Desperately Need Assistance.[INACTIVE]

[andey86]

Hi, im a new member. i cant do it on my own anymore, its been a weeks now and my computer starting to shut down on its own saying 'initiated by NT.Authority\system.'

basically, one day my avira anti virus alerted me of multiple attack of virus. which i denied access and moved to quaranteen(few days ago). i then perform a full scan of ewido, spybot, superantispyware and avira just to make sure.

but then my computer started having issues when internet explorer loads up, hang/freezes everytime and when i click my mouse i hear a beep sound and computer freezes which i have to restart( atleast 3 times). i tried to perform a system restore but it doesnt respond. my wireless also started disconnecting on its own and my avira anti-virus is now always off. i have done a couple of full scans since then but nothing is improving.

soory i cant remember the dectection names.

DDS (Ver_09-01-07.01) - NTFSx86

Run by Andrew at 17:33:45.67 on 07/01/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2661 [GMT 0:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\XpertVision\TBPanel.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\atwtusb.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Andrew\Desktop\pc report\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local;localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File

TB: {F4D76F09-7896-458A-890F-E1F05C46069F} - No File

TB: {B557EEDC-CA1A-4CAD-96C9-E19A3B73C948} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe

mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min

mRun: [bOC-427] c:\progra~1\comodo\cboclean\BOC427.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [atwtusb] atwtusb.exe beta

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\ewido anti-spyware 4.0\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\r2chjvn6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll

FF - HiddenExtension: XUL Cache: {8EB4B701-4924-4E35-B6DA-6D3F0FC47003} - c:\windows\system32\config\systemprofile\local settings\application data\{8eb4b701-4924-4e35-b6da-6d3f0fc47003}\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-8-3 11840]

R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver;c:\program files\ewido anti-spyware 4.0\guard.sys [2006-6-16 3968]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-3-1 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-3-1 51440]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-17 4096]

R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [2008-8-6 48928]

R4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-8-3 68865]

R4 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2008-8-3 73464]

R4 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard;c:\program files\ewido anti-spyware 4.0\guard.exe [2006-6-16 172032]

R4 ithsgt;ithsgt;c:\windows\system32\drivers\ithsgt.sys [2008-8-6 162432]

R4 lilsgt;lilsgt;c:\windows\system32\drivers\lilsgt.sys [2008-8-6 12032]

S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [2008-12-26 22272]

S3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-8-3 151297]

S3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-8-3 52032]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-1-7 33792]

S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xpadfl02.sys --> c:\windows\system32\drivers\xpadfl02.sys [?]

=============== Created Last 30 ================

2009-01-07 17:29 <DIR> --d-h--- c:\windows\PIF

2009-01-07 16:28 73,216 a------- c:\windows\system32\ffkuz.dll

2009-01-07 11:50 46,592 a------- c:\windows\system32\libusb0.dll

2009-01-07 11:50 33,792 a------- c:\windows\system32\drivers\libusb0.sys

2009-01-07 10:11 <DIR> --d----- c:\temp\REX81

2009-01-07 10:11 <DIR> --d----- c:\windows\system32\ap

2009-01-07 10:11 <DIR> --d----- C:\Temp

2009-01-03 16:58 <DIR> --d----- C:\SXS

2009-01-03 16:57 <DIR> --d----- c:\program files\common files\Logitech

2009-01-03 16:57 264 a------- c:\windows\_delis32.ini

2009-01-03 16:33 59,264 ac------ c:\windows\system32\dllcache\usbaudio.sys

2009-01-03 16:33 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys

2008-12-31 23:32 <DIR> --d----- c:\program files\Power Article Rewriter

2008-12-22 23:35 <DIR> --d----- c:\program files\Audacity

2008-12-21 15:08 <DIR> --d----- c:\program files\Garena

2008-12-17 21:28 <DIR> --d----- c:\program files\DivX

2008-12-16 01:27 70,656 a------- c:\windows\ScUnin.exe

2008-12-16 01:27 34,807 a------- c:\windows\scunin.dat

2008-12-16 01:27 967 a------- c:\windows\ScUnin.pif

2008-12-16 01:26 <DIR> --d----- c:\program files\Starcraft

2008-12-15 14:30 268 a---h--- C:\sqmdata04.sqm

2008-12-15 14:30 244 a---h--- C:\sqmnoopt04.sqm

2008-12-12 17:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreeRIP

2008-12-12 17:31 <DIR> --d----- c:\program files\FreeRIP3

2008-12-11 14:49 <DIR> --d----- c:\program files\EA Games

2008-12-09 22:49 <DIR> --d----- c:\docume~1\andrew\applic~1\Red Alert 3

2008-12-09 22:46 <DIR> --d----- c:\windows\Logs

2008-12-09 22:46 <DIR> --d-h--- c:\windows\msdownld.tmp

2008-12-08 23:41 197,120 a------- c:\windows\patchw32.dll

2008-12-08 23:41 <DIR> --d----- c:\program files\common files\PocketSoft

2008-12-08 23:36 <DIR> --d----- c:\docume~1\andrew\applic~1\Atari

==================== Find3M ====================

2008-12-19 21:11 43,520 a------- c:\windows\system32\CmdLineExt03.dll

2008-12-17 22:44 107,888 a------- c:\windows\system32\CmdLineExt.dll

2008-12-14 14:39 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys

2008-12-14 14:39 183,112 a------- c:\windows\system32\PnkBstrB.exe

2008-12-11 16:18 66,872 a------- c:\windows\system32\PnkBstrA.exe

2008-11-21 21:47 524,288 a------- c:\windows\system32\DivXsm.exe

2008-11-21 21:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll

2008-11-21 21:47 129,784 -------- c:\windows\system32\pxafs.dll

2008-11-21 21:47 120,056 -------- c:\windows\system32\pxcpyi64.exe

2008-11-21 21:47 118,520 -------- c:\windows\system32\pxinsi64.exe

2008-11-21 21:46 1,044,480 a------- c:\windows\system32\libdivx.dll

2008-11-21 21:46 200,704 a------- c:\windows\system32\ssldivx.dll

2008-11-21 21:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll

2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll

2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll

2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll

2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll

2008-10-24 17:35 82,774 a------- c:\windows\Uninstall Jade Empire.exe

2008-10-24 17:05 270,336 a------- c:\windows\system32\TubeFinder.exe

2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll

2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll

2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll

2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll

2008-10-07 15:45 22,328 a------- c:\docume~1\andrew\applic~1\PnkBstrK.sys

============= FINISH: 17:34:06.46 ===============

Attach.txt

[sarahw]

Can you please follow the instructions HERE and post a Hijack This log.

[sarahw]

Inactive topic...

If you still need help on this problem, contact me or one of the Moderators to re-open this up.

Topic closed.