Here's my HJT log. Also, right after this post, folloiwing a thread similiar to mine, I ran Stinger and it's a good thing. I'll post that log also. One more, if you want to take a look, there's a thread of me and Micah 6:8 and what we've already done as well.
http://forums.tomcoy...showtopic=22330
HJT log
Logfile of HijackThis v1.98.2
Scan saved at 9:58:23 PM, on 11/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://home.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://accelerator.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bellsouth® Internet Service
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.bellsouth.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1100745970045
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cab
Stinger log
McAfee AVERT Stinger Version 2.4.5.1 built on Nov 19 2004
Copyright © 2004 Networks Associates Technology, Inc. All Rights Reserved.
Virus data file v1000 created on Nov 19 2004.
Ready to scan for 45 viruses, trojans and variants.
Scan initiated on Fri Nov 26 21:29:57 2004
C:\WINDOWS\SYSTEM32\bling.exe\bling.exe
Found the W32/Sdbot.worm.gen.g virus !!!
C:\WINDOWS\SYSTEM32\bling.exe\bling.exe has been deleted.
C:\WINDOWS\SYSTEM32\cmd.ftp
Found the W32/Sasser.worm!ftp virus !!!
C:\WINDOWS\SYSTEM32\cmd.ftp has been deleted.
C:\WINDOWS\SYSTEM32\o
Found the W32/Sdbot.worm!ftp virus !!!
C:\WINDOWS\SYSTEM32\o has been deleted.
C:\WINDOWS\SYSTEM32\o.0.o
Found the W32/Sdbot.worm!ftp virus !!!
C:\WINDOWS\SYSTEM32\o.0.o has been deleted.
C:\WINDOWS\SYSTEM32\Soundsyst.exe\Soundsyst.exe
Found the W32/Sdbot.worm.gen.g virus !!!
C:\WINDOWS\SYSTEM32\Soundsyst.exe\Soundsyst.exe has been deleted.
C:\WINDOWS\SYSTEM32\TFTP3204
Found the W32/Sdbot.worm.gen virus !!!
C:\WINDOWS\SYSTEM32\TFTP3204 has been deleted.
C:\WINDOWS\SYSTEM32\TFTP3768\TFTP3768
Found the W32/Sdbot.worm.gen.g virus !!!
C:\WINDOWS\SYSTEM32\TFTP3768\TFTP3768 has been deleted.
C:\WINDOWS\SYSTEM32\videosd32.exe
Found the W32/Sdbot.worm.gen.p virus !!!
C:\WINDOWS\SYSTEM32\videosd32.exe has been deleted.
Number of clean files: 109125
Number of infected files: 8
Number of files deleted: 8
Thanks!
Jim