Solved: Trojan reporting fake malware threats

[rlamon]

Hello,

my computer (running on windows xp) is infected with something, as far as I know a trojan, and keeps giving messages concerning fake malware threats, such as win32.netbooster. It also copied a few files to my desktop, each one a link to some malware fixer. Can someone help me?

This is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24: VIRUS ALERT!, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\qdgfodgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ruben\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: peltodgx - {0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - C:\WINDOWS\peltodgx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [IUpd704] C:\DOCUME~1\Ruben\LOCALS~1\Temp\pwrmgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [A00FA4BF89.exe] C:\DOCUME~1\Ruben\LOCALS~1\Temp\_A00FA4BF89.exe
O4 - HKCU\..\Run: [ChkAppDb] C:\WINDOWS\system32\qdgfodgr.exe
O4 - HKLM\..\Policies\Explorer\Run: [AH8z4GHzRC] C:\DOCUME~1\Ruben\LOCALS~1\Temp\windfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: rwlfsdmk - {3A671FC9-C15D-40CA-A199-7DF3626737D8} - C:\WINDOWS\rwlfsdmk.dll
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6762 bytes

edit: I ran combofix and I think it may have solved the problem.

ComboFix 08-09-30.03 - Ruben 2008-10-01 11:37:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.122 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Ruben\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\evqb.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\system32\__c0095011.dat
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssqRKcBu.dll
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\uBcKRqss.ini
C:\WINDOWS\system32\uBcKRqss.ini2
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-09-01 to 2008-10-01 ))))))))))))))))))))))))))))))
.

2008-10-01 11:26 . 2008-10-01 11:26 912,839 ---hs---- C:\WINDOWS\system32\yotjoexr.ini
2008-10-01 11:26 . 2008-10-01 11:26 80,512 --a------ C:\WINDOWS\system32\rxeojtoy.dll
2008-09-30 21:23 . 2008-09-30 22:01 2,800 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-30 21:15 . 2008-09-30 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-30 21:10 . 2008-09-30 21:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 21:10 . 2008-09-30 21:10 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Malwarebytes
2008-09-30 21:10 . 2008-09-30 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 21:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 21:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-30 21:08 . 2008-09-30 21:08 <DIR> dr-h----- C:\Documents and Settings\Ruben\Onlangs geopend
2008-09-30 21:04 . 2008-09-30 21:04 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-30 21:04 . 2008-09-30 21:06 <DIR> d-------- C:\Program Files\CCleaner
2008-09-30 20:56 . 2008-09-30 20:56 913,120 ---hs---- C:\WINDOWS\system32\bslrtvnv.ini
2008-09-30 20:56 . 2008-09-30 20:56 79,488 --a------ C:\WINDOWS\system32\vnvtrlsb.dll
2008-09-30 20:48 . 2008-09-30 20:48 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\IUpd704
2008-09-30 20:40 . 2008-09-30 20:40 <DIR> d-------- C:\Program Files\agxajxb
2008-09-30 20:40 . 2008-09-30 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\cdcpgdil
2008-09-30 20:40 . 2008-09-30 20:40 131,072 --a------ C:\WINDOWS\system32\qdgfodgr.exe
2008-09-30 20:40 . 2008-09-30 20:40 38,272 --a------ C:\WINDOWS\system32\yayvvTLe.dll
2008-09-30 20:40 . 2008-09-30 20:40 38,272 --a------ C:\WINDOWS\system32\hgGwVLda.dll
2008-09-30 20:39 . 2008-09-30 20:44 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-30 19:49 . 2008-09-30 19:49 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Sibelius Software
2008-09-25 17:56 . 2008-09-25 17:56 <DIR> d-------- C:\Program Files\DNA
2008-09-25 17:56 . 2008-09-25 17:56 <DIR> d-------- C:\Program Files\BitTorrent
2008-09-25 17:56 . 2008-10-01 11:43 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\DNA
2008-09-25 17:56 . 2008-09-25 19:25 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\BitTorrent
2008-09-08 18:18 . 2008-09-23 13:20 <DIR> d-------- C:\temp
2008-09-05 18:09 . 2008-09-05 18:09 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\DivX
2008-09-05 18:06 . 2008-09-05 18:06 3,532 --a------ C:\drmHeader.bin
2008-09-02 21:21 . 2008-09-02 21:21 <DIR> d-------- C:\Program Files\DivX
2008-09-02 19:47 . 2008-09-02 19:47 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\InterVideo
2008-09-02 14:51 . 2008-09-30 16:12 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\skypePM
2008-09-02 14:51 . 2008-09-02 14:51 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-02 14:49 . 2008-09-30 16:56 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Skype
2008-09-02 14:48 . 2008-09-06 19:37 <DIR> d-------- C:\Program Files\Skype
2008-09-02 14:48 . 2008-09-02 14:48 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-02 14:48 . 2008-09-02 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-09-01 08:40 . 2008-09-01 14:41 <DIR> d-------- C:\lastfm background

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 16:26 --------- d-----w C:\Documents and Settings\Ruben\Application Data\U3
2008-08-31 21:31 --------- d-----w C:\Program Files\Reference Assemblies
2008-08-31 21:31 --------- d-----w C:\Program Files\MSBuild
2008-08-31 21:23 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-31 20:43 --------- d-----w C:\Program Files\Philips ToUcam Camera
2008-08-31 10:11 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 09:52 --------- d-----w C:\Program Files\Microsoft Works
2008-08-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2008-08-27 20:31 --------- d-----w C:\Program Files\Last.fm
2008-08-27 08:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-27 08:25 --------- d-----w C:\Documents and Settings\Ruben\Application Data\AdobeUM
2008-08-27 08:07 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-08-27 06:44 --------- d-----w C:\Documents and Settings\Ruben\Application Data\AVGTOOLBAR
2008-08-27 05:32 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-27 05:32 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-08-27 05:31 --------- d-----w C:\Program Files\AVG
2008-08-27 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-27 05:20 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-26 05:16 --------- d-----w C:\Program Files\Symantec
2008-08-25 17:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-25 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-25 08:35 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-24 23:40 --------- d-----w C:\Program Files\TOSHIBA
2008-08-24 23:40 --------- d-----w C:\Program Files\Synaptics
2008-08-24 23:40 --------- d-----w C:\Program Files\Sonic
2008-08-24 23:39 --------- d-----w C:\Program Files\Realtek
2008-08-24 23:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-24 23:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-24 23:38 --------- d-----w C:\Program Files\ltmoh
2008-08-24 23:38 --------- d-----w C:\Program Files\Java
2008-08-24 23:38 --------- d-----w C:\Program Files\InterVideo
2008-08-24 23:35 --------- d-----w C:\Program Files\Common Files\Java
2008-08-24 23:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-24 23:35 --------- d-----w C:\Program Files\ATI Technologies
2008-08-24 23:25 --------- d-----w C:\Documents and Settings\Ruben\Application Data\toshiba
2008-08-24 23:25 --------- d-----w C:\Documents and Settings\Ruben\Application Data\Sonic
2008-08-24 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-08-24 21:15 --------- d-----w C:\Documents and Settings\Ruben\Application Data\Symantec
2008-08-24 16:09 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_03598-BT_PSAA2E-01500.MRK
2008-08-24 16:08 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-24 16:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 16:08 --------- d-----w C:\Program Files\Atheros
2008-08-24 15:35 --------- d-----w C:\Program Files\Windows Live
2008-08-24 15:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-24 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:23 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{548A5D7A-ACD7-B822-C4C0-0BE7F3A93F74}]
2008-09-30 20:40 155648 --a------ C:\Program Files\agxajxb\AdmHlpSys.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2503670-6D0E-4662-AC65-EFA76E33056C}]
2008-09-30 20:40 38272 --a------ C:\WINDOWS\system32\hgGwVLda.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-25 289088]
"ChkAppDb"="C:\WINDOWS\system32\qdgfodgr.exe" [2008-09-30 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 688218]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077327]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
"889b50b5"="C:\WINDOWS\system32\rxeojtoy.dll" [2008-10-01 80512]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Ruben\Menu Start\Programma's\Opstarten\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 59080]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C2503670-6D0E-4662-AC65-EFA76E33056C}"= "C:\WINDOWS\system32\hgGwVLda.dll" [2008-09-30 38272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGwVLda]
2008-09-30 20:40 38272 C:\WINDOWS\system32\hgGwVLda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\WINDOWS\\system32\\lxczcoms.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 76040]
R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-04-19 537520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c6edfc0-7403-11dd-ace0-0011f5cb4318}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS VERWIJDERD - - - -

BHO-{11DFB01A-0852-4955-9747-C59E21DBBDA5} - C:\WINDOWS\dfmlxbpkvlo.dll
BHO-{441523F3-DD3E-4577-9B0D-D80A515E6896} - C:\WINDOWS\system32\ssqRKcBu.dll
Toolbar-{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - C:\WINDOWS\peltodgx.dll
HKLM-Explorer_Run-AH8z4GHzRC - C:\DOCUME~1\Ruben\LOCALS~1\Temp\windfr.exe
Notify-__c0095011 - C:\WINDOWS\system32\__c0095011.dat


.
------- Bijkomende Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ruben\Application Data\Mozilla\Firefox\Profiles\pkh8gswt.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 11:46:07
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCES: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hgGwVLda.dll

PROCES: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\rxeojtoy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Voltooingstijd: 2008-10-01 11:52:31 - machine werd herstart
ComboFix-quarantined-files.txt 2008-10-01 09:52:00

Pre-Run: 49.910.079.488 bytes beschikbaar
Post-Run: 49,904,025,600 bytes beschikbaar

309 --- E O F --- 2008-09-14 07:52:52

 

[rlamon]

After using combofix and Malwarebytes' anti-malware, the problem seems to be solved. Hooray!