hey i just got one virus in my computer i dont know where its in but it makes my computer slower how do i make the virus go away :9 i just got a new computer :( HELP ME PLEASE :( i have nortan anti virus and mcafee internet security :( hep me :(

Hi b|ingB|ing - Go here (http://www.spywareinfo.com/files/startuplist.zip) and download and run Startup List. It will generate a log file. Copy the log and paste it back into this thread

StartupList report, 1/11/2003, 7:08:28 PM
StartupList version: 1.50
Started from : C:\Documents and Settings\Mike Kim\Desktop\startuplist\StartupList.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\SaveNow\SaveNow.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\DelFin\PromulGate\PgMonitr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DIRECTV DSL\DIRECTVDSL.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\PROGRA~1\NORTON~1\QServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Mike Kim\Desktop\startuplist\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
DIRECTV DSL.lnk = C:\Program Files\DIRECTV DSL\DIRECTVDSL.exe
Microsoft Works Calendar Reminders.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
IMJPMIG8.1 = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
IMEKRMIG6.1 = C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
MSPY2002 = C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
AIM = C:\Program Files\AIM95\aim.exe -cnetwait.odl
McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
HKLM\..\Windows\CurrentVersion\WinLogon: load=
HKLM\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
HKCU\..\Windows\CurrentVersion\WinLogon: load=
HKCU\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

*INI section not found*
*INI section not found*
*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
*Registry value not found*

Policies Shell key:

HKCU\..\Policies: *Registry key not found*
HKLM\..\Policies: *Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\NewDotNet\newdotnet4_50.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
CSBHO - C:\Program Files\Comet\Bin\csbho.dll - {D14D6793-9B65-11D3-80B6-00500487BDBA}
(no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

ISP signup reminder 1.job
ISP signup reminder 2.job
ISP signup reminder 3.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

[Neowork Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\Comnekr.ocx
CODEBASE = http://icons.com.ne.kr/active-x/shortcut/Comnekr.cab

[session Class]
InProcServer32 = C:\WINDOWS\System32\sayax.dll
CODEBASE = http://dl.sayclub.com/sayclub/sayctl/sayax.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[AniCast2 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\axACast2.dll
CODEBASE = http://patzzi.oraq.com/player/control/axacast2.cab

[LoginForm Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\LoginActiveX.dll
CODEBASE = http://pointsok.okcashbag.com/skmpp/SKMPPClient2.cab

[DameSetupInit Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\dmsetupi.dll
CODEBASE = http://messenger.daum.net/download/dmsetupi.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\NewDotNet\newdotnet4_50.dll
Protocol #1: C:\WINDOWS\System32\CSLSP.DLL
Protocol #2: C:\WINDOWS\System32\CSLSP.DLL
Protocol #3: C:\WINDOWS\System32\CSLSP.DLL
Protocol #4: C:\WINDOWS\System32\CSLSP.DLL
Protocol #5: C:\WINDOWS\System32\CSLSP.DLL
Protocol #6: C:\WINDOWS\System32\CSLSP.DLL
Protocol #7: C:\WINDOWS\System32\CSLSP.DLL
Protocol #8: C:\WINDOWS\System32\CSLSP.DLL
Protocol #9: C:\WINDOWS\System32\CSLSP.DLL
Protocol #10: C:\WINDOWS\System32\CSLSP.DLL
Protocol #11: C:\WINDOWS\System32\CSLSP.DLL
Protocol #12: C:\WINDOWS\System32\CSLSP.DLL
Protocol #13: C:\WINDOWS\System32\CSLSP.DLL
Protocol #27: C:\WINDOWS\System32\CSLSP.DLL

--------------------------------------------------
End of report, 9,975 bytes
Report generated in 3.063 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

ok i did it

Hi b|ingB|ing - I cannot see a virus or trojan in your startups however you do have a bunch of spyware that is probably causing the problem.

Download Spybot - Search & Destroy from here (http://spybot.eon.net.au/)

After installing, go to the Online tab, and search for and install all updates.

Next, go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.

NOTE: SSD will sometimes not be able to remove all active components in the first 'run'.
In that case you will get a dialog asking you to run SSD at next start.
Click yes and reboot.
Subsequently SSD will come up before the system puts these components 'in use', and it will then be able to 'fix' the rest.

Now open your browser and go to Tools > Internet Options and click on the General Tab. Click on Settings (next to Temporary Internet Files) and then click on View Objects. Rightclick on each and if there is anything there that you dont know what it is (microsoft, apple, macromedia etc are OK) or where it came from,delete it. If there are any damaged controls there, delete those also.

When you have finished, post a new startup list and let us know if you notice any improvement.

ok.. so i download spy bot and run it and iam finished?

Not yet. Now open your browser and go to Tools > Internet Options and click on the General Tab. Click on Settings (next to Temporary Internet Files) and then click on View Objects. Rightclick on each and if there is anything there that you dont know what it is (microsoft, apple, macromedia etc are OK) or where it came from,delete it. If there are any damaged controls there, delete those also.

When you have finished, post a new startup list and let us know if you notice any improvement.