as now i cant even open norton antivirus.

http://vil.mcafeesec...nt/v_102323.htm

admin...help please!!!

[Advertisements]

Hi MJMad. Welcome to Geeks to Go.

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

[coachwife6]

Hi MJMad. Welcome to Geeks to Go.

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

[MJMAD]

here are the result. hope you can help

Logfile of HijackThis v1.98.2
Scan saved at 13:16:15, on 04/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\inetform.exe
C:\WINDOWS\System32\recall.exe
C:\WINDOWS\System32\windnsd.exe
C:\WINDOWS\System32\crsrs.exe
C:\WINDOWS\System32\winnt.exe
C:\WINDOWS\System32\winreg.exe
C:\WINDOWS\System32\wmplayer.exe
C:\WINDOWS\System32\msnmsgrr.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\WINDOWS\System32\tres32.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\krpaja.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
C:\WINDOWS\System32\sres32.exe
C:\kirby.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\w32dlli.exe
C:\Documents and Settings\Owner\Application Data\ttuh.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\sdsd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\James Work\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA880F} - (no file)
O4 - HKLM\..\Run: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\Run: [Systesms.exe] Systesms.exe
O4 - HKLM\..\Run: [Registry Checkup] winreg.exe
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Windows Media Player Update] jqshyrd.exe
O4 - HKLM\..\Run: [security service] syss.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [OEM Tools 32] tres32.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [uporxn] C:\WINDOWS\System32\krpaja.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\bfpoye.exe
O4 - HKLM\..\Run: [Windows Hic Bk Systems] inetform.exe
O4 - HKLM\..\Run: [netservices] recall.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\Run: [Services] C:\kirby.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\dpzchu.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\w32dlli.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\ihnvmsko.exe
O4 - HKLM\..\RunServices: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\RunServices: [Systesms.exe] Systesms.exe
O4 - HKLM\..\RunServices: [Registry Checkup] winreg.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
O4 - HKLM\..\RunServices: [Windows Media Player Update] jqshyrd.exe
O4 - HKLM\..\RunServices: [security service] syss.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [OEM Tools 32] tres32.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Windows Hic Bk Systems] inetform.exe
O4 - HKLM\..\RunServices: [netservices] recall.exe
O4 - HKLM\..\RunServices: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunOnce: [Windows Hic Bk Systems] inetform.exe
O4 - HKLM\..\RunOnce: [netservices] recall.exe
O4 - HKLM\..\RunOnce: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [Systesms.exe] Systesms.exe
O4 - HKCU\..\Run: [Registry Checkup] winreg.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Windows Media Player Update] jqshyrd.exe
O4 - HKCU\..\Run: [OEM Tools 32] tres32.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Windows Hic Bk Systems] inetform.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [netservices] recall.exe
O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\RunServices: [Windows Media Player Update] jqshyrd.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...9b844b3bca43e7d
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...ildAppNonUS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{245EBFBC-00CE-4747-9CF2-279515761560}: NameServer = 194.72.9.38 194.74.65.87
O17 - HKLM\System\CS1\Services\Tcpip\..\{245EBFBC-00CE-4747-9CF2-279515761560}: NameServer = 194.72.9.38 194.74.65.87
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Gffmbnib.dll

[admin]

If you're able, please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

When finished, reboot and post a fresh Hijack This log in this same topic.