Computer Nightmare!(RESOLVED)

  1. 22-09-2007  #1
    legolass
    legolass is offline Junior Member

    Computer Nightmare!(RESOLVED)

    hi there,

    recently my pc has started rebooting itself just after startup, i have also lost my sound and my USB ports are no longer Hi-Speed! i have tried reinstalling my realtek drivers but windows does not seem to be picking them up - i'm getting 'no audio device' in the sound devices bit of control panel i've been at it all day trying to sort it but nothing seems to work can you help?

    here is my hijak this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:27:37, on 22/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\btbb_wcm\McciTrayApp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Clarabel\Desktop\muBlinder\muBlinder.exe -startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpdj - HP - C:\DOCUME~1\Clarabel\LOCALS~1\Temp\hpdj.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 8535 bytes

  3. 22-09-2007  #2
    legolass
    legolass is offline Junior Member
    i finally got my audio working, it was disabled in the bios somehow :S

    i think my hi speed usbs were switched off in there too. i have no idea how that happened!
  4. 24-09-2007  #3
    Neal
    Neal is offline Dedicated Member
    We can try to look around a little bit if you want:



    1. Download this file - COMBOFIX
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it will produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    Post a new hijackthis log also please.
  5. 24-09-2007  #4
    legolass
    legolass is offline Junior Member
    thanks so much!

    here's the combofix log:
    ComboFix 07-09-21.2 - "Clarabel" 2007-09-24 22:05:54.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.640 [GMT 1:00]
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\DOCUME~1\Clairey\Desktop\internet.lnk

    .
    ((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 )))))))))))))))))))))))))))))))
    .

    2007-09-24 22:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-24 01:47 <DIR> d-------- C:\Program Files\Napster
    2007-09-24 01:32 16,640 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
    2007-09-23 19:21 <DIR> d-------- C:\WINDOWS\system32\Logs
    2007-09-22 23:25 577,536 --a------ C:\WINDOWS\soundman.exe
    2007-09-22 23:25 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
    2007-09-22 23:25 4,108,992 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
    2007-09-22 23:25 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
    2007-09-22 23:25 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
    2007-09-22 23:24 315,392 --a------ C:\WINDOWS\alcupd.exe
    2007-09-22 23:24 217,088 --a------ C:\WINDOWS\alcrmv.exe
    2007-09-22 22:48 <DIR> d-------- C:\Program Files\Silicon Integrated Systems
    2007-09-22 22:47 48,128 --a------ C:\WINDOWS\system32\drivers\SiSRaid.sys
    2007-09-22 22:47 135,168 --a------ C:\WINDOWS\system32\property.dll
    2007-09-22 22:47 <DIR> d-------- C:\Program Files\RAID411a
    2007-09-22 22:26 <DIR> d-------- C:\Program Files\HWiNFO32
    2007-09-22 17:27 <DIR> d-------- C:\Program Files\Trend Micro
    2007-09-22 17:12 <DIR> d-------- C:\Program Files\Realtek AC97
    2007-09-22 17:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet
    2007-09-22 16:06 <DIR> d-------- C:\Program Files\Realtek AC97(2)
    2007-09-22 13:21 <DIR> d-------- C:\Program Files\CCleaner
    2007-09-22 13:17 <DIR> d-------- C:\Program Files\MRU-Blaster
    2007-09-22 13:10 <DIR> d-------- C:\Program Files\RegSupreme
    2007-09-21 15:39 <DIR> d-------- C:\Program Files\BrainTrainAge
    2007-09-20 22:03 <DIR> d-------- C:\Program Files\Motive
    2007-09-20 22:03 <DIR> d-------- C:\Program Files\BT Broadband Desktop Help
    2007-09-20 18:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo! Companion
    2007-09-20 18:18 86,016 --a------ C:\WINDOWS\system32\YPcservice.exe
    2007-09-20 18:18 131,072 --a------ C:\WINDOWS\system32\ypclsp.dll
    2007-09-17 19:37 <DIR> d-------- C:\Program Files\Bonjour
    2007-09-17 19:17 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-09-11 22:39 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2007-09-11 22:39 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2007-09-11 22:39 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2007-09-11 22:39 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2007-09-11 22:39 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2007-09-11 22:39 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2007-09-11 22:39 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2007-09-11 22:39 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2007-09-11 22:39 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
    2007-09-08 14:25 <DIR> d-------- C:\DOCUME~1\Clarabel\Incomplete
    2007-09-08 14:25 <DIR> d-------- C:\DOCUME~1\Clarabel\APPLIC~1\LimeWire
    2007-09-08 14:19 <DIR> d-------- C:\DOCUME~1\Clarabel\APPLIC~1\RTPlayer
    2007-09-02 23:41 <DIR> d-------- C:\Program Files\Winamp
    2007-09-02 20:42 <DIR> d-------- C:\DOCUME~1\Clarabel\APPLIC~1\Uniblue
    2007-09-02 20:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
    2007-08-29 22:15 <DIR> d-------- C:\DOCUME~1\Clarabel\APPLIC~1\Motive
    2007-08-29 22:07 <DIR> d-------- C:\DOCUME~1\Clarabel\APPLIC~1\tunebite
    2007-08-26 15:51 <DIR> d-------- C:\DOCUME~1\Clarabel\APPLIC~1\Roxio
    2007-08-26 15:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Napster

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2007-09-24 22:09 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kontiki
    2007-09-24 01:35 --------- d-------- C:\Program Files\Tunebite
    2007-09-24 01:31 --------- d-------- C:\DOCUME~1\Clarabel\APPLIC~1\uTorrent
    2007-09-22 22:48 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-22 17:12 --------- d-------- C:\Program Files\Common Files\Motive
    2007-09-22 17:11 --------- d-------- C:\Program Files\Yahoo!
    2007-09-22 17:11 --------- d-------- C:\Program Files\BT Home Hub
    2007-09-21 16:37 --------- d-------- C:\Program Files\Canon
    2007-09-20 19:20 --------- d-------- C:\Program Files\BT Broadband Talk Softphone
    2007-09-02 21:49 --------- d-------- C:\DOCUME~1\Clarabel\APPLIC~1\Apple Computer
    2007-09-02 21:41 --------- d-------- C:\Program Files\iTunes
    2007-09-02 21:41 --------- d-------- C:\Program Files\iPod
    2007-09-02 21:28 --------- d-------- C:\Program Files\QuickTime
    2007-08-23 22:21 --------- d-------- C:\DOCUME~1\Clarabel\APPLIC~1\Talkback
    2007-08-22 18:14 --------- d-------- C:\DOCUME~1\Clarabel\APPLIC~1\VideoEgg
    2007-08-11 17:09 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
    2007-08-11 17:08 --------- d-------- C:\Program Files\Apple Software Update
    2007-08-11 17:07 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
    2007-08-11 16:13 --------- d-------- C:\Program Files\K-Lite Codec Pack
    2007-08-11 16:11 --------- d-------- C:\Program Files\DivX
    2007-08-11 15:49 737280 --a------ C:\WINDOWS\iun6002.exe
    2007-08-07 20:37 --------- d-------- C:\DOCUME~1\Clarabel\APPLIC~1\Jasc Software Inc
    2007-08-07 20:37 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield
    2007-08-07 19:51 --------- d-------- C:\DOCUME~1\Clarabel\APPLIC~1\DivX
    2007-08-07 18:16 --------- d-------- C:\Program Files\HP
    2007-08-04 16:02 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\nView_Profiles
    2007-08-04 15:51 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\NVIDIA
    2007-08-04 00:50 --------- d-------- C:\Program Files\Kontiki
    2007-08-04 00:49 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Channel4
    2007-08-03 17:54 --------- d-------- C:\Program Files\MSN Messenger
    2007-07-31 20:30 --------- d-------- C:\DOCUME~1\Clarabel\APPLIC~1\Yahoo!
    2007-07-31 20:25 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\yahoo!
    2007-07-31 20:24 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Motive
    2007-07-31 20:10 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
    2007-07-30 19:54 --------- d-------- C:\Program Files\Google
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-30 18:45 --------- d-------- C:\Program Files\Maxis
    2007-07-27 00:06 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-07-27 00:06 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-07-27 00:06 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-07-27 00:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
    2007-07-27 00:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2007-07-27 00:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2007-07-27 00:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
    2007-07-27 00:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
    2007-07-26 01:12 --------- d-------- C:\Program Files\Audible
    2007-07-25 23:11 --------- d-------- C:\DOCUME~1\Clairey\APPLIC~1\Ahead
    2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2005-09-26 14:04 809 --a--c--- C:\Program Files\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-12-07 07:59]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 19:25]
    "muBlinder"="C:\Documents and Settings\Clarabel\Desktop\muBlinder\muBlinder.exe" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2003-11-11 00:04]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 13:34]
    "SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2007-01-18 11:59]
    "NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 19:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "eyeBeam SIP Client"="" []
    "kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

    C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Programs\Startup \
    BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-09-20 22:03:37]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
    backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
    "C:\Program Files\Kontiki\KHost.exe" -all

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys
    R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRai d.sys
    R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\C:\Program Files\HWiNFO32\HWiNFO32.SYS
    R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-22 19:49:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    "2007-09-02 19:49:21 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    "2007-09-24 21:10:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4125DC8-0726-4B3B-81CC-D6F9F5F80341}.job"
    - C:\WINDOWS\system32\msfeedssync.exe
    .
    ************************************************** ************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-24 22:10:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    ************************************************** ************************
    .
    Completion time: 2007-09-24 22:12:18
    C:\ComboFix-quarantined-files.txt ... 2007-09-24 22:11
    .
    --- E O F ---
  6. 24-09-2007  #5
    legolass
    legolass is offline Junior Member
    and here's the hijak this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:17:18, on 24/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\btbb_wcm\McciTrayApp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
    C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Clarabel\Desktop\muBlinder\muBlinder.exe -startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
    O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Clarabel\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 8461 bytes


    many thanks for your time!

    Claire
  7. 24-09-2007  #6
    Neal
    Neal is offline Dedicated Member
    Your welcome,




    Go here to learn how to show hidden files/folders:

    http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

    Re-hide after we are done



    Go to next site:
    http://www.virustotal.com/en/indexf.html
    On top you'll find 'Browse'
    Click the browse button and browse to next file:


    C:\WINDOWS\system32\ChCfg.exe


    Click open.
    Then click the 'Send' button next to it.
    This will scan the file. Please be patient.
    Once scanned, copy and paste the results as well in your next reply.


    If that one is to busy here is another option:


    http://virusscan.jotti.org

    And

    http://www.kaspersky.com/scanforvirus.html




    Run hijackthis and click on scan system only button and put checks next to these:


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    Make sure nothing is open but hijackthis and click on "fix checked".


    Reboot your PC


    Post the scan results from that file and a new hijackthis log.


    Tell me what your PC is doing now.
  8. 03-10-2007  #7
    legolass
    legolass is offline Junior Member
    Thanks again - here is the latest hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:40:00, on 03/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\btbb_wcm\McciTrayApp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
    C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BT Broadband Desktop Help\bin\BTHelpBrowser.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Clarabel\Desktop\muBlinder\muBlinder.exe -startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
    O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Clarabel\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 7379 bytes

    and here are the scan results:


    File ChCfg.exe received on 10.03.2007 20:14:55 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


    Result: 0/31 (0%)
    Loading server information...
    Your file is queued in position: 8.
    Estimated start time is between 70 and 100 seconds.
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email:


    Antivirus Version Last Update Result
    AhnLab-V3 2007.10.3.0 2007.10.02 -
    AntiVir 7.6.0.18 2007.10.03 -
    Authentium 4.93.8 2007.10.03 -
    Avast 4.7.1051.0 2007.10.03 -
    AVG 7.5.0.488 2007.10.03 -
    BitDefender 7.2 2007.10.03 -
    CAT-QuickHeal 9.00 2007.10.03 -
    ClamAV 0.91.2 2007.10.03 -
    DrWeb 4.44.0.09170 2007.10.03 -
    eSafe 7.0.15.0 2007.10.02 -
    eTrust-Vet 31.2.5182 2007.10.03 -
    Ewido 4.0 2007.10.03 -
    FileAdvisor 1 2007.10.03 -
    Fortinet 3.11.0.0 2007.10.03 -
    F-Prot 4.3.2.48 2007.10.03 -
    F-Secure 6.70.13030.0 2007.10.03 -
    Ikarus T3.1.1.12 2007.10.03 -
    Kaspersky 7.0.0.125 2007.10.03 -
    McAfee 5133 2007.10.03 -
    Microsoft 1.2908 2007.10.03 -
    NOD32v2 2569 2007.10.03 -
    Norman 5.80.02 2007.10.03 -
    Panda 9.0.0.4 2007.10.03 -
    Rising 19.43.20.00 2007.10.03 -
    Sophos 4.22.0 2007.10.03 -
    Sunbelt 2.2.907.0 2007.10.03 -
    Symantec 10 2007.10.03 -
    TheHacker 6.2.6.076 2007.10.03 -
    VBA32 3.12.2.4 2007.10.03 -
    VirusBuster 4.3.26:9 2007.10.03 -
    Webwasher-Gateway 6.0.1 2007.10.03 -

    Additional information
    File size: 49152 bytes
    MD5: 43c3571eada5bc1edead7ca22ad66f30
    SHA1: 9a9391351c27fcc7eeb4b67f911a0b92abc6e188

    My computer seems to be going great now! no more reboots

    thanks again

    Claire
  9. 03-10-2007  #8
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Excellent,



    Congratulations, your log shows that your SYSTEM IS CLEAN

    There are a few things you must do once you are completely clean:
    1. Re-hide your System Files and Folders to prevent any future accidents.

      Reconfigure Windows XP to hide hidden files:
      • Click Start. Open My Computer.
      • Select the Tools menu and click Folder Options. Select the View Tab.
      • Under the Hidden files and folders heading deselect "Show hidden files and folders".
      • Check the "Hide protected operating system files (recommended)" option.
      • Click Yes to confirm. Click OK.
    2. Please download ATF Cleaner by Atribune.
      This program is for XP and Windows 2000 only
      • Double-click ATF-Cleaner.exe to run the program.
        Under Main choose: Select All
        Click the Empty Selected button.
      If you use Firefox browser
      • Click Firefox at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      If you use Opera browser
      • Click Opera at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      Click Exit on the Main menu to close the program.
      For Technical Support, double-click the e-mail address located at the bottom of each menu.
    3. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

      TO DISABLE SYSTEM RESTORE
      1. Right-click "My Computer", and then left click "Properties".
      2. Left click on "System Restore Tab"
      3. Check box beside "Turn Off System Restore"
      4. Left click on "Apply"
      Reboot your System

      TO ENABLE SYSTEM RESTORE
      1. Remove check mark from "Turn Off System Restore"
      2. Click on "Apply"
    Here are some tips to reduce the potential for spyware infection in the future:

    Make sure you keep your Windows OS current by visiting Windows update
    regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

    I strongly recommend installing the following applications:
    • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
    • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
    • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
    To protect yourself further:
    • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    And also see TonyKlein's good advice
    So how did I get infected in the first place? (My Favorite)
+ Reply to Thread
« My hijack this log...help needed please! | Need help »