1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Trojan reporting fake malware threats

Discussion in 'Virus & Other Malware Removal' started by rlamon, Sep 30, 2008.

Thread Status:
Not open for further replies.
  1. rlamon

    rlamon Thread Starter

    Joined:
    Sep 30, 2008
    Messages:
    2
    Hello,

    my computer (running on windows xp) is infected with something, as far as I know a trojan, and keeps giving messages concerning fake malware threats, such as win32.netbooster. It also copied a few files to my desktop, each one a link to some malware fixer. Can someone help me?

    This is the HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:24: VIRUS ALERT!, on 30/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\lxczcoms.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\qdgfodgr.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ruben\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: peltodgx - {0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - C:\WINDOWS\peltodgx.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [IUpd704] C:\DOCUME~1\Ruben\LOCALS~1\Temp\pwrmgr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [A00FA4BF89.exe] C:\DOCUME~1\Ruben\LOCALS~1\Temp\_A00FA4BF89.exe
    O4 - HKCU\..\Run: [ChkAppDb] C:\WINDOWS\system32\qdgfodgr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [AH8z4GHzRC] C:\DOCUME~1\Ruben\LOCALS~1\Temp\windfr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O21 - SSODL: rwlfsdmk - {3A671FC9-C15D-40CA-A199-7DF3626737D8} - C:\WINDOWS\rwlfsdmk.dll
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

    --
    End of file - 6762 bytes

    edit: I ran combofix and I think it may have solved the problem.

    ComboFix 08-09-30.03 - Ruben 2008-10-01 11:37:20.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.122 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Ruben\Bureaublad\ComboFix.exe

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Inet Delivery
    C:\Program Files\Inet Delivery\inetdl.exe
    C:\Program Files\Inet Delivery\intdel.exe
    C:\WINDOWS\a.bat
    C:\WINDOWS\base64.tmp
    C:\WINDOWS\bdn.com
    C:\WINDOWS\evqb.exe
    C:\WINDOWS\FVProtect.exe
    C:\WINDOWS\iTunesMusic.exe
    C:\WINDOWS\mslagent
    C:\WINDOWS\mslagent\2_mslagent.dll
    C:\WINDOWS\mslagent\mslagent.exe
    C:\WINDOWS\mslagent\uninstall.exe
    C:\WINDOWS\mssecu.exe
    C:\WINDOWS\peltodgx.dll
    C:\WINDOWS\rwlfsdmk.dll
    C:\WINDOWS\system32\__c0095011.dat
    C:\WINDOWS\system32\akttzn.exe
    C:\WINDOWS\system32\anticipator.dll
    C:\WINDOWS\system32\awtoolb.dll
    C:\WINDOWS\system32\bdn.com
    C:\WINDOWS\system32\bsva-egihsg52.exe
    C:\WINDOWS\system32\dpcproxy.exe
    C:\WINDOWS\system32\emesx.dll
    C:\WINDOWS\system32\[email protected]@@k.dll
    C:\WINDOWS\system32\hoproxy.dll
    C:\WINDOWS\system32\hxiwlgpm.dat
    C:\WINDOWS\system32\hxiwlgpm.exe
    C:\WINDOWS\system32\medup012.dll
    C:\WINDOWS\system32\medup020.dll
    C:\WINDOWS\system32\msgp.exe
    C:\WINDOWS\system32\msnbho.dll
    C:\WINDOWS\system32\mssecu.exe
    C:\WINDOWS\system32\msvchost.exe
    C:\WINDOWS\system32\mtr2.exe
    C:\WINDOWS\system32\mwin32.exe
    C:\WINDOWS\system32\netode.exe
    C:\WINDOWS\system32\newsd32.exe
    C:\WINDOWS\system32\ps1.exe
    C:\WINDOWS\system32\psof1.exe
    C:\WINDOWS\system32\psoft1.exe
    C:\WINDOWS\system32\regc64.dll
    C:\WINDOWS\system32\regm64.dll
    C:\WINDOWS\system32\Rundl1.exe
    C:\WINDOWS\system32\smp
    C:\WINDOWS\system32\smp\msrc.exe
    C:\WINDOWS\system32\sncntr.exe
    C:\WINDOWS\system32\ssqRKcBu.dll
    C:\WINDOWS\system32\ssurf022.dll
    C:\WINDOWS\system32\ssvchost.com
    C:\WINDOWS\system32\ssvchost.exe
    C:\WINDOWS\system32\sysreq.exe
    C:\WINDOWS\system32\taack.dat
    C:\WINDOWS\system32\taack.exe
    C:\WINDOWS\system32\temp#01.exe
    C:\WINDOWS\system32\thun.dll
    C:\WINDOWS\system32\thun32.dll
    C:\WINDOWS\system32\uBcKRqss.ini
    C:\WINDOWS\system32\uBcKRqss.ini2
    C:\WINDOWS\system32\VBIEWER.OCX
    C:\WINDOWS\system32\vbsys2.dll
    C:\WINDOWS\system32\vcatchpi.dll
    C:\WINDOWS\system32\winlogonpc.exe
    C:\WINDOWS\system32\winsystem.exe
    C:\WINDOWS\system32\WINWGPX.EXE
    C:\WINDOWS\userconfig9x.dll
    C:\WINDOWS\winsystem.exe
    C:\WINDOWS\zip1.tmp
    C:\WINDOWS\zip2.tmp
    C:\WINDOWS\zip3.tmp
    C:\WINDOWS\zipped.tmp

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-09-01 to 2008-10-01 ))))))))))))))))))))))))))))))
    .

    2008-10-01 11:26 . 2008-10-01 11:26 912,839 ---hs---- C:\WINDOWS\system32\yotjoexr.ini
    2008-10-01 11:26 . 2008-10-01 11:26 80,512 --a------ C:\WINDOWS\system32\rxeojtoy.dll
    2008-09-30 21:23 . 2008-09-30 22:01 2,800 --a------ C:\WINDOWS\system32\tmp.reg
    2008-09-30 21:15 . 2008-09-30 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-30 21:10 . 2008-09-30 21:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-30 21:10 . 2008-09-30 21:10 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Malwarebytes
    2008-09-30 21:10 . 2008-09-30 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-30 21:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-30 21:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-30 21:08 . 2008-09-30 21:08 <DIR> dr-h----- C:\Documents and Settings\Ruben\Onlangs geopend
    2008-09-30 21:04 . 2008-09-30 21:04 <DIR> d-------- C:\Program Files\Yahoo!
    2008-09-30 21:04 . 2008-09-30 21:06 <DIR> d-------- C:\Program Files\CCleaner
    2008-09-30 20:56 . 2008-09-30 20:56 913,120 ---hs---- C:\WINDOWS\system32\bslrtvnv.ini
    2008-09-30 20:56 . 2008-09-30 20:56 79,488 --a------ C:\WINDOWS\system32\vnvtrlsb.dll
    2008-09-30 20:48 . 2008-09-30 20:48 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\IUpd704
    2008-09-30 20:40 . 2008-09-30 20:40 <DIR> d-------- C:\Program Files\agxajxb
    2008-09-30 20:40 . 2008-09-30 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\cdcpgdil
    2008-09-30 20:40 . 2008-09-30 20:40 131,072 --a------ C:\WINDOWS\system32\qdgfodgr.exe
    2008-09-30 20:40 . 2008-09-30 20:40 38,272 --a------ C:\WINDOWS\system32\yayvvTLe.dll
    2008-09-30 20:40 . 2008-09-30 20:40 38,272 --a------ C:\WINDOWS\system32\hgGwVLda.dll
    2008-09-30 20:39 . 2008-09-30 20:44 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-09-30 19:49 . 2008-09-30 19:49 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Sibelius Software
    2008-09-25 17:56 . 2008-09-25 17:56 <DIR> d-------- C:\Program Files\DNA
    2008-09-25 17:56 . 2008-09-25 17:56 <DIR> d-------- C:\Program Files\BitTorrent
    2008-09-25 17:56 . 2008-10-01 11:43 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\DNA
    2008-09-25 17:56 . 2008-09-25 19:25 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\BitTorrent
    2008-09-08 18:18 . 2008-09-23 13:20 <DIR> d-------- C:\temp
    2008-09-05 18:09 . 2008-09-05 18:09 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\DivX
    2008-09-05 18:06 . 2008-09-05 18:06 3,532 --a------ C:\drmHeader.bin
    2008-09-02 21:21 . 2008-09-02 21:21 <DIR> d-------- C:\Program Files\DivX
    2008-09-02 19:47 . 2008-09-02 19:47 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\InterVideo
    2008-09-02 14:51 . 2008-09-30 16:12 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\skypePM
    2008-09-02 14:51 . 2008-09-02 14:51 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-09-02 14:49 . 2008-09-30 16:56 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Skype
    2008-09-02 14:48 . 2008-09-06 19:37 <DIR> d-------- C:\Program Files\Skype
    2008-09-02 14:48 . 2008-09-02 14:48 <DIR> d-------- C:\Program Files\Common Files\Skype
    2008-09-02 14:48 . 2008-09-02 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-09-01 08:40 . 2008-09-01 14:41 <DIR> d-------- C:\lastfm background

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-14 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-08 16:26 --------- d-----w C:\Documents and Settings\Ruben\Application Data\U3
    2008-08-31 21:31 --------- d-----w C:\Program Files\Reference Assemblies
    2008-08-31 21:31 --------- d-----w C:\Program Files\MSBuild
    2008-08-31 21:23 --------- d-----w C:\Program Files\MSXML 6.0
    2008-08-31 20:43 --------- d-----w C:\Program Files\Philips ToUcam Camera
    2008-08-31 10:11 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-08-28 09:52 --------- d-----w C:\Program Files\Microsoft Works
    2008-08-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
    2008-08-27 20:31 --------- d-----w C:\Program Files\Last.fm
    2008-08-27 08:28 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-27 08:25 --------- d-----w C:\Documents and Settings\Ruben\Application Data\AdobeUM
    2008-08-27 08:07 --------- d-----w C:\Program Files\Lexmark 1200 Series
    2008-08-27 06:44 --------- d-----w C:\Documents and Settings\Ruben\Application Data\AVGTOOLBAR
    2008-08-27 05:32 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-08-27 05:32 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
    2008-08-27 05:31 --------- d-----w C:\Program Files\AVG
    2008-08-27 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-08-27 05:20 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-08-26 05:16 --------- d-----w C:\Program Files\Symantec
    2008-08-25 17:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-08-25 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-08-25 08:35 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-08-24 23:40 --------- d-----w C:\Program Files\TOSHIBA
    2008-08-24 23:40 --------- d-----w C:\Program Files\Synaptics
    2008-08-24 23:40 --------- d-----w C:\Program Files\Sonic
    2008-08-24 23:39 --------- d-----w C:\Program Files\Realtek
    2008-08-24 23:39 --------- d-----w C:\Program Files\Microsoft.NET
    2008-08-24 23:39 --------- d-----w C:\Program Files\microsoft frontpage
    2008-08-24 23:38 --------- d-----w C:\Program Files\ltmoh
    2008-08-24 23:38 --------- d-----w C:\Program Files\Java
    2008-08-24 23:38 --------- d-----w C:\Program Files\InterVideo
    2008-08-24 23:35 --------- d-----w C:\Program Files\Common Files\Java
    2008-08-24 23:35 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-08-24 23:35 --------- d-----w C:\Program Files\ATI Technologies
    2008-08-24 23:25 --------- d-----w C:\Documents and Settings\Ruben\Application Data\toshiba
    2008-08-24 23:25 --------- d-----w C:\Documents and Settings\Ruben\Application Data\Sonic
    2008-08-24 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
    2008-08-24 21:15 --------- d-----w C:\Documents and Settings\Ruben\Application Data\Symantec
    2008-08-24 16:09 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_03598-BT_PSAA2E-01500.MRK
    2008-08-24 16:08 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2008-08-24 16:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-24 16:08 --------- d-----w C:\Program Files\Atheros
    2008-08-24 15:35 --------- d-----w C:\Program Files\Windows Live
    2008-08-24 15:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-08-24 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:23 253,952 ----a-w C:\WINDOWS\system32\es.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{548A5D7A-ACD7-B822-C4C0-0BE7F3A93F74}]
    2008-09-30 20:40 155648 --a------ C:\Program Files\agxajxb\AdmHlpSys.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2503670-6D0E-4662-AC65-EFA76E33056C}]
    2008-09-30 20:40 38272 --a------ C:\WINDOWS\system32\hgGwVLda.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-25 289088]
    "ChkAppDb"="C:\WINDOWS\system32\qdgfodgr.exe" [2008-09-30 131072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 688218]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256]
    "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784]
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077327]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
    "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
    "889b50b5"="C:\WINDOWS\system32\rxeojtoy.dll" [2008-10-01 80512]
    "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 C:\WINDOWS\RTHDCPL.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 C:\WINDOWS\agrsmmsg.exe]
    "TPSMain"="TPSMain.exe" [2005-08-03 C:\WINDOWS\system32\TPSMain.exe]
    "NDSTray.exe"="NDSTray.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

    C:\Documents and Settings\Ruben\Menu Start\Programma's\Opstarten\
    Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 59080]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{C2503670-6D0E-4662-AC65-EFA76E33056C}"= "C:\WINDOWS\system32\hgGwVLda.dll" [2008-09-30 38272]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGwVLda]
    2008-09-30 20:40 38272 C:\WINDOWS\system32\hgGwVLda.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\WINDOWS\\system32\\lxczcoms.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
    R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 76040]
    R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-04-19 537520]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c6edfc0-7403-11dd-ace0-0011f5cb4318}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a
    .
    - - - - ORPHANS VERWIJDERD - - - -

    BHO-{11DFB01A-0852-4955-9747-C59E21DBBDA5} - C:\WINDOWS\dfmlxbpkvlo.dll
    BHO-{441523F3-DD3E-4577-9B0D-D80A515E6896} - C:\WINDOWS\system32\ssqRKcBu.dll
    Toolbar-{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - C:\WINDOWS\peltodgx.dll
    HKLM-Explorer_Run-AH8z4GHzRC - C:\DOCUME~1\Ruben\LOCALS~1\Temp\windfr.exe
    Notify-__c0095011 - C:\WINDOWS\system32\__c0095011.dat


    .
    ------- Bijkomende Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Ruben\Application Data\Mozilla\Firefox\Profiles\pkh8gswt.default\
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava11.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava12.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava13.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava14.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava32.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPOJI610.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-01 11:46:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    PROCES: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\hgGwVLda.dll

    PROCES: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\rxeojtoy.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-10-01 11:52:31 - machine werd herstart
    ComboFix-quarantined-files.txt 2008-10-01 09:52:00

    Pre-Run: 49.910.079.488 bytes beschikbaar
    Post-Run: 49,904,025,600 bytes beschikbaar

    309 --- E O F --- 2008-09-14 07:52:52
     
    rlamon, Sep 30, 2008
    #1
  2. rlamon

    rlamon Thread Starter

    Joined:
    Sep 30, 2008
    Messages:
    2
    After using combofix and Malwarebytes' anti-malware, the problem seems to be solved. Hooray!
     
    rlamon, Oct 1, 2008
    #2
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Trojan reporting
  1. K1979

    In Progress Trojan Virus Worry

    K1979, Sep 27, 2019, in forum: Virus & Other Malware Removal
    Replies:
    18
    Views:
    649
    iMacg3
    Oct 12, 2019 at 11:39 PM
  2. JDStreet

    Solved trojan/virus

    JDStreet, Aug 13, 2019, in forum: Virus & Other Malware Removal
    Replies:
    18
    Views:
    1,284
    iMacg3
    Aug 16, 2019
  3. Sumfeg

    New Trojan:Win32/Bitrep.B

    Sumfeg, Jun 3, 2019, in forum: Virus & Other Malware Removal
    Replies:
    0
    Views:
    601
    Sumfeg
    Jun 3, 2019
  4. dreamy.dancer

    In Progress Trojan:Win32/Bitrep.B

    dreamy.dancer, Mar 15, 2019, in forum: Virus & Other Malware Removal
    Replies:
    6
    Views:
    1,491
    iMacg3
    Mar 19, 2019
  5. lishenli

    New Kaspersky can't remove MEM:trojan.script.angrypower.gen

    lishenli, Jan 24, 2019, in forum: Virus & Other Malware Removal
    Replies:
    0
    Views:
    1,203
    lishenli
    Jan 24, 2019
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/754907

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice