Vertec HiJack Log Pasted here

[Shaba]

OK, that seems to be fine.

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.

 

[Vertec]

Hi! Here are the Kaspersky and Hijack logs

The Kaspersky was first. it is here:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, September 11, 2008 02:02:03
Records in database: 1210267
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 142303
Threat name: 50
Infected objects: 152
Suspicious objects: 1
Duration of the scan: 06:15:01


File name / Threat name / Threats count
C:\Documents and Settings\steveo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-7adef862.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\steveo\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10.tmp Infected: Trojan.Win32.Monder.bbw 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11.tmp Infected: Trojan.Win32.Monder.awj 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12.tmp Infected: Trojan.Win32.Monder.bbw 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13.tmp Infected: Trojan.Win32.Monder.bez 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14.tmp Infected: Trojan-Downloader.Win32.Homles.bz 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\144.tmp Infected: Backdoor.Win32.IRCBot.dd 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\145.tmp Infected: Trojan-Dropper.Win32.VB.lu 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15.tmp Infected: Trojan.Win32.Monder.bez 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17.tmp Infected: Trojan.Win32.Monder.bcb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18.tmp Infected: Trojan.Win32.Monder.bcb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp Infected: Trojan.Win32.Monder.bcb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C.tmp Infected: Trojan.Win32.Monder.bde 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E.tmp Infected: Trojan.Win32.Monder.bde 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1F.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2.tmp Infected: Trojan.Win32.Monder.bde 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\23.tmp Infected: Trojan.Win32.Monder.eyb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24.tmp Infected: Trojan.Win32.Monder.eyb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cpk 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4.tmp Infected: Trojan.Win32.Monder.awj 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\44.tmp Infected: Trojan-Downloader.Win32.FraudLoad.varq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\50.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\55.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.kp 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\57.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\58.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\59.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.kp 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.xts 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dck 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qqj 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.xts 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.kp 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\63.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\64.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\65.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\66.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\67.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.kp 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\68.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\69.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6D.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6F.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.clx 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7.tmp Infected: Trojan.Win32.Monder.ctz 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\70.tmp Infected: Trojan.Win32.Agent.ytr 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\71.tmp Infected: Trojan.Win32.Monder.fcy 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\72.tmp Infected: Trojan.Win32.Monder.kbl 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\73.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.ckm 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\74.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\75.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.ckm 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\76.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dgt 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\77.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.clx 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\78.tmp Infected: Trojan.Win32.Monder.lmu 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\79.tmp Infected: Trojan.Win32.Monder.esu 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7A.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dfo 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7B.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dfo 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7C.tmp Infected: Trojan.Win32.Monder.lli 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7D.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dgt 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7E.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dck 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7F.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cpk 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8.tmp Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.an 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\80.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\81.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\82.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\83.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\84.tmp Infected: Trojan.Win32.Monder.eyb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\85.tmp Infected: Trojan.Win32.Monder.eyb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\86.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cpk 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\87.tmp Infected: Trojan.Win32.Monder.gpg 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\88.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\89.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dck 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8A.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.clx 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8B.tmp Infected: Trojan.Win32.Agent.ytr 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8C.tmp Infected: Trojan.Win32.Monder.kbl 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8D.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.ckm 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8E.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8F.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.ckm 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\90.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dgt 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\91.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.clx 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\92.tmp Infected: Trojan.Win32.Monder.lmu 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\93.tmp Infected: Trojan.Win32.Monder.esu 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\94.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dfo 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\95.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dfo 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\96.tmp Infected: Trojan.Win32.Monder.lli 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\97.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dgt 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\98.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dck 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\99.tmp Infected: Trojan.Win32.Monder.fcy 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A.tmp Infected: Trojan.Win32.Monder.bcb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B.tmp Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B.tmp Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.an 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C.tmp Infected: Trojan-Downloader.Win32.Homles.bz 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D.tmp Infected: Trojan-Downloader.Win32.Homles.bz 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F.tmp Infected: Trojan-Downloader.Win32.Homles.bz 1
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\setup.dll.vir Infected: not-a-virusownloader.Win32.VistaAntivirus.a 1
C:\QooBox\Quarantine\C\WINDOWS\system32\baouqrsr.dll.vir Infected: Trojan.Win32.Monder.fyf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ckbxjdpa.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cyclpj.dll.vir Infected: Trojan.Win32.Monder.gdk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcDvwUO.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\efcCsrpM.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hcskru.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ilacbwov.dll.vir Infected: Trojan.Win32.Monder.ggc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lsfnaxpg.dll.vir Infected: Trojan.Win32.Monder.ggc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mqxgspbw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nhesnuiq.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pnbfmvjm.dll.vir Infected: Trojan.Win32.Monder.fyf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pzirfw.dll.vir Infected: Trojan.Win32.Monder.gdk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rbhczy.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rehmjbob.dll.vir Infected: Trojan.Win32.Monder.gdl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\siscppng.dll.vir Infected: Trojan.Win32.Monder.gdk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ucvdsuhv.dll.vir Infected: Trojan.Win32.Monder.gdk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vtnirb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wghycqxo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP471\A0102592.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.adrb 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP471\A0103625.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.adsl 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP475\A0108683.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP482\A0110070.cpl Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP482\A0110071.cpl Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP483\A0110141.dll Infected: Trojan.Win32.Monder.fog 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP484\A0110989.dll Infected: Trojan.Win32.Monder.gdl 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP485\A0111035.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP485\A0111036.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cuw 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP487\A0111127.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP489\A0111192.dll Infected: Trojan.Win32.Monder.jbk 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP489\A0111238.dll Infected: Trojan.Win32.Monder.leh 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112297.dll Infected: Trojan.Win32.Monder.fyf 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112300.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112301.dll Infected: Trojan.Win32.Monder.gdk 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112302.dll Infected: Trojan.Win32.Monderc.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112304.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112307.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112308.dll Infected: Trojan.Win32.Monder.ggc 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112311.dll Infected: Trojan.Win32.Monder.ggc 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112312.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112315.dll Infected: Trojan.Win32.Monder.fyf 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112316.dll Infected: Trojan.Win32.Monder.gdk 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112317.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112318.dll Infected: Trojan.Win32.Monder.gdl 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112320.dll Infected: Trojan.Win32.Monder.gdk 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112322.dll Infected: Trojan.Win32.Monder.gdk 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112324.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112325.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112330.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP503\A0113105.exe Infected: Trojan.Win32.Monderc.gen 1
G:\Backup\Extra Stuff\outllok\backup.pst Infected: Trojan-Spy.HTML.Bankfraud.w 1

The selected area was scanned.
*********************************************************






And now here is the hijack log directly after. (not even a reboot):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:12 AM, on 9/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\steveo\Local Settings\temp\jkos-steveo\binaries\ScanningProcess.exe
C:\Documents and Settings\steveo\Local Settings\temp\jkos-steveo\binaries\ScanningProcess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\vertec.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = walledgarden.mchsd.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.mchsd.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127603326428
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SSH Sentinel (SSHIPM) - SSH Communications Security - C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
O23 - Service: SSH Sentinel Monitor (SSHMONITOR) - Unknown owner - C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10718 bytes

Thanks, again, very much.

Vertec

 

[Shaba]

Empty these folders:

C:\Documents and Settings\steveo\Application Data\Sun\Java\Deployment\cache
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine
C:\QooBox\Quarantine

Empty Recycle Bin.

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?

 

[Vertec]

This next step is done.

Thank you very much!
I have not been running spybot or trend other than you specified, so I have not been looking for viruses, but the only one that makes itself obvious, is when I go to shut down, I have seen windows force a shut down of a program called 'Search_Glow' that I would assume is not proper.
I will run trend and spybot with a full scan and see, if that is ok with you.

Secondarily, I see you have my machine accepting updates from windows. Should I go get, and will it let me get, SP3?

I would like to be fully updating, if possible.

Thanks for the help, I am now fully afraid of Peer to Peer stuff. Although it was nice to have free music, particularly.

steve

 

[Shaba]

Yes, that is fine. Post back after that, please.

I recommend to take a restore point before installing SP3.

 

[Vertec]

I also have the http://ad.yield manager

popping up, and media.fastclick stuff whizzing by.

I will run my spybot and trend as you are now requesting and see, but I think they are clean, but I still believe have something, albeit WAYY better and mostly clean...just not completely...

Thanks!

 

[Shaba]

This might help for that issue:

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

 

[Vertec]

still studying that Hosts file.

Not sure what to really do, but in the meantime, I definately have an issue with the 'Search_Glow' pgm that is noticed upon trying to shut down my system. When I attempt to shut down, it ultimately pops up that windows is trying to 'End Program'. It may be affecting my machines ability to get updates. Any ideas?

Thanks!

 

[Shaba]

This should help.

 

[Shaba]

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.