1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Emergent Help Needed!!! Computer Slowly Dying HJT Log included

Discussion in 'Virus & Other Malware Removal' started by DimengionX, May 16, 2008.

Thread Status:
Not open for further replies.
  1. DimengionX

    DimengionX It's My Birthday! Thread Starter

    Joined:
    May 12, 2008
    Messages:
    71
    I understand you guys are very busy helping others, but my problems are becomming more significant every second that passes by. I am in desperate need of help with these problems please I beg you. Here is a list of occuring problems that, I am affraid, if left alone too much longer my computer will be trashed.

    Update.... Here is a better idea of what I am infected with....

    Trojan program Exploit.HTML.Mht (modification) File: C:\Documents and Settings\Brian\Desktop\hijackthis.log

    Trojan program Trojan-Downloader.Win32.Delf.hsd File: C:\Documents and Settings\Brian\Local Settings\Tempklwew.exe

    Trojan program Trojan-Downloader.Win32.Delf.hsd File: C:\System Volume Information\_restore{FECE42B6-A545-4BE9-A43D-52B845E28FC4}\RP218\A0025692.exe


    1) Trojan.Win32.Agent that is unremovable that is picked up by SDFIX that I got off this site, but continiously returns.

    2) My internet connection is now having an issue of being able to connect with a web browser that comes up stating. " Your connection has reset please wait a few moments and try again." My 2nd desktop hasn't had a problem connecting to the internet at all so I know its not my service provider.

    3) About every 15 minutes I get random voice audios that are advertising news and music.

    4) I just located 7 files under processes that are labeled scvhost.exe that are now using 100% of my computers performance.

    5) The only way I was able to connect to the internet now was because when I restarted my computer an ad that is being caused by these trojans/viruses connected to the internet and I used that browser to get to here.

    6) I am locked out of my tools option for internet explorer as well as Firefox. My internet connection is being blocked out of both IE and FF.

    7) My antivirus/anti-spyware program during its latest scan picked up 3877 trojans. There were 2 different types. the one stated in problem 1 and a trojan-clicker.win32. When my antivirus tried to delete them or quarenteen them they would automatically/almost instantly re-install themselves back onto my computer for the antvirus to pick them up again.

    You guys are my last resort and my computer is used to run my home business. If I lose it I am doomed. HJT Log Below

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:38:17 AM, on 5/16/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Audio Deck\EnMixCPL.exe
    C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
    C:\Program Files\Lexmark 7100 Series\ezprint.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINNT\System32\RUNDLL32.EXE
    C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\System32\ctfmon.exe
    C:\WINNT\System32\afinding.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\System32\perfs.exe
    C:\WINNT\System32\PnkBstrA.exe
    C:\WINNT\System32\PnkBstrB.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\lxbxcoms.exe
    C:\WINNT\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\System32\wuauclt.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\WINNT\System32\taskmgr.exe
    C:\program files\internet explorer\iexplore.exe
    C:\Documents and Settings\Brian\Desktop\HiJackThis.exe

    O2 - BHO: (no name) - {019AB3FB-7CD1-45A2-8519-3084804276B4} - (no file)
    O2 - BHO: (no name) - {04282A92-7A19-4362-ABB5-25620755A2C1} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0DC62696-F3A7-4B74-AE74-A402BF76BF56} - (no file)
    O2 - BHO: (no name) - {2251CE3E-251D-48B6-A0D8-9A2FAAD96321} - (no file)
    O2 - BHO: (no name) - {281AC628-8E4D-4483-9AE6-7B78C3D7DAC3} - (no file)
    O2 - BHO: (no name) - {285a042e-5f58-4a84-bf1d-4c8b42a1d92f} - (no file)
    O2 - BHO: (no name) - {473ADBDB-896A-4189-87D3-89E00A29D901} - (no file)
    O2 - BHO: (no name) - {4946127B-FE93-4D4D-9F01-F5E0D03DFB62} - (no file)
    O2 - BHO: (no name) - {4A2E2004-C55C-4EBB-988D-F3E86E5A315B} - (no file)
    O2 - BHO: (no name) - {51CB62FC-04E1-485A-AD87-092720A2C22A} - C:\WINNT\System32\ssqpm.dll (file missing)
    O2 - BHO: (no name) - {95FEBE2F-97CE-496B-AE11-F95F8A213816} - (no file)
    O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINNT\System32\byxvwvs.dll (file missing)
    O2 - BHO: (no name) - {A898097C-FA5E-4870-92DC-63B75D357AE2} - C:\WINNT\System32\aclu.dll
    O2 - BHO: (no name) - {b5b963e2-3e1a-4a19-a1a2-1a8ec5aee71e} - (no file)
    O2 - BHO: (no name) - {D28C8126-C019-4E47-A560-20294BF4B330} - C:\WINNT\System32\aclu.dll
    O2 - BHO: (no name) - {DE80AA27-29A2-438D-A0F4-C6EFD6B449C5} - C:\WINNT\System32\aclu.dll
    O2 - BHO: (no name) - {F27DE1AB-0282-44AE-A518-054CB6014D08} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
    O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [A00FC54E21.exe] C:\DOCUME~1\Brian\LOCALS~1\Temp\_A00FC54E21.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O15 - Trusted Zone: *.safetydownload.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
    O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O20 - Winlogon Notify: - ws_3s32.dll (file missing)
    O20 - Winlogon Notify: - ws_3s32.dll (file missing)
    O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINNT\System32\afinding.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINNT\System32\lxbxcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINNT\System32\perfs.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\System32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINNT\System32\PnkBstrB.exe

    --
    End of file - 8661 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/712651

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice