andey86

Members
 View Profile  See their activity

  • Content Count

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by andey86

  1. Desperately Need Assistance.[INACTIVE]

    in Malware Removal

    Posted

    Hi, im a new member. i cant do it on my own anymore, its been a weeks now and my computer starting to shut down on its own saying 'initiated by NT.Authority\system.'

    basically, one day my avira anti virus alerted me of multiple attack of virus. which i denied access and moved to quaranteen(few days ago). i then perform a full scan of ewido, spybot, superantispyware and avira just to make sure.

    but then my computer started having issues when internet explorer loads up, hang/freezes everytime and when i click my mouse i hear a beep sound and computer freezes which i have to restart( atleast 3 times). i tried to perform a system restore but it doesnt respond. my wireless also started disconnecting on its own and my avira anti-virus is now always off. i have done a couple of full scans since then but nothing is improving.

    soory i cant remember the dectection names.

    DDS (Ver_09-01-07.01) - NTFSx86

    Run by Andrew at 17:33:45.67 on 07/01/2009

    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2661 [GMT 0:00]

    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

    FW: ActiveArmor Firewall *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\Comodo\CBOClean\BOCORE.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\ewido anti-spyware 4.0\guard.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    C:\WINDOWS\system32\lxctcoms.exe

    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\XpertVision\TBPanel.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\WINDOWS\system32\atwtusb.exe

    C:\WINDOWS\system32\LVCOMSX.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\System32\svchost.exe -k HTTPFilter

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Andrew\Desktop\pc report\dds.com

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com

    uStart Page = hxxp://www.google.com

    uDefault_Page_URL = hxxp://www.google.com

    mDefault_Page_URL = hxxp://www.google.com

    mDefault_Search_URL = hxxp://www.google.com/ie

    mStart Page = hxxp://www.google.com

    uInternet Settings,ProxyOverride = *.local;localhost

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    mSearchAssistant = hxxp://www.google.com/ie

    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

    BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll

    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll

    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

    TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll

    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

    TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File

    TB: {F4D76F09-7896-458A-890F-E1F05C46069F} - No File

    TB: {B557EEDC-CA1A-4CAD-96C9-E19A3B73C948} - No File

    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

    uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

    uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

    uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

    mRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mRun: [nwiz] nwiz.exe /install

    mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe

    mRun: [RTHDCPL] RTHDCPL.EXE

    mRun: [skyTel] SkyTel.EXE

    mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe

    mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot

    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

    mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

    mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

    mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min

    mRun: [bOC-427] c:\progra~1\comodo\cboclean\BOC427.exe

    mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

    mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

    mRun: [atwtusb] atwtusb.exe beta

    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

    LSP: %SYSTEMROOT%\system32\nvappfilter.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\ewido anti-spyware 4.0\shellexecutehook.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\r2chjvn6.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

    FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll

    FF - HiddenExtension: XUL Cache: {8EB4B701-4924-4E35-B6DA-6D3F0FC47003} - c:\windows\system32\config\systemprofile\local settings\application data\{8eb4b701-4924-4e35-b6da-6d3f0fc47003}\

    ---- FIREFOX POLICIES ----

    FF - user.js: yahoo.homepage.dontask - true

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-8-3 11840]

    R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver;c:\program files\ewido anti-spyware 4.0\guard.sys [2006-6-16 3968]

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-3-1 8944]

    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-3-1 51440]

    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-17 4096]

    R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [2008-8-6 48928]

    R4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-8-3 68865]

    R4 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2008-8-3 73464]

    R4 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard;c:\program files\ewido anti-spyware 4.0\guard.exe [2006-6-16 172032]

    R4 ithsgt;ithsgt;c:\windows\system32\drivers\ithsgt.sys [2008-8-6 162432]

    R4 lilsgt;lilsgt;c:\windows\system32\drivers\lilsgt.sys [2008-8-6 12032]

    S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [2008-12-26 22272]

    S3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-8-3 151297]

    S3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-8-3 52032]

    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-1-7 33792]

    S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xpadfl02.sys --> c:\windows\system32\drivers\xpadfl02.sys [?]

    =============== Created Last 30 ================

    2009-01-07 17:29 <DIR> --d-h--- c:\windows\PIF

    2009-01-07 16:28 73,216 a------- c:\windows\system32\ffkuz.dll

    2009-01-07 11:50 46,592 a------- c:\windows\system32\libusb0.dll

    2009-01-07 11:50 33,792 a------- c:\windows\system32\drivers\libusb0.sys

    2009-01-07 10:11 <DIR> --d----- c:\temp\REX81

    2009-01-07 10:11 <DIR> --d----- c:\windows\system32\ap

    2009-01-07 10:11 <DIR> --d----- C:\Temp

    2009-01-03 16:58 <DIR> --d----- C:\SXS

    2009-01-03 16:57 <DIR> --d----- c:\program files\common files\Logitech

    2009-01-03 16:57 264 a------- c:\windows\_delis32.ini

    2009-01-03 16:33 59,264 ac------ c:\windows\system32\dllcache\usbaudio.sys

    2009-01-03 16:33 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys

    2008-12-31 23:32 <DIR> --d----- c:\program files\Power Article Rewriter

    2008-12-22 23:35 <DIR> --d----- c:\program files\Audacity

    2008-12-21 15:08 <DIR> --d----- c:\program files\Garena

    2008-12-17 21:28 <DIR> --d----- c:\program files\DivX

    2008-12-16 01:27 70,656 a------- c:\windows\ScUnin.exe

    2008-12-16 01:27 34,807 a------- c:\windows\scunin.dat

    2008-12-16 01:27 967 a------- c:\windows\ScUnin.pif

    2008-12-16 01:26 <DIR> --d----- c:\program files\Starcraft

    2008-12-15 14:30 268 a---h--- C:\sqmdata04.sqm

    2008-12-15 14:30 244 a---h--- C:\sqmnoopt04.sqm

    2008-12-12 17:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreeRIP

    2008-12-12 17:31 <DIR> --d----- c:\program files\FreeRIP3

    2008-12-11 14:49 <DIR> --d----- c:\program files\EA Games

    2008-12-09 22:49 <DIR> --d----- c:\docume~1\andrew\applic~1\Red Alert 3

    2008-12-09 22:46 <DIR> --d----- c:\windows\Logs

    2008-12-09 22:46 <DIR> --d-h--- c:\windows\msdownld.tmp

    2008-12-08 23:41 197,120 a------- c:\windows\patchw32.dll

    2008-12-08 23:41 <DIR> --d----- c:\program files\common files\PocketSoft

    2008-12-08 23:36 <DIR> --d----- c:\docume~1\andrew\applic~1\Atari

    ==================== Find3M ====================

    2008-12-19 21:11 43,520 a------- c:\windows\system32\CmdLineExt03.dll

    2008-12-17 22:44 107,888 a------- c:\windows\system32\CmdLineExt.dll

    2008-12-14 14:39 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys

    2008-12-14 14:39 183,112 a------- c:\windows\system32\PnkBstrB.exe

    2008-12-11 16:18 66,872 a------- c:\windows\system32\PnkBstrA.exe

    2008-11-21 21:47 524,288 a------- c:\windows\system32\DivXsm.exe

    2008-11-21 21:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll

    2008-11-21 21:47 129,784 -------- c:\windows\system32\pxafs.dll

    2008-11-21 21:47 120,056 -------- c:\windows\system32\pxcpyi64.exe

    2008-11-21 21:47 118,520 -------- c:\windows\system32\pxinsi64.exe

    2008-11-21 21:46 1,044,480 a------- c:\windows\system32\libdivx.dll

    2008-11-21 21:46 200,704 a------- c:\windows\system32\ssldivx.dll

    2008-11-21 21:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe

    2008-11-21 21:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll

    2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll

    2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll

    2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll

    2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll

    2008-10-24 17:35 82,774 a------- c:\windows\Uninstall Jade Empire.exe

    2008-10-24 17:05 270,336 a------- c:\windows\system32\TubeFinder.exe

    2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll

    2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll

    2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

    2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

    2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll

    2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll

    2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll

    2008-10-07 15:45 22,328 a------- c:\docume~1\andrew\applic~1\PnkBstrK.sys

    ============= FINISH: 17:34:06.46 ===============

    Attach.txt