You are here:
- Home
- Computing/Technology
- Internet/Network Security
- Computer Security & Viruses
- virusscan update and other
Computer Security & Viruses/virusscan update and other
Advertisement
Question
QUESTION: Hi Brian,
I have AVG-free, during several days I can't update this anymore. Also when I want to go on my emails of 'hotmail', I can't get open my account (it still hang).
Vundo Fix doesn't found anything.
Online scan of Panda doesn't work here..
so I have made a Hijackthis-log for you. During the holidays (august) you have helped me very well with the pc of my friend (sorry if I wright things wrong, I speek dutch)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:47, on 19/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Kruidvat - Fotoservice\dd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LevelOne 11g Wireless Adapter\WLANMON.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/be/nlb/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Device Detection] C:\Program Files\Kruidvat - Fotoservice\dd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [{5C2B8890-0A1F-2067-1202-030512200020}] "C:\Program Files\Common Files\{5C2B8890-0A1F-2067-1202-030512200020}\Update.exe" mc-110-12-0001411
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Level One 11g Wireless Configuration Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chiromeisje.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5054/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dorina/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg
--
End of file - 10575 bytes
groetjes
Dorina
ANSWER: Hi Dorina
I'd be happy to help you once again.
1. Download combofix and save it to Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
**Note: It is important that it is saved directly to your desktop**
2. Double click combofix.exe & follow the prompts.
3. When finished, it will create a log for you (C:\ComboFix.txt). Post that log & a fresh HJT log in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
Brian
---------- FOLLOW-UP ----------
QUESTION: hey,
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:59, on 20/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Kruidvat - Fotoservice\dd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LevelOne 11g Wireless Adapter\WLANMON.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Device Detection] C:\Program Files\Kruidvat - Fotoservice\dd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Level One 11g Wireless Configuration Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chiromeisje.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5054/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dorina/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg
--
End of file - 9577 bytes
combofix log:
ComboFix 08-11-19.08 - Dorina 2008-11-20 18:26:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.238 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Dorina\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\{3C2B8~1
c:\program files\Common Files\{5C2B8~1
c:\windows\cdmxtras
c:\windows\cdmxtras\uninst.exe
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\system32\cache329
c:\windows\system32\cache329\B_257700.htm
c:\windows\system32\cache329\B_257800.htm
c:\windows\system32\cache329\B_271100.htm
c:\windows\system32\cache329\B_292600.htm
c:\windows\system32\cache329\B_296100.htm
c:\windows\system32\cache329\B_329_0_0_178500.gif
c:\windows\system32\cache329\B_329_0_0_178600.gif
c:\windows\system32\cache329\B_329_0_0_178800.gif
c:\windows\system32\cache329\B_329_0_0_294100.gif
c:\windows\system32\cache329\B_329_0_1_134600.gif
c:\windows\system32\cache329\B_329_0_1_152200.gif
c:\windows\system32\cache329\B_329_0_1_317800.htm
c:\windows\system32\cache329\B_329_0_1_317800.swf
c:\windows\system32\cache329\B_329_0_2_134600.gif
c:\windows\system32\cache329\B_329_0_2_152800.htm
c:\windows\system32\cache329\B_329_0_2_152800.swf
c:\windows\system32\cache329\B_329_0_2_178500.gif
c:\windows\system32\cache329\B_329_0_2_178600.gif
c:\windows\system32\cache329\B_329_0_2_294100.gif
c:\windows\system32\cache329\B_329_0_2_317800.htm
c:\windows\system32\cache329\B_329_0_2_317800.swf
c:\windows\system32\cache329\B_329_0_3_136300.gif
c:\windows\system32\cache329\B_329_0_3_178800.gif
c:\windows\system32\cache329\B_329_0_3_255900.htm
c:\windows\system32\cache329\B_329_0_3_255900.swf
c:\windows\system32\cache329\B_329_0_3_326100.gif
c:\windows\system32\cache329\B_329_0_3_338100.gif
c:\windows\system32\cache329\B_329_0_3_355200.gif
c:\windows\system32\cache329\B_329_0_3_422600.htm
c:\windows\system32\cache329\B_329_0_3_422600.swf
c:\windows\system32\cache329\B_329_0_3_435100.htm
c:\windows\system32\cache329\B_329_0_3_435100.swf
c:\windows\system32\cache329\B_329_0_4_152100.gif
c:\windows\system32\cache329\B_329_0_4_207300.htm
c:\windows\system32\cache329\B_329_0_4_207300.swf
c:\windows\system32\cache329\B_329_0_4_255900.htm
c:\windows\system32\cache329\B_329_0_4_255900.swf
c:\windows\system32\cache329\B_329_0_4_286900.gif
c:\windows\system32\cache329\B_329_0_4_289700.htm
c:\windows\system32\cache329\B_329_0_4_289700.jpg
c:\windows\system32\cache329\B_329_0_4_289800.htm
c:\windows\system32\cache329\B_329_0_4_289800.jpg
c:\windows\system32\cache329\B_329_0_4_289900.gif
c:\windows\system32\cache329\B_329_0_4_291000.htm
c:\windows\system32\cache329\B_329_0_4_291000.jpg
c:\windows\system32\cache329\B_329_0_4_291800.gif
c:\windows\system32\cache329\B_329_0_4_367800.gif
c:\windows\system32\cache329\B_329_2_0_178500.gif
c:\windows\system32\cache329\B_329_2_0_178600.gif
c:\windows\system32\cache329\B_329_2_0_178800.gif
c:\windows\system32\cache329\B_329_2_0_294100.gif
c:\windows\system32\cache329\B_329_2_0_326100.gif
c:\windows\system32\cache329\B_329_2_1_134600.gif
c:\windows\system32\cache329\B_329_2_1_152200.gif
c:\windows\system32\cache329\B_329_2_1_317800.htm
c:\windows\system32\cache329\B_329_2_1_317800.swf
c:\windows\system32\cache329\B_329_2_2_152800.htm
c:\windows\system32\cache329\B_329_2_2_152800.swf
c:\windows\system32\cache329\B_329_2_2_178500.gif
c:\windows\system32\cache329\B_329_2_2_178600.gif
c:\windows\system32\cache329\B_329_2_2_294100.gif
c:\windows\system32\cache329\B_329_2_2_317800.htm
c:\windows\system32\cache329\B_329_2_2_317800.swf
c:\windows\system32\cache329\B_329_2_2_326100.gif
c:\windows\system32\cache329\B_329_2_2_355200.gif
c:\windows\system32\cache329\B_329_2_3_136300.gif
c:\windows\system32\cache329\B_329_2_3_178800.gif
c:\windows\system32\cache329\B_329_2_3_255900.htm
c:\windows\system32\cache329\B_329_2_3_255900.swf
c:\windows\system32\cache329\B_329_2_3_326100.gif
c:\windows\system32\cache329\B_329_2_3_338100.gif
c:\windows\system32\cache329\B_329_2_3_355200.gif
c:\windows\system32\cache329\B_329_2_3_422600.htm
c:\windows\system32\cache329\B_329_2_3_422600.swf
c:\windows\system32\cache329\B_329_2_3_435100.htm
c:\windows\system32\cache329\B_329_2_3_435100.swf
c:\windows\system32\cache329\B_329_2_4_140100.gif
c:\windows\system32\cache329\B_329_2_4_143200.gif
c:\windows\system32\cache329\B_329_2_4_152100.gif
c:\windows\system32\cache329\B_329_2_4_207300.htm
c:\windows\system32\cache329\B_329_2_4_207300.swf
c:\windows\system32\cache329\B_329_2_4_255900.htm
c:\windows\system32\cache329\B_329_2_4_255900.swf
c:\windows\system32\cache329\B_329_2_4_286900.gif
c:\windows\system32\cache329\B_329_2_4_289700.htm
c:\windows\system32\cache329\B_329_2_4_289700.jpg
c:\windows\system32\cache329\B_329_2_4_289800.htm
c:\windows\system32\cache329\B_329_2_4_289800.jpg
c:\windows\system32\cache329\B_329_2_4_289900.gif
c:\windows\system32\cache329\B_329_2_4_291000.htm
c:\windows\system32\cache329\B_329_2_4_291000.jpg
c:\windows\system32\cache329\B_329_2_4_291800.gif
c:\windows\system32\cache329\B_329_2_4_338100.gif
c:\windows\system32\cache329\B_329_2_4_367800.gif
c:\windows\system32\cache329\B_329_3_0_178500.gif
c:\windows\system32\cache329\B_329_3_0_178600.gif
c:\windows\system32\cache329\B_329_3_0_178800.gif
c:\windows\system32\cache329\B_329_3_0_294100.gif
c:\windows\system32\cache329\B_329_3_1_134600.gif
c:\windows\system32\cache329\B_329_3_1_152200.gif
c:\windows\system32\cache329\B_329_3_1_317800.htm
c:\windows\system32\cache329\B_329_3_1_317800.swf
c:\windows\system32\cache329\B_329_3_2_134600.gif
c:\windows\system32\cache329\B_329_3_2_152800.htm
c:\windows\system32\cache329\B_329_3_2_152800.swf
c:\windows\system32\cache329\B_329_3_2_178500.gif
c:\windows\system32\cache329\B_329_3_2_178600.gif
c:\windows\system32\cache329\B_329_3_2_294100.gif
c:\windows\system32\cache329\B_329_3_2_317800.htm
c:\windows\system32\cache329\B_329_3_2_317800.swf
c:\windows\system32\cache329\B_329_3_3_136300.gif
c:\windows\system32\cache329\B_329_3_3_178800.gif
c:\windows\system32\cache329\B_329_3_3_255900.htm
c:\windows\system32\cache329\B_329_3_3_255900.swf
c:\windows\system32\cache329\B_329_3_3_326100.gif
c:\windows\system32\cache329\B_329_3_3_338100.gif
c:\windows\system32\cache329\B_329_3_3_355200.gif
c:\windows\system32\cache329\B_329_3_3_422600.htm
c:\windows\system32\cache329\B_329_3_3_422600.swf
c:\windows\system32\cache329\B_329_3_3_435100.htm
c:\windows\system32\cache329\B_329_3_3_435100.swf
c:\windows\system32\cache329\B_329_3_4_152100.gif
c:\windows\system32\cache329\B_329_3_4_207300.htm
c:\windows\system32\cache329\B_329_3_4_207300.swf
c:\windows\system32\cache329\B_329_3_4_255900.htm
c:\windows\system32\cache329\B_329_3_4_255900.swf
c:\windows\system32\cache329\B_329_3_4_286900.gif
c:\windows\system32\cache329\B_329_3_4_289700.htm
c:\windows\system32\cache329\B_329_3_4_289700.jpg
c:\windows\system32\cache329\B_329_3_4_289800.htm
c:\windows\system32\cache329\B_329_3_4_289800.jpg
c:\windows\system32\cache329\B_329_3_4_289900.gif
c:\windows\system32\cache329\B_329_3_4_291000.htm
c:\windows\system32\cache329\B_329_3_4_291000.jpg
c:\windows\system32\cache329\B_329_3_4_291800.gif
c:\windows\system32\cache329\B_329_3_4_367800.gif
c:\windows\system32\cache329\B_329_4_0_108300.htm
c:\windows\system32\cache329\B_329_4_0_130300.htm
c:\windows\system32\cache329\B_329_4_0_130300.swf
c:\windows\system32\cache329\B_329_4_0_133300.htm
c:\windows\system32\cache329\B_329_4_0_133300.jpg
c:\windows\system32\cache329\B_329_4_0_253500.gif
c:\windows\system32\cache329\B_329_4_0_253500.htm
c:\windows\system32\cache329\B_329_4_0_259100.htm
c:\windows\system32\cache329\B_329_4_0_296000.htm
c:\windows\system32\cache329\B_329_4_0_314100.gif
c:\windows\system32\cache329\B_329_4_0_314100.htm
c:\windows\system32\cache329\B_329_4_0_362800.htm
c:\windows\system32\cache329\B_329_4_0_368300.gif
c:\windows\system32\cache329\B_329_4_0_368300.htm
c:\windows\system32\cache329\B_329_4_0_416800.htm
c:\windows\system32\cache329\B_329_4_0_436400.htm
c:\windows\system32\cache329\B_329_4_0_436600.htm
c:\windows\system32\cache329\B_329_4_2_109200.htm
c:\windows\system32\cache329\B_329_4_2_296000.htm
c:\windows\system32\cache329\B_329_4_2_355700.gif
c:\windows\system32\cache329\B_329_4_2_355700.htm
c:\windows\system32\cache329\B_329_4_2_416800.htm
c:\windows\system32\cache329\B_329_4_3_182200.htm
c:\windows\system32\cache329\B_329_4_3_182200.swf
c:\windows\system32\cache329\B_329_4_3_182500.htm
c:\windows\system32\cache329\B_329_4_3_182500.swf
c:\windows\system32\cache329\B_329_4_3_294700.htm
c:\windows\system32\cache329\B_329_4_4_109200.htm
c:\windows\system32\cache329\B_329_4_4_179000.gif
c:\windows\system32\cache329\B_329_4_4_179000.htm
c:\windows\system32\cache329\B_329_4_4_182100.htm
c:\windows\system32\cache329\B_329_4_4_182100.swf
c:\windows\system32\cache329\B_329_4_4_291400.htm
c:\windows\system32\cache329\B_329_4_4_291400.jpg
c:\windows\system32\cache329\B_329_4_4_291700.htm
c:\windows\system32\cache329\B_329_4_4_291700.jpg
c:\windows\system32\cache329\B_329_4_4_292100.htm
c:\windows\system32\cache329\B_329_4_4_292100.jpg
c:\windows\system32\cache329\B_329_4_4_294700.htm
c:\windows\system32\cache329\B_329_4_4_355700.htm
c:\windows\system32\cache329\B_329_4_4_362800.htm
c:\windows\system32\cache329\B_329_4_4_408100.htm
c:\windows\system32\cache329\B_329_4_4_416800.htm
c:\windows\system32\cache329\B_356300.htm
c:\windows\system32\cache329\B_366600.htm
c:\windows\system32\cache329\t_B_257700.htm
c:\windows\system32\cache329\t_B_257800.htm
c:\windows\system32\cache329\t_B_271100.htm
c:\windows\system32\cache329\t_B_292600.htm
c:\windows\system32\cache329\t_B_296100.htm
c:\windows\system32\cache329\t_B_329_4_0_108300.htm
c:\windows\system32\cache329\t_B_329_4_0_259100.htm
c:\windows\system32\cache329\t_B_329_4_0_296000.htm
c:\windows\system32\cache329\t_B_329_4_0_362800.htm
c:\windows\system32\cache329\t_B_329_4_0_416800.htm
c:\windows\system32\cache329\t_B_329_4_0_436400.htm
c:\windows\system32\cache329\t_B_329_4_0_436600.htm
c:\windows\system32\cache329\t_B_329_4_2_109200.htm
c:\windows\system32\cache329\t_B_329_4_2_296000.htm
c:\windows\system32\cache329\t_B_329_4_2_416800.htm
c:\windows\system32\cache329\t_B_329_4_3_294700.htm
c:\windows\system32\cache329\t_B_329_4_4_109200.htm
c:\windows\system32\cache329\t_B_329_4_4_294700.htm
c:\windows\system32\cache329\t_B_329_4_4_340400.htm
c:\windows\system32\cache329\t_B_329_4_4_362800.htm
c:\windows\system32\cache329\t_B_329_4_4_408100.htm
c:\windows\system32\cache329\t_B_329_4_4_416800.htm
c:\windows\system32\cache329\t_B_356300.htm
c:\windows\system32\cache329\t_B_366600.htm
c:\windows\system32\drivers\fad.sys
c:\windows\system32\MSINET.oca
c:\windows\system32\open.ico
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_COM+_MESSAGES
(((((((((((((((((((( Bestanden Gemaakt van 2008-10-20 to 2008-11-20 ))))))))))))))))))))))))))))))
.
2008-11-19 15:37 . 2008-11-19 15:37 <DIR> d-------- c:\program files\Trend Micro
2008-11-19 15:31 . 2008-11-19 15:31 <DIR> d-------- c:\program files\Panda Security
2008-11-19 15:31 . 2008-06-19 17:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys
2008-11-12 13:16 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-11-12 13:16 . 2008-10-24 12:21 455,296 -----c--- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-26 12:29 . 2008-10-26 12:29 <DIR> d-------- c:\program files\DivX
2008-10-23 18:28 . 2008-10-15 17:37 337,408 -----c--- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 17:34 --------- d-----w c:\program files\SPAMfighter
2008-11-20 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-20 16:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-19 13:47 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 15:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-14 18:14 --------- d-----w c:\program files\Acro Software
2008-10-14 18:13 --------- d-----w c:\program files\GPLGS
2008-09-30 15:30 --------- d-----w c:\documents and settings\Dorina\Application Data\Image Zone Express
2008-09-24 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-09-21 12:20 --------- d-----w c:\program files\Bonjour
2008-09-21 12:09 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-09-20 20:05 --------- d-----w c:\program files\Samsung
2008-09-20 19:52 --------- d-----w c:\documents and settings\Dorina\Application Data\Samsung
2008-09-07 09:20 24 ----a-w c:\documents and settings\Dorina\jagex_runescape_preferences.dat
2008-08-13 20:54 7,314,808 ----a-w c:\program files\trsetup.exe
2008-08-13 16:35 119,808 ----a-w c:\program files\VundoFix.exe
2008-06-13 18:54 49,384,056 ----a-w c:\program files\avg_free_stf_all_8_100a1323.exe
2008-01-06 21:28 352,006 ----a-w c:\program files\smxwin151e.zip
2006-10-06 19:39 315,624 ----a-w c:\program files\dxwebsetup.exe
2006-09-18 20:03 186 ----a-w c:\program files\Snelkoppeling naar Cd-rom-station.lnk
2008-08-19 08:52 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008081920080820\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Device Detection"="c:\program files\Kruidvat - Fotoservice\dd.exe" [2006-06-01 94720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Level One 11g Wireless Configuration Utility.lnk - c:\program files\LevelOne 11g Wireless Adapter\WLANMON.exe [2005-01-29 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Digimax Viewer 2.1.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Digimax Viewer 2.1.lnk
backup=c:\windows\pss\Digimax Viewer 2.1.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 15:24 278528 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-06-12 15:00 67128 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 09:42 202088 c:\program files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\freecall.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Valve\\Condition Zero\\czero.exe"=
"c:\\Valve\\Steam\\steam.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Valve\\Steam\\steamapps\\ferrari2000\\condition zero\\hl.exe"=
"c:\\Valve\\Steam\\steamapps\\ferrari2000\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\Dorina\\Bureaublad\\leander\\games\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-19 28544]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-13 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-05 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-13 76040]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-07-29 184968]
R3 W8100PCI;LevelOne 11g Wireless Driver;c:\windows\system32\DRIVERS\MRV8K51.sys [2005-01-29 297984]
S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys []
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys []
S3 idrmkl;idrmkl;\??\c:\docume~1\Dorina\LOCALS~1\Temp\idrmkl.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2008-07-09 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2008-07-09 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2008-07-09 109704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6862b12a-4dbe-11dd-ba38-000f1f5ce6eb}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b31213f3-6484-11dd-ba50-00032f21ca21}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Inhoud van de 'Gedeelde Taken' map
2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS VERWIJDERD - - - -
URLSearchHooks-{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - c:\program files\LimewirePlus\tbLim1.dll
BHO-{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - c:\program files\LimewirePlus\tbLim1.dll
Toolbar-{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - c:\program files\LimewirePlus\tbLim1.dll
WebBrowser-{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02} - c:\program files\LimewirePlus\tbLim1.dll
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
HKCU-Explorer_Run-{5C2B8890-0A1F-2067-1202-030512200020} - c:\program files\Common Files\{5C2B8890-0A1F-2067-1202-030512200020}\Update.exe
.
------- Bijkomende Scan -------
.
FireFox -: Profile - c:\documents and settings\Dorina\Application Data\Mozilla\Firefox\Profiles\z1dn4wi6.Standaardgebruiker\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.jongenshoevenzavel.be
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 18:38:15
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Voltooingstijd: 2008-11-20 18:49:52 - machine werd herstart
ComboFix-quarantined-files.txt 2008-11-20 17:49:13
Pre-Run: 107.487.326.208 bytes beschikbaar
Post-Run: 113,029,603,328 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
431 --- E O F --- 2008-11-20 17:02:19
ciao,
Dorina
ANSWER: Hello Dorina
Start HJT and click the button that says Scan Only. Place a check mark in the box next to the following items, then close all open browser windows and click the Fix Checked button:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
After fixing, reboot and your computer should be working normally again. If not, please let me know.
Brian
---------- FOLLOW-UP ----------
QUESTION: Hi Brian,
Same problems still there with, AVG-update,hotmail en pandascan(online)
Dorina (new HJT)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:59, on 21/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Kruidvat - Fotoservice\dd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LevelOne 11g Wireless Adapter\WLANMON.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Device Detection] C:\Program Files\Kruidvat - Fotoservice\dd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Level One 11g Wireless Configuration Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chiromeisje.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5054/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dorina/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg
--
End of file - 9420 bytes
Hi Dorina
I think that we will have to start looking somewhere else, as your HJT log appears normal. I would like for you to check your hard drive for errors in the Windows file system. Click Start -> Run then type
sfc /scannow and the click OK.
* Note the space between the c and the /
You may need your Windows XP CD so have it ready.
After running scannow, please click Start -> Run then type
chkdsk and click OK.
Let me know the results of these two scans.
Brian
Related Articles
Computer Security & Viruses
Answers by Expert:
Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributor of General Computing answers in Yahoo! Questions.
Education/Credentials
College Educated
Self-taught Computer Skills
©2012 About.com, a part of The New York Times Company. All rights reserved.