Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Outerinfo (YAY!) [CLOSED]


  • This topic is locked This topic is locked

#1
ryanhutchings

ryanhutchings

    New Member

  • Member
  • Pip
  • 1 posts
Hi, I'm following the guide located here: http://www.geekstogo...IN-t134763.html

I have just ran Combo Fix and here is the Log report:

ComboFix 08-02-11.2 - Michaela 2008-02-11 14:50:41.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1439 [GMT 0:00]Running from: C:\Documents and Settings\Michaela\Desktop\ComboFix.exe * Created a new restore point.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\ddayv.dllC:\WINDOWS\system32\ljjjggh.dllC:\Documents and Settings\Michaela\Start Menu\Programs\OuterinfoC:\Documents and Settings\Michaela\Start Menu\Programs\Outerinfo\Terms.lnkC:\Documents and Settings\Michaela\Start Menu\Programs\Outerinfo\Uninstall.lnkC:\Program Files\outerinfoC:\Temp\1cbC:\Temp\1cb\syscheck.logC:\Temp\isgTi19C:\Temp\isgTi19\lPig.logC:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M0611NetInstaller.exeC:\WINDOWS\fnts~1C:\WINDOWS\fnts~1\F?nts\C:\WINDOWS\system32\ddayv.dllC:\WINDOWS\system32\dobe~1C:\WINDOWS\system32\dobe~1\w?auclt.exeC:\WINDOWS\system32\ljjjggh.dllC:\WINDOWS\system32\m5C:\WINDOWS\system32\nGpxx01C:\WINDOWS\system32\pac.txtC:\WINDOWS\system32\u1C:\WINDOWS\system32\u1\hiba3133.exeC:\WINDOWS\system32\vyadd.iniC:\WINDOWS\system32\vyadd.ini2C:\WINDOWS\system32\x8C:\WINDOWS\system32\z2.(((((((((((((((((((((((((   Files Created from 2008-01-11 to 2008-02-11  ))))))))))))))))))))))))))))))).2008-02-11 14:43 . 2004-08-04 01:07	260,272	-r-hs----	C:\cmldr2008-02-11 14:00 . 2008-02-11 14:00	0	--a------	C:\WINDOWS\nsreg.dat2008-02-11 13:36 . 2008-02-11 13:36	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Rabio2008-02-11 13:34 . 2008-02-11 13:34	284,268	--a------	C:\Temp\sxgwL9101.exe2008-02-11 13:33 . 2008-02-11 14:50	<DIR>	d--------	C:\Temp2008-02-11 13:32 . 2008-02-11 13:32	<DIR>	d--------	C:\Program Files\Avira2008-02-11 13:32 . 2008-02-11 13:32	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Avira2008-02-11 13:20 . 2008-02-11 13:20	<DIR>	d--------	C:\WINDOWS\nview2008-02-11 13:20 . 2007-12-05 01:41	356,352	--a------	C:\WINDOWS\system32\nvudisp.exe2008-02-11 13:20 . 2008-02-11 13:22	163,353	--a------	C:\WINDOWS\system32\nvapps.xml2008-02-11 13:20 . 2007-12-05 01:41	17,737	--a------	C:\WINDOWS\system32\nvdisp.nvu2008-02-11 13:19 . 2008-02-11 13:19	<DIR>	d--------	C:\NVIDIA2008-02-11 13:16 . 2008-02-11 13:16	<DIR>	d--------	C:\Program Files\Common Files\Canon2008-02-11 13:15 . 2008-02-11 13:15	<DIR>	d--------	C:\Program Files\ScanSoft2008-02-11 13:15 . 2008-02-11 13:15	<DIR>	d--------	C:\Program Files\Common Files\ScanSoft Shared2008-02-11 13:15 . 2008-02-11 13:15	<DIR>	d--------	C:\Documents and Settings\Michaela\Application Data\ScanSoft2008-02-11 13:15 . 2008-02-11 13:15	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SSScanWizard2008-02-11 13:15 . 2008-02-11 13:15	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir2008-02-11 13:15 . 2008-02-11 13:15	532	--a------	C:\WINDOWS\MAXLINK.INI2008-02-11 13:12 . 2008-02-11 13:15	<DIR>	d--------	C:\Program Files\Canon2008-02-11 13:12 . 2008-02-11 13:12	4,481,358	--a------	C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-10021102}.CDF2008-02-11 13:12 . 2008-02-11 13:12	4,481,358	---------	C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-10021102}.BAK2008-02-11 13:11 . 1999-10-11 01:00	41,984	---------	C:\WINDOWS\Ctregrun.exe2008-02-11 13:11 . 2008-02-11 14:52	31,212	--a------	C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx2008-02-11 13:11 . 2008-02-11 14:52	31,212	--a------	C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx2008-02-11 13:10 . 2008-02-11 13:12	<DIR>	d--------	C:\Documents and Settings\Michaela\Application Data\Creative2008-02-11 13:07 . 2002-09-23 13:53	292,304	--a------	C:\WINDOWS\system32\drivers\ctdvda2k.sys2008-02-11 13:07 . 2002-09-05 16:32	277,200	--a------	C:\WINDOWS\system32\Ctaa1.dat2008-02-11 13:07 . 2002-09-11 15:06	77,824	--a------	C:\WINDOWS\system32\ctdvda32.dll2008-02-11 13:07 . 2001-05-28 13:47	32,768	--a------	C:\WINDOWS\system32\AudioHQU.cpl2008-02-11 13:07 . 2001-05-28 13:47	12,288	--a------	C:\WINDOWS\system32\AHQCpURes.dll2008-02-11 13:06 . 2002-02-20 03:00	331,776	--a------	C:\WINDOWS\system32\CTMEDENG.DLL2008-02-11 13:06 . 2001-09-18 03:00	139,264	--a------	C:\WINDOWS\system32\Video.skn2008-02-11 13:06 . 2001-03-30 02:00	62,976	--a------	C:\WINDOWS\system32\CTDetres.dll2008-02-11 13:06 . 1999-12-13 01:01	44,032	--a------	C:\WINDOWS\system32\CTSVCCDA.EXE2008-02-11 13:06 . 1999-11-18 01:00	25,088	--a------	C:\WINDOWS\system32\CTSVCCTL.EXE2008-02-11 13:06 . 2000-04-20 01:00	24,576	--a------	C:\WINDOWS\system32\CTMERes.DLL2008-02-11 13:06 . 1998-09-17 01:52	17,350	--a------	C:\WINDOWS\system32\CTDetect.hlp2008-02-11 13:06 . 1998-09-17 01:52	641	--a------	C:\WINDOWS\system32\CTDetect.cnt2008-02-11 13:06 . 2008-02-11 13:09	136	--a------	C:\WINDOWS\SBWIN.INI2008-02-11 13:05 . 2008-02-11 13:11	<DIR>	d--------	C:\Program Files\Creative2008-02-11 13:05 . 2002-06-14 13:49	10,194	--a------	C:\WINDOWS\system32\pfmodnt.sys2008-02-11 13:00 . 2008-02-11 13:00	<DIR>	d--------	C:\Program Files\NETGEAR2008-02-11 13:00 . 2008-02-11 13:14	<DIR>	d--h-----	C:\Program Files\InstallShield Installation Information.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-11 13:00	15,890	----a-w	C:\WINDOWS\system32\drivers\mdc8021x.sys2008-02-11 13:00	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-02-11 12:55	---------	d-----w	C:\Program Files\Gigabyte2008-02-11 12:47	---------	d-----w	C:\Program Files\microsoft frontpage2003-06-20 03:05	49,776	----a-w	C:\WINDOWS\inf\usbhub20.sys2003-06-20 03:05	24,752	----a-w	C:\WINDOWS\inf\hidclass.sys2003-06-20 03:05	20,688	----a-w	C:\WINDOWS\inf\usbd.sys2003-06-20 03:05	19,728	----a-w	C:\WINDOWS\inf\usbehci.sys2003-06-20 03:05	138,288	----a-w	C:\WINDOWS\inf\usbport.sys.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D44EAB2-0652-7CD8-0216-2B00CDBEDA9C}]			C:\WINDOWS\system32\wdzb.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5DEB86D-8695-4A83-A382-63F67DBAF69D}]			C:\Program Files\Messenger\keryd89104.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-09-04 08:59 135168]"Sbio"="C:\WINDOWS\FNTS~1\winword.exe" [ ]"Gbzmj"="C:\WINDOWS\system32\?dobe\w?auclt.exe" [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 03:15 83968]"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 11:04 53248]"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-08-13 01:00 40960]"CTHelper"="CTHELPER.EXE" [2002-09-03 02:55 24576 C:\WINDOWS\system32\CTHELPER.EXE]"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 01:04 49152]"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 10:29 729088]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-11 13:35 249896][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2008-02-11 13:00:23 483412]R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-02-11 13:35]R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-11 13:35]R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [2004-10-15 10:41]R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-08-05 07:51]R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-14 18:24]*Newly Created Service* - HTTPFILTER.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-02-11 14:53:28Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run  CTStartup = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /[email protected]?x?????B~D??????sx??s?[[email protected]@@????|[email protected]@?????>??w????p;2?H??????|???|???????|L(?sp;2??????/?s????????D???????????????????,[email protected]@@?D???`|[email protected] scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\wbem\unsecapp.exe.**************************************************************************.Completion time: 2008-02-11 14:54:27 - machine was rebootedComboFix-quarantined-files.txt  2008-02-11 14:54:02.2008-02-11 14:36:38	--- E O F ---

And here is the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:04:49, on 11/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exeC:\WINDOWS\system32\nvraidservice.exeC:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]O2 - BHO: (no name) - {6D44EAB2-0652-7CD8-0216-2B00CDBEDA9C} - C:\WINDOWS\system32\wdzb.dll (file missing)O2 - BHO: (no name) - {A5DEB86D-8695-4A83-A382-63F67DBAF69D} - C:\Program Files\Messenger\keryd89104.dll (file missing)O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exeO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exeO4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /runO4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /minO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exeO4 - HKCU\..\Run: [Sbio] "C:\WINDOWS\FNTS~1\winword.exe" -vt yazbO4 - HKCU\..\Run: [Gbzmj] C:\WINDOWS\system32\?dobe\w?auclt.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.amaena.comO15 - Trusted Zone: *.avsystemcare.comO15 - Trusted Zone: *.gomyhit.comO15 - Trusted Zone: *.imageservr.comO15 - Trusted Zone: *.imagesrvr.comO15 - Trusted Zone: *.onerateld.comO15 - Trusted Zone: *.safetydownload.comO15 - Trusted Zone: *.storageguardsoft.comO15 - Trusted Zone: *.trustedantivirus.comO15 - Trusted Zone: *.virusschlacht.comO15 - Trusted Zone: *.amaena.com (HKLM)O15 - Trusted Zone: *.avsystemcare.com (HKLM)O15 - Trusted Zone: *.gomyhit.com (HKLM)O15 - Trusted Zone: *.imageservr.com (HKLM)O15 - Trusted Zone: *.imagesrvr.com (HKLM)O15 - Trusted Zone: *.onerateld.com (HKLM)O15 - Trusted Zone: *.safetydownload.com (HKLM)O15 - Trusted Zone: *.storageguardsoft.com (HKLM)O15 - Trusted Zone: *.trustedantivirus.com (HKLM)O15 - Trusted Zone: *.virusschlacht.com (HKLM)O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exeO23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeO23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeO23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 6138 bytes

Just about to do the next stage and install and run the Spyware software.

Okay, done that, and the popups and stuff have gone from Outerinfo.

However I'm going to post a new HiJackThis below because I'm still getting virus warnings talking about TR/Vundo.Gen amongst other things:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:23:53, on 12/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeC:\WINDOWS\system32\nvraidservice.exeC:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exeC:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeC:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exeC:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\GUARDGUI.EXEC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {6D44EAB2-0652-7CD8-0216-2B00CDBEDA9C} - C:\WINDOWS\system32\wdzb.dll (file missing)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {A5DEB86D-8695-4A83-A382-63F67DBAF69D} - C:\Program Files\Messenger\keryd89104.dll (file missing)O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exeO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exeO4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /runO4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /minO4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exeO4 - HKCU\..\Run: [Sbio] "C:\WINDOWS\FNTS~1\winword.exe" -vt yazbO4 - HKCU\..\Run: [Gbzmj] C:\WINDOWS\system32\?dobe\w?auclt.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologonO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.avsystemcare.comO15 - Trusted Zone: *.gomyhit.comO15 - Trusted Zone: *.imageservr.comO15 - Trusted Zone: *.onerateld.comO15 - Trusted Zone: *.safetydownload.comO15 - Trusted Zone: *.storageguardsoft.comO15 - Trusted Zone: *.trustedantivirus.comO15 - Trusted Zone: *.virusschlacht.comO15 - Trusted Zone: *.avsystemcare.com (HKLM)O15 - Trusted Zone: *.gomyhit.com (HKLM)O15 - Trusted Zone: *.imageservr.com (HKLM)O15 - Trusted Zone: *.onerateld.com (HKLM)O15 - Trusted Zone: *.safetydownload.com (HKLM)O15 - Trusted Zone: *.storageguardsoft.com (HKLM)O15 - Trusted Zone: *.trustedantivirus.com (HKLM)O15 - Trusted Zone: *.virusschlacht.com (HKLM)O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exeO23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeO23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeO23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 8293 bytes

Thanks, any help would be appreciated.

Ryan

Ryan

Edited by ryanhutchings, 12 February 2008 - 09:24 AM.

  • 0

Advertisements


#2
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi ryanhutchings

welcome to geekstogo :)

sorry to keep you waiting. lets do a deeper scan of your machine for me to analyse. (and could you just copy and paste the reports in your reply, no need to put them in code boxes)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

you may need to post the logs over 2 replies to ensure all the information is posted.

andrewuk
  • 0

#3
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP