Need Help With Hijacked Ie Browser After Trying To Remove Netbooster Malware

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

BleepingComputer.com > Security > HijackThis Logs and Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

< 1 2

Need Help With Hijacked Ie Browser After Trying To Remove Netbooster Malware

Options

GerardM View Member Profile	Aug 24 2008, 09:50 AM Post #16
Member Group: Members Posts: 15 Joined: 30-July 08 Member No.: 226,236	Hi, I changed the name of combofix as suggested and ran it according to the instructions in your august 4 post. Prior to that I dropped the recovery console on the app. Below is the logfile of Combofix. Because I coundn't run it until today, Combofix expired and ran the limited version. Regards, Gerard ComboFix 08-08-03.05 - Gerard2 2008-08-24 15:40:23.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.113 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Gerard2\Bureaublad\lousyfix.exe Command switches used :: /killall . - VERMINDERDE FUNCTIONALITEIT MODUS - . (((((((((((((((((((( Bestanden Gemaakt van 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))) . 2008-08-04 22:42 . 2008-08-04 22:42 <DIR> d-------- C:\Deckard 2008-08-04 16:32 . 2008-08-05 16:33 1,382,489 ---hs---- C:\WINDOWS\system32\hygexdkp.ini 2008-08-04 16:32 . 2008-08-04 16:32 99,200 --a------ C:\WINDOWS\system32\pkdxegyh.dll 2008-08-03 18:28 . 2008-08-03 18:29 <DIR> d-------- C:\Documents and Settings\Gerard2\Application Data\AVG7 2008-08-03 18:27 . 2008-08-03 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-07-28 18:30 . 2008-07-28 18:30 <DIR> d-------- C:\Program Files\RogueRemover FREE 2008-07-27 22:46 . 2008-07-28 18:17 2,002 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-27 21:18 . 2008-07-27 21:18 116,352 --a------ C:\WINDOWS\system32\lcygugww.dll 2008-07-27 21:18 . 2008-07-27 21:18 116,352 --a------ C:\WINDOWS\system32\atzbjr.dll 2008-07-27 21:15 . 2008-08-04 16:32 1,532,015 ---hs---- C:\WINDOWS\system32\gdedpift.ini 2008-07-27 20:57 . 2008-07-27 20:57 <DIR> d---s---- C:\Documents and Settings\Gerard2\UserData 2008-07-27 20:14 . 2008-07-27 20:14 <DIR> d-------- C:\Documents and Settings\Gerard2\Application Data\SUPERAntiSpyware.com 2008-07-27 17:40 . 2008-07-27 17:40 <DIR> d-------- C:\Documents and Settings\Gerard2\Application Data\Teleca 2008-07-27 17:38 . 2008-07-27 17:38 <DIR> d-------- C:\Documents and Settings\Gerard2\Application Data\Sony Ericsson 2008-07-27 17:37 . 2006-07-24 01:42 <DIR> d--h----- C:\Documents and Settings\Gerard2\Sjablonen 2008-07-27 17:37 . 2008-08-24 15:36 <DIR> dr-h----- C:\Documents and Settings\Gerard2\Onlangs geopend 2008-07-27 17:37 . 2006-07-24 03:31 <DIR> d--h----- C:\Documents and Settings\Gerard2\Netwerkprinteromgeving 2008-07-27 17:37 . 2008-07-27 19:40 <DIR> dr------- C:\Documents and Settings\Gerard2\Mijn documenten 2008-07-27 17:37 . 2006-07-24 03:31 <DIR> dr------- C:\Documents and Settings\Gerard2\Menu Start 2008-07-27 17:37 . 2008-07-28 11:07 <DIR> dr------- C:\Documents and Settings\Gerard2\Favorieten 2008-07-27 17:37 . 2008-08-24 10:00 <DIR> d-------- C:\Documents and Settings\Gerard2\Bureaublad 2008-07-27 17:37 . 2008-07-27 20:57 <DIR> d-------- C:\Documents and Settings\Gerard2 2008-07-27 16:31 . 2008-07-27 16:31 <DIR> d-------- C:\Program Files\FreeFixer 2008-07-27 15:56 . 2008-07-27 16:06 <DIR> d-------- C:\Program Files\RegCleaner 2008-07-27 15:32 . 2008-07-28 10:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-07-27 15:19 . 2008-07-27 15:19 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData 2008-07-27 15:15 . 2008-07-27 15:15 116,352 --a------ C:\WINDOWS\system32\phxbbgrf.dll 2008-07-27 15:15 . 2008-07-27 15:15 116,352 --a------ C:\WINDOWS\system32\lglhpa.dll 2008-07-27 15:13 . 2008-07-27 20:51 1,531,525 ---hs---- C:\WINDOWS\system32\gmqcxlyv.ini 2008-07-27 15:13 . 2008-07-27 15:13 95,360 --a------ C:\WINDOWS\system32\vylxcqmg.dll 2008-07-27 15:12 . 2008-07-27 15:12 323,584 --a------ C:\WINDOWS\system32\iiffEvUl.dll 2008-07-27 15:12 . 