Printable View
Have you tried a program called "hijack this" ? Download it and post the log. Reinstall your ad aware and run it if you can. Make sure everything is updated as always.
When you run spybot, and spybot finds it but says it can't get rid of it cause it's in use or whatever, doesn't it give you an option to run the next time you restart your computer? If so then do that, that way it will do a scan before it get's a chance to load.
I do use the option of running in start-up. Doesn't do a thing. Will try Hijack This. A new wrinkle today- a virus in WinAd Client- 'Trojan Horse IRC/BackDoor.SdBot.50.' AVG is updated but can't remove this. When I try to run Spybot a Google window is thrown up to prevent it. Typing an adress leads nowhere. WinAd Client in registry has one entry marked 'Changed'. Is it safe to delete this ?
Hi
Try the Online Scan at Housecall..........
http://housecall.antivirus.com/house...tart_frame.asp
and the final option Download HijackThis ......Extract it into a permenant Folder.....Run it and post the log here ..........don't try to fix it yourself if you dont know what to look for in it........wait for someone who knows what to look for in and follow the advise.......
--Good Luck--
Logfile of HijackThis v1.97.7
Scan saved at 1:40:51 PM, on 9/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\Win32FixII.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.neopets.com
R3 - URLSearchHook: (no name) - {D6CA5D91-5EA2-4654-9B75-499267012611} - (no file)
O2 - BHO: (no name) - {38F46C0E-BD47-5BC8-875E-61557FAC7763} - C:\WINDOWS\System32\rncw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O2 - BHO: (no name) - {EA598486-E32E-4CAF-9D9C-79CC7D519718} - C:\WINDOWS\RPQEUMKVD.DLL
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {952EC978-4920-4F18-8237-91D69B54C580} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Updater Resources II] Win32FixII.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Automatic Microsoft Windows Updater] SUCHOST.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WindowsRegKey update] 16winupdate32.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\RunServices: [Microsoft Updater Resources II] Win32FixII.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] 16winupdate32.exe
O4 - HKCU\..\Run: [Microsoft Updater Resources II] Win32FixII.exe
O4 - HKCU\..\Run: [WindowsRegKey update] 16winupdate32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: http://chat.msn.ca
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chat - http://cs8.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...p.html?2&false
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/active...side_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...1a0351cafa03db
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downlo...?1092589562787
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://host.interactual.com/whv/hpotter/iaieplay.dll
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {4C2D6C46-6602-11D4-A5E3-444553540000} (Alice Control) - http://www.skotos.net/MarrachGame/Alice44.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/04b556ea812771d...zip/RdxIE2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.gamesmania.com/ExentCtl.ocx
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/...e/wordcube.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/...e/collapse.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v41/sol/sol.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...174.8229282407
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/ang...Downloader.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/...pit/swapit.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/...an/hangman.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://download.toontown.com/sv1.0.13.16/ttinst.cab
O16 - DPF: {C3EF17D6-2201-11D4-9F0E-00B0D011B1AE} (Communities.com Passport) - http://cartoonorbit.cartoonnetwork.c...winorbiter.cab
O16 - DPF: {C5CA5E7F-58DB-4FFF-9DC2-3E83158DEC9F} (IEActiveXCtl Class) - http://startrekccg.decipher.com/sign...activexctl.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://a320.g.akamai.net/7/320/1456/...layerAxWin.cab
O16 - DPF: {D6CF46FF-02AD-4DD4-A984-B82151785C33} (SwRegMonitor Class) - http://www.picturebuzz.com/common/pr...swtrialreg.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Te...loads/outc.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab28578.cab
I definitly see some problems, but do to my lack of experience with hijack this I feel it is not my position to tell you what you should delete. Deleting the wrong thing can badly mess up your computer. Some things may require you to do a little extra work then just merely clicking delete. However, you should be getting a response by someone who knows what to delete very soon :)
wow.. looks like you have a whole bunch of things in there that are suspicious.
I don't have time to go thru all the entries but here's some that I would google/research further. (search on the exe file or dll file name, like Win32FixII.exe.. that one looks like it's malware)
C:\WINDOWS\System32\Win32FixII.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R3 - URLSearchHook: (no name) - {D6CA5D91-5EA2-4654-9B75-499267012611} - (no file) {take this one out, file already removed by another scanner/cleaner]
O2 - BHO: (no name) - {38F46C0E-BD47-5BC8-875E-61557FAC7763} - C:\WINDOWS\System32\rncw.dll
{look into these entries}
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O2 - BHO: (no name) - {EA598486-E32E-4CAF-9D9C-79CC7D519718} - C:\WINDOWS\RPQEUMKVD.DLL
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) [kill this one}
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
---
O4 - HKLM\..\Run: [Microsoft Updater Resources II] Win32FixII.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Automatic Microsoft Windows Updater] SUCHOST.EXE
O4 - HKLM\..\Run: [WindowsRegKey update] 16winupdate32.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\RunServices: [Microsoft Updater Resources II] Win32FixII.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] 16winupdate32.exe
O4 - HKCU\..\Run: [Microsoft Updater Resources II] Win32FixII.exe
O4 - HKCU\..\Run: [WindowsRegKey update] 16winupdate32.exe
--
after you find and delete the files from running via hijackthis and reboot, you'll want to manually delete the files..
now, you also have a LOT of activex install cabs in there..
malware activex install cabs/dll's will cause you're system to immediately get reinfected once you've connected to the net. if I were you, I'd delete the whole lot, then when you do go to the sites (you trust and) you really need them at, they'll redownload.
here's an example of a bad one..
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
one thing I would do before running your hijackthis, would be to get a trojan scanner, as dialers are commonly known as trojans and not all AV's are good at finding and getting rid of trojans.. look into getting a trojan scanner.
free
A² trojan scanner (http://www.emsisoft.com/en/)
SwatIt (google for it)
Ewido (")
pestpatrol (not free but they have a free online scan. it's a general scanner but picks up dialers well)
here's two online trojan scanners ...
http://www.trojanscan.com/
http://www.windowsecurity.com/trojanscan/
some of the better ones, you'll have to pay for
TDS-3 (considered the best)
tauscan (usually comes in second)
TrojanHunter (ehh, not quite worth paying for, imo)
good luck, looks like you'll need it.
I'd be really careful about deleting these. Since they look like microsofts products, it might be crucial for your computer to have them, I would do extra research on these or keep waiting for someone that is known to know a lot about using hijack this!Quote:
O4 - HKLM\..\Run: [Microsoft Updater Resources II] Win32FixII.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Automatic Microsoft Windows Updater] SUCHOST.EXE
O4 - HKLM\..\Run: [WindowsRegKey update] 16winupdate32.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\RunServices: [Microsoft Updater Resources II] Win32FixII.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] 16winupdate32.exe
O4 - HKCU\..\Run: [Microsoft Updater Resources II] Win32FixII.exe
O4 - HKCU\..\Run: [WindowsRegKey update] 16winupdate32.exe
You're quite right Duck.. one should always be careful and research first. It's the best way to learn as well. Many pieces of malware do (try to) disguise themselves as legit MS processes.
Last night I didn't take the time to even look up all these entries. I did google Win32FixII.exe and found only one result and reading that link, it sure seemed bad to me. Googling just Win32Fix brings up more results and I'd still call it "bad" .. certainly don't need it starting up.
see this thread http://computercops.biz/postt66895.html
msconfg.exe (notice the spelling, missing the "i" from msconfig)
Win32.Rbot.H >> http://www3.ca.com/securityadvisor/v....aspx?id=39662
-----Quote:
W32.Randex.gen (Symantec), Backdoor/SDBot, Backdoor.SdBot.jg (Kaspersky), W32/Sdbot.worm.gen.i (McAfee)
Win32.Rbot is an IRC controlled backdoor (or "bot") that can be used to gain unauthorized access to a victim's machine. It can also exhibit worm-like functionality by exploiting weak passwords on administrative shares and by exploiting many different software vulnerabilities, as well as backdoors created by other malware. This particular variant of this increasingly large family has been distributed as a 69,120-byte, UPX-packed Win32 executable.
When first run, Rbot.H copies itself into the %System% directory as msconfg.exe.
It then adds entries to the following registry keys so that it is automatically run each time Windows starts:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Update = "msconfg.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Update = "msconfg.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Update = "msconfg.exe"
SUCHOST.EXE
http://www.google.com/search?hl=en&l...XE&btnG=Search
Symantec Security Response - Trojan.Treb
http://securityresponse.symantec.com...ojan.treb.html
Sophos virus analysis: W32/Rbot-EQ
http://www.sophos.com/virusinfo/analyses/w32rboteq.html
and/or
Sophos virus analysis: W32/Lovgate-AC
http://www.sophos.com/virusinfo/anal...lovgateac.html
Win32.Myss.CB
http://www3.ca.com/securityadvisor/v....aspx?id=39905
WORM_SDBOT.IK - Description and solution
http://www.trendmicro.com/vinfo/viru...=WORM_SDBOT.IK
the above links for suchost.exe should indicate with 99 percent certainty that
1. it's a baddie.
2. AVG6 got hosed/or compromised.
---
16winupdate32.exe
(check this thread also look at any other google hits)
http://forum.gladiator-antivirus.com...howtopic=17426
and this link
http://home.cyberdefender.com/risk/h...2.exe.log.html
(it's part of sdbot)
I also should point out that v1.97.7 is not the latest version of hijackthis.
All I've done so far is scanned with A Squared 2 and removed these ;
File Name : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\jao.dll
Diagnosis : TrojanSpy.Win32.Briss.k
File Name : C:\WINDOWS\msbbhook.dll
Diagnosis : Spyware.Win32.180Solutions
File Name : C:\WINDOWS\SYSTEM32\exdl.exe
Diagnosis : Spyware.Win32.Exact.a
Well, that's a start but.. I thought that I was giving you a nudge to research things a bit more.
The entries and files that I suggested above (that all point to the sdbot/Myss/Rbot) should be removed. the other stuff I pointed out in my first post should also be done.. research it to be sure but I'm pretty much on track with what I had suggested.
If you really need someone to hold your hand a bit more (I'm no novice at it but my time is quite limited) then head over to www.security-forums.com and post in their hijackthis log section. Also I should point out that there are a number of good forums for posting your hjt log at. here's 3 of the better ones.
TomCoyote's forum http://forums.tomcoyote.org/index.php?showforum=27
spywareinfo's forum http://forums.spywareinfo.com/
net-integration's http://forums.net-integration.net/index.php?
good luck