Tons of viruses & slow initially bc of AntiSpyMaster

jtine · 05-03-2008, 03:38 PM

Last week my 4 year old Dell Dimension 2400 (running Windows XP, Service Pack 2) got infected with a virus called AntiSpyware Master or something like that, which was apparently some kind of "rogue" program that subsequently let a hoard of viruses in. I ran Spybot-Search & Destroy and Ad-Aware 2007 a bunch of times, installed Norton Antivirus (too late, I'm sure) and removed/quarantined whatever they told me to, but not only would it take really really long, but they didn't fix all the problems.

The computer got ridiculously slow (sometimes when I'm trying to run a scan it fails at the end because of a lack of memory) and sometimes would take more than 15 minutes for the desktop to load. Right now I have a blue and yellow desktop image saying "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer." My files all appear to be fine, though.

I read the 5 steps before posting and downloaded the applicable programs and ran the scans, and the computer seems to have gotten a little faster but it's still verrry slow and I get popups from Internet Explorer even when I'm using Firefox, and Spybot Search and Destroy keeps on popping up to say that this or that important file has been deleted (I usually click Deny).
I tried to install the Windows update as instructed, but it failed.

First and foremost I'd be very grateful for some advice as to what to do about my computer. However, in the case that the computer can't be fixed, I DO very much want to save my files at least...but how do I know which ones have been infected and which haven't?
I am considering buying an external harddrive to save the files and then reformatting the computer but the viruses could probably infect the external harddrive as well, right? What can I do?

---------------------------------------------------------------
here is my log from DSS (main.txt):

Deckard's System Scanner v20071014.68
Run by Justine on 2008-05-01 02:28:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
8: 2008-05-01 09:30:53 UTC - RP821 - Deckard's System Scanner Restore Point
7: 2008-04-28 00:39:13 UTC - RP820 - Installed McAfee VirusScan Enterprise
6: 2008-04-18 05:41:24 UTC - RP819 - Installed Ad-Aware 2007
5: 2008-04-16 09:31:19 UTC - RP818 - Last known good configuration
4: 2008-04-16 09:30:48 UTC - RP817 - System Checkpoint

-- First Restore Point --
1: 2008-04-16 09:30:38 UTC - RP814 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 0.94 GiB (less than 15%) free.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-01 03:29:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\alg.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Justine\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Common Files\Microsoft Shared\syscts.exe,
O2 - BHO: {6230043d-ed18-a0da-04e4-dc1354c2bfd1} - {1dfb2c45-31cd-4e40-ad0a-81ded3400326} - C:\WINDOWS\system32\bprydhdn.dll (file missing)
O2 - BHO: (no name) - {1ed831d2-903d-4bf5-9811-7ab690e34061} - (no file)
O2 - BHO: (no name) - {470A46E5-0798-48A5-8839-AF9A0BEE5741} - (no file)
O2 - BHO: (no name) - {5cf365dd-e76e-4f8c-990f-f2740df9aa05} - C:\WINDOWS\SYSTEM32\opnnmjjk.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O2 - BHO: (no name) - {676749f0-54a1-48a2-a27d-c6ee82a9ac8f} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CC68182-75FE-4117-BC87-38CBA70063D4} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3AA82EB-3604-4B02-178F-67E5D447E071} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: e404 helper - {c03fd59d-9104-44b7-929a-9eaa0ba05211} - C:\Program Files\Helper\1208865560.dll (file missing)
O2 - BHO: (no name) - {C41DF0FF-61CB-40F1-983A-BFE9B1F1DDA2} - (no file)
O2 - BHO: (no name) - {CCAC61D1-A34D-D6B1-1397-A58F050C2CC8} - C:\WINDOWS\system32\spqcv.dll (file missing)
O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Justine\cftmon.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [BMc3d7b112] Rundll32.exe "C:\WINDOWS\system32\srdkfqmr.dll",s
O4 - HKLM\..\Run: [c0e4828e] rundll32.exe "C:\WINDOWS\system32\gjubfvrb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Justine\cftmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\pinz1\cegmgr76.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: iTunes.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/12bc2ee4...p/RdxIE601.cab
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1209631279976
O16 - DPF: {7935ACFD-5007-4C61-B603-3FEA6097871C} (stcpeX.stcpeocx) - http://phi.resnet.ucla.edu/ResNetReg2/stcpeX.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: bw+0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {06e26e0f-b6e1-4185-bea9-fae00b552a7a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: offline-8876480 - {06E26E0F-B6E1-4185-BEA9-FAE00B552A7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee McShield (mcshield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (mctaskmanager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NAI ePO Agent Install (naimservinst) - Unknown owner - C:\DOCUME~1\Justine\LOCALS~1\Temp\unz31.tmp\FramePkg.exe /SignalComplete /LOGDIR="C:\DOCUME~1\Justine\LOCALS~1\Temp\NAILogs" /Cleanup2="C:\DOCUME~1\Justine\LOCALS~1\Temp\unz31.tmp" /WaitFor=4584 /CurrentFolder="C:\WINDOWS\system32" /Install=Updater /Product=VIRUSCAN8600 /Silent /InstDir="C:\Program Files\McAfee\Common Framework" /sti=1
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\SYSTEM32\Tablet.exe
O23 - Service: TabletService TabletServiceWLSetupSvc (tabletservicewlsetupsvc) - Unknown owner - C:\WINDOWS\system32\1037o.exe srv

--
End of file - 28715 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 kbdhidd - c:\windows\system32\drivers\kbdhidd.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 SAVAdminService (Sophos Anti-Virus status reporter) - "c:\program files\sophos\sophos anti-virus\savadminservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 SAVService (Sophos Anti-Virus) - "c:\program files\sophos\sophos anti-virus\savservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 Sophos AutoUpdate Service - "c:\program files\sophos\autoupdate\alsvc.exe" <Not Verified; Sophos Plc; Sophos AutoUpdate>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S2 Schedule (Task Scheduler) - c:\windows\system32\drivers\spools.exe (file missing)
S2 tabletservicewlsetupsvc (TabletService TabletServiceWLSetupSvc) - c:\windows\system32\1037o.exe srv (file missing)
S3 naimservinst (NAI ePO Agent Install) - c:\docume~1\justine\locals~1\temp\unz31.tmp\framepkg.exe /signalcomplete /logdir="c:\docume~1\justine\locals~1\temp\nailogs" /cleanup2="c:\docume~1\justine\locals~1\temp\unz31.tmp" /waitfor=4584 /currentfolder="c:\windows\system32" /install=updater /product=viruscan8600 /silent /instdir="c:\program files\mcafee\common framework" /sti=1 (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-18 17:34:13 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-17 19:57:14 626 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Justine.job
2008-03-02 19:24:31 304 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job

-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-05-01 00:25:48 0 d-------- C:\ie-spyad_zo
2008-04-30 23:38:14 0 d-------- C:\Program Files\SpywareBlaster
2008-04-28 00:40:36 0 d-------- C:\WINDOWS\LastGood
2008-04-28 00:34:41 0 d-------- C:\Program Files\Panda Security
2008-04-27 18:49:17 0 d-------- C:\QUARANTINE
2008-04-27 18:32:52 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-27 17:27:55 0 d-------- C:\Program Files\McAfee
2008-04-27 17:27:55 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-22 18:56:10 0 --a------ C:\Documents and Settings\Justine\cftmon.exe
2008-04-22 18:35:03 0 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-22 05:00:03 48585 --a------ C:\WINDOWS\system32\a234e.sys
2008-04-22 04:59:20 0 d-------- C:\Program Files\Helper
2008-04-22 04:58:25 804 --a-s---- C:\WINDOWS\system32\2036478666.dat
2008-04-22 04:56:11 67506 --a------ C:\WINDOWS\fkjdfje.sys
2008-04-22 04:48:00 0 d-------- C:\Documents and Settings\Justine\Application Data\Anti-Virus-Pro.com
2008-04-22 04:44:47 0 d-------- C:\Program Files\AntiVirusPro
2008-04-22 04:44:06 2 --a------ C:\-1058766303
2008-04-22 04:43:27 20992 --a------ C:\gpqdiib.exe
2008-04-22 04:43:26 74240 --a------ C:\vqvtx.exe
2008-04-20 14:00:19 0 d-------- C:\HJT
2008-04-17 22:41:55 0 d-------- C:\Program Files\Lavasoft
2008-04-17 22:41:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 22:38:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 03:33:51 0 d-------- C:\Program Files\Windows Sidebar
2008-04-17 03:26:37 0 d-------- C:\Program Files\Norton Internet Security
2008-04-17 02:22:53 0 d-------- C:\Documents and Settings\Justine\.housecall6.6
2008-04-16 22:15:26 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-16 22:15:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-16 22:15:26 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-16 22:15:26 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-16 22:15:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-16 22:15:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-16 22:15:26 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-16 22:15:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-16 22:15:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-16 22:15:25 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-16 22:15:25 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-16 22:15:25 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-16 22:15:25 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-16 22:15:25 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-16 22:15:25 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-16 22:15:25 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-16 22:15:25 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-16 22:15:24 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-16 02:44:58 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 02:43:04 0 d-------- C:\Program Files\Spyware Doctor
2008-04-16 02:29:59 520622 --ahs---- C:\WINDOWS\system32\kjjmnnpo.ini2
2008-04-16 02:29:37 392218 --a------ C:\WINDOWS\system32\opnnmjjk.dll
2008-04-16 02:24:56 86144 --a------ C:\WINDOWS\system32\drivers\kbdhidd.sys
2008-04-16 02:24:40 0 d-------- C:\WINDOWS\system32\pinz1
2008-04-16 02:24:40 0 d-------- C:\WINDOWS\system32\iFi
2008-04-16 02:24:40 0 d-------- C:\WINDOWS\system32\IDE2
2008-04-16 02:24:40 0 d-------- C:\WINDOWS\system32\ExTmp
2008-04-16 02:24:40 0 d-------- C:\WINDOWS\system32\axV
2008-04-16 02:24:21 0 d-------- C:\WINDOWS\system32\xcsDd01
2008-04-13 23:04:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-04-03 02:44:50 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-02 11:21:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-02 11:20:15 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

-- Find3M Report ---------------------------------------------------------------

2008-05-01 02:45:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-28 12:36:13 0 d-------- C:\Documents and Settings\Justine\Application Data\Viewpoint
2008-04-28 12:20:12 0 d-------- C:\Program Files\Viewpoint
2008-04-28 00:38:19 5994 --a----c- C:\WINDOWS\mozver.dat
2008-04-27 23:53:28 302 --a------ C:\WINDOWS\system32\wacom.dat
2008-04-27 17:27:55 0 d-------- C:\Program Files\Common Files
2008-04-21 02:11:35 0 d-------- C:\Documents and Settings\Justine\Application Data\Google
2008-04-20 18:35:18 0 d-------- C:\Program Files\Zoom Player
2008-04-17 20:49:15 0 d-------- C:\Program Files\Symantec
2008-04-17 03:52:35 0 d-------- C:\Documents and Settings\Justine\Application Data\Symantec
2008-04-17 01:56:38 0 d-------- C:\Program Files\Minilyrics
2008-04-17 01:55:58 0 d-------- C:\Program Files\WinMX
2008-04-17 01:54:06 0 d-------- C:\Program Files\LimeWire
2008-04-16 03:12:26 0 d-------- C:\Documents and Settings\Justine\Application Data\uTorrent
2008-04-13 23:12:32 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-04-13 23:07:38 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-13 23:04:25 0 d-------- C:\Program Files\Logitech
2008-04-07 00:32:42 0 d-------- C:\Program Files\QuickTime
2008-04-02 11:36:50 0 d-------- C:\Program Files\MSN Messenger
2008-04-02 11:21:12 0 d-------- C:\Program Files\Windows Live
2008-04-02 10:58:51 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-06 02:09:57 17920 --a------ C:\WINDOWS\system32\sophosboottasks.exe <Not Verified; Sophos Plc; Sophos Anti-Virus>
2008-03-02 19:20:33 0 d-------- C:\Program Files\Microsoft IntelliType Pro

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dfb2c45-31cd-4e40-ad0a-81ded3400326}]
C:\WINDOWS\system32\bprydhdn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ed831d2-903d-4bf5-9811-7ab690e34061}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{470A46E5-0798-48A5-8839-AF9A0BEE5741}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5cf365dd-e76e-4f8c-990f-f2740df9aa05}]
04/16/2008 02:29 AM 392218 --a------ C:\WINDOWS\system32\opnnmjjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 08:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{676749f0-54a1-48a2-a27d-c6ee82a9ac8f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
04/17/2008 08:44 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CC68182-75FE-4117-BC87-38CBA70063D4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3AA82EB-3604-4B02-178F-67E5D447E071}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c03fd59d-9104-44b7-929a-9eaa0ba05211}]
C:\Program Files\Helper\1208865560.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41DF0FF-61CB-40F1-983A-BFE9B1F1DDA2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCAC61D1-A34D-D6B1-1397-A58F050C2CC8}]
C:\WINDOWS\system32\spqcv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 08:51 PM 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/21/2005 11:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/21/2005 11:44 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 03:48 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/11/2004 09:43 AM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 06:12 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 06:15 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/11/2004 05:49 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 05:49 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 04:41 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/10/2006 10:45 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/09/2006 07:58 PM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [06/13/2007 09:16 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 06:08 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/14/2008 11:01 AM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/24/2007 09:53 PM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" []
"autoload"="C:\Documents and Settings\Justine\cftmon.exe" []
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 08:50 AM]
"BMc3d7b112"="C:\WINDOWS\system32\srdkfqmr.dll" []
"c0e4828e"="C:\WINDOWS\system32\gjubfvrb.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/25/2007 11:25 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [02/10/2008 05:38 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" []
"autoload"="C:\Documents and Settings\Justine\cftmon.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"autoload"=C:\Documents and Settings\LocalService\cftmon.exe

C:\Documents and Settings\Justine\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 7:00:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\Program Files\Common Files\Microsoft Shared\syscts.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnnmjjk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\CDSTART.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaea4a76-2b14-11dc-9d47-000f1f57278b}]
verb1\command- desktop.exe

*Newly Created Service* - COMHOST

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.181.365soft.info
127.0.0.1 181.365soft.info
127.0.0.1 www.1-extreme.biz
127.0.0.1 1-extreme.biz
127.0.0.1 2.82211.net
127.0.0.1 www.24.365soft.info

8328 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-05-01 04:03:50 ------------

Thanks in advance!!!!!!!

**Angelfire777** · 05-07-2008, 04:04 AM

Hi welcome to TSF!

if you still need assistance, please post a fresh main.txt log

jtine · 05-07-2008, 09:12 AM

Hi, thanks for your reply. I do still need help, but I can't get to that computer at the moment. Just wondering, why do I need to post a new main.txt log? It took really long for that to finish last time...

**Angelfire777** · 05-07-2008, 09:23 AM

It was to check if you are still in need of assistance. Many post here and go away.. It wastes helpers' time when they form a fix and don't get any replies back from the user. Depending on the infections in the log, it may even take a helper 30 mins - 1 hr just to form a fix.

Another reason is to check on the state of your machine. Malware evolves fast and sometimes I will need to see what is changed in the machine.

I'll return tomorrow with a fix. It's very late here.

**Angelfire777** · 05-07-2008, 10:34 PM

Hi,

You only have a few harddrive space left. I suggest that you move some files to an external drive if you have one. Little hard drive space can greatly affect the performance of your machine especially its speed.

You are operating your computer with multiple Anti Virus programs running in memory at once:
Sophos
Mcafee
Norton

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two or more anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

I suggest you uninstall or disable the antivirus' that you do not wish to use. Keep only one active.

Please visit this webpage for download links, and instructions for running combofixl:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
________

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

jtine · 05-08-2008, 08:27 PM

Thank you very much! I uninstalled Sophos and tried to disable McAffee and Norton (I think it worked), and freed up about 20 gb of space. The computer is running a lot faster now! (but I'm still getting pop ups about deletions from SpyBot Search and Destroy, and when I turn on the computer, I get a RUNDLL window that says "Error loading C:\WINDOWS\system32\gjubfvrb.dll")

Here is my ComboFix and new Hijackthis log. Thanks in advance!!!

ComboFix 08-05-08.1 - Justine 2008-05-08 19:33:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.178 [GMT -7:00]
Running from: C:\Documents and Settings\Justine\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Justine\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Justine\Application Data\Anti-Virus-Pro.com
C:\Documents and Settings\Justine\My Documents\CROSOF~1
C:\Documents and Settings\Justine\My Documents\CROSOF~1\??erinit.exe
C:\Documents and Settings\Justine\My Documents\WNSXS~1
C:\Documents and Settings\Justine\My Documents\WNSXS~1\W?nSxS\
C:\Program Files\AntiVirusPro
C:\Program Files\Helper
C:\Program Files\Internet Explorer\setupapi.dll
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\brvfbujg.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\hqiopa.sys
C:\WINDOWS\SYSTEM32\kjjmnnpo.ini
C:\WINDOWS\SYSTEM32\kjjmnnpo.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\win
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X11
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X7
C:\WINDOWS\system32\X9

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hqiopa

((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-01 02:27 . 2008-05-01 02:27 <DIR> d-------- C:\Deckard
2008-05-01 00:25 . 2008-05-01 00:25 <DIR> d-------- C:\ie-spyad_zo
2008-04-30 23:38 . 2008-04-30 23:58 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-28 00:34 . 2008-04-28 00:54 <DIR> d-------- C:\Program Files\Panda Security
2008-04-27 18:49 . 2008-04-27 22:17 <DIR> d-------- C:\QUARANTINE
2008-04-27 18:32 . 2008-04-27 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-27 18:16 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-04-27 18:16 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys
2008-04-27 18:16 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys
2008-04-27 18:16 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-04-27 18:15 . 2006-11-30 08:50 168,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-04-27 18:12 . 2008-04-27 18:12 269,334 --a------ C:\WINDOWS\SYSTEM32\adofmp.bmp
2008-04-27 17:27 . 2008-04-27 17:27 <DIR> d-------- C:\Program Files\McAfee
2008-04-27 17:27 . 2008-04-27 17:27 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-22 18:55 . 2008-05-08 18:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-22 18:55 . 2008-04-22 18:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-22 05:00 . 2008-04-22 05:00 48,585 --a------ C:\WINDOWS\SYSTEM32\a234e.sys
2008-04-22 04:58 . 2008-04-22 12:33 804 --a-s---- C:\WINDOWS\SYSTEM32\2036478666.dat
2008-04-22 04:44 . 2008-04-22 04:58 2 --a------ C:\-1058766303
2008-04-22 04:43 . 2008-04-22 04:43 20,992 --a------ C:\gpqdiib.exe
2008-04-22 04:40 . 2008-04-22 04:40 269,334 --a------ C:\WINDOWS\SYSTEM32\atkjmlor.bmp
2008-04-21 00:26 . 2008-04-21 00:43 354 --ahs---- C:\WINDOWS\SYSTEM32\ihkfsnfa.ini
2008-04-20 14:00 . 2008-04-20 14:00 <DIR> d-------- C:\HJT
2008-04-20 00:23 . 2008-04-20 12:41 294 --ahs---- C:\WINDOWS\SYSTEM32\wqrqxvsa.ini
2008-04-18 18:13 . 2008-04-18 21:11 294 --ahs---- C:\WINDOWS\SYSTEM32\erriqnst.ini
2008-04-17 22:41 . 2008-04-17 22:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-17 22:41 . 2008-04-17 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 22:38 . 2008-04-17 22:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 10:11 . 2008-04-17 02:23 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-04-17 03:33 . 2008-04-17 03:33 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-17 03:26 . 2008-04-17 21:27 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-04-17 03:17 . 2008-04-17 20:49 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-04-17 03:17 . 2008-04-17 20:49 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-04-17 03:17 . 2008-04-17 20:49 10,740 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-04-17 03:17 . 2008-04-17 20:49 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-04-17 02:22 . 2008-04-17 10:37 <DIR> d-------- C:\Documents and Settings\Justine\.housecall6.6
2008-04-16 22:15 . 2008-04-16 22:15 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-16 22:15 . 2008-05-08 19:32 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-16 21:54 . 2008-04-16 22:09 414 --ahs---- C:\WINDOWS\SYSTEM32\gnxoxsxa.ini
2008-04-16 21:52 . 2008-04-16 21:52 294 --ahs---- C:\WINDOWS\SYSTEM32\wjbeguni.ini
2008-04-16 21:49 . 2008-04-28 11:15 109,747 --a------ C:\WINDOWS\BMc3d7b112.xml
2008-04-16 02:44 . 2008-04-28 11:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 02:24 . 2008-04-17 03:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\xcsDd01
2008-04-16 02:24 . 2008-04-17 03:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\pinz1
2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\iFi
2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\IDE2
2008-04-16 02:24 . 2008-04-17 03:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\ExTmp
2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\axV
2008-04-16 02:24 . 2008-04-16 02:24 <DIR> d-------- C:\Temp\berDrv11
2008-04-16 02:24 . 2008-04-16 02:25 167,545 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
2008-04-13 23:12 . 2008-04-22 18:32 0 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\logiflt.iad
2008-04-13 23:09 . 2007-10-11 18:57 195,096 --a------ C:\WINDOWS\SYSTEM32\lvci1150.dll
2008-04-13 23:04 . 2008-04-14 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 02:48 --------- d-----w C:\Program Files\Sophos
2008-05-09 02:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-05 03:59 --------- d-----w C:\Program Files\Zoom Player
2008-04-28 19:36 --------- d-----w C:\Documents and Settings\Justine\Application Data\Viewpoint
2008-04-28 19:20 --------- d-----w C:\Program Files\Viewpoint
2008-04-28 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-23 01:33 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-04-18 03:49 --------- d-----w C:\Program Files\Symantec
2008-04-17 10:52 --------- d-----w C:\Documents and Settings\Justine\Application Data\Symantec
2008-04-17 08:56 --------- d-----w C:\Program Files\Minilyrics
2008-04-17 08:55 --------- d-----w C:\Program Files\WinMX
2008-04-17 08:54 --------- d-----w C:\Program Files\LimeWire
2008-04-16 10:12 --------- d-----w C:\Documents and Settings\Justine\Application Data\uTorrent
2008-04-14 06:12 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-04-14 06:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-14 06:04 --------- d-----w C:\Program Files\Logitech
2008-04-07 07:32 --------- d-----w C:\Program Files\QuickTime
2008-04-03 09:44 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-02 18:36 --------- d-----w C:\Program Files\MSN Messenger
2008-04-02 18:24 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-02 18:21 --------- d-----w C:\Program Files\Windows Live
2008-04-02 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 17:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-11 00:38 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-03-08 08:12 48,632 -c--a-w C:\Documents and Settings\Justine\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 08:18 10,775 -c--a-w C:\Program Files\Sophos SWEEP for NTtsweep.log
2005-07-30 23:02 2,161 -c--a-w C:\Program Files\Sophos SWEEP for NT053007.log
2005-07-29 18:20 2,264 -c--a-w C:\Program Files\Sophos SWEEP for NT052907.log
2005-04-05 07:28 1,848 -c--a-w C:\Program Files\Sophos SWEEP for NT050504.log
.

------- Sigcheck -------

2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2002-08-29 03:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 04:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dfb2c45-31cd-4e40-ad0a-81ded3400326}]
C:\WINDOWS\system32\bprydhdn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5cf365dd-e76e-4f8c-990f-f2740df9aa05}]
C:\WINDOWS\system32\opnnmjjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-17 20:44 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCAC61D1-A34D-D6B1-1397-A58F050C2CC8}]
C:\WINDOWS\system32\spqcv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 23:25 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-10 17:38 36864]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48 32881]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 09:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15 290816]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-11 17:49 180269]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 17:49 49152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 16:41 163840]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 10:45 35328]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-05-09 19:58 158208]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50 112216]
"c0e4828e"="C:\WINDOWS\system32\gjubfvrb.dll" [ ]
"BMc3d7b112"="C:\WINDOWS\system32\srdkfqmr.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-09-19 16:32:58 113664]
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2005-07-20 16:02:33 372224]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\sysreset\\mirc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"C:\\Program Files\\Direct Connect\\Direct Connect.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\CoffeeCup Software\\CoffeeCup Free FTP\\FreeFTP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12220:TCP"= 12220:TCP:STCPE LP
"80:TCP"= 80:TCP:Web
"17205:TCP"= 17205:TCP:BitComet 17205 TCP
"17205:UDP"= 17205:UDP:BitComet 17205 UDP

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 tabletservicewlsetupsvc;TabletService TabletServiceWLSetupSvc;C:\WINDOWS\system32\1037o.exe []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 naimservinst;NAI ePO Agent Install;C:\DOCUME~1\Justine\LOCALS~1\Temp\unz31.tmp\FramePkg.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaea4a76-2b14-11dc-9d47-000f1f57278b}]
\shell\verb1\command - desktop.exe

*Newly Created Servic

05-07-2008, 04:04 AM	#2 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Location: BC, Canada Posts: 2,435 OS: XP	Re: Tons of viruses & slow initially bc of AntiSpyMaster Hi welcome to TSF! if you still need assistance, please post a fresh main.txt log __________________ Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

05-07-2008, 09:12 AM	#3 (permalink)
jtine Registered User Join Date: May 2008 Posts: 6 OS: Windows XP Service Pack 2	Re: Tons of viruses & slow initially bc of AntiSpyMaster Hi, thanks for your reply. I do still need help, but I can't get to that computer at the moment. Just wondering, why do I need to post a new main.txt log? It took really long for that to finish last time...

05-07-2008, 09:23 AM	#4 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Location: BC, Canada Posts: 2,435 OS: XP	Re: Tons of viruses & slow initially bc of AntiSpyMaster It was to check if you are still in need of assistance. Many post here and go away.. It wastes helpers' time when they form a fix and don't get any replies back from the user. Depending on the infections in the log, it may even take a helper 30 mins - 1 hr just to form a fix. Another reason is to check on the state of your machine. Malware evolves fast and sometimes I will need to see what is changed in the machine. I'll return tomorrow with a fix. It's very late here. __________________ Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

05-07-2008, 10:34 PM	#5 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Location: BC, Canada Posts: 2,435 OS: XP	Re: Tons of viruses & slow initially bc of AntiSpyMaster Hi, You only have a few harddrive space left. I suggest that you move some files to an external drive if you have one. Little hard drive space can greatly affect the performance of your machine especially its speed. You are operating your computer with multiple Anti Virus programs running in memory at once: Sophos Mcafee Norton Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two or more anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I suggest you uninstall or disable the antivirus' that you do not wish to use. Keep only one active. Please visit this webpage for download links, and instructions for running combofixl: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. ________ Please click Here to download HijackThis to your desktop. Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install. It will be installed by default here: C:\Program Files\Trend Micro\HijackThis A shortcut to the application will also be placed on your Desktop. The program will open automatically after installation. You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder. Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here. __________________ Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.