It all started after a port scanner, scanned my PC, then... *I am infected with Adware.eSeller, it has two .dll files on my computer, C:\Windows\System32\eseller.dll and C:\Windows\System32\esellercore.dll *Norton AntiVirus 2009 detected "Perfect Keylogger (Spyware.Perfect)" and Spyware.Ardakey which were automatically removed. * I found files that have been downloaded by some bot! tiny.exe (backdoor), which I have uploaded to UploadNET. keylogger.exe (keylogger), which I have uploaded to UploadNET backdoor.exe (backdoor), which I have uploaded to UploadNET And tools used to hide them: Encrypters Process Killers I'm sure it has more than two files on my computer, so I used Hijackthis -- see the attachments. Please help me! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:54:13 PM, on 12/30/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Users\Rhett\Desktop\Malware\Keyloggers\keylogger\bin\svchost.exe C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll O4 - HKLM\..\Run: [majmonitor] C:\Program Files\MajMonitoring1\majmonitoring.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WengoPhoneNG] C:\Program Files\WengoPhone\qtwengophone.exe -b O4 - HKCU\..\Run: [majmonitor] C:\Program Files\MajMonitoring1\majmonitoring.exe O4 - HKUS\S-1-5-21-746021148-1913252787-1857551035-1000\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O4 - HKUS\S-1-5-21-746021148-1913252787-1857551035-1000\..\Run: [WengoPhoneNG] C:\Program Files\WengoPhone\qtwengophone.exe -b (User '?') O4 - HKUS\S-1-5-21-746021148-1913252787-1857551035-1000\..\Run: [majmonitor] C:\Program Files\MajMonitoring1\majmonitoring.exe (User '?') O4 - S-1-5-21-746021148-1913252787-1857551035-1000 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User '?') O4 - S-1-5-21-746021148-1913252787-1857551035-1000 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Download &All by FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm O8 - Extra context menu item: Download with &FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{68EB49BA-A4E3-46CF-99E0-CECFF98CB6B7}: NameServer = 205.188.146.145 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 4359 bytes Rhett Trappman trappmanrhett@yahoo.com