Jump to content

Computer freezing upon startup


Recommended Posts

Hi, I've recently obtained what I believe(almost to certainty) to be a host of malicious malware programs. It started about a week ago, with firefox not loading properly and getting error messages saying GoogleInstaller can not run properly and must be shut down, etc. Also, I noticed things were loading much slower. I ran a bunch of virus scanners (McAfee, Ad-aware) and they each found separate viruses and quarantined them. A couple days later, a process called iexplorer.exe would randomly load and play ads. At this point I am pretty concerned, but I make no extra efforts to rid my computer of this mal-ware. I tried installing and using spybot search and destroy since I had heard good things about it, but alas it would not open upon installation. So a couple days later, when my computer started up it would just freeze after about 30 seconds. My cursor would be able to move, but everything was unresponsive. At that point I knew things were FUBAR, so I ran my computer in safe-mode and tried to search for a solution. I once again ran my virus-scanners, they found more malicious files, but the problem still occured. I tried following a bunch of processes of cleaning my computer, but either the programs would not install or would not run once installed. I then figured out to just add a bunch of numbers at the end of the program names, and to my surprise they all loaded. So, I ran HijackThis and ComboFix, and now I present to you, the logs. Thanks in advance for the help.

ComboFix Logs

ComboFix 09-03-15.01 - Anonymous 2009-03-16 16:23:47.1 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3037 [GMT -7:00]

Running from: c:\documents and settings\Anonymous\Desktop\ComboFix132456.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

AV: McAfee VirusScan *On-access scanning disabled* (Updated)

FW: McAfee Personal Firewall *enabled*

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\UACaaoluqjt.sys

c:\windows\system32\UACelpuhqvp.dll

c:\windows\system32\UACgrwwxqln.dll

c:\windows\system32\UAChdkujkix.log

c:\windows\system32\uacinit.dll

c:\windows\system32\UACjlcbxwrj.dll

c:\windows\system32\UACkhgsblue.dll

c:\windows\system32\UACqjsejgdt.log

c:\windows\system32\UACtaldpsyc.log

c:\windows\system32\UACvypeolil.dll

c:\windows\system32\UACxgvqpwvp.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))

.

2009-03-16 16:09 . 2009-03-16 16:09 <DIR> d-------- c:\documents and settings\Anonymous\Application Data\Malwarebytes

2009-03-16 15:20 . 2009-03-16 15:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCPitstop

2009-03-16 15:19 . 2009-03-16 15:19 <DIR> d-------- c:\program files\PCPitstop

2009-03-16 15:12 . 2009-03-16 15:12 <DIR> d-------- c:\program files\LSOFT

2009-03-15 22:26 . 2009-03-15 22:26 <DIR> d-------- c:\program files\Avira

2009-03-15 22:26 . 2009-03-15 22:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-03-15 22:16 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-15 22:16 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-15 22:15 . 2009-03-16 16:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-15 22:15 . 2009-03-15 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-15 22:03 . 2009-03-15 22:03 <DIR> d-------- c:\program files\CCleaner

2009-03-11 22:54 . 2009-03-11 22:54 <DIR> d-------- c:\documents and settings\Anonymous\Application Data\McAfee

2009-03-11 22:42 . 2009-03-15 21:51 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-03-11 22:42 . 2009-03-15 22:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-09 23:30 . 2009-03-09 23:33 189,072 --a------ c:\windows\system32\PnkBstrB.xtr

2009-03-09 20:59 . 2009-02-18 14:44 212,711 --a------ c:\windows\system32\nvapps.nvb

2009-03-09 15:12 . 2009-03-09 15:12 <DIR> d-------- c:\program files\Spyware Doctor

2009-03-09 15:12 . 2009-03-09 15:12 <DIR> d-------- c:\program files\Common Files\PC Tools

2009-03-09 15:12 . 2009-03-09 15:12 <DIR> d-------- c:\documents and settings\Anonymous\Application Data\PC Tools

2009-03-09 15:12 . 2009-03-09 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools

2009-03-09 15:12 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys

2009-03-09 15:12 . 2009-02-23 10:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys

2009-03-09 15:12 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys

2009-03-09 15:12 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys

2009-02-26 11:46 . 2009-02-26 11:46 42,320 --a------ c:\windows\system32\xfcodec.dll

2009-02-22 22:03 . 2009-02-22 22:34 <DIR> d-------- C:\DoW2

2009-02-21 22:31 . 2009-02-21 22:32 <DIR> d-------- c:\program files\THQ

2009-02-21 22:17 . 2009-03-15 22:08 <DIR> d-------- C:\Q3Ademo

2009-02-21 20:38 . 2009-02-21 20:39 <DIR> d-------- c:\program files\VirtualDJ

2009-02-18 14:44 . 2009-02-18 14:44 401,408 --a------ c:\windows\system32\nvcuvid.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-16 23:16 --------- d-----w c:\documents and settings\Anonymous\Application Data\Xfire

2009-03-16 05:08 --------- d-----w c:\program files\Red Kawa

2009-03-16 03:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-03-14 00:10 --------- d-----w c:\program files\Xfire

2009-03-13 07:39 --------- d-----w c:\program files\Steam

2009-03-12 22:44 --------- d-----w c:\documents and settings\Anonymous\Application Data\uTorrent

2009-03-12 22:04 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-03-12 05:54 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2009-03-12 05:38 --------- d-----w c:\program files\World of Warcraft

2009-03-10 06:33 189,072 ----a-w c:\windows\system32\PnkBstrB.exe

2009-03-10 06:29 75,064 ----a-w c:\windows\system32\PnkBstrA.exe

2009-03-10 06:29 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-03-10 03:59 --------- d-----w c:\program files\AGEIA Technologies

2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys

2009-02-08 22:17 --------- d-----w c:\program files\Apophysis 2.0

2009-02-07 11:07 7,698 ----a-w c:\windows\system32\ealregsnapshot1.reg

2009-02-07 10:56 --------- d-----w c:\program files\Electronic Arts

2009-02-04 02:09 --------- d-----w c:\program files\Aero Studio

2009-01-22 04:45 356 ----a-w C:\drmHeader.bin

2009-01-19 09:35 --------- d-----w c:\program files\EA GAMES

2009-01-17 01:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll

2008-12-26 08:08 453,152 ----a-w c:\windows\system32\nvudisp.exe

2008-12-24 05:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll

2008-11-13 15:37 22,328 ----a-w c:\documents and settings\Anonymous\Application Data\PnkBstrK.sys

2007-12-14 06:30 769,536 ----a-w c:\documents and settings\Anonymous\Application Data\sfdnwin.dll

2008-07-17 09:21 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2008-12-09 01:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008120820081209\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]

"Google Update"="c:\documents and settings\Anonymous\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-13 363008]

"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-17 29744]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]

"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableProfileQuota"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\crysis wars\\Bin32\\Crysis.exe"=

"c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=

"c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=

"c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\crysis warhead\\Bin32\\Crysis.exe"=

"c:\\WINDOWS\\system32\\ElectricSheep.scr"=

"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-09 130424]

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-03-02 12032]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-08 79360]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-17 29744]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-09-28 21920]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-09 348752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dfaa45d-a934-11dc-adad-806d6172696f}]

\Shell\AutoRun\command - D:\Setup.exe

.

Contents of the 'Scheduled Tasks' folder

2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1708537768-725345543-1003.job

- c:\documents and settings\Anonymous\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:08]

2009-01-16 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-02 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

FF - ProfilePath - c:\documents and settings\Anonymous\Application Data\Mozilla\Firefox\Profiles\pk7787ti.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wowhead

FF - prefs.js: browser.startup.homepage - hxxp://www.worldofwarcraft.com/index.xml

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\documents and settings\Anonymous\Application Data\Mozilla\Firefox\Profiles\pk7787ti.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll

FF - plugin: c:\documents and settings\Anonymous\Application Data\Mozilla\plugins\npoctoshape.dll

FF - plugin: c:\documents and settings\Anonymous\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npDyyno.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Octoshape Streaming Services\Anonymous\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-16 16:27:48

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-1708537768-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:d2,7d,1b,24,e3,71,c4,f5,99,19,54,46,48,c2,3a,84,8c,30,a8,99,a3,

7d,de,a8,81,ba,78,a4,03,fb,3b,92,33,46,42,f7,8f,cc,e5,99,7b,57,58,51,5f,9e,\

"rkeysecu"=hex:f5,bd,52,b9,3d,f6,ae,c9,df,da,e2,d4,0d,a7,bf,b5

.

Completion time: 2009-03-16 16:35:12

ComboFix-quarantined-files.txt 2009-03-16 23:35:10

Pre-Run: 164,193,902,592 bytes free

Post-Run: 164,234,186,752 bytes free

235 --- E O F --- 2009-03-11 05:47:27

HijackThis LogsLogfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:40, on 2009-03-16

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Razer\Lachesis\razerhid.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Razer\Lachesis\OSD.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Documents and Settings\Anonymous\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Razer\Lachesis\razertra.exe

C:\Program Files\Razer\Lachesis\razerofa.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Xfire\xfire.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe

O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF28880.exe" /c "C:\ComboFix132456\C.bat"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Anonymous\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--

End of file - 9807 bytes

Link to post
Share on other sites

  • Staff

Hi,

I can't see anything suspicious anymore..

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Extra note, I notice from your log that there's more than 1 Antivirus installed. McAfee and Avira

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one. Also, since you have the McAfee Security Suite installed, you already have a firewall + on top I see that you also have the Nvidia Firewall (NetworkAccessManager) installed.

Then reboot after uninstalling.

Link to post
Share on other sites

  • Staff

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.