Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

AIM Virus Help :(

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

AIM Virus Help :(

Unread postby joeguz1k » September 19th, 2007, 3:49 pm

Hi all, I finally fell for an AIM virus trap and have been trying to get rid of it for about 2 days. I've run scans with both AntiVir and Symantec Antivirus in safe mode. Symantec actually found nothing the first try but AntiVir is finding stuff left and right - putting it into quarantine, and then I delete it. However nothing is working. The bad files keep coming back.

C:\WINDOWS\system32\opnnonn.dll is the one I'm seeing a lot of.
Is the Trojan horse TR/Vundo.Gen (so AntiVir says)

I've run many passes of antivirus software, Spybot, AdAware, CCleaner, etc... they find stuff for the most part, but it always comes back.

I've also run VundoFix and VirtumundoBeGone, both found things but aren't completely getting rid of them it seems.

Here is my HJT (I actually had to rename the .exe so the viruses wouldn't hide from it)...

PS: I get a lot of ad popups (texting stuff, fake spyware cleaners, etc.. due to Vundo I think?). Also I have a lot of "Detection!" open right now thanks to Antivir not being able to be stopped.
    Logfile of HijackThis v1.99.1
    Scan saved at 3:37:36 PM, on 9/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\3M\PSNotes\psn.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\PROGRA~1\3M\PSNotes\PSNGive.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Joe Guzik\Desktop\VundoFix.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\HJT.exe
    C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/openmanage
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {204E136F-8985-4F1E-8A2E-BB50698EBE9F} - C:\WINDOWS\system32\gebcb.dll
    O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\opnnonn.dll
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [AVEDESK] "C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6253278406
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
    O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: opnnonn - C:\WINDOWS\SYSTEM32\opnnonn.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Windows Input Service (wiisvc) - Unknown owner - C:\WINDOWS\system\wibsvc.exe (file missing)
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
joeguz1k
Active Member
 
Posts: 11
Joined: September 19th, 2007, 3:39 pm
Advertisement
Register to Remove

Unread postby joeguz1k » September 19th, 2007, 3:51 pm

    Logfile of HijackThis v1.99.1
    Scan saved at 3:50:56 PM, on 9/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\3M\PSNotes\psn.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\PROGRA~1\3M\PSNotes\PSNGive.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\HJT.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/openmanage
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {204E136F-8985-4F1E-8A2E-BB50698EBE9F} - C:\WINDOWS\system32\gebcb.dll
    O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\opnnonn.dll
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [AVEDESK] "C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6253278406
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
    O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: opnnonn - C:\WINDOWS\SYSTEM32\opnnonn.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Windows Input Service (wiisvc) - Unknown owner - C:\WINDOWS\system\wibsvc.exe (file missing)
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


Just scanned again, after closing some stuff, not sure if it's any different. :(
joeguz1k
Active Member
 
Posts: 11
Joined: September 19th, 2007, 3:39 pm

Unread postby joeguz1k » September 19th, 2007, 4:06 pm

Ah, I was going through other posts - I didn't use the newest version of HJT... here we go.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:05:23 PM, on 9/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\3M\PSNotes\psn.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\PROGRA~1\3M\PSNotes\PSNGive.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/openmanage
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [AVEDESK] "C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6253278406
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
    O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Windows Input Service (wiisvc) - Unknown owner - C:\WINDOWS\system\wibsvc.exe (file missing)
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12427 bytes
joeguz1k
Active Member
 
Posts: 11
Joined: September 19th, 2007, 3:39 pm

Unread postby joeguz1k » September 19th, 2007, 4:09 pm

Okay, I'm so sorry - but there doesn't seem to be a way to edit posts...
I forgot to change the .exe filename of the new/updated HJT..

New HJT...
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:08:26 PM, on 9/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\3M\PSNotes\psn.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\PROGRA~1\3M\PSNotes\PSNGive.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\TJH.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/openmanage
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {097D81DB-C520-4F1D-9CC8-39E6034CC3DA} - C:\WINDOWS\system32\gebcb.dll
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [AVEDESK] "C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6253278406
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
    O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Windows Input Service (wiisvc) - Unknown owner - C:\WINDOWS\system\wibsvc.exe (file missing)
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12514 bytes
joeguz1k
Active Member
 
Posts: 11
Joined: September 19th, 2007, 3:39 pm

Unread postby Bob4 » September 20th, 2007, 8:10 pm

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.



Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!

NOTE: On most all forums of this type never answer your own post or start a new one. We look for 0 (zero) replies ;)



__________________________________

You now have 2 anti virus programs running. This is not a good idea. They will interfere with each other and actually provide less protection.
Please uninstall one of them through add /remove programs now. It's up to you which you want to keep/uninstall .



________________________________________

Please delete the vundo fix (vundofix.exe) you now have ..
We will get this one another way.

___________________________________




______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked


O2 - BHO: (no name) - {204E136F-8985-4F1E-8A2E-BB50698EBE9F} - C:\WINDOWS\system32\gebcb.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\opnnonn.dll

Close that.
_________________________________


Open Notepad, copy and paste the following text (in bold) into the new Notepad window.
Save it to your Desktop, as type "all files", as fixservice.bat

save it to your desktop.
Now click the file you, won't see much happen.
Then you may delete the file we just made.

sc stop Windows Input Service

sc delete Windows Input Service

sc stop Windows Input Service

sc delete Windows Input Service


_________________________________



1. Download Combo fix from one of these locations.
http://www.techsupportforum.com/sectool ... mboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply . (c:\comboFix.txt)

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

________________________________


Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\WINDOWS\system\wibsvc.exe




Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt which I will need in your next reply.





_____________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from combo fix (2)
  • c:/CFScript.txt
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby joeguz1k » September 20th, 2007, 9:57 pm

Thank you so much for replying! I was afraid my replies to my own thread would make it go unnoticed!

I uninstalled AntiVir anti virus since Symantec required a password to uninstall that I do not know (my college requires our computers to have it).

When I ran HJT, gebcb.dll was there but opnnonn.dll wasn't. I "fixed" it. I've been scanning my computer a lot (before I got this reply) and it seems like the virus is slowly dying? Or hiding. XD

I did that fixservice.bat, and got this message in the dos window...


    [SC] OpenService FAILED 1060:

    The specified service does not exist as an installed service.


    C:\Documents and Settings\Joe Guzik\Desktop>sc delete Windows Input Service
    [SC] OpenService FAILED 1060:

    The specified service does not exist as an installed service.


    C:\Documents and Settings\Joe Guzik\Desktop>sc stop Windows Input Service
    [SC] OpenService FAILED 1060:

    The specified service does not exist as an installed service.


    C:\Documents and Settings\Joe Guzik\Desktop>sc detele Windows Input Service
    *** Unrecognized Command ***
    DESCRIPTION:
    SC is a command line program used for communicating with the
    NT Service Controller and services.
    USAGE:
    sc <server> [command] [service name] <option1> <option2>...

    The option <server> has the form "\\ServerName"
    Further help on commands can be obtained by typing: "sc [command]"
    Commands:
    query-----------Queries the status for a service, or
    enumerates the status for types of services.
    queryex---------Queries the extended status for a service, or
    enumerates the status for types of services.
    start-----------Starts a service.
    pause-----------Sends a PAUSE control request to a service.
    interrogate-----Sends an INTERROGATE control request to a service.
    continue--------Sends a CONTINUE control request to a service.
    stop------------Sends a STOP request to a service.
    config----------Changes the configuration of a service (persistant).
    description-----Changes the description of a service.
    failure---------Changes the actions taken by a service upon failure.
    qc--------------Queries the configuration information for a service.
    qdescription----Queries the description for a service.
    qfailure--------Queries the actions taken by a service upon failure.
    delete----------Deletes a service (from the registry).
    create----------Creates a service. (adds it to the registry).
    control---------Sends a control to a service.
    sdshow----------Displays a service's security descriptor.
    sdset-----------Sets a service's security descriptor.
    GetDisplayName--Gets the DisplayName for a service.
    GetKeyName------Gets the ServiceKeyName for a service.
    EnumDepend------Enumerates Service Dependencies.

    The following commands don't require a service name:
    sc <server> <command> <option>
    boot------------(ok | bad) Indicates whether the last boot should
    be saved as the last-known-good boot configuration
    Lock------------Locks the Service Database
    QueryLock-------Queries the LockStatus for the SCManager Database
    EXAMPLE:
    sc start MyService

    Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:

I closed it and continued with your instructions.

Here is the first combofix log...

    ComboFix 07-09-20.1 - "Joe Guzik" 2007-09-20 21:37:41.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1408 [GMT -4:00]
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\check_LSA7.txt
    C:\WINDOWS\cookies.ini

    .
    ((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
    .

    2007-09-20 21:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-19 16:05 <DIR> d-------- C:\Program Files\Trend Micro
    2007-09-18 23:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
    2007-09-18 16:53 <DIR> d-------- C:\VundoFix Backups
    2007-09-18 13:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
    2007-09-18 13:27 <DIR> d-------- C:\WINDOWS\pss
    2007-09-18 13:19 2,004,972 --ahs---- C:\WINDOWS\system32\bcbeg.ini2
    2007-09-18 13:14 2,004,972 --ahs---- C:\WINDOWS\system32\bcbeg.bak2
    2007-09-17 15:23 6,448 --ahs---- C:\WINDOWS\system32\bcbeg.bak1
    2007-09-16 13:25 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Viewpoint
    2007-09-13 01:00 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
    2007-09-11 19:39 22,328 --a------ C:\DOCUME~1\JOEGUZ~1\APPLIC~1\PnkBstrK.sys
    2007-09-11 19:36 <DIR> d-------- C:\Program Files\id Software
    2007-09-11 17:13 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\vlc
    2007-09-11 17:12 <DIR> d-------- C:\Program Files\VideoLAN
    2007-09-11 00:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
    2007-09-11 00:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Advanced Chemistry Development
    2007-09-10 16:50 <DIR> d-------- C:\Program Files\Flickr Uploadr
    2007-09-10 16:45 <DIR> d-------- C:\Program Files\Yahoo!
    2007-09-09 04:02 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\com.air.flash.Twinja
    2007-09-09 03:59 65,832 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2007-09-09 03:59 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Spaz.AIR
    2007-09-09 03:58 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Tweetr
    2007-09-09 03:58 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\com.trajiklyhip.TwitterAIR
    2007-09-09 03:45 <DIR> d-------- C:\Program Files\Weiran Zhang
    2007-09-09 02:09 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Pownce
    2007-09-06 22:46 <DIR> d-------- C:\Program Files\Guitar Pro 5
    2007-09-02 02:22 <DIR> d-------- C:\Program Files\Steam
    2007-08-24 13:33 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-08-24 13:10 <DIR> d-------- C:\Program Files\Broadcom
    2007-08-23 22:56 <DIR> d-------- C:\Program Files\Common Files\HP
    2007-08-23 22:55 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2007-08-23 22:54 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2007-08-23 22:54 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
    2007-08-23 22:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2007-08-23 22:53 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
    2007-08-23 22:53 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
    2007-08-23 22:53 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
    2007-08-23 22:53 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
    2007-08-23 22:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
    2007-08-23 22:53 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
    2007-08-23 22:53 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
    2007-08-23 22:52 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2007-08-23 22:51 <DIR> d-------- C:\Program Files\HP
    2007-08-23 22:50 69,385 --a------ C:\WINDOWS\hpoins05.dat
    2007-08-23 22:50 19,696 --------- C:\WINDOWS\hpomdl05.dat
    2007-08-23 22:47 581,632 -ra------ C:\WINDOWS\system32\hpotscl.dll
    2007-08-23 22:47 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
    2007-08-23 22:47 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
    2007-08-23 22:47 229,376 -ra------ C:\WINDOWS\system32\hpovst08.dll
    2007-08-23 22:47 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-08-23 22:47 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-08-23 22:45 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-08-23 22:45 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-08-23 21:53 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-08-23 21:53 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-08-23 21:53 <DIR> d-------- C:\Program Files\Symantec AntiVirus
    2007-08-23 21:38 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Funk Software
    2007-08-23 21:36 491,599 --a------ C:\WINDOWS\system32\odGinaLibrary.dll
    2007-08-23 21:36 143,427 --a------ C:\WINDOWS\system32\odyGina.dll
    2007-08-23 21:36 122,949 --a------ C:\WINDOWS\system32\odyEvent.dll
    2007-08-23 21:36 <DIR> d-------- C:\Program Files\Juniper Networks
    2007-08-23 21:36 <DIR> d-------- C:\Program Files\Common Files\Juniper Networks
    2007-08-23 21:36 <DIR> d-------- C:\Program Files\Common Files\Funk Software
    2007-08-23 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Juniper Networks
    2007-08-23 19:35 <DIR> d-------- C:\Program Files\Symantec
    2007-08-23 19:35 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
    2007-08-23 19:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    2007-08-23 19:35 <DIR> d-------- C:\CNUAntiVirus
    2007-08-21 00:03 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\Contacts
    2007-08-21 00:02 <DIR> d-------- C:\Program Files\MSN Messenger

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-20 20:35 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\SiteAdvisor
    2007-09-18 23:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
    2007-09-18 16:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-09-17 20:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-09-16 16:37 --------- d-------- C:\Program Files\SpywareBlaster
    2007-09-13 20:50 --------- d---s---- C:\Program Files\HLSW
    2007-09-11 19:39 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2007-09-11 19:39 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-09-11 19:39 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-09-11 19:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-09 02:07 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Xfire
    2007-09-08 23:53 --------- d---s---- C:\Program Files\Xfire
    2007-08-29 16:27 --------- d-------- C:\Program Files\mIRC
    2007-08-24 12:17 --------- d-------- C:\Program Files\Dell
    2007-08-24 12:05 5 --a------ C:\WINDOWS\system32\drivers\DELL_INS_9300.MRK
    2007-08-24 12:05 5 --a------ C:\WINDOWS\system32\drivers\1028_DELL_INS_9300.MRK
    2007-08-23 21:06 --------- d-------- C:\Program Files\Modem Helper
    2007-08-22 15:43 --------- d-------- C:\Program Files\PokerStars
    2007-08-22 15:43 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\XBList
    2007-08-21 01:28 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-08-19 19:40 --------- d-------- C:\Program Files\AMX Mod X
    2007-08-16 23:44 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\uTorrent
    2007-08-16 15:08 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-08-16 15:08 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-08-15 18:52 --------- d-------- C:\Program Files\QuickTime
    2007-08-14 17:01 --------- d-------- C:\Program Files\DAEMON Tools
    2007-08-14 16:56 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-08-13 20:36 --------- d-------- C:\Program Files\iTunes
    2007-08-13 20:36 --------- d-------- C:\Program Files\iPod
    2007-08-13 15:02 --------- d-------- C:\Program Files\Microsoft Works
    2007-08-13 15:00 --------- d-------- C:\Program Files\Microsoft.NET
    2007-08-11 21:16 --------- d-------- C:\Program Files\Xvid
    2007-08-11 01:34 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Ventrilo
    2007-08-07 19:26 8864 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
    2007-08-05 23:28 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\FrostWire
    2007-07-31 20:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
    2007-07-31 20:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    2007-07-31 18:23 --------- d-------- C:\Program Files\Viewpoint
    2007-07-31 01:52 --------- d-------- C:\Program Files\CCleaner
    2007-07-30 23:13 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Apple Computer
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-30 00:20 --------- d-------- C:\Program Files\AIM
    2007-07-30 00:20 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Aim
    2007-07-30 00:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2007-07-29 23:13 --------- d-------- C:\Program Files\Audacity
    2007-07-27 23:32 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-07-27 23:32 --------- dr-h----- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\SecuROM
    2007-07-27 22:41 --------- d-------- C:\Program Files\DivX
    2007-07-23 00:02 --------- d-------- C:\Program Files\Fraps
    2007-07-21 17:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    2007-07-21 17:07 --------- d-------- C:\Program Files\Bonjour
    2007-07-21 16:57 --------- d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-07-20 22:02 --------- d-------- C:\Program Files\Lavasoft
    2007-07-20 22:02 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-20 22:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-07-10 23:33 339968 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
    2007-07-09 15:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2007-07-09 15:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
    2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 18:51]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 22:46]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 22:47]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-12-04 16:10]
    "nwiz"="nwiz.exe" [2006-12-04 16:10 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2006-03-22 23:32 C:\WINDOWS\system32\nvhotkey.dll]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
    "WD Button Manager"="WDBtnMgr.exe" [2007-07-10 23:33 C:\WINDOWS\system32\WDBtnMgr.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-12-04 16:10]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "OdTray.exe"="C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2006-12-15 14:08]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVEDESK"="C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE" [2005-10-25 23:44]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-10 23:14:44]
    Post-itr Software Notes.lnk - C:\Program Files\3M\PSNotes\psn.exe [2004-10-15 15:26:20]
    Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-07-10 23:40:36]

    C:\DOCUME~1\JOEGUZ~1\STARTM~1\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    R3 jnprna;Juniper Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\jnprna.sys
    R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
    S2 wiisvc;Windows Input Service;"C:\WINDOWS\system\wibsvc.exe"
    S3 EacService;Juniper TNC Endpoint Assessment;C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
    S3 WD_FireWire_HID;WD FireWire Pseudo-HID driver;C:\WINDOWS\system32\DRIVERS\wdfwhid.sys
    S3 XDva015;XDva015;\??\C:\WINDOWS\system32\XDva015.sys

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-20 21:39:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-20 21:40:10
    C:\ComboFix-quarantined-files.txt ... 2007-09-20 21:40
    .
    --- E O F ---

Then I ran the cfscript.txt..

    ComboFix 07-09-20.1 - "Joe Guzik" 2007-09-20 21:42:44.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1385 [GMT -4:00]
    Command switches used :: C:\Documents and Settings\Joe Guzik\Desktop\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system\wibsvc.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
    .

    2007-09-20 21:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-19 16:05 <DIR> d-------- C:\Program Files\Trend Micro
    2007-09-18 23:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
    2007-09-18 16:53 <DIR> d-------- C:\VundoFix Backups
    2007-09-18 13:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
    2007-09-18 13:27 <DIR> d-------- C:\WINDOWS\pss
    2007-09-18 13:19 2,004,972 --ahs---- C:\WINDOWS\system32\bcbeg.ini2
    2007-09-18 13:14 2,004,972 --ahs---- C:\WINDOWS\system32\bcbeg.bak2
    2007-09-17 15:23 6,448 --ahs---- C:\WINDOWS\system32\bcbeg.bak1
    2007-09-16 13:25 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Viewpoint
    2007-09-13 01:00 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
    2007-09-11 19:39 22,328 --a------ C:\DOCUME~1\JOEGUZ~1\APPLIC~1\PnkBstrK.sys
    2007-09-11 19:36 <DIR> d-------- C:\Program Files\id Software
    2007-09-11 17:13 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\vlc
    2007-09-11 17:12 <DIR> d-------- C:\Program Files\VideoLAN
    2007-09-11 00:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
    2007-09-11 00:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Advanced Chemistry Development
    2007-09-10 16:50 <DIR> d-------- C:\Program Files\Flickr Uploadr
    2007-09-10 16:45 <DIR> d-------- C:\Program Files\Yahoo!
    2007-09-09 04:02 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\com.air.flash.Twinja
    2007-09-09 03:59 65,832 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2007-09-09 03:59 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Spaz.AIR
    2007-09-09 03:58 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Tweetr
    2007-09-09 03:58 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\com.trajiklyhip.TwitterAIR
    2007-09-09 03:45 <DIR> d-------- C:\Program Files\Weiran Zhang
    2007-09-09 02:09 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Pownce
    2007-09-06 22:46 <DIR> d-------- C:\Program Files\Guitar Pro 5
    2007-09-02 02:22 <DIR> d-------- C:\Program Files\Steam
    2007-08-24 13:33 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-08-24 13:10 <DIR> d-------- C:\Program Files\Broadcom
    2007-08-23 22:56 <DIR> d-------- C:\Program Files\Common Files\HP
    2007-08-23 22:55 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2007-08-23 22:54 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2007-08-23 22:54 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
    2007-08-23 22:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2007-08-23 22:53 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
    2007-08-23 22:53 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
    2007-08-23 22:53 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
    2007-08-23 22:53 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
    2007-08-23 22:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
    2007-08-23 22:53 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
    2007-08-23 22:53 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
    2007-08-23 22:52 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2007-08-23 22:51 <DIR> d-------- C:\Program Files\HP
    2007-08-23 22:50 69,385 --a------ C:\WINDOWS\hpoins05.dat
    2007-08-23 22:50 19,696 --------- C:\WINDOWS\hpomdl05.dat
    2007-08-23 22:47 581,632 -ra------ C:\WINDOWS\system32\hpotscl.dll
    2007-08-23 22:47 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
    2007-08-23 22:47 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
    2007-08-23 22:47 229,376 -ra------ C:\WINDOWS\system32\hpovst08.dll
    2007-08-23 22:47 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-08-23 22:47 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-08-23 22:45 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-08-23 22:45 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-08-23 21:53 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-08-23 21:53 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-08-23 21:53 <DIR> d-------- C:\Program Files\Symantec AntiVirus
    2007-08-23 21:38 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Funk Software
    2007-08-23 21:36 491,599 --a------ C:\WINDOWS\system32\odGinaLibrary.dll
    2007-08-23 21:36 143,427 --a------ C:\WINDOWS\system32\odyGina.dll
    2007-08-23 21:36 122,949 --a------ C:\WINDOWS\system32\odyEvent.dll
    2007-08-23 21:36 <DIR> d-------- C:\Program Files\Juniper Networks
    2007-08-23 21:36 <DIR> d-------- C:\Program Files\Common Files\Juniper Networks
    2007-08-23 21:36 <DIR> d-------- C:\Program Files\Common Files\Funk Software
    2007-08-23 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Juniper Networks
    2007-08-23 19:35 <DIR> d-------- C:\Program Files\Symantec
    2007-08-23 19:35 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
    2007-08-23 19:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    2007-08-23 19:35 <DIR> d-------- C:\CNUAntiVirus
    2007-08-21 00:03 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\Contacts
    2007-08-21 00:02 <DIR> d-------- C:\Program Files\MSN Messenger

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-20 20:35 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\SiteAdvisor
    2007-09-18 23:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
    2007-09-18 16:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-09-17 20:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-09-16 16:37 --------- d-------- C:\Program Files\SpywareBlaster
    2007-09-13 20:50 --------- d---s---- C:\Program Files\HLSW
    2007-09-11 19:39 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2007-09-11 19:39 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-09-11 19:39 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-09-11 19:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-09 02:07 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Xfire
    2007-09-08 23:53 --------- d---s---- C:\Program Files\Xfire
    2007-08-29 16:27 --------- d-------- C:\Program Files\mIRC
    2007-08-24 12:17 --------- d-------- C:\Program Files\Dell
    2007-08-24 12:05 5 --a------ C:\WINDOWS\system32\drivers\DELL_INS_9300.MRK
    2007-08-24 12:05 5 --a------ C:\WINDOWS\system32\drivers\1028_DELL_INS_9300.MRK
    2007-08-23 21:06 --------- d-------- C:\Program Files\Modem Helper
    2007-08-22 15:43 --------- d-------- C:\Program Files\PokerStars
    2007-08-22 15:43 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\XBList
    2007-08-21 01:28 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-08-19 19:40 --------- d-------- C:\Program Files\AMX Mod X
    2007-08-16 23:44 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\uTorrent
    2007-08-16 15:08 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-08-16 15:08 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-08-15 18:52 --------- d-------- C:\Program Files\QuickTime
    2007-08-14 17:01 --------- d-------- C:\Program Files\DAEMON Tools
    2007-08-14 16:56 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-08-13 20:36 --------- d-------- C:\Program Files\iTunes
    2007-08-13 20:36 --------- d-------- C:\Program Files\iPod
    2007-08-13 15:02 --------- d-------- C:\Program Files\Microsoft Works
    2007-08-13 15:00 --------- d-------- C:\Program Files\Microsoft.NET
    2007-08-11 21:16 --------- d-------- C:\Program Files\Xvid
    2007-08-11 01:34 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Ventrilo
    2007-08-07 19:26 8864 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
    2007-08-05 23:28 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\FrostWire
    2007-07-31 20:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
    2007-07-31 20:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    2007-07-31 18:23 --------- d-------- C:\Program Files\Viewpoint
    2007-07-31 01:52 --------- d-------- C:\Program Files\CCleaner
    2007-07-30 23:13 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Apple Computer
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-30 00:20 --------- d-------- C:\Program Files\AIM
    2007-07-30 00:20 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Aim
    2007-07-30 00:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2007-07-29 23:13 --------- d-------- C:\Program Files\Audacity
    2007-07-27 23:32 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-07-27 23:32 --------- dr-h----- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\SecuROM
    2007-07-27 22:41 --------- d-------- C:\Program Files\DivX
    2007-07-23 00:02 --------- d-------- C:\Program Files\Fraps
    2007-07-21 17:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    2007-07-21 17:07 --------- d-------- C:\Program Files\Bonjour
    2007-07-21 16:57 --------- d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-07-20 22:02 --------- d-------- C:\Program Files\Lavasoft
    2007-07-20 22:02 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-20 22:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-07-10 23:33 339968 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
    2007-07-09 15:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2007-07-09 15:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
    2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 18:51]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 22:46]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 22:47]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-12-04 16:10]
    "nwiz"="nwiz.exe" [2006-12-04 16:10 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2006-03-22 23:32 C:\WINDOWS\system32\nvhotkey.dll]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
    "WD Button Manager"="WDBtnMgr.exe" [2007-07-10 23:33 C:\WINDOWS\system32\WDBtnMgr.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-12-04 16:10]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "OdTray.exe"="C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2006-12-15 14:08]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVEDESK"="C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE" [2005-10-25 23:44]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-10 23:14:44]
    Post-itr Software Notes.lnk - C:\Program Files\3M\PSNotes\psn.exe [2004-10-15 15:26:20]
    Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-07-10 23:40:36]

    C:\DOCUME~1\JOEGUZ~1\STARTM~1\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    R3 jnprna;Juniper Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\jnprna.sys
    R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
    S2 wiisvc;Windows Input Service;"C:\WINDOWS\system\wibsvc.exe"
    S3 EacService;Juniper TNC Endpoint Assessment;C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
    S3 WD_FireWire_HID;WD FireWire Pseudo-HID driver;C:\WINDOWS\system32\DRIVERS\wdfwhid.sys
    S3 XDva015;XDva015;\??\C:\WINDOWS\system32\XDva015.sys

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-20 21:43:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-20 21:44:07
    C:\ComboFix-quarantined-files.txt ... 2007-09-20 21:44
    C:\ComboFix2.txt ... 2007-09-20 21:40
    .
    --- E O F ---

And here is the new HJT...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:48:20 PM, on 9/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\3M\PSNotes\psn.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\PROGRA~1\3M\PSNotes\PSNGive.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\TJH.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/openmanage
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [AVEDESK] "C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6253278406
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
    O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Windows Input Service (wiisvc) - Unknown owner - C:\WINDOWS\system\wibsvc.exe (file missing)
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11831 bytes
joeguz1k
Active Member
 
Posts: 11
Joined: September 19th, 2007, 3:39 pm

Unread postby Bob4 » September 21st, 2007, 7:06 am

Make a new folder on your desktop. Call it reg finder

Download Reg Finder
Extract the files to that folder on the desktop you just created..
Go into that folder and double click RegFinder.vbs.
If any of your software gives you a warning about running this just allow it. It's safe.
Type in wibsvc.exe
into the text field that appears and hit enter.
Again... Some protection software may probably flag the script...
just let it run.
It will let you know when its done and a log should pop up ..If it doesn't there will be a file in the folder called results.txt

Post that for me.


________________________________

Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.bak1




Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt which I will need in your next reply.



______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).


AVG Anti-Spyware:
________________________________________
Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).



    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    • Open up AVG anti Malware

Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
  • Reboot in normal mode.




_____________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from comboFix
  • The report from AVG antimalware
  • The report from reg Finder
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby joeguz1k » September 21st, 2007, 3:53 pm

HJT Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:50:33 PM, on 9/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\3M\PSNotes\psn.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\PROGRA~1\3M\PSNotes\PSNGive.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\TJH.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/openmanage
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [AVEDESK] "C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6253278406
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
    O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Windows Input Service (wiisvc) - Unknown owner - C:\WINDOWS\system\wibsvc.exe (file missing)
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12225 bytes

ComboFix:
    ComboFix 07-09-20.1 - "Joe Guzik" 2007-09-21 12:46:47.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1362 [GMT -4:00]
    Command switches used :: C:\Documents and Settings\Joe Guzik\Desktop\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\bcbeg.bak2
    C:\WINDOWS\system32\bcbeg.bak1
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\bcbeg.bak1
    C:\WINDOWS\system32\bcbeg.bak2

    .
    ((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
    .

    2007-09-20 21:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-19 16:05 <DIR> d-------- C:\Program Files\Trend Micro
    2007-09-18 23:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
    2007-09-18 16:53 <DIR> d-------- C:\VundoFix Backups
    2007-09-18 13:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
    2007-09-18 13:27 <DIR> d-------- C:\WINDOWS\pss
    2007-09-18 13:19 2,004,972 --ahs---- C:\WINDOWS\system32\bcbeg.ini2
    2007-09-16 13:25 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Viewpoint
    2007-09-13 01:00 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
    2007-09-11 19:39 22,328 --a------ C:\DOCUME~1\JOEGUZ~1\APPLIC~1\PnkBstrK.sys
    2007-09-11 19:36 <DIR> d-------- C:\Program Files\id Software
    2007-09-11 17:13 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\vlc
    2007-09-11 17:12 <DIR> d-------- C:\Program Files\VideoLAN
    2007-09-11 00:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
    2007-09-11 00:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Advanced Chemistry Development
    2007-09-10 16:50 <DIR> d-------- C:\Program Files\Flickr Uploadr
    2007-09-10 16:45 <DIR> d-------- C:\Program Files\Yahoo!
    2007-09-09 04:02 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\com.air.flash.Twinja
    2007-09-09 03:59 65,832 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2007-09-09 03:59 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Spaz.AIR
    2007-09-09 03:58 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Tweetr
    2007-09-09 03:58 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\com.trajiklyhip.TwitterAIR
    2007-09-09 03:45 <DIR> d-------- C:\Program Files\Weiran Zhang
    2007-09-09 02:09 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Pownce
    2007-09-06 22:46 <DIR> d-------- C:\Program Files\Guitar Pro 5
    2007-09-02 02:22 <DIR> d-------- C:\Program Files\Steam
    2007-08-24 13:33 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-08-24 13:10 <DIR> d-------- C:\Program Files\Broadcom
    2007-08-23 22:56 <DIR> d-------- C:\Program Files\Common Files\HP
    2007-08-23 22:55 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2007-08-23 22:54 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2007-08-23 22:54 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
    2007-08-23 22:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2007-08-23 22:53 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
    2007-08-23 22:53 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
    2007-08-23 22:53 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
    2007-08-23 22:53 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
    2007-08-23 22:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
    2007-08-23 22:53 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
    2007-08-23 22:53 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
    2007-08-23 22:52 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2007-08-23 22:51 <DIR> d-------- C:\Program Files\HP
    2007-08-23 22:50 69,385 --a------ C:\WINDOWS\hpoins05.dat
    2007-08-23 22:50 19,696 --------- C:\WINDOWS\hpomdl05.dat
    2007-08-23 22:47 581,632 -ra------ C:\WINDOWS\system32\hpotscl.dll
    2007-08-23 22:47 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
    2007-08-23 22:47 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
    2007-08-23 22:47 229,376 -ra------ C:\WINDOWS\system32\hpovst08.dll
    2007-08-23 22:47 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-08-23 22:47 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-08-23 22:45 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-08-23 22:45 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-08-23 21:53 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-08-23 21:53 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-08-23 21:53 <DIR> d-------- C:\Program Files\Symantec AntiVirus
    2007-08-23 21:38 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Funk Software
    2007-08-23 21:36 491,599 --a------ C:\WINDOWS\system32\odGinaLibrary.dll
    2007-08-23 21:36 143,427 --a------ C:\WINDOWS\system32\odyGina.dll
    2007-08-23 21:36 122,949 --a------ C:\WINDOWS\system32\odyEvent.dll
    2007-08-23 21:36 <DIR> d-------- C:\Program Files\Juniper Networks
    2007-08-23 21:36 <DIR> d-------- C:\Program Files\Common Files\Juniper Networks
    2007-08-23 21:36 <DIR> d-------- C:\Program Files\Common Files\Funk Software
    2007-08-23 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Juniper Networks
    2007-08-23 19:35 <DIR> d-------- C:\Program Files\Symantec
    2007-08-23 19:35 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
    2007-08-23 19:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    2007-08-23 19:35 <DIR> d-------- C:\CNUAntiVirus
    2007-08-21 00:03 <DIR> d-------- C:\DOCUME~1\JOEGUZ~1\Contacts
    2007-08-21 00:02 <DIR> d-------- C:\Program Files\MSN Messenger

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-21 12:42 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\SiteAdvisor
    2007-09-18 23:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
    2007-09-18 16:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-09-17 20:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-09-16 16:37 --------- d-------- C:\Program Files\SpywareBlaster
    2007-09-13 20:50 --------- d---s---- C:\Program Files\HLSW
    2007-09-11 19:39 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2007-09-11 19:39 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-09-11 19:39 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-09-11 19:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-09 02:07 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Xfire
    2007-09-08 23:53 --------- d---s---- C:\Program Files\Xfire
    2007-08-29 16:27 --------- d-------- C:\Program Files\mIRC
    2007-08-24 12:17 --------- d-------- C:\Program Files\Dell
    2007-08-24 12:05 5 --a------ C:\WINDOWS\system32\drivers\DELL_INS_9300.MRK
    2007-08-24 12:05 5 --a------ C:\WINDOWS\system32\drivers\1028_DELL_INS_9300.MRK
    2007-08-23 21:06 --------- d-------- C:\Program Files\Modem Helper
    2007-08-22 15:43 --------- d-------- C:\Program Files\PokerStars
    2007-08-22 15:43 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\XBList
    2007-08-21 01:28 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-08-19 19:40 --------- d-------- C:\Program Files\AMX Mod X
    2007-08-16 23:44 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\uTorrent
    2007-08-16 15:08 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-08-16 15:08 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-08-15 18:52 --------- d-------- C:\Program Files\QuickTime
    2007-08-14 17:01 --------- d-------- C:\Program Files\DAEMON Tools
    2007-08-14 16:56 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-08-13 20:36 --------- d-------- C:\Program Files\iTunes
    2007-08-13 20:36 --------- d-------- C:\Program Files\iPod
    2007-08-13 15:02 --------- d-------- C:\Program Files\Microsoft Works
    2007-08-13 15:00 --------- d-------- C:\Program Files\Microsoft.NET
    2007-08-11 21:16 --------- d-------- C:\Program Files\Xvid
    2007-08-11 01:34 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Ventrilo
    2007-08-07 19:26 8864 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
    2007-08-05 23:28 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\FrostWire
    2007-07-31 20:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
    2007-07-31 20:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    2007-07-31 18:23 --------- d-------- C:\Program Files\Viewpoint
    2007-07-31 01:52 --------- d-------- C:\Program Files\CCleaner
    2007-07-30 23:13 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Apple Computer
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-30 00:20 --------- d-------- C:\Program Files\AIM
    2007-07-30 00:20 --------- d-------- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\Aim
    2007-07-30 00:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2007-07-29 23:13 --------- d-------- C:\Program Files\Audacity
    2007-07-27 23:32 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-07-27 23:32 --------- dr-h----- C:\DOCUME~1\JOEGUZ~1\APPLIC~1\SecuROM
    2007-07-27 22:41 --------- d-------- C:\Program Files\DivX
    2007-07-23 00:02 --------- d-------- C:\Program Files\Fraps
    2007-07-21 17:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    2007-07-21 17:07 --------- d-------- C:\Program Files\Bonjour
    2007-07-21 16:57 --------- d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-07-20 22:02 --------- d-------- C:\Program Files\Lavasoft
    2007-07-20 22:02 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-20 22:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-07-10 23:33 339968 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
    2007-07-09 15:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2007-07-09 15:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
    2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 18:51]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 22:46]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 22:47]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-12-04 16:10]
    "nwiz"="nwiz.exe" [2006-12-04 16:10 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2006-03-22 23:32 C:\WINDOWS\system32\nvhotkey.dll]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
    "WD Button Manager"="WDBtnMgr.exe" [2007-07-10 23:33 C:\WINDOWS\system32\WDBtnMgr.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-12-04 16:10]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "OdTray.exe"="C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2006-12-15 14:08]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVEDESK"="C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE" [2005-10-25 23:44]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-10 23:14:44]
    Post-itr Software Notes.lnk - C:\Program Files\3M\PSNotes\psn.exe [2004-10-15 15:26:20]
    Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-07-10 23:40:36]

    C:\DOCUME~1\JOEGUZ~1\STARTM~1\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    R3 jnprna;Juniper Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\jnprna.sys
    R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
    S2 wiisvc;Windows Input Service;"C:\WINDOWS\system\wibsvc.exe"
    S3 EacService;Juniper TNC Endpoint Assessment;C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
    S3 WD_FireWire_HID;WD FireWire Pseudo-HID driver;C:\WINDOWS\system32\DRIVERS\wdfwhid.sys
    S3 XDva015;XDva015;\??\C:\WINDOWS\system32\XDva015.sys

    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-21 12:48:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-21 12:49:18
    C:\ComboFix-quarantined-files.txt ... 2007-09-21 12:49
    C:\ComboFix2.txt ... 2007-09-20 21:44
    C:\ComboFix3.txt ... 2007-09-20 21:40
    .
    --- E O F ---

AVG:
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 3:45:58 PM 9/21/2007

    + Scan result:



    Nothing found.



    ::Report end


Reg Finder...

    9/21/2007 12:45:19 PM: No matches to your search terms: " wibsvc.exe"
    were found. The search took 36 seconds.


I guess it's looking good? My computer doesn't seem as sluggish and I haven't been getting those popups or antivirus warning.
joeguz1k
Active Member
 
Posts: 11
Joined: September 19th, 2007, 3:39 pm

Unread postby Bob4 » September 21st, 2007, 10:53 pm

Just one more thing to do.



Open Notepad, copy and paste the following text (in bold) into the new Notepad window.
Save it to your Desktop, as type "all files", as fixservice.bat
You may be told that fixservice .bat already exsists Do you want to replace the file:
Choose yes.
That's in case you didn't delete the last fixservice.bat file. ;)

save it to your desktop.
Now click the file you, won't see much happen.
Then you may delete the file we just made.

sc stop wiisvc
sc delete wiisvc


Please post a new HJT log for me.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby joeguz1k » September 21st, 2007, 11:00 pm

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:59:12 PM, on 9/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\3M\PSNotes\psn.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\PROGRA~1\3M\PSNotes\PSNGive.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Trend Micro\HijackThis\TJH.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/openmanage
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [AVEDESK] "C:\Documents and Settings\Joe Guzik\My Documents\My Downloads\AveDesk\AVEDESK.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6253278406
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
    O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12175 bytes
joeguz1k
Active Member
 
Posts: 11
Joined: September 19th, 2007, 3:39 pm

Unread postby Bob4 » September 21st, 2007, 11:22 pm

Great news ! Image

Your log now appears to be clean.

Lets do a few things to tidy up.


___________________________________
Please create a 'clean' System Restore Point:
The reason for doing this is in case you need system restore you don't put back all we just took out.
Right click My Computer
Then Propeties then system restore
Place a check mark by turn off system restore
Click APPLY
Windows will give you a warning click yes
REBOOT

Now go right back to the same place and unchecksystem restore
Click APPLYand OK




A few things to help with possible threats

These are optional . But will help protect you further.
___________________________________

SpywareBlaster

Install SpywareBlaster

SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs.
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.


______________________________
SiteHound

http://www.firetrust.com/firetrustsitehound.html

This tool bar will help protect you from.

Over 4,000 fake bank and credit sites.
Tens of thousands of pornographic
and adult sites.
The never ending fake phishing sites.
Malicious sites, which can infect you
with spyware and adware if you visit
them.
Sites to download software which
may infect your computer with
spyware, a virus or adware


___________________________________
Download and keep this updated and run weekly if you don't already have it.

spybot seach & destroy
Tutorial




___________________________________
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here :
This website also contains useful tips, and links to other resources and utilities.


___________________________________
Make your Internet Explorer more secure
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click Ok
5. Click on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

6. Next press the Apply button and then the OK to exit the Internet Properties page.




Here's a site with great advise on how to AVOID malware. Much easier to do than removing it.






Safe and Happy Surfing. :)
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby joeguz1k » September 22nd, 2007, 1:57 am

Wonderful thank you so much!

I have 2 more questions!

One, I have had SpywareBlaster for a while, but am unsure if I'm using it properly. For example, when I restart my computer I'm not sure if it's already "running" or I need to open it again. When I minimize it says I can just close, but I'm wondering is it 'working' 24/7 for me - even if I restart my computer?

Two, I had an external HDD attached to my computer when I was first infected. I unattached it quickly afterwards (though I'm not sure if it was quick enough.. couple hours in?). I've left it unattached throughout this process, and am wondering on the best way to make sure it didn't also get infected. I kind of doubt that it did, but what do I know. :D

I SiteHound, but it's not sending me an ID to my email address. Grrrr.

Again thanks so much for your help.
joeguz1k
Active Member
 
Posts: 11
Joined: September 19th, 2007, 3:39 pm

Unread postby joeguz1k » September 22nd, 2007, 2:05 am

Also, I have AVG Anti-Spyware and am wondering if I should use it (Resident Shield?) or should I uninstall it? There's no way I can get rid of Symantec as my school requires it.
joeguz1k
Active Member
 
Posts: 11
Joined: September 19th, 2007, 3:39 pm

Unread postby Bob4 » September 22nd, 2007, 8:37 am

joeguz1k wrote:Wonderful thank you so much!

I have 2 more questions!

One, I have had SpywareBlaster for a while, but am unsure if I'm using it properly. For example, when I restart my computer I'm not sure if it's already "running" or I need to open it again. When I minimize it says I can just close, but I'm wondering is it 'working' 24/7 for me - even if I restart my computer?.


Run it each time you restart your computer. Be sure to check for updates.
Here's a great tutorial

joeguz1k wrote:Two, I had an external HDD attached to my computer when I was first infected. I unattached it quickly afterwards (though I'm not sure if it was quick enough.. couple hours in?). I've left it unattached throughout this process, and am wondering on the best way to make sure it didn't also get infected. I kind of doubt that it did, but what do I know. :D


Start by running AVG anti malware on it.
Also scan using Nortons. Between the 2 of them they will let you know if theres a problem.


joeguz1k wrote:I SiteHound, but it's not sending me an ID to my email address. Grrrr.

Have a look around this site to see if you can get answers. Try their forum also. Their really pretty good about helping . ;)



joeguz1k wrote:Also, I have AVG Anti-Spyware and am wondering if I should use it (Resident Shield?) or should I uninstall it? There's no way I can get rid of Symantec as my school requires it.


Use it. As this is an anti spyware program and not an anti virus they do not conflict with each other.


joeguz1k wrote: There's no way I can get rid of Symantec as my school requires it.

Kind of dictatorship like to tell you what program you have to use/buy. :roll: At least they ensure everyone has onee.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby joeguz1k » September 22nd, 2007, 4:10 pm

Yay, I got everything working and have scanned by external HDD. AVG found some old cookies (i have a backup of an old harddrive on my external) but nothing too scary! :D Thanks again for all your help!!!
joeguz1k
Active Member
 
Posts: 11
Joined: September 19th, 2007, 3:39 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware