help me please

Question

help ads keep popping up when ever i connect to the internet. my antivirus does not run and everytime i run hijack this it closes. my internet sttings are changing constantly. i tried everything and i am at wits nd plese help soon!!! my computer is running very slowly and some programs run slow or dont run at all

secured2k · Answer

Rename your HiJackthis.exe file to something else. Then try to run it.   For example, HiJackThis.exe -> helpme.exe     You may also try running HiJackThis in Safe Mode.   (Problem is a virus running in the background killing the process named HiJackthis.exe)

secured2k · Answer

Restart your computer in Safe mode and Run HiJackThis (help me.exe)

Scan, check, and fix/repair the following items:

O4 - HKLM\..\Run: [svshost] C:\WINDOWS.0\System32\gryvzgfiy\svshost.exe
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS.0\System32\mmsvc32.exe
O4 - HKLM\..\Run: [winnt] winnt.exe
O4 - HKLM\..\Run: [Microsoft Windows Game Updater] msgame32.exe
O4 - HKLM\..\Run: [etbrun] C:\windows.0\system32\elitesrf32.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS.0\etb\pokapoka76.exe
O4 - HKLM\..\RunServices: [winnt] winnt.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Game Updater] msgame32.exe
O4 - HKCU\..\Run: [svshost] C:\WINDOWS.0\System32\gryvzgfiy\svshost.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Important Notes:

You have Windows XP Gold installed. After cleaning up your computer (running an up-to-date VirusScan) please install Service Pack 2. http://update.microsoft.com/MicrosoftUpdate
Please make sure your computer's Windows Firewall is enabled. This will prevent your computer from automatically being infected over the internet. See the follwing link: http://protect.microsoft.com/security/protect/WSA/en/default.asp
Please follow the instructions here to scan and clean your computer of viruses. DOS VirusScan Instructions for Hard to Remove Viruses

Based on the file names, Elitebar/Adclicker-BA and SdBot are running on the computer.

Message Edited by secured2k on 10-23-2005 08:31 AM

matt4018 · Answer

it worked but now i dont kno what to delete. please help again thanks.           Logfile of HijackThis v1.99.1 Scan saved at 9:06:45 AM, on 10/23/2005 Platform: Windows XP  (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\System32\devldr32.exe C:\WINDOWS.0\system32\LEXBCES.EXE C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\system32\LEXPPS.EXE C:\WINDOWS.0\System32\CTsvcCDA.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~2\SPEEDD~1
opdb.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\System32\winnt.exe C:\WINDOWS.0\System32\msgame32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS.0\etb\pokapoka76.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\hijackthis\help me.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\Updreg.exe O4 - HKLM\..\Run: [svshost] C:\WINDOWS.0\System32\gryvzgfiy\svshost.exe O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS.0\System32\mmsvc32.exe O4 - HKLM\..\Run: [winnt] winnt.exe O4 - HKLM\..\Run: [Microsoft Windows Game Updater] msgame32.exe O4 - HKLM\..\Run: [etbrun] C:\windows.0\system32\elitesrf32.exe O4 - HKLM\..\Run: [System service76] C:\WINDOWS.0\etb\pokapoka76.exe O4 - HKLM\..\RunServices: [winnt] winnt.exe O4 - HKLM\..\RunServices: [Microsoft Windows Game Updater] msgame32.exe O4 - HKCU\..\Run: [Spam Monitor] C:\Program Files\Spam Monitor\SpamMonitor.Exe O4 - HKCU\..\Run: [svshost] C:\WINDOWS.0\System32\gryvzgfiy\svshost.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Microsoft AntiSpyware helper - {6C2913C3-08F1-49FC-A0E7-BB26B1E03E62} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6C2913C3-08F1-49FC-A0E7-BB26B1E03E62} - (no file) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122150855407 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C59BFD98-A0A7-46C6-ADBE-87A09F75F356}: NameServer = 196.3.132.1 196.3.132.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - 'C:\PROGRA~1\MSNMES~1\msgrapp.dll' (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\System32\CTsvcCDA.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS.0\system32\LEXBCES.EXE O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1
opdb.exe

Virus & Spyware

Was this post helpful?