Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Hijacked Ie Browser After Trying To Remove Netbooster Malware


  • Please log in to reply
24 replies to this topic

#1 GerardM

GerardM

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 03 August 2008 - 01:58 PM

My sons PC has been hijacked by rogue malware, capturing the browser and most of the pc. All online malware and anti virus software is blocked, so is the use of Taskmanager. Indications were that the malware was Worm.Win32.Netbooster

I've been trying to remove this for days, using a script found here. I've used Smitfraude, but was/am unable to download any of the other software. I've made some efforts though, because the PC is now relatively clean and stable, but the browser is still hijacked.

I desperately need some help, because this is becoming a very frustrating problem to me. I hope anyone can point me in the right direction. I have attached the latest HijackThis log.

Thank you.

Gerard




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:05, on 3-8-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
C:\Downloads\Nieuwe map\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [dcd3d400] rundll32.exe "C:\WINDOWS\system32\tfipdedg.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?e48fbc20528d4c6da73724aa6e4cce3d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?e48fbc20528d4c6da73724aa6e4cce3d
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Auri...geUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/componen...loScopeLite.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O21 - SSODL: kvxqmtre - {DB0B77B2-58AF-4FA2-9F4D-884A6C63CBB7} - C:\WINDOWS\kvxqmtre.dll (file missing)
O21 - SSODL: evgratsm - {6C00F0E9-36C9-4B6C-9461-6A9A5AE23C50} - C:\WINDOWS\evgratsm.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6034 bytes

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:15 AM

Posted 03 August 2008 - 02:23 PM

Hi there and welcome to BC! :thumbsup:

Please download Combofix to your desktop.
Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#3 GerardM

GerardM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 03 August 2008 - 04:18 PM

Hi there,

Sorry, ComboFix won't run. I've just been trying for the last hour downloading, setting up the xp recovery console and getting Combofix to install it, but nothing happens. It pops up on the Task manager for a brief second, but that's it.... Running Combofix on its own, in normal mode and in safe mode doesn't do much either.

There is no way I can dowload anything on that PC. I need to download everything through another pc, put it on a stick to get it onto the infected pc. Btwy, I couldn't access ComboFix on Bleepingcomputer (Forbidden was the message), so i got it somewhere else (kingpin2).

So what should be my next step?

Gerard

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:15 AM

Posted 04 August 2008 - 04:16 AM

Can you retry the link above for combofix, it should work now.
Use that version and let me know whether it runs or not..

#5 GerardM

GerardM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 04 August 2008 - 09:44 AM

I was able to download from the link. Still couldn't get it to run...

Gerard

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:15 AM

Posted 04 August 2008 - 10:45 AM

It could be that the processes you have running are stopping Combofix from working.
We can try something else - first ensure that combofix is saved to your desktop!

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

#7 GerardM

GerardM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 04 August 2008 - 11:24 AM

Done it, but it will still not run. Again, it pops up in the Task manager for a second and is gone again. Suggestions?

Gerard

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:15 AM

Posted 04 August 2008 - 11:27 AM

It could be that the processes you have running are stopping Combofix from working.
We can try something else - first ensure that combofix is saved to your desktop!

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

#9 GerardM

GerardM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 04 August 2008 - 11:50 AM

This is what I did and you suggested earlier... Like I wrote, nothing happens.

I've done everything you wrote, a couple of times. Combofix is on the desktop and gets fired off (in the task manager), but then nothing.

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:15 AM

Posted 04 August 2008 - 04:46 PM

Sorry about the double post - I have another user with exactly the same problem, and I thought I'd answered on different threads! It sounds like something might be trying to close Combofix as it trys to run, so let's try and clear some malware up first and try combofix fix again afterwards. It looks like we might have something nasty on our hands here, but stick with me, and if you've got any questions about the process, don't hesitate to stop and ask me! :thumbsup:

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
O4 - HKLM\..\Run: [dcd3d400] rundll32.exe "C:\WINDOWS\system32\tfipdedg.dll",b
O21 - SSODL: kvxqmtre - {DB0B77B2-58AF-4FA2-9F4D-884A6C63CBB7} - C:\WINDOWS\kvxqmtre.dll (file missing)
O21 - SSODL: evgratsm - {6C00F0E9-36C9-4B6C-9461-6A9A5AE23C50} - C:\WINDOWS\evgratsm.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Open hijackthis, click 'config' (bottom right) Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'. In the field, copy and paste the filepath a few lines below.
Click open. Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes:
C:\WINDOWS\system32\tfipdedg.dll

Allow the PC to reboot, if it doesn't do it automatically, please reboot manually.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation finishes, leave both 'Update' and 'Launch' checked. Click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here.

On the Scanner tab, ensure the "Perform Quick Scan" option is selected, then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
When the scan finishes, a box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

#11 GerardM

GerardM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 05 August 2008 - 11:06 AM

Hi D-Trojanator,

Let me start by saying thanks for all the effort you are putting into this. I really appreciate it!

I am running a little out of time here. I'll be leaving the country tomorrow for at least weeks, so if we haven't resolved the problem we will have to put it on hold for a while. :thumbsup:

I managed to remove the line items you indicated with HiJackThis. However, when clicking on `delete a file on reboot´ there was no field to paste the filepath lines in. Instead HiJackThis simply went away.
After rebooting I reran HiJackThis to verify if the line items were gone and they were. I clicked on ´delete a file on reboot´ and nothing happened, no matter how often I clicked.

I proceeded to run mbam-setup.exe, but just like Combofix earlier, it didn't do anything. So that's as far as I got...

Gerard

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:15 AM

Posted 05 August 2008 - 01:59 PM

Hi Gerard,

If the 'delete on reboot' thing didn't work for that file, it means it's already been deleted so that's a good sign!

I want to try one more tool before we look into why they aren't actually running.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#13 GerardM

GerardM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 05 August 2008 - 04:28 PM

Hi D-Trojanator,

I ran DSS, but curiously enough it only produced the main.txt. There was NO 'extra.txt'. I ran DSS twice.

I ran DSS yesterday and at that time it did produce an 'extra.txt'. Below I will insert the main.txt (first run) and the main.txt(second run). For some reason they are different in size, so maybe you would like to check that out. I will also attach yesterday's 'extra.txt'. I'm not sure if that is of any help, but waste not want not...

regards,
Gerard

Main.txt first run 080508

Deckard's System Scanner v20071014.68
Run by Gerard2 on 2008-08-05 22:53:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 320 MiB (512 MiB recommended).
System Drive C: has 2.22 GiB (less than 15%) free.


-- HijackThis (run as Gerard2.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:48, on 5-8-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Documents and Settings\Gerard2\Bureaublad\dss.exe
C:\DOWNLO~1\NIEUWE~1\Gerard2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {1F5DC0AF-81EF-4AD2-B76B-39853B371130} - C:\WINDOWS\system32\iiffEvUl.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINDOWS\system32\ddcCUmMD.dll
O2 - BHO: QXK Olive - {812AE34E-162C-4C94-BAA1-A2C0431AEC84} - C:\WINDOWS\kgxmotapktx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {03a3e7b6-d8b4-583b-5504-d92472f47b1d} - {d1b74f27-429d-4055-b385-4b8d6b7e3a30} - C:\WINDOWS\system32\atzbjr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?e48fbc20528d4c6da73724aa6e4cce3d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?e48fbc20528d4c6da73724aa6e4cce3d
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Auri...geUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/componen...loScopeLite.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcCUmMD - C:\WINDOWS\SYSTEM32\ddcCUmMD.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6788 bytes

-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-04 16:32:35 99200 --a------ C:\WINDOWS\system32\pkdxegyh.dll
2008-08-03 18:28:34 0 d-------- C:\Documents and Settings\Gerard2\Application Data\AVG7
2008-08-03 18:27:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-28 18:30:00 0 d-------- C:\Program Files\RogueRemover FREE
2008-07-28 09:13:42 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Macromedia
2008-07-27 22:46:28 2002 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-27 21:18:21 116352 --a------ C:\WINDOWS\system32\atzbjr.dll
2008-07-27 21:18:20 116352 --a------ C:\WINDOWS\system32\lcygugww.dll
2008-07-27 20:57:53 0 d---s---- C:\Documents and Settings\Gerard2\UserData
2008-07-27 20:14:17 0 d-------- C:\Documents and Settings\Gerard2\Application Data\SUPERAntiSpyware.com
2008-07-27 17:58:43 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Google
2008-07-27 17:40:29 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Teleca
2008-07-27 17:38:58 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Adobe
2008-07-27 17:38:44 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Sony Ericsson
2008-07-27 17:38:38 0 d-------- C:\Documents and Settings\Gerard2\Application Data\TmpRecentIcons
2008-07-27 17:38:04 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Identities
2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\Sjablonen
2008-07-27 17:37:07 0 dr-h----- C:\Documents and Settings\Gerard2\SendTo
2008-07-27 17:37:07 0 dr-h----- C:\Documents and Settings\Gerard2\Onlangs geopend
2008-07-27 17:37:07 1310720 --ah----- C:\Documents and Settings\Gerard2\NTUSER.DAT
2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\Netwerkprinteromgeving
2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\NetHood
2008-07-27 17:37:07 0 dr------- C:\Documents and Settings\Gerard2\Mijn documenten
2008-07-27 17:37:07 0 dr------- C:\Documents and Settings\Gerard2\Menu Start
2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\Local Settings
2008-07-27 17:37:07 0 dr------- C:\Documents and Settings\Gerard2\Favorieten
2008-07-27 17:37:07 0 d---s---- C:\Documents and Settings\Gerard2\Cookies
2008-07-27 17:37:07 0 d-------- C:\Documents and Settings\Gerard2\Bureaublad
2008-07-27 17:37:07 0 dr-h----- C:\Documents and Settings\Gerard2\Application Data
2008-07-27 16:31:44 0 d-------- C:\Program Files\FreeFixer
2008-07-27 16:27:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-07-27 16:27:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-27 15:56:20 0 d-------- C:\Program Files\RegCleaner
2008-07-27 15:32:27 0 dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-07-27 15:19:56 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-07-27 15:15:59 116352 --a------ C:\WINDOWS\system32\lglhpa.dll
2008-07-27 15:15:58 116352 --a------ C:\WINDOWS\system32\phxbbgrf.dll
2008-07-27 15:13:45 95360 --a------ C:\WINDOWS\system32\vylxcqmg.dll
2008-07-27 15:12:58 386964 --ahs---- C:\WINDOWS\system32\lUvEffii.ini2
2008-07-27 15:12:53 323584 --a------ C:\WINDOWS\system32\iiffEvUl.dll
2008-07-27 15:02:28 0 d--hs---- C:\WINDOWS\CSC
2008-07-27 14:56:07 0 d-------- C:\Program Files\Bazooka Scanner
2008-07-27 13:23:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-27 12:56:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2008-07-27 12:53:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-27 12:53:18 0 d-------- C:\Documents and Settings\Administrator\Favorieten
2008-07-27 12:53:18 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-27 12:53:18 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-07-27 12:53:18 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-27 12:53:18 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-27 12:53:17 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-07-27 12:53:17 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-27 12:53:17 786432 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-27 12:53:17 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-07-27 12:53:17 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-27 12:53:17 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-07-27 12:53:17 0 dr------- C:\Documents and Settings\Administrator\Menu Start
2008-07-23 01:03:42 33152 --a------ C:\WINDOWS\system32\wvUKEVmK.dll
2008-07-23 01:03:40 33152 --a------ C:\WINDOWS\system32\ddcCUmMD.dll
2008-07-23 01:03:31 0 d-------- C:\Documents and Settings\Joris\Application Data\TmpRecentIcons
2008-07-23 01:03:08 163840 --a------ C:\WINDOWS\erms.exe
2008-07-23 01:03:07 155648 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-18 12:16:32 0 d--h----- C:\Documents and Settings\TEMP.PENTIUM3\Sjablonen
2008-07-18 12:16:32 0 dr-h----- C:\Documents and Settings\TEMP.PENTIUM3\SendTo
2008-07-18 12:16:32 0 d--h----- C:\Documents and Settings\TEMP.PENTIUM3\Onlangs geopend
2008-07-18 12:16:32 229376 --a------ C:\Documents and Settings\TEMP.PENTIUM3\NTUSER.DAT
2008-07-18 12:16:32 0 d--h----- C:\Documents and Settings\TEMP.PENTIUM3\Netwerkprinteromgeving
2008-07-18 12:16:32 0 d--h----- C:\Documents and Settings\TEMP.PENTIUM3\NetHood
2008-07-18 12:16:32 0 d-------- C:\Documents and Settings\TEMP.PENTIUM3\Mijn documenten
2008-07-18 12:16:32 0 dr------- C:\Documents and Settings\TEMP.PENTIUM3\Menu Start
2008-07-18 12:16:32 0 d--h----- C:\Documents and Settings\TEMP.PENTIUM3\Local Settings
2008-07-18 12:16:32 0 d-------- C:\Documents and Settings\TEMP.PENTIUM3\Favorieten
2008-07-18 12:16:32 0 d---s---- C:\Documents and Settings\TEMP.PENTIUM3\Cookies
2008-07-18 12:16:32 0 d-------- C:\Documents and Settings\TEMP.PENTIUM3\Bureaublad
2008-07-18 12:16:32 0 dr-h----- C:\Documents and Settings\TEMP.PENTIUM3\Application Data
2008-07-18 12:16:32 0 d---s---- C:\Documents and Settings\TEMP.PENTIUM3\Application Data\Microsoft
2008-07-17 19:21:45 0 dr-h----- C:\Documents and Settings\Joris\Onlangs geopend


-- Find3M Report ---------------------------------------------------------------

2008-07-28 13:06:47 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 19:43:21 1528 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F5DC0AF-81EF-4AD2-B76B-39853B371130}]
27-07-2008 15:12 323584 --a------ C:\WINDOWS\system32\iiffEvUl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}]
23-07-2008 01:03 33152 --a------ C:\WINDOWS\system32\ddcCUmMD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{812AE34E-162C-4C94-BAA1-A2C0431AEC84}]
C:\WINDOWS\kgxmotapktx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1b74f27-429d-4055-b385-4b8d6b7e3a30}]
27-07-2008 21:18 116352 --a------ C:\WINDOWS\system32\atzbjr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06-06-2005 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27-04-2007 09:41]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [24-11-2006 02:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03-08-2008 18:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23-10-2006 2:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23-10-2006 1:01:50]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [9-4-2003 18:21:38]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9-4-2003 18:11:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13-03-2006 14:11 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20-12-2006 13:55 77824]
"{769D8280-A207-4EEA-9963-F8B156C32855}"= C:\WINDOWS\system32\ddcCUmMD.dll [23-07-2008 01:03 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19-04-2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCUmMD]
ddcCUmMD.dll 23-07-2008 01:03 33152 C:\WINDOWS\system32\ddcCUmMD.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iiffEvUl




-- End of Deckard's System Scanner: finished at 2008-08-05 22:57:28 ------------


Main.txt 080508 Second Run

Deckard's System Scanner v20071014.68
Run by Gerard2 on 2008-08-05 23:05:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 320 MiB (512 MiB recommended).
System Drive C: has 2.22 GiB (less than 15%) free.


-- HijackThis (run as Gerard2.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:08, on 5-8-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Gerard2\Bureaublad\dss.exe
C:\DOWNLO~1\NIEUWE~1\Gerard2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {1F5DC0AF-81EF-4AD2-B76B-39853B371130} - C:\WINDOWS\system32\iiffEvUl.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINDOWS\system32\ddcCUmMD.dll
O2 - BHO: QXK Olive - {812AE34E-162C-4C94-BAA1-A2C0431AEC84} - C:\WINDOWS\kgxmotapktx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {03a3e7b6-d8b4-583b-5504-d92472f47b1d} - {d1b74f27-429d-4055-b385-4b8d6b7e3a30} - C:\WINDOWS\system32\atzbjr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?e48fbc20528d4c6da73724aa6e4cce3d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?e48fbc20528d4c6da73724aa6e4cce3d
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Auri...geUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/componen...loScopeLite.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcCUmMD - C:\WINDOWS\SYSTEM32\ddcCUmMD.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6849 bytes

-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-04 16:32:35 99200 --a------ C:\WINDOWS\system32\pkdxegyh.dll
2008-08-03 18:28:34 0 d-------- C:\Documents and Settings\Gerard2\Application Data\AVG7
2008-08-03 18:27:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-28 18:30:00 0 d-------- C:\Program Files\RogueRemover FREE
2008-07-28 09:13:42 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Macromedia
2008-07-27 22:46:28 2002 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-27 21:18:21 116352 --a------ C:\WINDOWS\system32\atzbjr.dll
2008-07-27 21:18:20 116352 --a------ C:\WINDOWS\system32\lcygugww.dll
2008-07-27 20:57:53 0 d---s---- C:\Documents and Settings\Gerard2\UserData
2008-07-27 20:14:17 0 d-------- C:\Documents and Settings\Gerard2\Application Data\SUPERAntiSpyware.com
2008-07-27 17:58:43 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Google
2008-07-27 17:40:29 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Teleca
2008-07-27 17:38:58 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Adobe
2008-07-27 17:38:44 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Sony Ericsson
2008-07-27 17:38:38 0 d-------- C:\Documents and Settings\Gerard2\Application Data\TmpRecentIcons
2008-07-27 17:38:04 0 d-------- C:\Documents and Settings\Gerard2\Application Data\Identities
2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\Sjablonen
2008-07-27 17:37:07 0 dr-h----- C:\Documents and Settings\Gerard2\SendTo
2008-07-27 17:37:07 0 dr-h----- C:\Documents and Settings\Gerard2\Onlangs geopend
2008-07-27 17:37:07 1310720 --ah----- C:\Documents and Settings\Gerard2\NTUSER.DAT
2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\Netwerkprinteromgeving
2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\NetHood
2008-07-27 17:37:07 0 dr------- C:\Documents and Settings\Gerard2\Mijn documenten
2008-07-27 17:37:07 0 dr------- C:\Documents and Settings\Gerard2\Menu Start
2008-07-27 17:37:07 0 d--h----- C:\Documents and Settings\Gerard2\Local Settings
2008-07-27 17:37:07 0 dr------- C:\Documents and Settings\Gerard2\Favorieten
2008-07-27 17:37:07 0 d---s---- C:\Documents and Settings\Gerard2\Cookies
2008-07-27 17:37:07 0 d-------- C:\Documents and Settings\Gerard2\Bureaublad
2008-07-27 17:37:07 0 dr-h----- C:\Documents and Settings\Gerard2\Application Data
2008-07-27 16:31:44 0 d-------- C:\Program Files\FreeFixer
2008-07-27 16:27:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-07-27 16:27:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-27 15:56:20 0 d-------- C:\Program Files\RegCleaner
2008-07-27 15:32:27 0 dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-07-27 15:19:56 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-07-27 15:15:59 116352 --a------ C:\WINDOWS\system32\lglhpa.dll
2008-07-27 15:15:58 116352 --a------ C:\WINDOWS\system32\phxbbgrf.dll
2008-07-27 15:13:45 95360 --a------ C:\WINDOWS\system32\vylxcqmg.dll
2008-07-27 15:12:58 386980 --ahs---- C:\WINDOWS\system32\lUvEffii.ini2
2008-07-27 15:12:53 323584 --a------ C:\WINDOWS\system32\iiffEvUl.dll
2008-07-27 15:02:28 0 d--hs---- C:\WINDOWS\CSC
2008-07-27 14:56:07 0 d-------- C:\Program Files\Bazooka Scanner
2008-07-27 13:23:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-27 12:56:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2008-07-27 12:53:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-27 12:53:18 0 d-------- C:\Documents and Settings\Administrator\Favorieten
2008-07-27 12:53:18 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-27 12:53:18 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-07-27 12:53:18 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-27 12:53:18 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-27 12:53:17 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-07-27 12:53:17 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-27 12:53:17 786432 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-27 12:53:17 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-07-27 12:53:17 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-27 12:53:17 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-07-27 12:53:17 0 dr------- C:\Documents and Settings\Administrator\Menu Start
2008-07-23 01:03:42 33152 --a------ C:\WINDOWS\system32\wvUKEVmK.dll
2008-07-23 01:03:40 33152 --a------ C:\WINDOWS\system32\ddcCUmMD.dll
2008-07-23 01:03:31 0 d-------- C:\Documents and Settings\Joris\Application Data\TmpRecentIcons
2008-07-23 01:03:08 163840 --a------ C:\WINDOWS\erms.exe
2008-07-23 01:03:07 155648 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-18 12:16:32 0 d--h----- C:\Documents and Settings\TEMP.PENTIUM3\Sjablonen
2008-07-18 12:16:32 0 dr-h----- C:\Documents and Settings\TEMP.PENTIUM3\SendTo
2008-07-18 12:16:32 0 d--h----- C:\Documents and Settings\TEMP.PENTIUM3\Onlangs geopend
2008-07-18 12:16:32 229376 --a------ C:\Documents and Settings\TEMP.PENTIUM3\NTUSER.DAT
2008-07-18 12:16:32 0 d--h----- C:\Documents and Settings\TEMP.PENTIUM3\Netwerkprinteromgeving
2008-07-18 12:16:32 0 d--h----- C:\Documents and Settings\TEMP.PENTIUM3\NetHood
2008-07-18 12:16:32 0 d-------- C:\Documents and Settings\TEMP.PENTIUM3\Mijn documenten
2008-07-18 12:16:32 0 dr------- C:\Documents and Settings\TEMP.PENTIUM3\Menu Start
2008-07-18 12:16:32 0 d--h----- C:\Documents and Settings\TEMP.PENTIUM3\Local Settings
2008-07-18 12:16:32 0 d-------- C:\Documents and Settings\TEMP.PENTIUM3\Favorieten
2008-07-18 12:16:32 0 d---s---- C:\Documents and Settings\TEMP.PENTIUM3\Cookies
2008-07-18 12:16:32 0 d-------- C:\Documents and Settings\TEMP.PENTIUM3\Bureaublad
2008-07-18 12:16:32 0 dr-h----- C:\Documents and Settings\TEMP.PENTIUM3\Application Data
2008-07-18 12:16:32 0 d---s---- C:\Documents and Settings\TEMP.PENTIUM3\Application Data\Microsoft
2008-07-17 19:21:45 0 dr-h----- C:\Documents and Settings\Joris\Onlangs geopend


-- Find3M Report ---------------------------------------------------------------

2008-07-28 13:06:47 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 19:43:21 1528 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F5DC0AF-81EF-4AD2-B76B-39853B371130}]
27-07-2008 15:12 323584 --a------ C:\WINDOWS\system32\iiffEvUl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}]
23-07-2008 01:03 33152 --a------ C:\WINDOWS\system32\ddcCUmMD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{812AE34E-162C-4C94-BAA1-A2C0431AEC84}]
C:\WINDOWS\kgxmotapktx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1b74f27-429d-4055-b385-4b8d6b7e3a30}]
27-07-2008 21:18 116352 --a------ C:\WINDOWS\system32\atzbjr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 10:50]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06-06-2005 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27-04-2007 09:41]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [24-11-2006 02:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03-08-2008 18:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23-10-2006 2:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23-10-2006 1:01:50]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [9-4-2003 18:21:38]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9-4-2003 18:11:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13-03-2006 14:11 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20-12-2006 13:55 77824]
"{769D8280-A207-4EEA-9963-F8B156C32855}"= C:\WINDOWS\system32\ddcCUmMD.dll [23-07-2008 01:03 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19-04-2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCUmMD]
ddcCUmMD.dll 23-07-2008 01:03 33152 C:\WINDOWS\system32\ddcCUmMD.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iiffEvUl




-- End of Deckard's System Scanner: finished at 2008-08-05 23:08:46 ------------

Yesterday´s Extra.txt 080408

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: Intel Pentium III-processor
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 319.55 MiB / 98 MiB
Pagefile Memory (total/avail): 774.45 MiB / 569.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.31 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 17.58 GiB total, 2.23 GiB free.
D: is Fixed (NTFS) - 19.69 GiB total, 15.98 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - MAXTOR 6L040J2 - 37.28 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 17.58 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 19.69 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Documents and Settings\\Daphne\\Local Settings\\Temp\\~os2.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Daphne\\Local Settings\\Temp\\~os2.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Daphne\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Daphne\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Gerard2\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PENTIUM3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Gerard2
LOGONSERVER=\\PENTIUM3
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Gerard2\LOCALS~1\Temp
TMP=C:\DOCUME~1\Gerard2\LOCALS~1\Temp
USERDOMAIN=PENTIUM3
USERNAME=Gerard2
USERPROFILE=C:\Documents and Settings\Gerard2
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

TEMP.PENTIUM3 (new local, temp assigned)
Daphne (admin)
Joris (admin)
Gerard2 (admin)
Administrator (admin)
Gast (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager 2.2 (alleen verwijderen) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bazooka Scanner --> "C:\Program Files\Bazooka Scanner\Uninstall.exe" "C:\Program Files\Bazooka Scanner\install.log"
Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913433) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chinese Simplified Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003}
Disc2Phone --> MsiExec.exe /X{98455B44-3F4B-4B0B-95DD-78828C1680B6}
DivX 4.12 Codec --> "C:\Program Files\DivXCodec\uninstall.exe"
FreeFixer --> "C:\Program Files\FreeFixer\Uninstall.exe" "C:\Program Files\FreeFixer\install.log"
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Downloads\Nieuwe map\HijackThis.exe" /uninstall
HP-software voor foto- en beeldbewerking 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200 --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Huur- en zorgtoeslag 2008 --> C:\Program Files\Belastingdienst\Huur- en zorgtoeslag\2008\hz2008u.exe
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nero 7 Demo --> MsiExec.exe /I{9AA19E4F-A3DD-6BEF-F317-14757D801043}
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sysadm --> C:\WINDOWS\unin0413.exe -fC:\BMW95\sysadm\uninst\DeIsL1.isu
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
Tis --> C:\WINDOWS\unin0413.exe -fC:\BMW95\tis\uninst\DeIsL1.isu
Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Verzoek voorlopige teruggaaf 2008 --> C:\Program Files\Belastingdienst\Voorlopige Teruggaaf\2008\vt2008u.exe
Windows Desktop Search --> "C:\WINDOWS\$NtUninstallKB911993-V2$\spuninst\spuninst.exe"
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2) --> C:\PROGRA~1\DIFX\D4E518902B01206D\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\wlphonec_A6FBDDFD78E9FD2D94C453BC7FCFBE6BEE0A125E\wlphonec.inf
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant --> MsiExec.exe /I{3D84FAFB-7691-4C32-A804-B3EF97B31118}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4200 / Warning
Event Submitted/Written: 08/03/2008 10:48:10 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Kan geen verbinding met de server maken. Fout: 0x8007043C

Event Record #/Type4196 / Warning
Event Submitted/Written: 07/28/2008 06:20:17 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Kan geen verbinding met de server maken. Fout: 0x8007043C

Event Record #/Type4195 / Warning
Event Submitted/Written: 07/28/2008 06:20:17 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
De detectie van product {90110413-6000-11D3-8CFE-0150048383C9}, functie OfficeUserData, onderdeel {4A31E933-6F67-11D2-AAA2-00A0C90F57B0} is mislukt. De bron HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access-database\ bestaat niet.

Event Record #/Type4193 / Warning
Event Submitted/Written: 07/28/2008 11:09:59 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Kan geen verbinding met de server maken. Fout: 0x8007043C

Event Record #/Type4192 / Warning
Event Submitted/Written: 07/28/2008 11:09:58 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
De detectie van product {90110413-6000-11D3-8CFE-0150048383C9}, functie OfficeUserData, onderdeel {4A31E933-6F67-11D2-AAA2-00A0C90F57B0} is mislukt. De bron HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access-database\ bestaat niet.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type22281 / Error
Event Submitted/Written: 08/04/2008 10:43:21 PM
Event ID/Source: 7 / Disk
Event Description:
Beschadigd blok in apparaat \Device\Harddisk0\D.

Event Record #/Type22280 / Error
Event Submitted/Written: 08/04/2008 10:43:16 PM
Event ID/Source: 7 / Disk
Event Description:
Beschadigd blok in apparaat \Device\Harddisk0\D.

Event Record #/Type22279 / Error
Event Submitted/Written: 08/04/2008 10:43:11 PM
Event ID/Source: 7 / Disk
Event Description:
Beschadigd blok in apparaat \Device\Harddisk0\D.

Event Record #/Type22278 / Error
Event Submitted/Written: 08/04/2008 10:43:06 PM
Event ID/Source: 7 / Disk
Event Description:
Beschadigd blok in apparaat \Device\Harddisk0\D.

Event Record #/Type22277 / Error
Event Submitted/Written: 08/04/2008 10:43:01 PM
Event ID/Source: 7 / Disk
Event Description:
Beschadigd blok in apparaat \Device\Harddisk0\D.



-- End of Deckard's System Scanner: finished at 2008-08-04 22:50:29 ------------

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:15 AM

Posted 06 August 2008 - 02:17 PM

Ok, right click on the combofix tool on your desktop and click 'rename'.
Rename as 'lousyfix.exe' and hit enter. Now run the tool and let me know what happens..

#15 GerardM

GerardM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 16 August 2008 - 09:15 AM

Hi D-Trojanator,

Sorry for the late response. As I mentioned earlier I am travelling and cannot not access the pc before August 23. If you don't mind waiting, I'll follow up then...

Kind regards,

Gerard




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users