2008-08-24 15:48 599 --ahs---- C:\WINDOWS\system32\lUvEffii.ini2 2008-07-27 15:12 . 2008-08-24 15:48 599 --ahs---- C:\WINDOWS\system32\lUvEffii.ini 2008-07-27 15:11 . 2008-08-04 16:30 7,652 --a------ C:\WINDOWS\system32\clbinit.dll 2008-07-27 14:56 . 2008-07-27 14:56 <DIR> d-------- C:\Program Files\Bazooka Scanner 2008-07-27 13:23 . 2008-07-27 13:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-07-27 12:56 . 2008-07-27 12:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson 2008-07-27 12:53 . 2006-07-24 01:42 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-07-27 12:53 . 2006-07-24 03:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-07-27 12:53 . 2008-07-27 16:48 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten 2008-07-27 12:53 . 2006-07-24 03:31 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-07-27 12:53 . 2008-07-27 15:11 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten 2008-07-27 12:53 . 2008-08-04 18:07 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-07-27 12:53 . 2008-08-03 18:28 <DIR> d-------- C:\Documents and Settings\Administrator . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-03 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-07-28 11:06 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-07-27 08:02 --------- d-----w C:\Documents and Settings\Joris\Application Data\AVG7 2008-07-22 23:03 34,816 ----a-w C:\WINDOWS\system32\clbdll.dll 2008-07-22 23:03 33,152 ----a-w C:\WINDOWS\system32\wvUKEVmK.dll 2008-07-22 23:03 33,152 ----a-w C:\WINDOWS\system32\ddcCUmMD.dll 2008-07-22 23:03 10,752 ----a-w C:\WINDOWS\system32\drivers\clbdriver.sys 2008-07-22 23:03 --------- d-----w C:\Documents and Settings\Joris\Application Data\TmpRecentIcons 2008-07-17 10:14 163,840 ----a-w C:\WINDOWS\erms.exe 2008-07-17 10:14 155,648 ----a-w C:\WINDOWS\agpqlrfm.exe 2008-07-03 16:08 --------- d-----w C:\Documents and Settings\Joris\Application Data\LimeWire . ((((((((((((((((((((((((((((( snapshot@2008-08-24_10.16.31.17 ))))))))))))))))))))))))))))))))))))))))) . + 2005-07-26 04:36:41 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll + 2005-07-26 04:36:42 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll + 2004-08-03 23:03:08 110,080 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll + 2004-08-03 23:03:08 501,248 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll + 2001-09-07 13:00:00 11,264 ----a-w C:\WINDOWS\system32\clb.dll + 2005-07-26 04:42:47 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll + 2005-07-26 04:42:47 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll + 2001-09-07 13:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\clb.dll + 2005-07-26 04:42:47 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll + 2005-07-26 04:42:47 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 Nota lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0135384A-CA83-43F0-8865-03B686D82617}] 2008-07-27 15:12 323584 --a------ C:\WINDOWS\system32\iiffEvUl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}] 2008-07-23 01:03 33152 --a------ C:\WINDOWS\system32\ddcCUmMD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1b74f27-429d-4055-b385-4b8d6b7e3a30}] 2008-07-27 21:18 116352 --a------ C:\WINDOWS\system32\atzbjr.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-03 18:27 579584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-08-03 18:27 219136] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 14:11 233472] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824] "{769D8280-A207-4EEA-9963-F8B156C32855}"= "C:\WINDOWS\system32\ddcCUmMD.dll" [2008-07-23 01:03 33152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCUmMD] 2008-07-23 01:03 33152 C:\WINDOWS\system32\ddcCUmMD.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iiffEvUl [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= R3 S3Inc;S3Inc;C:\WINDOWS\system32\DRIVERS\s3mini.sys [2006-07-24 02:19] S3 NtApm;NT Apm/Legacy-interfacestuurprogramma;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-09-06 21:49] S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58] . Inhoud van de 'Gedeelde Taken' map 2008-07-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42] 2008-08-24 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39] 2007-10-26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1184339047.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56] . . ------- Supplementary Scan ------- . O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?e48fbc20528d4c6da73724aa6e4cce3d O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?e48fbc20528d4c6da73724aa6e4cce3d O16 -: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab C:\WINDOWS\Downloaded Program Files\CycloScopeLite0.inf C:\WINDOWS\system32\ir50_32.dll C:\WINDOWS\Downloaded Program Files\NetConnectorLite.dll C:\WINDOWS\Downloaded Program Files\CM_RowsetTransform.dll C:\WINDOWS\Downloaded Program Files\CM_RecordingLocationDBC.dll C:\WINDOWS\Downloaded Program Files\CM_RecordingLocationDAL2.dll C:\WINDOWS\Downloaded Program Files\CM_RecordingLocationService2.dll C:\WINDOWS\Downloaded Program Files\CM_ImageDirectoryDBC.dll C:\WINDOWS\Downloaded Program Files\CM_ImageDirectoryDAL2.dll C:\WINDOWS\Downloaded Program Files\CM_ImageDirectoryService2.dll C:\WINDOWS\Downloaded Program Files\CM_AuthorizationProxy2.dll C:\WINDOWS\Downloaded Program Files\CM_ADOConnector.dll C:\WINDOWS\Downloaded Program Files\CycloFocus.dll C:\WINDOWS\Downloaded Program Files\Ms_dcp1x.dll C:\WINDOWS\Downloaded Program Files\HvPix1x.dll C:\WINDOWS\Downloaded Program Files\CycloScopeLite0.ocx ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 15:47:14 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ********************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\ddcCUmMD.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\iiffEvUl.dll . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe . ********************************************************************** . Voltooingstijd: 2008-08-24 15:51:16 - machine was rebooted [Gerard2] ComboFix-quarantined-files.txt 2008-08-24 13:51:05 ComboFix2.txt 2008-08-24 08:23:29 Pre-Run: 2,478,710,784 bytes beschikbaar Post-Run: 2,498,375,680 bytes beschikbaar 205 --- E O F --- 2007-07-11 10:02:09 This post has been edited by GerardM**: Aug 24 2008, 09:51 AM

GerardM View Member Profile	Aug 25 2008, 02:02 PM Post #17
Member Group: Members Posts: 15 Joined: 30-July 08 Member No.: 226,236	Hi, I posted this reply earlier, but some managed to put it on a diferent page, so here I go again... I changed the name of combofix as suggested and ran it according to the instructions in your august 4 post. Prior to that I dropped the recovery console on the app. Below is the logfile of Combofix. Because I coundn't run it until today, Combofix expired and ran the limited version. Regards, Gerard ComboFix 08-08-03.05 - Gerard2 2008-08-24 15:40:23.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.113 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Gerard2\Bureaublad\lousyfix.exe Command switches used :: /killall . - VERMINDERDE FUNCTIONALITEIT MODUS - . (((((((((((((((((((( Bestanden Gemaakt van 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))) . 2008-08-04 22:42 . 2008-08-04 22:42 <DIR> d-------- C:\Deckard 2008-08-04 16:32 . 2008-08-05 16:33 1,382,489 ---hs---- C:\WINDOWS\system32\hygexdkp.ini 2008-08-04 16:32 . 2008-08-04 16:32 99,200 --a------ C:\WINDOWS\system32\pkdxegyh.dll 2008-08-03 18:28 . 2008-08-03 18:29 <DIR> d-------- C:\Documents and Settings\Gerard2\Application Data\AVG7 2008-08-03 18:27 . 2008-08-03 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-07-28 18:30 . 2008-07-28 18:30 <DIR> d-------- C:\Program Files\RogueRemover FREE 2008-07-27 22:46 . 2008-07-28 18:17 2,002 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-27 21:18 . 2008-07-27 21:18 116,352 --a------ C:\WINDOWS\system32\lcygugww.dll 2008-07-27 21:18 . 2008-07-27 21:18 116,352 --a------ C:\WINDOWS\system32\atzbjr.dll 2008-07-27 21:15 . 2008-08-04 16:32 1,532,015 ---hs---- C:\WINDOWS\system32\gdedpift.ini 2008-07-27 20:57 . 2008-07-27 20:57 <DIR> d---s---- C:\Documents and Settings\Gerard2\UserData 2008-07-27 20:14 . 2008-07-27 20:14 <DIR> d-------- C:\Documents and Settings\Gerard2\Application Data\SUPERAntiSpyware.com 2008-07-27 17:40 . 2008-07-27 17:40 <DIR> d-------- C:\Documents and Settings\Gerard2\Application Data\Teleca 2008-07-27 17:38 . 2008-07-27 17:38 <DIR> d-------- C:\Documents and Settings\Gerard2\Application Data\Sony Ericsson 2008-07-27 17:37 . 2006-07-24 01:42 <DIR> d--h----- C:\Documents and Settings\Gerard2\Sjablonen 2008-07-27 17:37 . 2008-08-24 15:36 <DIR> dr-h----- C:\Documents and Settings\Gerard2\Onlangs geopend 2008-07-27 17:37 . 2006-07-24 03:31 <DIR> d--h----- C:\Documents and Settings\Gerard2\Netwerkprinteromgeving 2008-07-27 17:37 . 2008-07-27 19:40 <DIR> dr------- C:\Documents and Settings\Gerard2\Mijn documenten 2008-07-27 17:37 . 2006-07-24 03:31 <DIR> dr------- C:\Documents and Settings\Gerard2\Menu Start 2008-07-27 17:37 . 2008-07-28 11:07 <DIR> dr------- C:\Documents and Settings\Gerard2\Favorieten 2008-07-27 17:37 . 2008-08-24 10:00 <DIR> d-------- C:\Documents and Settings\Gerard2\Bureaublad 2008-07-27 17:37 . 2008-07-27 20:57 <DIR> d-------- C:\Documents and Settings\Gerard2 2008-07-27 16:31 . 2008-07-27 16:31 <DIR> d-------- C:\Program Files\FreeFixer 2008-07-27 15:56 . 2008-07-27 16:06 <DIR> d-------- C:\Program Files\RegCleaner 2008-07-27 15:32 . 2008-07-28 10:33 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-07-27 15:19 . 2008-07-27 15:19 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData 2008-07-27 15:15 . 2008-07-27 15:15 116,352 --a------ C:\WINDOWS\system32\phxbbgrf.dll 2008-07-27 15:15 . 2008-07-27 15:15 116,352 --a------ C:\WINDOWS\system32\lglhpa.dll 2008-07-27 15:13 . 2008-07-27 20:51 1,531,525 ---hs---- C:\WINDOWS\system32\gmqcxlyv.ini 2008-07-27 15:13 . 2008-07-27 15:13 95,360 --a------ C:\WINDOWS\system32\vylxcqmg.dll 2008-07-27 15:12 . 2008-07-27 15:12 323,584 --a------ C:\WINDOWS\system32\iiffEvUl.dll 2008-07-27 15:12 . 2008-08-24 15:48 599 --ahs---- C:\WINDOWS\system32\lUvEffii.ini2 2008-07-27 15:12 . 2008-08-24 15:48 599 --ahs---- C:\WINDOWS\system32\lUvEffii.ini 2008-07-27 15:11 . 2008-08-04 16:30 7,652 --a------ C:\WINDOWS\system32\clbinit.dll 2008-07-27 14:56 . 2008-07-27 14:56 <DIR> d-------- C:\Program Files\Bazooka Scanner 2008-07-27 13:23 . 2008-07-27 13:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-07-27 12:56 . 2008-07-27 12:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson 2008-07-27 12:53 . 2006-07-24 01:42 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-07-27 12:53 . 2006-07-24 03:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-07-27 12:53 . 2008-07-27 16:48 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten 2008-07-27 12:53 . 2006-07-24 03:31 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-07-27 12:53 . 2008-07-27 15:11 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten 2008-07-27 12:53 . 2008-08-04 18:07 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-07-27 12:53 . 2008-08-03 18:28 <DIR> d-------- C:\Documents and Settings\Administrator . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-03 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-07-28 11:06 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-07-27 08:02 --------- d-----w C:\Documents and Settings\Joris\Application Data\AVG7 2008-07-22 23:03 34,816 ----a-w C:\WINDOWS\system32\clbdll.dll 2008-07-22 23:03 33,152 ----a-w C:\WINDOWS\system32\wvUKEVmK.dll 2008-07-22 23:03 33,152 ----a-w C:\WINDOWS\system32\ddcCUmMD.dll 2008-07-22 23:03 10,752 ----a-w C:\WINDOWS\system32\drivers\clbdriver.sys 2008-07-22 23:03 --------- d-----w C:\Documents and Settings\Joris\Application Data\TmpRecentIcons 2008-07-17 10:14 163,840 ----a-w C:\WINDOWS\erms.exe 2008-07-17 10:14 155,648 ----a-w C:\WINDOWS\agpqlrfm.exe 2008-07-03 16:08 --------- d-----w C:\Documents and Settings\Joris\Application Data\LimeWire . ((((((((((((((((((((((((((((( snapshot@2008-08-24_10.16.31.17 ))))))))))))))))))))))))))))))))))))))))) . + 2005-07-26 04:36:41 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll + 2005-07-26 04:36:42 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll + 2004-08-03 23:03:08 110,080 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll + 2004-08-03 23:03:08 501,248 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll + 2001-09-07 13:00:00 11,264 ----a-w C:\WINDOWS\system32\clb.dll + 2005-07-26 04:42:47 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll + 2005-07-26 04:42:47 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll + 2001-09-07 13:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\clb.dll + 2005-07-26 04:42:47 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll + 2005-07-26 04:42:47 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 Nota lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0135384A-CA83-43F0-8865-03B686D82617}] 2008-07-27 15:12 323584 --a------ C:\WINDOWS\system32\iiffEvUl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}] 2008-07-23 01:03 33152 --a------ C:\WINDOWS\system32\ddcCUmMD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1b74f27-429d-4055-b385-4b8d6b7e3a30}] 2008-07-27 21:18 116352 --a------ C:\WINDOWS\system32\atzbjr.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-03 18:27 579584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-08-03 18:27 219136] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 14:11 233472] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824] "{769D8280-A207-4EEA-9963-F8B156C32855}"= "C:\WINDOWS\system32\ddcCUmMD.dll" [2008-07-23 01:03 33152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCUmMD] 2008-07-23 01:03 33152 C:\WINDOWS\system32\ddcCUmMD.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iiffEvUl [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= R3 S3Inc;S3Inc;C:\WINDOWS\system32\DRIVERS\s3mini.sys [2006-07-24 02:19] S3 NtApm;NT Apm/Legacy-interfacestuurprogramma;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-09-06 21:49] S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58] . Inhoud van de 'Gedeelde Taken' map 2008-07-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42] 2008-08-24 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39] 2007-10-26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1184339047.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56] . . ------- Supplementary Scan ------- . O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?e48fbc20528d4c6da73724aa6e4cce3d O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?e48fbc20528d4c6da73724aa6e4cce3d O16 -: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab C:\WINDOWS\Downloaded Program Files\CycloScopeLite0.inf C:\WINDOWS\system32\ir50_32.dll C:\WINDOWS\Downloaded Program Files\NetConnectorLite.dll C:\WINDOWS\Downloaded Program Files\CM_RowsetTransform.dll C:\WINDOWS\Downloaded Program Files\CM_RecordingLocationDBC.dll C:\WINDOWS\Downloaded Program Files\CM_RecordingLocationDAL2.dll C:\WINDOWS\Downloaded Program Files\CM_RecordingLocationService2.dll C:\WINDOWS\Downloaded Program Files\CM_ImageDirectoryDBC.dll C:\WINDOWS\Downloaded Program Files\CM_ImageDirectoryDAL2.dll C:\WINDOWS\Downloaded Program Files\CM_ImageDirectoryService2.dll C:\WINDOWS\Downloaded Program Files\CM_AuthorizationProxy2.dll C:\WINDOWS\Downloaded Program Files\CM_ADOConnector.dll C:\WINDOWS\Downloaded Program Files\CycloFocus.dll C:\WINDOWS\Downloaded Program Files\Ms_dcp1x.dll C:\WINDOWS\Downloaded Program Files\HvPix1x.dll C:\WINDOWS\Downloaded Program Files\CycloScopeLite0.ocx ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 15:47:14 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ********************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\ddcCUmMD.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\iiffEvUl.dll . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe . ************************************************************************ . Voltooingstijd: 2008-08-24 15:51:16 - machine was rebooted [Gerard2] ComboFix-quarantined-files.txt 2008-08-24 13:51:05 ComboFix2.txt 2008-08-24 08:23:29 Pre-Run: 2,478,710,784 bytes beschikbaar Post-Run: 2,498,375,680 bytes beschikbaar 205 --- E O F --- 2007-07-11 10:02:09

rookie147 View Member Profile	Aug 26 2008, 04:16 AM Post #18
Forum Addict Group: HJT Team Coach Posts: 5,196 Joined: 1-April 06 Member No.: 62,052	Hi there Gerard, D-Trojanator is away at the moment so I'll be stepping in; my name is Charles Could I have a new HijackThis log please? -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

GerardM View Member Profile	Aug 26 2008, 06:10 AM Post #19
Member Group: Members Posts: 15 Joined: 30-July 08 Member No.: 226,236	Hi Charles, Thank you for stepping in. This is a nasty one and D-Trojanator has already been a big help. I ran DSS. The HiJackThis file is below. Regards, Gerard Deckard's System Scanner v20071014.68 Run by Gerard2 on 2008-08-26 13:01:33 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 320 MiB (512 MiB recommended). System Drive C: has 2.34 GiB (less than 15%) free. -- HijackThis (run as Gerard2.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:01:56, on 26-8-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Documents and Settings\Gerard2\Bureaublad\dss.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\DOWNLO~1\NIEUWE~1\Gerard2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\componentlauncher.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINDOWS\system32\ddcCUmMD.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {03a3e7b6-d8b4-583b-5504-d92472f47b1d} - {d1b74f27-429d-4055-b385-4b8d6b7e3a30} - C:\WINDOWS\system32\atzbjr.dll O2 - BHO: (no name) - {F9471E78-ED16-49DC-9AA0-B68FE3044B5D} - C:\WINDOWS\system32\iiffEvUl.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?e48fbc20528d4c6da73724aa6e4cce3d O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?e48fbc20528d4c6da73724aa6e4cce3d O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Auri...geUploader4.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/componen...loScopeLite.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ddcCUmMD - C:\WINDOWS\SYSTEM32\ddcCUmMD.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7277 bytes -- Files created between 2008-07-26 and 2008-08-26 ----------------------------- 2008-08-24 15:34:28 0 d-------- C:\cmdcons 2008-08-24 10:02:22 68096 --a------ C:\WINDOWS\zip.exe 2008-08-24 10:02:22 49152 --a------ C:\WINDOWS\VFind.exe 2008-08-24 10:02:22 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-08-24 10:02:22 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-08-24 10:02:22 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-08-24 10:02:22 98816 --a------ C:\WINDOWS\sed.exe 2008-08-24 10:02:22 80412 --a------ C:\WINDOWS\grep.exe 2008-08-24 10:02:22 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-08-04 16:32:35 99200 --a------ C:\WINDOWS\system32\pkdxegyh.dll 2008-08-03 18:28:34 0 d-------- C:\Documents and Settings\Gerard2\Application Data\AVG7 2008-08-03 18:27:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-07-28 18:30:00 0 d-------- C:\Program Files\RogueRemover FREE 2008-07-28 09:13:42 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Macromedia 2008-07-27 22:46:28 2002 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-27 21:18:21 116352 --a------ C:\WINDOWS\system32\atzbjr.dll 2008-07-27 21:18:20 116352 --a------ C:\WINDOWS\system32\lcygugww.dll 2008-07-27 20:57:53 0 d---s---- C:\Documents and Settings\Gerard2\UserData 2008-07-27 20:14:17 0 d-------- C:\Documents and Settings\Gerard2\Application Data\SUPERAntiSpyware.com 2008-07-27 17:58:43 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Google 2008-07-27 17:40:29 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Teleca 2008-07-27 17:38:58 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Adobe 2008-07-27 17:38:44 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Sony Ericsson 2008-07-27 17:38:04 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Identities 2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\Sjablonen 2008-07-27 17:37:07 0 dr-h----- C:\Documents and Settings\Gerard2\SendTo 2008-07-27 17:37:07 0 dr-h----- C:\Documents and Settings\Gerard2\Onlangs geopend 2008-07-27 17:37:07 1310720 --ah----- C:\Documents and Settings\Gerard2\NTUSER.DAT 2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\Netwerkprinteromgeving 2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\NetHood 2008-07-27 17:37:07 0 dr------- C:\Documents and Settings\Gerard2\Mijn documenten 2008-07-27 17:37:07 0 dr------- C:\Documents and Settings\Gerard2\Menu Start 2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\Local Settings 2008-07-27 17:37:07 0 dr------- C:\Documents and Settings\Gerard2\Favorieten 2008-07-27 17:37:07 0 d---s---- C:\Documents and Settings\Gerard2\Cookies 2008-07-27 17:37:07 0 d-------- C:\Documents and Settings\Gerard2\Bureaublad 2008-07-27 17:37:07 0 dr-h----- C:\Documents and Settings\Gerard2\Application Data 2008-07-27 16:31:44 0 d-------- C:\Program Files\FreeFixer 2008-07-27 16:27:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-07-27 16:27:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-07-27 15:56:20 0 d-------- C:\Program Files\RegCleaner 2008-07-27 15:32:27 0 dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-07-27 15:19:56 0 d---s---- C:\Documents and Settings\Administrator\UserData 2008-07-27 15:15:59 116352 --a------ C:\WINDOWS\system32\lglhpa.dll 2008-07-27 15:15:58 116352 --a------ C:\WINDOWS\system32\phxbbgrf.dll 2008-07-27 15:13:45 95360 --a------ C:\WINDOWS\system32\vylxcqmg.dll 2008-07-27 15:12:58 879 --ahs---- C:\WINDOWS\system32\lUvEffii.ini2 2008-07-27 15:12:53 323584 --a------ C:\WINDOWS\system32\iiffEvUl.dll 2008-07-27 15:11:00 7652 --a------ C:\WINDOWS\system32\clbinit.dll 2008-07-27 15:02:28 0 d--hs---- C:\WINDOWS\CSC 2008-07-27 14:56:07 0 d-------- C:\Program Files\Bazooka Scanner 2008-07-27 13:23:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-07-27 12:56:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson 2008-07-27 12:53:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-07-27 12:53:18 0 d-------- C:\Documents and Settings\Administrator\Favorieten 2008-07-27 12:53:18 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-07-27 12:53:18 0 d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-07-27 12:53:18 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-07-27 12:53:18 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-07-27 12:53:17 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-07-27 12:53:17 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-07-27 12:53:17 786432 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT 2008-07-27 12:53:17 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-07-27 12:53:17 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-07-27 12:53:17 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten 2008-07-27 12:53:17 0 dr------- C:\Documents and Settings\Administrator\Menu Start -- Find3M Report --------------------------------------------------------------- 2008-07-28 13:06:47 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-23 01:03:46 34816 --a------ C:\WINDOWS\system32\clbdll.dll 2008-07-23 01:03:41 33152 --a------ C:\WINDOWS\system32\wvUKEVmK.dll 2008-07-23 01:03:41 33152 --a------ C:\WINDOWS\system32\ddcCUmMD.dll 2008-07-17 12:14:54 155648 --a------ C:\WINDOWS\agpqlrfm.exe 2008-07-17 12:14:52 163840 --a------ C:\WINDOWS\erms.exe -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}] 23-07-2008 01:03 33152 --a------ C:\WINDOWS\system32\ddcCUmMD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1b74f27-429d-4055-b385-4b8d6b7e3a30}] 27-07-2008 21:18 116352 --a------ C:\WINDOWS\system32\atzbjr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9471E78-ED16-49DC-9AA0-B68FE3044B5D}] 27-07-2008 15:12 323584 --a------ C:\WINDOWS\system32\iiffEvUl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06-06-2005 23:46] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27-04-2007 09:41] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [24-11-2006 02:06] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03-08-2008 18:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23-10-2006 2:48:20] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23-10-2006 1:01:50] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [9-4-2003 18:21:38] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9-4-2003 18:11:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13-03-2006 14:11 233472] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20-12-2006 13:55 77824] "{769D8280-A207-4EEA-9963-F8B156C32855}"= C:\WINDOWS\system32\ddcCUmMD.dll [23-07-2008 01:03 33152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19-04-2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCUmMD] ddcCUmMD.dll 23-07-2008 01:03 33152 C:\WINDOWS\system32\ddcCUmMD.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\iiffEvUl -- End of Deckard's System Scanner: finished at 2008-08-26 13:03:01 ------------

rookie147 View Member Profile	Aug 28 2008, 05:56 AM Post #20
Forum Addict Group: HJT Team Coach Posts: 5,196 Joined: 1-April 06 Member No.: 62,052	Hello again, Scan again with HijackThis and put a checkmark next to each of the following entries (if present): O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINDOWS\system32\ddcCUmMD.dll O2 - BHO: {03a3e7b6-d8b4-583b-5504-d92472f47b1d} - {d1b74f27-429d-4055-b385-4b8d6b7e3a30} - C:\WINDOWS\system32\atzbjr.dll O2 - BHO: (no name) - {F9471E78-ED16-49DC-9AA0-B68FE3044B5D} - C:\WINDOWS\system32\iiffEvUl.dll O20 - Winlogon Notify: ddcCUmMD - C:\WINDOWS\SYSTEM32\ddcCUmMD.dll Then close all other windows - you should only see HijackThis on your Desktop - and click the Fix checked button. Open Notepad - don't use any other text editor or the script will fail. Copy and paste the text in the quote box below into the document: QUOTE File:: C:\WINDOWS\system32\lglhpa.dll C:\WINDOWS\system32\phxbbgrf.dll C:\WINDOWS\system32\vylxcqmg.dll C:\WINDOWS\system32\lUvEffii.ini2 C:\WINDOWS\system32\iiffEvUl.dll C:\WINDOWS\system32\clbinit.dll C:\WINDOWS\system32\clbdll.dll C:\WINDOWS\system32\wvUKEVmK.dll C:\WINDOWS\system32\ddcCUmMD.dll C:\WINDOWS\agpqlrfm.exe C:\WINDOWS\erms.exe Save this as txtfile CFScript . Then drag the CFScript into ComboFix.exe as you see in the screenshot below: This will start ComboFix again. A new log will be created, which I would like to see in your reply along with a new HJT log. Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

GerardM View Member Profile	Aug 28 2008, 06:43 AM Post #21
Member Group: Members Posts: 15 Joined: 30-July 08 Member No.: 226,236	Hi, I just ran the stand alone version of HiJackThis, the file is below. My earlier post came from DSS. As you can see the items you wanted me to remove do not appear in this run, so there is nothing there to remove. However, when I run HJK again, this time from DSS they do appear in the list, yet I do not know how to remove them. Is there anyway I can get the regular HJK interface using DSS? Not having removed anything yet, I have not taken the subsequent steps you suggested. Regards, Gerard Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:29:24, on 28-8-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\WgaTray.exe C:\Downloads\Nieuwe map\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?e48fbc20528d4c6da73724aa6e4cce3d O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?e48fbc20528d4c6da73724aa6e4cce3d O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Auri...geUploader4.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/componen...loScopeLite.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 5887 bytes

rookie147 View Member Profile	Aug 29 2008, 03:40 PM Post #22
Forum Addict Group: HJT Team Coach Posts: 5,196 Joined: 1-April 06 Member No.: 62,052	Can you try renaming the HJT file for me, to something like fluffybunny.exe? -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

GerardM