I have installed and ran Malwarebytes' and AVG Pro version. They both seem to scan pretty clean, but I need to know if the computer is fully clean before I begin working on it again. I have posted the HijackThis Log below. Thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:24 PM, on 7/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL
Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRAM FILES\SERVICECEO\MSDE\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Crestron\RoomView\RoomService.exe
C:\Crestron\RoomView\roomsock.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Microsoft Virtual Server\vmh.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\msnkn.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msvjurec.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1}
- C:\Program Files\Microsoft\Internet Explorer Developer
Toolbar\IEDevToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program
Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet
9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [openvpn-gui] C:\Program
Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program
Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [FolderShare] "C:\Program
Files\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lance\Local
Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows
Live\Sync\WindowsLiveSync.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msbhemv.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} -
C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation -
{0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program
Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {0AD401E5-2D78-45B1-B875-07B0F9ED3937} -
C:\Program Files\nStuff\Web Development Helper\WebDevHelper.dll
O9 - Extra button: IE Developer Toolbar -
{48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program
Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} (XPanel Class) -
http://192.168.1.201/XPanel.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {395E58B9-090C-461A-8F27-087D1C727945} (Web Conferencing) -
http://yaserver.crestron.com/joinie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdat.../x86/client/muw
eb_site.cab?1158591089437
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) -
http://dev.enquote.net/Schedule/arview2.cab
O16 - DPF: {BAEE131D-290A-4541-A50A-8936F159563A} (Crystal Print Control
10.2) -
http://resources.businessobjects.com/suppo...soft/vs_2005/Ac
tiveXControls/PrintControl.cab
O16 - DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} -
http://192.168.1.201/XInit.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{03F181E6-989B-49A9-B78E-274EAA80DAFD}:
NameServer = 192.168.1.1
O17 -
HKLM\System\CCS\Services\Tcpip\..\{205C2B0A-1670-4B39-8D8C-69F21F03171D}:
NameServer = 192.168.1.1
O17 -
HKLM\System\CS1\Services\Tcpip\..\{03F181E6-989B-49A9-B78E-274EAA80DAFD}:
NameServer = 192.168.1.1
O17 -
HKLM\System\CS2\Services\Tcpip\..\{03F181E6-989B-49A9-B78E-274EAA80DAFD}:
NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs:
C:\DOCUME~1\Lance\LOCALS~1\Temp\2624487031831mmx.dll,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o.
- C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation -
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: ENCORemotePrintService - Unknown owner -
C:\ENCORemotePrintService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program
Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner -
C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: RoomView License Manager (RoomService) - Unknown owner -
C:\Crestron\RoomView\RoomService.exe
O23 - Service: WaveMaker Server (WaveMakerServer) - Apache Software
Foundation - C:\Program Files\WaveMaker\Tomcat\bin\tomcat5.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program
Files\RealVNC\VNC4\WinVNC4.exe
O24 - Desktop Component 1: (no name) -
http://enco.enquote.net/images/main-bg.gif
--
End of file - 10430 bytes