Jump to content

drdre

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey, Thanks Mieke. I appreciate the time and effort! Have a great day. Andre
  2. Hi, The mbam showed nothing. I'll try to do a full scan later when I'm not working. Here is the hijack this log. Let me know if you think I need to do anything else. The computer seems to be working well. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:05:28 PM, on 5/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\xampp\apache\bin\apache.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\edison\edsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\subversion\bin\TSVNCache.exe D:\healthmonitor\Interface.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe D:\edison\Edison.exe C:\Program Files\Java\jre6\bin\jusched.exe D:\xampp\apache\bin\apache.exe D:\itunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe D:\Steam\Steam.exe D:\Rainlendar2\Rainlendar2.exe D:\rocketdoc\RocketDock.exe D:\launchy\Launchy\Launchy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Malwarebytes' Anti-Malware\mbam.exe D:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - D:\spybot\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HealthMonitor] D:\healthmonitor\Interface.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Edison] "D:\edison\Edison.exe" /autolaunched O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ClamWin] "D:\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [RocketDock] "D:\rocketdoc\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Idlebackup.lnk = D:\idlebackup\Idlebackup\IdleBackup.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = D:\launchy\Launchy\Launchy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDEAA4F-B73B-45B7-89A5-50471753ED19}: NameServer = 208.68.222.222,208.67.220.220 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Edison Power Management Service (edsvc) - Verdiem - D:\edison\edsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 7359 bytes
  3. Specifically, on firefox, I'll use google and when I click on a results link, it takes me to some other site instead of the one noted in the results. Ok here we go. GooredFix v1.92 by jpshortstuff Log created at 21:32 on 05/05/2009 running Option #2 (Andre Turrettini) Firefox version 3.0 (en-US) =====Goored Deletions===== C:\Program Files\Mozilla Firefox\extensions\{61903A88-C613-4548-BA93-4FF6C00BAEF4} ->Backing up folder... Done. ->Emptying folder... Done. ->Deleting folder... Done. C:\Program Files\Mozilla Firefox\extensions\{4894996F-BC1E-457F-8381-4F315769C6CB} ->Backing up folder... Done. ->Emptying folder... Done. ->Deleting folder... Done. =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0\extensions] "Plugins"="D:\firefox3\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0\extensions] "Components"="D:\firefox3\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\firefox\extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" I reran it because I was'nt sure if I goofed and left a ff window open. Here is the results of the second run. GooredFix v1.92 by jpshortstuff Log created at 21:33 on 05/05/2009 running Option #2 (Andre Turrettini) Firefox version 3.0 (en-US) (Subsequent Run) =====Goored Deletions===== =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0\extensions] "Plugins"="D:\firefox3\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0\extensions] "Components"="D:\firefox3\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\firefox\extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
  4. So, it does seem to stay fixed after a reboot according to avira. However my google search results were still tweeked. I found this post http://help.lockergnome.com/security/Googl...opict10008.html which gave two non related solutions. The first which is clearing cookies seems to have fixed it at least for 10 tests or so(havent rebooted yet either). I did not have the file described in the last post of that thread. Any further action you recommend I take? Thanks! Andre
  5. The hijack this log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:17:59 PM, on 5/2/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\xampp\apache\bin\apache.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\edison\edsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\subversion\bin\TSVNCache.exe D:\xampp\apache\bin\apache.exe D:\healthmonitor\Interface.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe D:\edison\Edison.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe D:\ClamWin\bin\ClamTray.exe C:\Program Files\Java\jre6\bin\jusched.exe D:\itunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe D:\Rainlendar2\Rainlendar2.exe D:\rocketdoc\RocketDock.exe C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\iPod\bin\iPodService.exe D:\launchy\Launchy\Launchy.exe D:\idlebackup\Idlebackup\IdleBackup.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Avira\AntiVir Desktop\avcenter.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Malwarebytes' Anti-Malware\mbam.exe D:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - D:\spybot\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HealthMonitor] D:\healthmonitor\Interface.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Edison] "D:\edison\Edison.exe" /autolaunched O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ClamWin] "D:\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [RocketDock] "D:\rocketdoc\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Idlebackup.lnk = D:\idlebackup\Idlebackup\IdleBackup.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = D:\launchy\Launchy\Launchy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDEAA4F-B73B-45B7-89A5-50471753ED19}: NameServer = 208.68.222.222,208.67.220.220 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Edison Power Management Service (edsvc) - Verdiem - D:\edison\edsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 7630 bytes
  6. It does seem that disabling teatimer made a difference. I rebooted and reran it and it showd no viruses this time. Here is the avira report and the hijack this in the next post. Avira AntiVir Personal Report file date: Saturday, May 02, 2009 10:27 Scanning for 1373854 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : WORKSTATION Version information: BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00 AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 15:57:30 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 17:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 18:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 17:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 19:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 03:33:26 ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 4/30/2009 02:49:50 ANTIVIR3.VDF : 7.1.3.141 21504 Bytes 5/2/2009 16:27:20 Engineversion : 8.2.0.160 AEVDF.DLL : 8.1.1.1 106868 Bytes 5/1/2009 02:49:57 AESCRIPT.DLL : 8.1.1.79 385403 Bytes 5/1/2009 02:49:56 AESCN.DLL : 8.1.1.10 127348 Bytes 5/1/2009 02:49:56 AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 01:24:41 AEPACK.DLL : 8.1.3.14 397685 Bytes 5/1/2009 02:49:55 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 03:01:56 AEHEUR.DLL : 8.1.0.122 1737080 Bytes 5/1/2009 02:49:54 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 03:01:56 AEGEN.DLL : 8.1.1.39 348532 Bytes 5/1/2009 02:49:51 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 21:32:40 AECORE.DLL : 8.1.6.9 176500 Bytes 5/1/2009 02:49:50 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 21:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 15:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 17:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 21:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 17:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 22:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 17:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 22:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 15:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 17:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 18:45:45 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 17:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Saturday, May 02, 2009 10:27 Starting search for hidden objects. '49246' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'IdleBackup.exe' - '1' Module(s) have been scanned Scan process 'Launchy.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'RocketDock.exe' - '1' Module(s) have been scanned Scan process 'Rainlendar2.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'ClamTray.exe' - '1' Module(s) have been scanned Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned Scan process 'Edison.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'Interface.exe' - '1' Module(s) have been scanned Scan process 'apache.exe' - '1' Module(s) have been scanned Scan process 'TSVNCache.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'NMSAccess.exe' - '1' Module(s) have been scanned Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned Scan process 'sqlservr.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'edsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'apache.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 48 processes with 48 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '66' files ). Starting the file scan: Begin scan in 'C:\' <workstation> C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. Begin scan in 'D:\' Begin scan in 'E:\' Search path E:\ could not be opened! System error [1005]: The volume does not contain a recognized file system. End of the scan: Saturday, May 02, 2009 12:27 Used time: 2:00:13 Hour(s) The scan has been done completely. 34969 Scanned directories 1312020 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 1312018 Files not concerned 7751 Archives were scanned 2 Warnings 2 Notes 49246 Objects were scanned with rootkit scan 0 Hidden objects were found
  7. Yes, I was being sarcastic about the av just sitting there. I should of put a smiley or something. I reran the full avira scan and there were still a bunch of viruses. Then I noted spybot teatime still runing so I deactivated that and am rerunning. It takes a long time to run so I'll follow your instructions in the am. Andre
  8. Alas, google results are still tweeked and go to random places. Any thoughts?
  9. Ok, here is the hijack this log. I'm going to rerun the full alivra scan to see what comes up. THanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:47:45 PM, on 4/30/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\xampp\apache\bin\apache.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\edison\edsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\subversion\bin\TSVNCache.exe D:\healthmonitor\Interface.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe D:\edison\Edison.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Java\jre6\bin\jusched.exe D:\itunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe D:\Rainlendar2\Rainlendar2.exe D:\rocketdoc\RocketDock.exe C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe D:\spybot\Spybot - Search & Destroy\TeaTimer.exe D:\launchy\Launchy\Launchy.exe D:\idlebackup\Idlebackup\IdleBackup.exe D:\xampp\apache\bin\apache.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe D:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - D:\spybot\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HealthMonitor] D:\healthmonitor\Interface.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Edison] "D:\edison\Edison.exe" /autolaunched O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ClamWin] "D:\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [RocketDock] "D:\rocketdoc\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\spybot\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Idlebackup.lnk = D:\idlebackup\Idlebackup\IdleBackup.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = D:\launchy\Launchy\Launchy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDEAA4F-B73B-45B7-89A5-50471753ED19}: NameServer = 208.68.222.222,208.67.220.220 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Edison Power Management Service (edsvc) - Verdiem - D:\edison\edsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 7601 bytes
  10. Ok, I'm eating my words. I apparently had 33 viruses! This avira one actually seems to have done something. Here is the report. I'll reboot and do the hijack this. Avira AntiVir Personal Report file date: Wednesday, April 29, 2009 21:26 Scanning for 1284893 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : WORKSTATION Version information: BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00 AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 15:57:30 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 17:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 18:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 17:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 19:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 03:33:26 ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 14:41:14 ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 21:58:20 Engineversion : 8.2.0.100 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/28/2009 00:36:42 AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 03:01:56 AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 18:44:25 AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 01:24:41 AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 20:06:10 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 03:01:56 AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 22:49:16 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 03:01:56 AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 20:06:10 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 21:32:40 AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 21:22:44 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 21:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 15:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 17:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 21:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 17:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 22:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 17:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 22:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 15:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 17:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 18:45:45 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 17:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Wednesday, April 29, 2009 21:26 Starting search for hidden objects. '49187' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'Safari.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'apache.exe' - '1' Module(s) have been scanned Scan process 'Launchy.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'RocketDock.exe' - '1' Module(s) have been scanned Scan process 'Rainlendar2.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'Edison.exe' - '1' Module(s) have been scanned Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'Interface.exe' - '1' Module(s) have been scanned Scan process 'TSVNCache.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'NMSAccess.exe' - '1' Module(s) have been scanned Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned Scan process 'sqlservr.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'edsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'apache.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 47 processes with 47 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '66' files ). Starting the file scan: Begin scan in 'C:\' <workstation> C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100048.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100049.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100050.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100051.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100052.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100053.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100054.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100055.exe [DETECTION] Is the TR/Drop.Softomat.AN Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100076.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100077.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100078.sys [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100079.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100080.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100081.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100082.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100083.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101136.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101138.pif [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101139.sys [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101140.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101141.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101142.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101143.sys [DETECTION] Is the TR/Agent.16896 Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1403\A0101187.sys [DETECTION] Is the TR/Agent.16896 Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1403\A0101188.sys [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1404\A0101547.sys [DETECTION] Is the TR/Agent.16896 Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1404\A0101548.sys [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1404\A0101903.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1407\A0103208.sys [DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1407\A0103221.sys [DETECTION] Is the TR/Drop.Softomat.AN Trojan C:\temp\xampitk\sites\dizs\20080319\index.php [DETECTION] Contains recognition pattern of the HTML/Dldr.Iframe.DP HTML script virus Begin scan in 'D:\' D:\sites\dizs\20080319\index.php [DETECTION] Contains recognition pattern of the HTML/Dldr.Iframe.DP HTML script virus D:\sites\itk\sql\video.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan Begin scan in 'E:\' Search path E:\ could not be opened! System error [1005]: The volume does not contain a recognized file system. Beginning disinfection: C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100048.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4a2b5c50.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100049.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b48f569.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100050.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b724611.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100051.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b4c9409.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100052.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b4d9cc1.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100053.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b428bb9.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100054.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b438c71.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100055.exe [DETECTION] Is the TR/Drop.Softomat.AN Trojan [NOTE] The file was moved to '4b4ee499.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100076.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b4183e1.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100077.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48c6b611.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100078.sys [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48c5ae59.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100079.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4a2b5c51.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100080.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49773802.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100081.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '495f260a.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100082.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '495ede72.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0100083.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48d95df2.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101136.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48d8553a.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101138.pif [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48df4d62.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101139.sys [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48de44aa.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101140.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48dd7c92.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101141.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48dc74da.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101142.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48d36c02.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1402\A0101143.sys [DETECTION] Is the TR/Agent.16896 Trojan [NOTE] The file was moved to '48d2644a.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1403\A0101187.sys [DETECTION] Is the TR/Agent.16896 Trojan [NOTE] The file was moved to '48d163b2.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1403\A0101188.sys [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48d01bfa.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1404\A0101547.sys [DETECTION] Is the TR/Agent.16896 Trojan [NOTE] The file was moved to '4a2b5c52.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1404\A0101548.sys [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48d60b6b.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1404\A0101903.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48d50353.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1407\A0103208.sys [DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit [NOTE] The file was moved to '48d43a9b.qua'! C:\System Volume Information\_restore{079190B5-090E-4E5B-8619-BF96C6F60EDD}\RP1407\A0103221.sys [DETECTION] Is the TR/Drop.Softomat.AN Trojan [NOTE] The file was moved to '492b32c3.qua'! C:\temp\xampitk\sites\dizs\20080319\index.php [DETECTION] Contains recognition pattern of the HTML/Dldr.Iframe.DP HTML script virus [NOTE] The file was moved to '4a5e5c90.qua'! D:\sites\dizs\20080319\index.php [DETECTION] Contains recognition pattern of the HTML/Dldr.Iframe.DP HTML script virus [NOTE] The file was moved to '4957e809.qua'! D:\sites\itk\sql\video.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a5e5c8c.qua'! End of the scan: Thursday, April 30, 2009 20:19 Used time: 2:01:21 Hour(s) The scan has been done completely. 34956 Scanned directories 1311606 Files were scanned 33 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 33 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 1311571 Files not concerned 7727 Archives were scanned 2 Warnings 35 Notes 49187 Objects were scanned with rootkit scan 0 Hidden objects were found
  11. M, I did respond but the forum stopped accepting my posts. I pmd advancedsetup about it but not sure if anything happend about it. I think the forum was tired of my massive log dumps. Your right about the av. I've run for years without one without any infection. I would of continued if I had'nt doubleclicked on something stupid. My network is firewalled, I only use web based email, and always firefox. I'm nearly certain that I was clean and that this is a new infection tho. The world seems to be less save even with firefox now tho so I may have to change my ways. I'll follow your instructions this evening. Thanks!
  12. Hi, I'm experiencing some sort of malware such that whenever I use google from firefox and click on the results, it sends me to spam sites. I've tried the latest mbam but it did not find anything. superspyware something found one thing but not that problem. Here is my hijack this log. Any help greatly appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:47:52 PM, on 4/28/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\xampp\apache\bin\apache.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\edison\edsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\subversion\bin\TSVNCache.exe D:\healthmonitor\Interface.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe D:\edison\Edison.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe D:\Rainlendar2\Rainlendar2.exe D:\rocketdoc\RocketDock.exe C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe D:\spybot\Spybot - Search & Destroy\TeaTimer.exe D:\launchy\Launchy\Launchy.exe D:\xampp\apache\bin\apache.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\regedit.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\rundll32.exe D:\Malwarebytes' Anti-Malware\mbam.exe D:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - D:\spybot\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HealthMonitor] D:\healthmonitor\Interface.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Edison] "D:\edison\Edison.exe" /autolaunched O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ClamWin] "D:\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [RocketDock] "D:\rocketdoc\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\spybot\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Idlebackup.lnk = D:\idlebackup\Idlebackup\IdleBackup.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = D:\launchy\Launchy\Launchy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDEAA4F-B73B-45B7-89A5-50471753ED19}: NameServer = 208.68.222.222,208.67.220.220 O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Edison Power Management Service (edsvc) - Verdiem - D:\edison\edsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 7281 bytes
  13. my responses arent getting thru. One last try. The file was not infected. Here is the hijack this log. Let me know. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:19:57 PM, on 4/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\xampp\apache\bin\apache.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\edison\edsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\subversion\bin\TSVNCache.exe D:\healthmonitor\Interface.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe D:\xampp\apache\bin\apache.exe D:\edison\Edison.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe D:\ClamWin\bin\ClamTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe D:\Rainlendar2\Rainlendar2.exe D:\rocketdoc\RocketDock.exe C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe D:\spybot\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wscntfy.exe D:\launchy\Launchy\Launchy.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\iPod\bin\iPodService.exe D:\itunes\iTunesHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - D:\spybot\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HealthMonitor] D:\healthmonitor\Interface.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Edison] "D:\edison\Edison.exe" /autolaunched O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ClamWin] "D:\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Dexpot 1.4] D:\dexpot\dexpot.exe O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [RocketDock] "D:\rocketdoc\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\spybot\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Idlebackup.lnk = D:\idlebackup\Idlebackup\IdleBackup.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = D:\launchy\Launchy\Launchy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDEAA4F-B73B-45B7-89A5-50471753ED19}: NameServer = 208.68.222.222,208.67.220.220 O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Edison Power Management Service (edsvc) - Verdiem - D:\edison\edsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 7203 bytes
  14. Strange, I responded yesterday but I don't see my responses. Uploading the file showed no infection. Here is the current hijack this log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:33:51 PM, on 4/8/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\xampp\apache\bin\apache.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\edison\edsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\subversion\bin\TSVNCache.exe D:\healthmonitor\Interface.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe D:\xampp\apache\bin\apache.exe D:\edison\Edison.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe D:\itunes\iTunesHelper.exe D:\ClamWin\bin\ClamTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe D:\dexpot\dexpot.exe D:\Rainlendar2\Rainlendar2.exe D:\rocketdoc\RocketDock.exe C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe D:\spybot\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wscntfy.exe D:\launchy\Launchy\Launchy.exe C:\Program Files\iPod\bin\iPodService.exe D:\firefox3\firefox.exe D:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - D:\spybot\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HealthMonitor] D:\healthmonitor\Interface.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Edison] "D:\edison\Edison.exe" /autolaunched O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ClamWin] "D:\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Dexpot 1.4] D:\dexpot\dexpot.exe O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [RocketDock] "D:\rocketdoc\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\spybot\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Idlebackup.lnk = D:\idlebackup\Idlebackup\IdleBackup.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = D:\launchy\Launchy\Launchy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDEAA4F-B73B-45B7-89A5-50471753ED19}: NameServer = 208.68.222.222,208.67.220.220 O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Edison Power Management Service (edsvc) - Verdiem - D:\edison\edsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 7082 bytes
  15. Results from the last set of instructions from 10:46. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:00:50 PM, on 4/7/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\xampp\apache\bin\apache.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\edison\edsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\subversion\bin\TSVNCache.exe D:\healthmonitor\Interface.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe D:\xampp\apache\bin\apache.exe D:\edison\Edison.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe D:\itunes\iTunesHelper.exe D:\ClamWin\bin\ClamTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe D:\dexpot\dexpot.exe D:\Rainlendar2\Rainlendar2.exe D:\rocketdoc\RocketDock.exe C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe D:\spybot\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wscntfy.exe D:\launchy\Launchy\Launchy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - D:\spybot\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HealthMonitor] D:\healthmonitor\Interface.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Edison] "D:\edison\Edison.exe" /autolaunched O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ClamWin] "D:\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Dexpot 1.4] D:\dexpot\dexpot.exe O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [RocketDock] "D:\rocketdoc\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andre Turrettini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\spybot\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Idlebackup.lnk = D:\idlebackup\Idlebackup\IdleBackup.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchy.lnk = D:\launchy\Launchy\Launchy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - D:\spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Edison Power Management Service (edsvc) - Verdiem - D:\edison\edsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 6979 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.