Scans Taking Very Long Time

[kbrown07]

I am having the same problem as a lot of people a few months ago. I have just now gotten around to doing something about it. Scans are stopping at certain points. I read the forums about this problem, most people had a malware problem. Since this problem started for me, I purchased Panda Titanium Antivirus and Malware Protection, that was roughly a month ago that I bought this. Still having the same problems. Panda is not taking care of the problem. As of right now, Panda shows no viruses. Here is my Hijack This report. Please help!!

Logfile of HijackThis v1.99.1
Scan saved at 9:03:53 AM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1526
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html#1526
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1526
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html#1526
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html#1526
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ajc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html#1526
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html#1526
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html#1526
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html#1526
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html#1526
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSProxy Support Dll - {830DE650-EBE7-434F-99AA-8DCBCDACBD7B} - C:\WINDOWS\System32\msprxcore.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/game...x.1.0.0.55.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/995...TunesSetup.exe
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121488269203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139069022062
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/game...utLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://206.65.172.231/check/netset//...l/gtdowngc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25788763-235C-4C3B-9DB6-DB758ED503C0}: NameServer = 85.255.115.59,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{87D0CD45-7C4E-4084-9399-9347412D3863}: NameServer = 85.255.115.59,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{B76D0291-9170-4A70-8DA2-83C9B1555096}: NameServer = 85.255.115.59,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{B781CC7F-0518-41E3-A172-2FD3E70ACCBF}: NameServer = 85.255.115.59,85.255.112.77
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\DOCUME~1\ALLUSE~1\APPLIC~1\SNAPST~1\PERSON~1\Plugins\x10nets.exe (file missing

[kbrown07]

I am also having some other problems I should have mentioned in my first thread. I have been getting an error message stating that "Internet Explorer has encountered a problem and needs to close" I get this message if I am in Internet Explorer or if I am not in Internet Explorer. When I click OK, nothing happens, the error box disappears, but Internet Explorer does not close. The box pops up about once an hour. If I leave my computer on all night, the next morning I will have a dozen of these boxes I will have to click OK for. It is a very bizzare problem. I am thinking that malware may have something to do with it. Thanks again!!

[LonnyRJones]

Welcome to the forums

Post a report from this tool if any FILES show
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them.....legitimate files can be listed.

[kbrown07]

Backlight will not install on my computer. I get this message " F-Secure Blacklight was unable to acquire necessary privileges (SeDebugPrivilege)" All I can do it click ok and that is it. Program does not install. What do I do??

[LonnyRJones]

To fix the SeDebugPrivilege error >

Please download NTrights.zip by freeatlast.
http://www10.brinkster.com/expl0iter...t/NTrights.zip
If you can't access it, download NTrights.zip via here: http://www10.brinkster.com/expl0iter...dumprights.htm
Save it on your desktop.
Unzip/extract it.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcom...planation.html
Open the NTrights-folder
Double click on the Debug.bat file to run it, follow any prompts it asks.
REBOOT
Doubleclick the Debug.bat again after reboot.
It will create a log.
If the log says:
"Granting SeDebugPrivilege to Administrators ... successful", you must be ok and things restored well.
then try blacklight again

[kbrown07]

NTrights did the job. The log was over 2 MB, I did a save as and changed it to just a .txt doc. Got it down to 1.27 MB, still too big to post. Any ideas?

[LonnyRJones]

can you zip it up and attach ? or send via email
send the original not a doc if possible
Send it to submitlonny AT subratam.org
Replace AT and spaces with @

[kbrown07]

E-Mail sent!! Thanks for your help so far!! :D

[LonnyRJones]

I see two seperate infections

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.
Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

[kbrown07]

Uploaded Log Files...Attachment 527

Attachment 528