This topic is locked
I have just ran Combo Fix and here is the Log report:
ComboFix 08-02-11.2 - Michaela 2008-02-11 14:50:41.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1439 [GMT 0:00]Running from: C:\Documents and Settings\Michaela\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\ddayv.dllC:\WINDOWS\system32\ljjjggh.dllC:\Documents and Settings\Michaela\Start Menu\Programs\OuterinfoC:\Documents and Settings\Michaela\Start Menu\Programs\Outerinfo\Terms.lnkC:\Documents and Settings\Michaela\Start Menu\Programs\Outerinfo\Uninstall.lnkC:\Program Files\outerinfoC:\Temp\1cbC:\Temp\1cb\syscheck.logC:\Temp\isgTi19C:\Temp\isgTi19\lPig.logC:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M0611NetInstaller.exeC:\WINDOWS\fnts~1C:\WINDOWS\fnts~1\F?nts\C:\WINDOWS\system32\ddayv.dllC:\WINDOWS\system32\dobe~1C:\WINDOWS\system32\dobe~1\w?auclt.exeC:\WINDOWS\system32\ljjjggh.dllC:\WINDOWS\system32\m5C:\WINDOWS\system32\nGpxx01C:\WINDOWS\system32\pac.txtC:\WINDOWS\system32\u1C:\WINDOWS\system32\u1\hiba3133.exeC:\WINDOWS\system32\vyadd.iniC:\WINDOWS\system32\vyadd.ini2C:\WINDOWS\system32\x8C:\WINDOWS\system32\z2.((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))).2008-02-11 14:43 . 2004-08-04 01:07 260,272 -r-hs---- C:\cmldr2008-02-11 14:00 . 2008-02-11 14:00 0 --a------ C:\WINDOWS\nsreg.dat2008-02-11 13:36 . 2008-02-11 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio2008-02-11 13:34 . 2008-02-11 13:34 284,268 --a------ C:\Temp\sxgwL9101.exe2008-02-11 13:33 . 2008-02-11 14:50 <DIR> d-------- C:\Temp2008-02-11 13:32 . 2008-02-11 13:32 <DIR> d-------- C:\Program Files\Avira2008-02-11 13:32 . 2008-02-11 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira2008-02-11 13:20 . 2008-02-11 13:20 <DIR> d-------- C:\WINDOWS\nview2008-02-11 13:20 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe2008-02-11 13:20 . 2008-02-11 13:22 163,353 --a------ C:\WINDOWS\system32\nvapps.xml2008-02-11 13:20 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu2008-02-11 13:19 . 2008-02-11 13:19 <DIR> d-------- C:\NVIDIA2008-02-11 13:16 . 2008-02-11 13:16 <DIR> d-------- C:\Program Files\Common Files\Canon2008-02-11 13:15 . 2008-02-11 13:15 <DIR> d-------- C:\Program Files\ScanSoft2008-02-11 13:15 . 2008-02-11 13:15 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared2008-02-11 13:15 . 2008-02-11 13:15 <DIR> d-------- C:\Documents and Settings\Michaela\Application Data\ScanSoft2008-02-11 13:15 . 2008-02-11 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard2008-02-11 13:15 . 2008-02-11 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir2008-02-11 13:15 . 2008-02-11 13:15 532 --a------ C:\WINDOWS\MAXLINK.INI2008-02-11 13:12 . 2008-02-11 13:15 <DIR> d-------- C:\Program Files\Canon2008-02-11 13:12 . 2008-02-11 13:12 4,481,358 --a------ C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-10021102}.CDF2008-02-11 13:12 . 2008-02-11 13:12 4,481,358 --------- C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-10021102}.BAK2008-02-11 13:11 . 1999-10-11 01:00 41,984 --------- C:\WINDOWS\Ctregrun.exe2008-02-11 13:11 . 2008-02-11 14:52 31,212 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx2008-02-11 13:11 . 2008-02-11 14:52 31,212 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-10021102}.rfx2008-02-11 13:10 . 2008-02-11 13:12 <DIR> d-------- C:\Documents and Settings\Michaela\Application Data\Creative2008-02-11 13:07 . 2002-09-23 13:53 292,304 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys2008-02-11 13:07 . 2002-09-05 16:32 277,200 --a------ C:\WINDOWS\system32\Ctaa1.dat2008-02-11 13:07 . 2002-09-11 15:06 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll2008-02-11 13:07 . 2001-05-28 13:47 32,768 --a------ C:\WINDOWS\system32\AudioHQU.cpl2008-02-11 13:07 . 2001-05-28 13:47 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll2008-02-11 13:06 . 2002-02-20 03:00 331,776 --a------ C:\WINDOWS\system32\CTMEDENG.DLL2008-02-11 13:06 . 2001-09-18 03:00 139,264 --a------ C:\WINDOWS\system32\Video.skn2008-02-11 13:06 . 2001-03-30 02:00 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll2008-02-11 13:06 . 1999-12-13 01:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE2008-02-11 13:06 . 1999-11-18 01:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE2008-02-11 13:06 . 2000-04-20 01:00 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL2008-02-11 13:06 . 1998-09-17 01:52 17,350 --a------ C:\WINDOWS\system32\CTDetect.hlp2008-02-11 13:06 . 1998-09-17 01:52 641 --a------ C:\WINDOWS\system32\CTDetect.cnt2008-02-11 13:06 . 2008-02-11 13:09 136 --a------ C:\WINDOWS\SBWIN.INI2008-02-11 13:05 . 2008-02-11 13:11 <DIR> d-------- C:\Program Files\Creative2008-02-11 13:05 . 2002-06-14 13:49 10,194 --a------ C:\WINDOWS\system32\pfmodnt.sys2008-02-11 13:00 . 2008-02-11 13:00 <DIR> d-------- C:\Program Files\NETGEAR2008-02-11 13:00 . 2008-02-11 13:14 <DIR> d--h----- C:\Program Files\InstallShield Installation Information.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-11 13:00 15,890 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys2008-02-11 13:00 --------- d-----w C:\Program Files\Common Files\InstallShield2008-02-11 12:55 --------- d-----w C:\Program Files\Gigabyte2008-02-11 12:47 --------- d-----w C:\Program Files\microsoft frontpage2003-06-20 03:05 49,776 ----a-w C:\WINDOWS\inf\usbhub20.sys2003-06-20 03:05 24,752 ----a-w C:\WINDOWS\inf\hidclass.sys2003-06-20 03:05 20,688 ----a-w C:\WINDOWS\inf\usbd.sys2003-06-20 03:05 19,728 ----a-w C:\WINDOWS\inf\usbehci.sys2003-06-20 03:05 138,288 ----a-w C:\WINDOWS\inf\usbport.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D44EAB2-0652-7CD8-0216-2B00CDBEDA9C}] C:\WINDOWS\system32\wdzb.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5DEB86D-8695-4A83-A382-63F67DBAF69D}] C:\Program Files\Messenger\keryd89104.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-09-04 08:59 135168]"Sbio"="C:\WINDOWS\FNTS~1\winword.exe" [ ]"Gbzmj"="C:\WINDOWS\system32\?dobe\w?auclt.exe" [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 03:15 83968]"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 11:04 53248]"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-08-13 01:00 40960]"CTHelper"="CTHELPER.EXE" [2002-09-03 02:55 24576 C:\WINDOWS\system32\CTHELPER.EXE]"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 01:04 49152]"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 10:29 729088]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-11 13:35 249896][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2008-02-11 13:00:23 483412]R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-02-11 13:35]R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-11 13:35]R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [2004-10-15 10:41]R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-08-05 07:51]R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-14 18:24]*Newly Created Service* - HTTPFILTER.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-02-11 14:53:28Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run?W?D~??A~????????????????????h?@?x?????B~D??????sx??s?[??????y??w????@@@????|D@@?????>??w????p;2?H??????|???|???????|L(?sp;2??????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@ scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\wbem\unsecapp.exe.**************************************************************************.Completion time: 2008-02-11 14:54:27 - machine was rebootedComboFix-quarantined-files.txt 2008-02-11 14:54:02.2008-02-11 14:36:38 --- E O F ---And here is the HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:04:49, on 11/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exeC:\WINDOWS\system32\nvraidservice.exeC:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]O2 - BHO: (no name) - {6D44EAB2-0652-7CD8-0216-2B00CDBEDA9C} - C:\WINDOWS\system32\wdzb.dll (file missing)O2 - BHO: (no name) - {A5DEB86D-8695-4A83-A382-63F67DBAF69D} - C:\Program Files\Messenger\keryd89104.dll (file missing)O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exeO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exeO4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /runO4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /minO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exeO4 - HKCU\..\Run: [Sbio] "C:\WINDOWS\FNTS~1\winword.exe" -vt yazbO4 - HKCU\..\Run: [Gbzmj] C:\WINDOWS\system32\?dobe\w?auclt.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.amaena.comO15 - Trusted Zone: *.avsystemcare.comO15 - Trusted Zone: *.gomyhit.comO15 - Trusted Zone: *.imageservr.comO15 - Trusted Zone: *.imagesrvr.comO15 - Trusted Zone: *.onerateld.comO15 - Trusted Zone: *.safetydownload.comO15 - Trusted Zone: *.storageguardsoft.comO15 - Trusted Zone: *.trustedantivirus.comO15 - Trusted Zone: *.virusschlacht.comO15 - Trusted Zone: *.amaena.com (HKLM)O15 - Trusted Zone: *.avsystemcare.com (HKLM)O15 - Trusted Zone: *.gomyhit.com (HKLM)O15 - Trusted Zone: *.imageservr.com (HKLM)O15 - Trusted Zone: *.imagesrvr.com (HKLM)O15 - Trusted Zone: *.onerateld.com (HKLM)O15 - Trusted Zone: *.safetydownload.com (HKLM)O15 - Trusted Zone: *.storageguardsoft.com (HKLM)O15 - Trusted Zone: *.trustedantivirus.com (HKLM)O15 - Trusted Zone: *.virusschlacht.com (HKLM)O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exeO23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeO23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeO23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 6138 bytesJust about to do the next stage and install and run the Spyware software.
Okay, done that, and the popups and stuff have gone from Outerinfo.
However I'm going to post a new HiJackThis below because I'm still getting virus warnings talking about TR/Vundo.Gen amongst other things:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:23:53, on 12/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeC:\WINDOWS\system32\nvraidservice.exeC:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exeC:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeC:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exeC:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\GUARDGUI.EXEC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {6D44EAB2-0652-7CD8-0216-2B00CDBEDA9C} - C:\WINDOWS\system32\wdzb.dll (file missing)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {A5DEB86D-8695-4A83-A382-63F67DBAF69D} - C:\Program Files\Messenger\keryd89104.dll (file missing)O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exeO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exeO4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /runO4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /minO4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exeO4 - HKCU\..\Run: [Sbio] "C:\WINDOWS\FNTS~1\winword.exe" -vt yazbO4 - HKCU\..\Run: [Gbzmj] C:\WINDOWS\system32\?dobe\w?auclt.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologonO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.avsystemcare.comO15 - Trusted Zone: *.gomyhit.comO15 - Trusted Zone: *.imageservr.comO15 - Trusted Zone: *.onerateld.comO15 - Trusted Zone: *.safetydownload.comO15 - Trusted Zone: *.storageguardsoft.comO15 - Trusted Zone: *.trustedantivirus.comO15 - Trusted Zone: *.virusschlacht.comO15 - Trusted Zone: *.avsystemcare.com (HKLM)O15 - Trusted Zone: *.gomyhit.com (HKLM)O15 - Trusted Zone: *.imageservr.com (HKLM)O15 - Trusted Zone: *.onerateld.com (HKLM)O15 - Trusted Zone: *.safetydownload.com (HKLM)O15 - Trusted Zone: *.storageguardsoft.com (HKLM)O15 - Trusted Zone: *.trustedantivirus.com (HKLM)O15 - Trusted Zone: *.virusschlacht.com (HKLM)O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exeO23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeO23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeO23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 8293 bytesThanks, any help would be appreciated.
Ryan
Ryan
Edited by ryanhutchings, 12 February 2008 - 09:24 AM.
Sign In
Create Account
