I need your help! My computer is infected with these viruses (Virtumonde, Smitfraud) those are just the ones I know about and I have no idea what to do. I've tried to download McAfee security center but my computer won't allow it. Your help will be greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:31 AM, on 7/23/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\System32\AVIRAS~1.DLL
O2 - BHO: (no name) - {2BF98F47-2AFF-43D3-8D9E-EC84BCDC3F5B} - (no file)
O2 - BHO: (no name) - {2F8BF994-F0EA-4A73-B6BA-EF93DBE16B63} - C:\WINDOWS\System32\nnnkIbbY.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A3AFBB4-3119-49FE-9DA8-407FE5F7211C} - C:\WINDOWS\System32\wvUnNecY.dll (file missing)
O2 - BHO: (no name) - {680DBEE8-B862-4B3B-9A3B-3F6DD618BA25} - C:\WINDOWS\System32\mlJBSlLc.dll (file missing)
O2 - BHO: {598346fe-7fe5-e33b-0974-23b0c83932a6} - {6a23938c-0b32-4790-b33e-5ef7ef643895} - C:\WINDOWS\System32\adnpuc.dll
O2 - BHO: scriptproxy - {6D0386B3-FD72-488E-9740-90355AE21735} - C:\WINDOWS\System32\diga32.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\iifcDWol.dll
O2 - BHO: (no name) - {74C466E9-2FC5-43D7-8560-FE4362A2A30E} - C:\WINDOWS\System32\rqRIyWqP.dll (file missing)
O2 - BHO: (no name) - {9E2C792A-1249-49BC-B1E3-27E1C7061905} - C:\WINDOWS\System32\iiffGWMe.dll (file missing)
O2 - BHO: (no name) - {A7DAFB2E-E95B-4F23-B681-90C8040E5A96} - C:\WINDOWS\System32\qoMdBSmN.dll (file missing)
O2 - BHO: (no name) - {E135EFEB-9E21-4EF4-8E24-2EDD98F6C87F} - C:\WINDOWS\System32\opnnnmkk.dll (file missing)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdolk.exe] C:\WINDOWS\system32\kdolk.exe
O4 - HKLM\..\Run: [C:\WINDOWS\System32\kddgq.exe] C:\WINDOWS\System32\kddgq.exe
O4 - HKLM\..\Run: [6c129041] rundll32.exe "C:\WINDOWS\System32\xrhdovjk.dll",b
O4 - HKLM\..\Run: [BM6f21a3dd] Rundll32.exe "C:\WINDOWS\System32\kyjheqcs.dll",s
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Admin.ANGIES\cftmon.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA2607] command /c del "C:\WINDOWS\system32\mlJBSlLc.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2887] cmd /c del "C:\WINDOWS\system32\iifcDWol.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA542] command /c del "C:\WINDOWS\system32\iifcDWol.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5051] command /c del "C:\WINDOWS\system32\kyjheqcs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7712] cmd /c del "C:\WINDOWS\system32\kyjheqcs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Admin.ANGIES\cftmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB9380] command /c del "C:\WINDOWS\system32\mlJBSlLc.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4642] cmd /c del "C:\WINDOWS\system32\mlJBSlLc.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6749] command /c del "C:\WINDOWS\system32\iifcDWol.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3800] cmd /c del "C:\WINDOWS\system32\iifcDWol.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1935] command /c del "C:\WINDOWS\system32\kyjheqcs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3328] cmd /c del "C:\WINDOWS\system32\kyjheqcs.dll_old"
O4 - HKUS\S-1-5-21-790525478-920026266-1708537768-1003\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'angela storey')
O4 - HKUS\S-1-5-21-790525478-920026266-1708537768-1003\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'angela storey')
O4 - HKUS\S-1-5-21-790525478-920026266-1708537768-1003\..\Run: [autoload] C:\Documents and Settings\angela storey\cftmon.exe (User 'angela storey')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-21-790525478-920026266-1708537768-1003 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'angela storey')
O4 - S-1-5-21-790525478-920026266-1708537768-1003 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'angela storey')
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\COMMON\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D25CCBC-ECB6-4AD7-ACEB-15FACE35C238}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{3ECE3F59-2495-49E1-9F9C-DD73ACCF6C6E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D25CCBC-ECB6-4AD7-ACEB-15FACE35C238}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D25CCBC-ECB6-4AD7-ACEB-15FACE35C238}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O20 - Winlogon Notify: iifcDWol - C:\WINDOWS\SYSTEM32\iifcDWol.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\System32\lxdccoms.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
--
End of file - 9537 bytes
Thank you...for your reply. What do I do next?
----------------------------------
Edit.Don't bump, read stickies?Thank you...for your reply. What do I do next?
New topic closed yesterday: http://forums.spybot.info/showthread.php?t=31575
Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days