Hijackthis log.
Im new here. I dont really know exactly what to do. I know i have some viruses. Any help is appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:17 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {16A6AE04-07CB-42DD-9710-7067E6A9C2B7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FCBABDA2-801E-4F51-B6E8-0122032FB16B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [URL]file:///C:/Program%20Files/Risk/Images/stg_drm.ocx[/URL]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [URL]file:///C:/Program%20Files/Risk/Images/armhelper.ocx[/URL]
O20 - Winlogon Notify: iifgHbyA - iifgHbyA.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7076 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:17 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {16A6AE04-07CB-42DD-9710-7067E6A9C2B7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FCBABDA2-801E-4F51-B6E8-0122032FB16B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [URL]file:///C:/Program%20Files/Risk/Images/stg_drm.ocx[/URL]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [URL]file:///C:/Program%20Files/Risk/Images/armhelper.ocx[/URL]
O20 - Winlogon Notify: iifgHbyA - iifgHbyA.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7076 bytes
0
This discussion has been closed.
Comments
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 19, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, July 19, 2008 02:00:27
Records in database: 970804
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 89383
Threat name: 35
Infected objects: 91
Suspicious objects: 0
Duration of the scan: 05:31:04
File name / Threat name / Threats count
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\Justin's\easy way out pink spiders.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\Justin's\future needs sparta.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\Justin's\go either way cord.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\Justin's\super rad aqua bats.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Cassie\Local Settings\Temp\admjrrsu.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\asnyykyp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qgr 1
C:\Documents and Settings\Cassie\Local Settings\Temp\bfbhiqbw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qok 1
C:\Documents and Settings\Cassie\Local Settings\Temp\bildhgjd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpb 1
C:\Documents and Settings\Cassie\Local Settings\Temp\cqtygwyt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pon 1
C:\Documents and Settings\Cassie\Local Settings\Temp\dnphjwke.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx 1
C:\Documents and Settings\Cassie\Local Settings\Temp\ebhfoear.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qre 1
C:\Documents and Settings\Cassie\Local Settings\Temp\ephevfqn.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\frtaqmlr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpx 1
C:\Documents and Settings\Cassie\Local Settings\Temp\gbjevryq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qof 1
C:\Documents and Settings\Cassie\Local Settings\Temp\ihtxgjpw.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\inlymniu.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\iwjpxpym.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri 1
C:\Documents and Settings\Cassie\Local Settings\Temp\kdbyrdjf.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\lsfpmoue.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\nfcioejj.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\nqoaxhjx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw 1
C:\Documents and Settings\Cassie\Local Settings\Temp\pcloppob.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpi 1
C:\Documents and Settings\Cassie\Local Settings\Temp\pjkcbjfr.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\pmrpnwmc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qoy 1
C:\Documents and Settings\Cassie\Local Settings\Temp\srxocvcv.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\taraqxnc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pjx 1
C:\Documents and Settings\Cassie\Local Settings\Temp\txibrwka.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\vhyteoen.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Cassie\Local Settings\Temp\wesitbgf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpw 1
C:\Documents and Settings\Cassie\Local Settings\Temp\yaywxVPF.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pij 1
C:\Documents and Settings\Cassie\Local Settings\Temporary Internet Files\Content.IE5\7ADNHOAJ\glas[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.qok 1
C:\Documents and Settings\Cassie\Shared\easy way out pink spiders.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Cassie\Shared\future needs sparta.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Cassie\Shared\go either way cord.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Cassie\Shared\super rad aqua bats.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Starware316\Setup.exe Infected: not-a-virus:AdWare.Win32.Comet.bb 1
C:\Program Files\Starware316\Setup.exe Infected: not-a-virus:AdWare.Win32.Comet.be 1
C:\RECYCLER\S-1-5-21-1409082233-706699826-1708537768-1007\Dc30.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\RECYCLER\S-1-5-21-1409082233-706699826-1708537768-1007\Dc352.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\RECYCLER\S-1-5-21-1409082233-706699826-1708537768-1007\Dc353.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\RECYCLER\S-1-5-21-1409082233-706699826-1708537768-1007\Dc354.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\WINDOWS\livemessenger.com Infected: Backdoor.Win32.SdBot.eyj 1
C:\WINDOWS\system32\abhafxfx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qoh 1
C:\WINDOWS\system32\arxcxpbr.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\borqxoar.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINDOWS\system32\cbXOHYqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pjw 1
C:\WINDOWS\system32\clsnbgku.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\dasikpow.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINDOWS\system32\djogfkvw.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\dqedgbpm.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\dywxbhou.dll Infected: Trojan.Win32.Monder.dl 1
C:\WINDOWS\system32\ebwseeqr.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ekwbrxdt.dll Infected: Trojan.Win32.Monder.dk 1
C:\WINDOWS\system32\fdjkghhd.dll Infected: Trojan.Win32.Monder.de 1
C:\WINDOWS\system32\fkgsmmql.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\fuxdddby.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\fwoeoybj.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\gtycddtr.dll Infected: Trojan.Win32.Monder.de 1
C:\WINDOWS\system32\hhqqtbip.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.plw 1
C:\WINDOWS\system32\hhsnatwb.dll Infected: Trojan.Win32.Monder.eo 1
C:\WINDOWS\system32\hsviqnps.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ijeykilc.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ilvogmjr.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\iqllldat.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pon 1
C:\WINDOWS\system32\iucxyyby.dll Infected: Trojan.Win32.Monder.fc 1
C:\WINDOWS\system32\jknswsfx.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\jyugyohk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qot 1
C:\WINDOWS\system32\kbvuyquh.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\kxdrggvj.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ltyaofms.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\muranbkp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qof 1
C:\WINDOWS\system32\nyjxgxrw.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\oevfgceb.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\opwsduwb.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINDOWS\system32\qkrvajpq.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\qvavqccv.dll Infected: Trojan.Win32.Monder.du 1
C:\WINDOWS\system32\rnfafjnm.dll Infected: Trojan.Win32.Monder.do 1
C:\WINDOWS\system32\sersnkac.dll Infected: Trojan.Win32.Monder.df 1
C:\WINDOWS\system32\sjrokhkv.dll Infected: Trojan.Win32.Monder.fc 1
C:\WINDOWS\system32\sydvvqfc.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\tniktxre.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ttiuxrxt.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\twjobira.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\uiwkrqbq.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINDOWS\system32\uvknckyp.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINDOWS\system32\vcsaledk.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\vtUlJcBr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr 1
C:\WINDOWS\system32\vwgfpfnn.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\waxvybvg.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINDOWS\system32\wkykjici.dll Infected: Trojan.Win32.Monder.dm 1
C:\WINDOWS\system32\wvrqboiu.dll Infected: Trojan.Win32.KillAV.rf 1
The selected area was scanned.
Your computer is infected by an IRCBot, which has Backdoor Functionality. This can give intruders complete control of your computer, logging key strokes, stealing information, etc.
You are strongly advised to do the following immediately!:
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.
To help you make a more informed decision, please read the following articles:
Should you have any questions, please feel free to ask
Please let me know your decision and we'll get started with clean up if that's what you choose.
Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead