Looks like I’m infected by a Win32:trojan. I’m definitely no techie, so any help you give me would be appreciated here is the HIJACK log. Thanks in advance.
Logfile of HijackThis v1.99.1
Scan saved at 7:45:41 PM, on 2/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\atlfm32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\JUSearch\juspc.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\netfw.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\BibleWorks 6\bw600.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\HIJACK\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cllnn.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cllnn.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cllnn.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cllnn.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cllnn.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cllnn.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {572CC3BC-F47C-72F9-991D-07F17112FD33} - C:\WINDOWS\system32\wineo32.dll (file missing)
O2 - BHO: Class - {ABA388C5-AC45-44CB-9816-6536A674986F} - C:\WINDOWS\system32\sdkum32.dll (file missing)
O2 - BHO: Class - {BFF9AA12-B35F-5FD0-E04C-538197D788AE} - C:\WINDOWS\ntpu.dll
O2 - BHO: Class - {C902789B-AF19-4056-CC6A-4E38EC39868F} - C:\WINDOWS\system32\wintx.dll (file missing)
O2 - BHO: Class - {CC3C2CF2-A3EE-2261-69DA-A3A388D404C9} - C:\WINDOWS\system32\iein.dll
O2 - BHO: Class - {D53C9B47-4C61-5E63-5486-F572BE0C0090} - C:\WINDOWS\appuy.dll (file missing)
O2 - BHO: Class - {E057CF21-D46C-343B-7955-D8C449B5966D} - C:\WINDOWS\javaag32.dll (file missing)
O2 - BHO: Class - {E4D353C5-F038-4827-9CDA-ABDCF49E5AB5} - C:\WINDOWS\apppi32.dll
O2 - BHO: Class - {E5AEC6A2-E0DA-BCCF-46E8-C8D57F1BAB09} - C:\WINDOWS\apiyj32.dll (file missing)
O2 - BHO: Class - {EC15E88B-8211-11D5-283C-E2E36C934580} - C:\WINDOWS\system32\apifp32.dll
O2 - BHO: Class - {F007D83D-E7B6-F6E1-AE66-146D284B5A3C} - C:\WINDOWS\syssg.dll (file missing)
O2 - BHO: Class - {FA168010-C6D6-4D24-E877-91477B61A199} - C:\WINDOWS\winaf32.dll (file missing)
O2 - BHO: Class - {FA24E3A3-830C-7CE5-9AA3-9E1D994407F0} - C:\WINDOWS\system32\sysxn32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM..\Run: [atlfm32.exe] C:\WINDOWS\atlfm32.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU..\Run: [DellSupport] “C:\Program Files\Dell Support\DSAgnt.exe” /startup
O4 - HKCU..\Run: [spc_w] “C:\Program Files\JUSearch\juspc.exe” -w
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098494961168
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: ugosWXQIloK - {C871EA18-62DB-40B2-5356-37B0ADCEF7DE} - C:\WINDOWS\System32\hrphgf.dll (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netfw.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe