Thread: HJT Log, Trojan found, web pages not connecting or slow and computer freezing!
View Single Post
Old 04-12-2006, 10:44 PM   #3 (permalink)
disco20
Registered User
 
Join Date: Apr 2006
Posts: 35
OS: XP


Reid, thanks for helping! I've taking your advice and done the following:

Ran a normal startup with msconfig, then I installed Ewido. Here is the log right after I did that:

Logfile of HijackThis v1.99.1
Scan saved at 5:55:12 PM, on 4/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\WINDOWS\system32\netbtd.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Msnweb.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Documents and Settings\Scott Strickler\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\fm.exe
C:\WINDOWS\System32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/mor...on/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phishhook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.citcom.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\RunServices: [Microsoft schedule] msngrs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.citcom.net
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1144592695466
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144593165966
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFC1A313-FDED-4C18-8214-67618808CFA9}: NameServer = 204.116.57.2 206.74.254.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NeatReceipts Auto Backup - Digital Business Processes - C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows web messenger - Unknown owner - C:\WINDOWS\Msnweb.exe




Then I ran the CleanUp utility. I restarted and ran Prevx1 (it would not install before this). It did not prduce a log, but several virus's were deleted when it was ran. The names of what was removed is below:

cnkdsk.exe
fm.exe
kl1.exe
MSNGRS.EXE
MSNWEB.EXE
NETBTD.EXE
SETUP_24684.EXE
tool32.exe
TOOL4.EXE
WINSYSTEMS.EXE




Then I ran the CleanUp! Utility again. Once again I restarted this time (for the first time) in safe mode. After restarting I ran Ewido. Here is that log:


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:00:27 AM, 4/13/2006
+ Report-Checksum: AF26403D

+ Scan result:

C:\Documents and Settings\Heather Strickler\Application Data\Earthlink\6.0\heatherstrickler@earthlink.net\Cookies\heather strickler@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Heather Strickler\Application Data\Earthlink\6.0\heatherstrickler@earthlink.net\Cookies\heather strickler@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Heather Strickler\Application Data\Earthlink\6.0\heatherstrickler@earthlink.net\Cookies\heather strickler@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Heather Strickler\Application Data\Earthlink\6.0\scottstrickler@earthlink.net\Cookies\scott strickler@com[2].txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Heather Strickler\Application Data\Mozilla\Firefox\Profiles\default.511\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Scott Strickler\Application Data\Thunderbird\Profiles\default.xub\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Scott Strickler\Application Data\Thunderbird\Profiles\default.xub\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Scott Strickler\Application Data\Thunderbird\Profiles\default.xub\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll -> Trojan.Sinowal.d : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe -> Trojan.Sinowal.d : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP30\A0022812.exe -> Backdoor.Rbot.avc : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP30\A0022813.exe -> Backdoor.SdBot.apx : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP30\A0023796.exe -> Trojan.Sinowal.d : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP30\A0023813.exe -> Backdoor.Rbot.arw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP30\A0023814.exe -> Backdoor.Rbot.avc : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP30\A0023816.exe -> Backdoor.Agobot.agw : Cleaned with backup
C:\tool5.exe -> Hijacker.Small.kr : Cleaned with backup
C:\WINDOWS\SYSTEM32\setup_20648.exe -> Backdoor.Rbot.avc : Cleaned with backup
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup


::Report End


Then I rebooted (I did forget to reboot in Safe Mode, sorry I hope this does not hinder this process) and once again rain HiJack This. Here is the final log.

Logfile of HijackThis v1.99.1
Scan saved at 12:14:59 AM, on 4/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\Documents and Settings\Scott Strickler\Desktop\HijackThis.exe
C:\WINDOWS\SYSTEM32\SOL.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/mor...on/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phishhook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.citcom.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft schedule] msngrs.exe
O4 - HKLM\..\RunServices: [cnkdsk] C:\WINDOWS\System32\cnkdsk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.citcom.net
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1144592695466
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144593165966
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NeatReceipts Auto Backup - Digital Business Processes - C:\Program Files\NeatReceipts Professional\exec\NeatReceiptsAutoBackup.exe
O23 - Service: NetBTD(ntbtd) (NetBTD) - Unknown owner - C:\WINDOWS\system32\netbtd.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows web messenger - Unknown owner - C:\WINDOWS\Msnweb.exe (file missing)





Once Again thanks for the incredible amount of help for solving my virus problems and allowing my system to run better! If in any way you see programs that I need to remove with HiJackThis that you feel will help my sytem run smotther I am all ears (or eyes),

Scott
disco20 is offline