hello my son opened a corrupt file trough the p2p known as limewire. cause of this my AVG virusscan constantly reports errors of corrupted files. I hope someone could guide me whit URL's and explain it step by step how to get rid of this annoying trojan horse. thanks up front regards this is my hijackthis logfile ogfile of HijackThis v1.99.1 Scan saved at 19:22:43, on 31/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\henri\Bureaublad\Henri\Nieuwe map\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\henri\LOCALS~1\Temp\mcqiéé£'£'%''msn'è%'fix''.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe O4 - Startup: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?e463c4454b724647893f0c3851c84050 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?e463c4454b724647893f0c3851c84050 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177017875906 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
doomlord, First of all, you are using an older version of HijackThis that doesn’t show a thing. Please do the following to download and install the latest version of HijackThis v2.0.2: CLICK HERE to download the HijackThis Installer: 1. Save HJTInstall.exe to your desktop. 2. Double-click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. You may uninstall/delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2. Next: Download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. • If an update is found, it will download and install the latest version. • Once the program has loaded, select Perform full scan, then click Scan. • When the scan is complete, click OK, then Show Results to view the results. • Make sure that everything is checked, and click Remove Selected. <-- Don't forget this. • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt • Please post the MBAM Log and a fresh HJT log in your next reply. 2oG
hey 2oG thx for the fast respons atm i'm away for work so im using my laptop to write this reply tomorrow ill see in to it to send you a reply whit the log files thx so far i realy appriciate the help you give on this site keep up the good works and cya tomorrow greets
the trojans name is trojanhorse2.IEF here's the hijackthis file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:44:39, on 3/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\henri\LOCALS~1\Temp\mcqiéé£'£'%''msn'è%'fix''.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe O4 - Startup: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?e463c4454b724647893f0c3851c84050 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?e463c4454b724647893f0c3851c84050 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177017875906 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 15229 bytes and here is the MBAM log file Malwarebytes' Anti-Malware 1.37 Database versie: 2222 Windows 5.1.2600 Service Pack 2 3/06/2009 19:40:54 mbam-log-2009-06-03 (19-40-54).txt Scan type: Volledige Scan (A:\|C:\|D:\|) Objecten gescand: 199239 Verstreken tijd: 49 minute(s), 37 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 107 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\experttool (Adware.ExpertTools) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Program Files\ExpertTool (Adware.ExpertTools) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\documents and settings\henri\local settings\Temp\tem2F7.tmp.exe (Adware.ExpertTools) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP382\A0113180.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP382\A0114173.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114228.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114231.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114233.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114234.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114235.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114236.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114237.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114238.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114239.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114240.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114241.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114242.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114243.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114244.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114245.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114246.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114247.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114248.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114249.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114251.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114252.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114253.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114254.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114255.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114256.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114257.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114258.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114259.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114260.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114261.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114262.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114263.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114264.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114265.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114266.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114267.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114269.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114270.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114271.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114272.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114273.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114274.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114275.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114276.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114277.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114278.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114279.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114280.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114281.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114282.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114283.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114284.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114285.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114232.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114250.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114268.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114286.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114287.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114288.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114289.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114290.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114291.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114292.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114293.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114294.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114295.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114296.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114297.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114298.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114299.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114300.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114301.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114302.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114303.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114304.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114305.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114306.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114307.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114308.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114309.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114310.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\system volume information\_restore{627e134d-5091-49ef-8da3-ed8eeb9812b8}\RP383\A0114315.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dbnmpntw32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\ddeml32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\ddrawex32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\deskperf32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dmime32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dmintf32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dmintf3232.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dmintf323232.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dmloader32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dmloader3232.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dmloader323232.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dmloader32323232.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dmloader3232323232.dll (Worm.P2P) -> Delete on reboot. c:\WINDOWS\system32\dskquoui32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dsound3d32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dsprpres32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dssenh32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dswave32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dvdripcore32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\WINDOWS\system32\dx8vb32.dll (Worm.P2P) -> Quarantined and deleted successfully. c:\program files\experttool\pcre3.dll (Adware.ExpertTools) -> Quarantined and deleted successfully. c:\program files\experttool\uninstall.exe (Adware.ExpertTools) -> Quarantined and deleted successfully.
Am heading out for work and didn't have much time but the HJT Log is clean.. Are you having any problems? Java needs updating it's old and out of date... how's it performing? let me know. 2oG
hey 2oG thx for that malwarebytes program that realy did the trick i think. so far no trojan horse detection warnings anymore from AVG thx alot for all the help realy appriciated my son can buy his own computer to mess up now ^^
doomlord, Java Runtime can be activated by websites, so if there is security vulnerability in any Java version on your machine, it can be exploited by a malicious site to infect your machine. Each new version of Java fixes security vulnerabilities, so it's extremely important to keep up to date, and it's auto-update mechanism isn't considered very reliable. So yes, it's important to regularly check for updates and if you don't use it, then its best removed from your machine. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA Then run this tool to help cleanup any left over Java Remove Old Java using JavaRa Download JavaRa and unzip it to your desktop. ***Please close any instances of Internet Explorer before continuing!*** • Double-click on JavaRa.exe to start the program • From the drop-down menu, choose English and click on Select • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK • A logfile will pop up. Save it to a convenient location • Click on Additional Tasks then tick Remove Useless JRE Files • Click Go then OK when prompted & close the program. Update Java Runtime • Go to http://java.sun.com/javase/downloads/index.jsp • Scroll down to Java Runtime Environment (JRE) 6 Update 14 and click on the Download button • In the Platform box choose Windows • Check the box to Accept License Agreement and click Continue • Click on Windows Offline Installation, click on the link under it which says "jre-6u14-windows-i586.exe" and save the downloaded file to your desktop • Install the new version by running the downloaded file with the Java icon & follow the on-screen instructions • Reboot your computer That should put you in good shape... 2oG
