1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slowwwww Downloading

Discussion in 'Virus & Other Malware Removal' started by philip1519, Jan 2, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
    Happy New Year! And thanks for all the help I've gotten here in the past. I seem to have a problem in that my computer has slowed greatly in the past few days. Downloading of web sites takes forever. Would anyone care to take a look please? Thanks Phil.Logfile of HijackThis v1.99.1
    Scan saved at 12:04:59 PM, on 1/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MOTIVESB.EXE
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MIM.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PCCTLCOM.EXE
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\TMPFW.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\TMPROXY.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: Personal Coach.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{00104774-4549-44C4-A7FD-E24F2A2FE7FD}: NameServer = 85.255.114.75,85.255.112.148
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2ECEF7BA-7A6D-463C-A7A6-DD9AC940C230}: NameServer = 85.255.114.75,85.255.112.148
    O17 - HKLM\System\CCS\Services\Tcpip\..\{67179D9E-7DAB-49FD-87D4-F2BB9CBB25F0}: NameServer = 85.255.114.75,85.255.112.148
    O17 - HKLM\System\CS1\Services\Tcpip\..\{00104774-4549-44C4-A7FD-E24F2A2FE7FD}: NameServer = 85.255.114.75,85.255.112.148
    O17 - HKLM\System\CS2\Services\Tcpip\..\{00104774-4549-44C4-A7FD-E24F2A2FE7FD}: NameServer = 85.255.114.75,85.255.112.148
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
     
  2. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
    I have edited this bump because I turned on the computer this morning (Tue. 7 am) and had this message at completion of startup. I don't know what it means or whether it is relevant so I include it here. Thanks, Phil.
     

    Attached Files:

  3. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
    Oops, edits don't bump.
     
  4. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
  5. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
    OK guys I'm starting to get some hurt feelings here.
     
  6. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
    Also, new windows only open on the left half of the screen. I can only see half of the new screen; it's not a full screen in a small window.
     
  7. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
    Hah, hah. Phil checks breath; smells okay.
     
  8. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
    Nine pages back!
    that's a record.
     
  9. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
  10. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
  11. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, C:\Windows\System32\kernels64.exe
    Description: Added by the Troj/Vixup-V Trojan.

    Post a new just made Hijackthis log.

    You could I suppose do some scanning, one of these online scans should find something, and it may not be limited to that one above. The backdoor type download friends until your hard drive resembles a malware convention. Let's hope it is limited.

    http://www.pandasoftware.com/produc...5D4-4DA2-B310-B1DBEC2971F2}&NRCACHEHINT=Guest

    Panda- Please save the report file, it will be called activescan.txt, to your desktop for reference.

    Panda does not clean adwares, but it gives us a good reference tool to see the files found.


    http://www.kaspersky.com/virusscanner-


    http://housecall.trendmicro.com/
    Housecall- make sure you check the AUTOCLEAN box. Scan all drives.

    If you are given any options, when any scan finishes, delete what is Not cleanable.

    Save any reports or results you can, and post them into your next reply, if one reply wont hold it all, use a couple etc.
     
  12. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
    Sorry, I didn't know that I had a reply. I hope it's not too late. Housecall didn't find any infections after the second scan(which took hours, by the way). Here's Panda, Kaspersky and hjt.Logfile of HijackThis v1.99.1
    Scan saved at 10:06:49 PM, on 3/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MOTIVESB.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PCCTLCOM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\TMPFW.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: Personal Coach.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{00104774-4549-44C4-A7FD-E24F2A2FE7FD}: NameServer = 85.255.114.75,85.255.112.148
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2ECEF7BA-7A6D-463C-A7A6-DD9AC940C230}: NameServer = 85.255.114.75,85.255.112.148
    O17 - HKLM\System\CCS\Services\Tcpip\..\{67179D9E-7DAB-49FD-87D4-F2BB9CBB25F0}: NameServer = 85.255.114.75,85.255.112.148
    O17 - HKLM\System\CS1\Services\Tcpip\..\{00104774-4549-44C4-A7FD-E24F2A2FE7FD}: NameServer = 85.255.114.75,85.255.112.148
    O17 - HKLM\System\CS2\Services\Tcpip\..\{00104774-4549-44C4-A7FD-E24F2A2FE7FD}: NameServer = 85.255.114.75,85.255.112.148
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
     

    Attached Files:

  13. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
    Kaspersky was saved as html so I had to go back and copy and paste it. Thanks for your help in advance.
    KASPERSKY ON-LINE SCANNER REPORT
    Monday, March 06, 2006 8:45:00 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.78.0
    Kaspersky Anti-Virus database last update: 7/03/2006
    Kaspersky Anti-Virus database records: 169621


    Scan Settings
    Scan using the following antivirus database standard
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan Statistics
    Total number of scanned objects 80188
    Number of viruses found 14
    Number of infected objects 28
    Number of suspicious objects 0
    Duration of the scan process 01:03:27

    Infected Object Name Virus Name Last Action
    C:\!KillBox\nojkndfv.exe Infected: Trojan-Downloader.Win32.WinShow.r skipped

    C:\!KillBox\ybca.exe Infected: Trojan-Downloader.Win32.WinShow.r skipped

    C:\boot.inx Infected: Trojan-Downloader.Win32.Small.cbe skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0002/data0001.cab/DnldStub.exe Infected: Trojan-Downloader.Win32.Small.kl skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0002/data0001.cab Infected: Trojan-Downloader.Win32.Small.kl skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0002 Infected: Trojan-Downloader.Win32.Small.kl skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0004/data0005 Infected: Trojan-Downloader.Win32.Agent.ac skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0004/data0006 Infected: Trojan-Downloader.Win32.Turown.h skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0004/data0008 Infected: Trojan-Downloader.Win32.Turown.g skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0004/data0012 Infected: Trojan-Downloader.Win32.VB.cw skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0004 Infected: Trojan-Downloader.Win32.VB.cw skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0016 Infected: Trojan-Downloader.Win32.Apropo.e skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0017 Infected: Trojan-Downloader.Win32.Agent.ab skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe/data0018 Infected: Backdoor.Win32.Ruledor.c skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\all_files10.exe NSIS: infected - 12 skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\app5A.tmp/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\app5A.tmp/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\app5A.tmp/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\app5A.tmp/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\app5A.tmp/data0008 Infected: Trojan-Downloader.Win32.Keenval.n skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\app5A.tmp/data0009 Infected: Trojan-Downloader.Win32.Keenval skipped

    C:\Documents and Settings\Owner\Local Settings\Temp2\app5A.tmp NSIS: infected - 6 skipped

    C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP881\A0054354.exe Infected: Trojan-Downloader.Win32.Small.cbe skipped

    C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP884\A0054483.exe Infected: Trojan-Downloader.Win32.Small.cbe skipped

    C:\WINDOWS\system32\dflnl.exe Infected: Trojan.Win32.DNSChanger.as skipped

    C:\WINDOWS\system32\hgqhp.exe Infected: Trojan.Win32.DNSChanger.as skipped

    C:\WINDOWS\system32\yaemu.exe Infected: Trojan.Win32.DNSChanger.as skipped

    Scan process completed.
     
  14. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Get this and follow the steps exactly, read all before you start anything, get all the downloads...print this out, or copy it to a Notepad text file and save it on the desktop.

    Next, we want to delete the contents of your "Temp2" folder...I don't know why you have one named that, and it could have been created by some malware...

    You will need settings this way to see all files, hidden/system files so do this too>



    * Click here to download ATF Cleaner by Atribune and save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
      • If you use Firefox:
        • Click Firefox at the top and choose: Select All
        • Click the Empty Selected button.
        • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      • If you use Opera:
        • Click Opera at the top and choose: Select All
        • Click the Empty Selected button.

          [*]NOTE:
          If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.

    I am hoping ATFCleaner will get the Temp2 emptied, but you need to check it and make sure it has been.
    Do you recall creating that Temp2 folder? Check the Properties of it, by right clicking the folder, and select Properties....see when it was created.

    If it is set to "Read Only" change the attributes for it..... UNcheck ReadOnly.


    NEXT:


    Let's see if this scanner can find anything for you:

    * Go here and do the BitDefender online virus scan.
    • Click "I Agree" to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click "Click here to scan" to begin the scan.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on "Click here to export the scan results"
    • Save the report to your desktop then come back here and attach it to your next reply.



    Also> you did not have the Kaspersky scan set just right: Here is how to do it:

    Run Kaspersky online virus scan here.

    When given the option, choose the "Extended database" for the scan.

    When the scan is finished, Save the results from the scan!

    Run Hijackthis again, but this time, don't hit the Scan button....hit the "Open the Misc Tools" one....
    next hit the "Open Uninstall Manager" tab, and you will see a "Save List" button to save that list of installed software, copy and paste the contents of the saved list into your next reply, please.


    Post the logs from Kaspersky, and a new HJT log, AND the list of software. You can Attach the log from Kaspersky if you wish, if it is too big to fit in a single reply....
     
  15. philip1519

    philip1519 Thread Starter

    Joined:
    Sep 26, 2003
    Messages:
    421
    I am unable to find the temp2 folder. I am a little inexperienced, can you tell me what is the path to it? Also I should add that one must click on "scan options" to get the extended database scan at Kaspersky. I am running that scan now. Thanks Phil
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430402

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice