Help, Spyware/Virus problems

for some reason i get tons of popups even with all my blockers on, whenever i run noadware i get the same problems, 2 instant access hkey_current_user thingies, and a few tracking cookies, no matter how many times i run my AV or noadware its still there, i delete and repeat all day...i ran the HJT thing and here is the log... please help me, i dont want **** and other **** popping up, my little sister uses this pc

Logfile of HijackThis v1.99.1
Scan saved at 6:38:13 AM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185498158622
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194676324421
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

Hi allcriedout
Welcome to Windowsbbs

You have a older version of HJT, Please delete the one you have and follow the link below and post the logs from the new version of HJT and Deckards System Scanner here.

http://www.windowsbbs.com/announcement.php?f=41

Thanks
Geri

 

Hi Geri, thanks for responding, here's everything you asked for

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:07 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185498158622
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194676324421
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7720 bytes



Deckard's System Scanner v20071014.68
Run by daboyLoS on 2007-11-11 12:46:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
77: 2007-11-11 20:47:01 UTC - RP216 - Deckard's System Scanner Restore Point
76: 2007-11-11 11:27:48 UTC - RP215 - Microsoft OneCare Protection Checkpoint
75: 2007-11-11 11:08:40 UTC - RP214 - System Checkpoint
74: 2007-11-10 11:00:49 UTC - RP213 - Software Distribution Service 3.0
73: 2007-11-10 07:58:35 UTC - RP212 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-09-20 23:48:13 UTC - RP140 - Removed 12Sky


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as daboyLoS.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:16 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Documents and Settings\daboyLoS\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\daboyLoS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185498158622
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194676324421
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7391 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 szkg - c:\windows\system32\drivers\szkg.sys <Not Verified; iS3 Inc.; Stopzilla>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 RT73 (Belkin USB Network Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 szserver (STOPzilla Service) - "c:\program files\common files\is3\anti-spyware\szserver.exe" <Not Verified; iS3, Inc.; STOPzilla>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S4 Belkin Wireless USB Network Adapter Service (Belkin Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe
S4 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-10-11 and 2007-11-11 -----------------------------

2007-11-11 12:42:46 0 d-------- C:\Program Files\Trend Micro
2007-11-11 06:24:10 381012 --a------ C:\Program Files\Uninstall Fun Web Products.dll <Not Verified; MyWebSearch.com; My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients>
2007-11-10 00:07:39 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-09 22:47:22 0 d-------- C:\WINDOWS\network diagnostic
2007-11-09 22:40:54 0 d-------- C:\fc32ce4dd183c3b815b85db2ef
2007-11-09 18:50:55 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-09 14:36:22 0 d-------- C:\Program Files\NoAdware3
2007-11-09 14:32:22 0 d-------- C:\Program Files\WinAce
2007-11-08 00:44:18 0 d-------- C:\WINDOWS\cache
2007-11-07 22:53:22 0 d-------- C:\Program Files\Skinner3
2007-11-07 22:19:53 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-11-07 21:52:58 0 d-------- C:\Program Files\STOPzilla!
2007-11-07 21:52:57 0 d-------- C:\Program Files\Common Files\iS3
2007-11-07 21:52:57 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-06 22:05:32 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\U3
2007-10-31 19:55:18 0 dr-h----- C:\Documents and Settings\daboyLoS\Recent
2007-10-31 00:31:59 0 d-------- C:\Program Files\Incomplete
2007-10-29 00:09:09 0 d-------- C:\Program Files\WebMediaPlayer
2007-10-28 21:29:47 0 d-------- C:\Program Files\TypingMaster
2007-10-28 20:28:24 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Apple Computer
2007-10-28 20:26:22 1747 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-10-28 20:10:30 0 d-------- C:\Program Files\QuickTime
2007-10-28 20:10:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-24 01:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-24 01:57:09 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-10-24 01:57:05 0 d-------- C:\Program Files\AVSMedia
2007-10-24 01:56:43 0 d-------- C:\Program Files\Common Files\Download Manager
2007-10-20 04:26:31 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\KewlBoxPrefs
2007-10-20 04:17:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Meridian93
2007-10-20 04:16:39 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Meridian93
2007-10-18 02:50:29 0 d-------- C:\Documents and Settings\All Users\Application Data\The Game Equation
2007-10-17 00:03:46 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-16 21:50:20 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Sandlot Games
2007-10-16 17:58:27 110 --a------ C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2007-10-16 16:22:57 0 d-------- C:\WINDOWS\system32\URTTemp
2007-10-15 20:07:03 80 -r-hs---- C:\WINDOWS\system32\520C2C3C87.dll
2007-10-15 20:07:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2007-10-15 18:50:06 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-10-15 18:36:47 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Adobe
2007-10-15 18:24:30 0 d-------- C:\WINDOWS\Profiles
2007-10-15 18:24:25 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-15 18:24:25 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\InterTrust
2007-10-15 17:55:11 0 d-------- C:\Program Files\Broderbund
2007-10-15 17:55:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Broderbund
2007-10-11 22:07:27 0 d--hs---- C:\WINDOWS\ftpcache


-- Find3M Report ---------------------------------------------------------------

2007-11-11 06:05:46 0 d-------- C:\Program Files\Common Files
2007-11-09 19:11:33 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-11-08 00:45:20 0 d-------- C:\Program Files\Yahoo!
2007-11-07 23:08:13 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Move Networks
2007-11-05 09:43:20 0 d-------- C:\Program Files\AIM6
2007-11-05 09:41:13 0 d-------- C:\Program Files\Viewpoint
2007-11-02 06:12:29 0 d-------- C:\Program Files\LimeWire
2007-11-01 22:25:25 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\LimeWire
2007-11-01 12:19:53 0 d-------- C:\Program Files\Common Files\logishrd
2007-11-01 12:18:01 0 d-------- C:\Program Files\Logitech
2007-10-22 22:19:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-20 20:29:21 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\PlayFirst
2007-10-11 20:48:39 0 d-------- C:\Program Files\Real
2007-10-06 22:36:36 1408 --a----c- C:\WINDOWS\mozver.dat
2007-10-06 22:36:33 0 d-------- C:\Program Files\DivX
2007-10-05 10:11:08 225280 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2007-10-04 17:41:47 0 d-------- C:\Program Files\Samsung
2007-10-04 00:15:44 0 d-------- C:\Program Files\Microsoft Games
2007-10-03 23:54:45 0 d-------- C:\Program Files\WarRock
2007-10-03 23:50:26 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Yahoo!
2007-10-02 21:46:24 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\dvdcss
2007-09-30 21:17:25 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\funkitron
2007-09-26 23:59:21 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\MSN6
2007-09-23 20:12:59 4096 --a------ C:\WINDOWS\d3dx.dat
2007-09-23 18:41:33 0 d-------- C:\Program Files\Common Files\Real
2007-09-23 18:41:32 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2007-09-13 16:36:46 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:36:38 311296 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:48 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:32 61440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:14 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:54 200704 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:36 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:24 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:00 700416 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [06/28/2007 11:43 PM]
"nwiz "= "nwiz.exe" [06/28/2007 11:43 PM C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp "= "stsystra.exe" [07/27/2006 01:19 PM C:\WINDOWS\stsystra.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [06/28/2007 11:43 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 03:33 PM]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 03:37 PM]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 06:59 AM]
"OneCareUI "= "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [10/01/2007 09:53 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\Dell Support\DSAgnt.exe" [08/28/2006 08:57 PM]
"Aim6 "=" " []
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [09/03/2007 02:43 AM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"jethliujfb "= "c:\documents and settings\daboylos\local settings\application data\jethliujfb.exe" [10/29/2007 12:09 AM]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 06:59 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/12/2007 1:22:28 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [9/3/2007 2:43:42 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^daboyLoS^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\daboyLoS\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^daboyLoS^Start Menu^Programs^Startup^MostFun.lnk]
path=C:\Documents and Settings\daboyLoS\Start Menu\Programs\Startup\MostFun.lnk
backup=C:\WINDOWS\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jethliujfb]
c:\documents and settings\daboylos\local settings\application data\jethliujfb.exe jethliujfb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"Boonty Games "=3 (0x3)
"Belkin Wireless USB Network Adapter Service "=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830f1c6a-00cc-11dc-acd7-806d6172696f}]
AutoRun\command- D:\autorun.exe
directx\command- D:\DirectX9\dxsetup.exe
setup\command- D:\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.120-gen.tbn.ru
127.0.0.1 ad.3ad.doubleclick.net
127.0.0.1 ad.3au.doubleclick.net
127.0.0.1 ad.411web.com
127.0.0.1 ad.a8.net
127.0.0.1 ad.aboutwebservices.com
127.0.0.1 ad.adbest.com
127.0.0.1 ad.adconsole.com
127.0.0.1 ad.ad-flow.com
127.0.0.1 ad.adintensity.com

5815 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-11 12:49:13 ------------

 

Hi allcriedout

Download ComboFix from Here or [color= "Red"]Here[/color] to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

We need to have some files scanned, Please do this to these files.

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan "box on the top of the page:
  
  • c:\documents and settings\daboylos\local settings\application data\jethliujfb.exe
• Click on the submit button
  
• Please post the results in your next reply.

Please scan these also and post the results.
C:\fc32ce4dd183c3b815b85db2ef
C:\WINDOWS\system32\520C2C3C87.dll
C:\WINDOWS\ftpcache

Please post the combofix log and the Jotti results.

Thanks
Geri

 

Hi Geri thanks again for helping, here's the info you asked for:

Jotti's Scan Results

c:\documents and settings\daboylos\local settings\application data\jethliujfb.exe - The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

C:\fc32ce4dd183c3b815b85db2ef - The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

C:\WINDOWS\system32\520C2C3C87.dll -Status = OK
Scan taken on 12 Nov 2007 22:37:47 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

C:\WINDOWS\ftpcache - The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file


ComboFix 07-11-08.1 - daboyLoS 2007-11-12 13:57:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.72 [GMT -8:00]
Running from: C:\Documents and Settings\daboyLoS\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs.\WebMediaPlayer
C:\Documents and Settings\All Users\Start Menu\Programs.\WebMediaPlayer\Privacy Policy.lnk
C:\Documents and Settings\All Users\Start Menu\Programs.\WebMediaPlayer\Terms and conditions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs.\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs.\WebMediaPlayer\Website.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Privacy Policy.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Terms and conditions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Website.lnk
C:\Documents and Settings\daboyLoS\Local Settings\Application Data\jethliujfb.dat
C:\Documents and Settings\daboyLoS\Local Settings\Application Data\jethliujfb.exe
C:\Documents and Settings\daboyLoS\Local Settings\Application Data\jethliujfb_nav.dat
c:\Documents and Settings\daboyLoS\Local Settings\Application Data\jethliujfb_navps.dat
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Privacy Policy.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\Terms and conditions.url
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF


((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
.

2007-11-12 13:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 12:46 <DIR> d-------- C:\Deckard
2007-11-11 12:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-10 08:20 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-10 00:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-09 22:45 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-09 22:45 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-09 22:45 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-09 22:45 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-09 22:45 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-09 22:45 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-09 22:45 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-09 22:45 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-09 22:40 <DIR> d-------- C:\fc32ce4dd183c3b815b85db2ef
2007-11-09 19:13 88,008 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-11-09 19:12 112,840 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-11-09 19:11 67,784 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2007-11-09 18:50 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-09 14:36 <DIR> d-------- C:\Program Files\NoAdware3
2007-11-09 14:32 <DIR> d-------- C:\Program Files\WinAce
2007-11-08 00:44 <DIR> d-------- C:\WINDOWS\cache
2007-11-07 22:53 <DIR> d-------- C:\Program Files\Skinner3
2007-11-07 21:52 <DIR> d-------- C:\Program Files\STOPzilla!
2007-11-07 21:52 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-07 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-06 22:05 <DIR> d-------- C:\Documents and Settings\daboyLoS\Application Data\U3
2007-11-01 12:19 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2007-10-31 00:31 <DIR> d-------- C:\Program Files\Incomplete
2007-10-28 21:29 <DIR> d-------- C:\Program Files\TypingMaster
2007-10-28 20:28 <DIR> d-------- C:\Documents and Settings\daboyLoS\Application Data\Apple Computer
2007-10-28 20:10 <DIR> d-------- C:\Program Files\QuickTime
2007-10-28 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-24 01:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-24 01:57 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-10-24 01:57 <DIR> d-------- C:\Program Files\AVSMedia
2007-10-24 01:57 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-10-24 01:56 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-20 04:26 <DIR> d-------- C:\Documents and Settings\daboyLoS\Application Data\KewlBoxPrefs
2007-10-20 04:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Meridian93
2007-10-20 04:16 <DIR> d-------- C:\Documents and Settings\daboyLoS\Application Data\Meridian93
2007-10-19 12:16 2,109,976 --a------ C:\WINDOWS\system32\drivers\Lvckap.sys
2007-10-18 02:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\The Game Equation
2007-10-17 00:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-16 21:50 <DIR> d-------- C:\Documents and Settings\daboyLoS\Application Data\Sandlot Games
2007-10-16 17:58 110 --a------ C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2007-10-16 16:22 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-10-15 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2007-10-15 20:07 80 -r-hs---- C:\WINDOWS\system32\520C2C3C87.dll
2007-10-15 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-10-15 18:24 <DIR> d-------- C:\WINDOWS\Profiles
2007-10-15 18:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-15 18:24 <DIR> d-------- C:\Documents and Settings\daboyLoS\Application Data\InterTrust
2007-10-15 17:55 <DIR> d-------- C:\Program Files\Broderbund
2007-10-15 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Broderbund

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 03:11 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-11-08 08:45 --------- d-----w C:\Program Files\Yahoo!
2007-11-08 08:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-08 08:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-08 07:08 --------- d-----w C:\Documents and Settings\daboyLoS\Application Data\Move Networks
2007-11-08 05:54 1,024 ----a-w C:\WINDOWS\system32\drivers\239C0EDD-CD18-4DD9-928B-6D43F70ACD23.cxv
2007-11-05 17:43 --------- d-----w C:\Program Files\AIM6
2007-11-05 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-05 17:41 --------- d-----w C:\Program Files\Viewpoint
2007-11-05 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-05 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-02 14:12 --------- d-----w C:\Program Files\LimeWire
2007-11-02 06:25 --------- d-----w C:\Documents and Settings\daboyLoS\Application Data\LimeWire
2007-11-01 20:19 --------- d-----w C:\Program Files\Common Files\logishrd
2007-11-01 20:18 --------- d-----w C:\Program Files\Logitech
2007-11-01 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-10-23 06:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-21 04:29 --------- d-----w C:\Documents and Settings\daboyLoS\Application Data\PlayFirst
2007-10-17 05:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-17 02:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-12 04:48 --------- d-----w C:\Program Files\Real
2007-10-12 02:00 41,752 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-10-12 01:59 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-10-12 01:59 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-10-12 01:55 13,848 ----a-w C:\WINDOWS\system32\drivers\lv302af.sys
2007-10-12 01:55 1,279,000 ----a-w C:\WINDOWS\system32\drivers\LV302V32.SYS
2007-10-10 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-10-07 06:36 --------- d-----w C:\Program Files\DivX
2007-10-05 01:41 --------- d-----w C:\Program Files\Samsung
2007-10-04 08:15 --------- d-----w C:\Program Files\Microsoft Games
2007-10-04 07:54 --------- d-----w C:\Program Files\WarRock
2007-10-04 07:50 --------- d-----w C:\Documents and Settings\daboyLoS\Application Data\Yahoo!
2007-10-03 05:46 --------- d-----w C:\Documents and Settings\daboyLoS\Application Data\dvdcss
2007-10-01 05:17 --------- d-----w C:\Documents and Settings\daboyLoS\Application Data\funkitron
2007-10-01 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2007-09-27 07:59 --------- d-----w C:\Documents and Settings\daboyLoS\Application Data\MSN6
2007-09-27 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\NannyMania
2007-09-24 02:41 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-09-24 02:41 --------- d-----w C:\Program Files\Common Files\Real
2007-09-03 07:22 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-08-30 05:19 118,784 -c----r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"nwiz "= "nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-07-27 13:19 C:\WINDOWS\stsystra.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 15:33]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 15:37]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 06:59]
"OneCareUI "= "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-10-01 09:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 20:57]
"Aim6 "=" " []
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-03 02:43]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 06:59]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-05-12 13:22:28]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-09-03 02:43:42]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^daboyLoS^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\daboyLoS\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^daboyLoS^Start Menu^Programs^Startup^MostFun.lnk]
path=C:\Documents and Settings\daboyLoS\Start Menu\Programs\Startup\MostFun.lnk
backup=C:\WINDOWS\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jethliujfb]
c:\documents and settings\daboylos\local settings\application data\jethliujfb.exe jethliujfb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"Boonty Games "=3 (0x3)
"Belkin Wireless USB Network Adapter Service "=2 (0x2)

R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall; "C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe "
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; "C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe "
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S4 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
S4 Boonty Games;Boonty Games; "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setupSNK.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 14:08:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 14:09:49 - machine was rebooted
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:27 PM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185498158622
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194676324421
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7076 bytes

 

Hi allcriedout

Please do this next.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

C:\fc32ce4dd183c3b815b85db2ef

I would like this file scanned, I believe it may have something to do with Logitech But we need to make sure.

Scan this file at Jotti's
C:\WINDOWS\system32\lvci1150.dll


Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please post the Jotti results, the Panda scan and a new dss log.

Thanks
Geri

 

Hey Geri, ok i've deleted the folder, and here''s the results you requested

Jotti's

Status: ok
Scan taken on 13 Nov 2007 05:24:42 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

ActiveScan Results:

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.com.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\daboyLoS\Application Data\Mozilla\Firefox\Profiles\eknjr8l7.default\cookies.txt[.spylog.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\daboyLoS\Cookies\daboylos@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\daboyLoS\Cookies\daboylos@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\daboyLoS\Cookies\daboylos@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\daboyLoS\Cookies\daboylos@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\daboyLoS\Cookies\daboylos@bs.serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\daboyLoS\Cookies\daboylos@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\daboyLoS\Cookies\daboylos@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\daboyLoS\Cookies\daboylos@statse.webtrendslive[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\daboyLoS\Cookies\daboylos@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\daboyLoS\Cookies\daboylos@tribalfusion[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\daboyLoS\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\daboyLoS\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Webmediaplayer Not disinfected C:\qoobox\Quarantine\C\Program Files\WebMediaPlayer\uninst.exe.vir
Potentially unwanted tool:Application/Webmediaplayer Not disinfected C:\qoobox\Quarantine\C\Program Files\WebMediaPlayer\WebMediaPlayer.exe.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe


Deckard's System Scanner v20071014.68
Run by daboyLoS on 2007-11-13 01:44:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as daboyLoS.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:51 AM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\daboyLoS\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\daboyLoS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185498158622
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194676324421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7303 bytes

-- Files created between 2007-10-13 and 2007-11-13 -----------------------------

2007-11-13 00:31:04 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-13 00:31:02 0 d-------- C:\WINDOWS\LastGood
2007-11-11 12:42:46 0 d-------- C:\Program Files\Trend Micro
2007-11-10 00:07:39 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-09 22:47:22 0 d-------- C:\WINDOWS\network diagnostic
2007-11-09 18:50:55 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-09 14:36:22 0 d-------- C:\Program Files\NoAdware3
2007-11-09 14:32:22 0 d-------- C:\Program Files\WinAce
2007-11-08 00:44:18 0 d-------- C:\WINDOWS\cache
2007-11-07 22:53:22 0 d-------- C:\Program Files\Skinner3
2007-11-07 22:19:53 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-11-07 21:52:58 0 d-------- C:\Program Files\STOPzilla!
2007-11-07 21:52:57 0 d-------- C:\Program Files\Common Files\iS3
2007-11-07 21:52:57 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-06 22:05:32 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\U3
2007-10-31 19:55:18 0 dr-h----- C:\Documents and Settings\daboyLoS\Recent
2007-10-31 00:31:59 0 d-------- C:\Program Files\Incomplete
2007-10-28 21:29:47 0 d-------- C:\Program Files\TypingMaster
2007-10-28 20:28:24 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Apple Computer
2007-10-28 20:26:22 1747 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-10-28 20:10:30 0 d-------- C:\Program Files\QuickTime
2007-10-28 20:10:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-24 01:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-24 01:57:09 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-10-24 01:57:05 0 d-------- C:\Program Files\AVSMedia
2007-10-24 01:56:43 0 d-------- C:\Program Files\Common Files\Download Manager
2007-10-20 04:26:31 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\KewlBoxPrefs
2007-10-20 04:17:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Meridian93
2007-10-20 04:16:39 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Meridian93
2007-10-18 02:50:29 0 d-------- C:\Documents and Settings\All Users\Application Data\The Game Equation
2007-10-17 00:03:46 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-16 21:50:20 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Sandlot Games
2007-10-16 17:58:27 110 --a------ C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2007-10-16 16:22:57 0 d-------- C:\WINDOWS\system32\URTTemp
2007-10-15 20:07:03 80 -r-hs---- C:\WINDOWS\system32\520C2C3C87.dll
2007-10-15 20:07:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2007-10-15 18:50:06 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-10-15 18:36:47 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Adobe
2007-10-15 18:24:30 0 d-------- C:\WINDOWS\Profiles
2007-10-15 18:24:25 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-15 18:24:25 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\InterTrust
2007-10-15 17:55:11 0 d-------- C:\Program Files\Broderbund
2007-10-15 17:55:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Broderbund


-- Find3M Report ---------------------------------------------------------------

2007-11-13 01:19:35 0 d-------- C:\Program Files\PowerISO
2007-11-13 01:16:48 0 d-------- C:\Program Files\Digital Line Detect
2007-11-11 06:05:46 0 d-------- C:\Program Files\Common Files
2007-11-09 19:11:33 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-11-08 00:45:20 0 d-------- C:\Program Files\Yahoo!
2007-11-07 23:08:13 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Move Networks
2007-11-05 09:43:20 0 d-------- C:\Program Files\AIM6
2007-11-05 09:41:13 0 d-------- C:\Program Files\Viewpoint
2007-11-02 06:12:29 0 d-------- C:\Program Files\LimeWire
2007-11-01 22:25:25 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\LimeWire
2007-11-01 12:19:53 0 d-------- C:\Program Files\Common Files\logishrd
2007-11-01 12:18:01 0 d-------- C:\Program Files\Logitech
2007-10-22 22:19:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-20 20:29:21 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\PlayFirst
2007-10-11 20:48:39 0 d-------- C:\Program Files\Real
2007-10-06 22:36:36 1408 --a----c- C:\WINDOWS\mozver.dat
2007-10-06 22:36:33 0 d-------- C:\Program Files\DivX
2007-10-05 10:11:08 225280 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2007-10-04 17:41:47 0 d-------- C:\Program Files\Samsung
2007-10-04 00:15:44 0 d-------- C:\Program Files\Microsoft Games
2007-10-03 23:54:45 0 d-------- C:\Program Files\WarRock
2007-10-03 23:50:26 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Yahoo!
2007-10-02 21:46:24 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\dvdcss
2007-09-30 21:17:25 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\funkitron
2007-09-26 23:59:21 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\MSN6
2007-09-23 20:12:59 4096 --a------ C:\WINDOWS\d3dx.dat
2007-09-23 18:41:33 0 d-------- C:\Program Files\Common Files\Real
2007-09-23 18:41:32 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2007-09-13 16:36:46 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:36:38 311296 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:48 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:32 61440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:14 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:54 200704 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:36 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:24 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:00 700416 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [06/28/2007 11:43 PM]
"nwiz "= "nwiz.exe" [06/28/2007 11:43 PM C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp "= "stsystra.exe" [07/27/2006 01:19 PM C:\WINDOWS\stsystra.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [06/28/2007 11:43 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 03:33 PM]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 03:37 PM]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 06:59 AM]
"OneCareUI "= "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [10/01/2007 09:53 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\Dell Support\DSAgnt.exe" [08/28/2006 08:57 PM]
"Aim6 "=" " []
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [09/03/2007 02:43 AM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 06:59 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/12/2007 1:22:28 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [9/3/2007 2:43:42 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^daboyLoS^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\daboyLoS\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^daboyLoS^Start Menu^Programs^Startup^MostFun.lnk]
path=C:\Documents and Settings\daboyLoS\Start Menu\Programs\Startup\MostFun.lnk
backup=C:\WINDOWS\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jethliujfb]
c:\documents and settings\daboylos\local settings\application data\jethliujfb.exe jethliujfb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"Boonty Games "=3 (0x3)
"Belkin Wireless USB Network Adapter Service "=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-11-13 01:45:17 ------------

 

Hi allcriedout
Sorry for the late reply.

Open “NotePad” Copy the contents of the quote box below to the blank NotePad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the “File name” type in: fix.reg
In the “Save As Type” select: All Files
Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.

Please post another new dss log.
Please let me know if the pop-ups have stopped and how things are running.

Thanks
Geri

 

hi geri, no problem about the late reply, i'm in your debt, and yes the popups have stopped and my system is running pretty good, thanks for all your help, well anywho i've done what you've asked and here's the new dss log

Deckard's System Scanner v20071014.68
Run by daboyLoS on 2007-11-16 13:09:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as daboyLoS.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:56 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\daboyLoS\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\daboyLoS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185498158622
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194676324421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7316 bytes

-- Files created between 2007-10-16 and 2007-11-16 -----------------------------

2007-11-13 00:31:04 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-11 12:42:46 0 d-------- C:\Program Files\Trend Micro
2007-11-10 00:07:39 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-09 22:47:22 0 d-------- C:\WINDOWS\network diagnostic
2007-11-09 18:50:55 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-09 14:36:22 0 d-------- C:\Program Files\NoAdware3
2007-11-09 14:32:22 0 d-------- C:\Program Files\WinAce
2007-11-08 00:44:18 0 d-------- C:\WINDOWS\cache
2007-11-07 22:53:22 0 d-------- C:\Program Files\Skinner3
2007-11-07 22:19:53 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-11-07 21:52:58 0 d-------- C:\Program Files\STOPzilla!
2007-11-07 21:52:57 0 d-------- C:\Program Files\Common Files\iS3
2007-11-07 21:52:57 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-06 22:05:32 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\U3
2007-10-31 19:55:18 0 dr-h----- C:\Documents and Settings\daboyLoS\Recent
2007-10-31 00:31:59 0 d-------- C:\Program Files\Incomplete
2007-10-28 21:29:47 0 d-------- C:\Program Files\TypingMaster
2007-10-28 20:28:24 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Apple Computer
2007-10-28 20:26:22 1747 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-10-28 20:10:30 0 d-------- C:\Program Files\QuickTime
2007-10-28 20:10:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-24 01:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-24 01:57:09 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-10-24 01:57:05 0 d-------- C:\Program Files\AVSMedia
2007-10-24 01:56:43 0 d-------- C:\Program Files\Common Files\Download Manager
2007-10-20 04:26:31 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\KewlBoxPrefs
2007-10-20 04:17:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Meridian93
2007-10-20 04:16:39 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Meridian93
2007-10-18 02:50:29 0 d-------- C:\Documents and Settings\All Users\Application Data\The Game Equation
2007-10-17 00:03:46 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-16 21:50:20 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Sandlot Games
2007-10-16 17:58:27 110 --a------ C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2007-10-16 16:22:57 0 d-------- C:\WINDOWS\system32\URTTemp


-- Find3M Report ---------------------------------------------------------------

2007-11-16 00:09:48 0 d-------- C:\Program Files\LimeWire
2007-11-15 11:31:36 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\LimeWire
2007-11-13 01:19:35 0 d-------- C:\Program Files\PowerISO
2007-11-13 01:16:48 0 d-------- C:\Program Files\Digital Line Detect
2007-11-11 06:05:46 0 d-------- C:\Program Files\Common Files
2007-11-09 19:11:33 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-11-08 00:45:20 0 d-------- C:\Program Files\Yahoo!
2007-11-07 23:08:13 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Move Networks
2007-11-05 09:43:20 0 d-------- C:\Program Files\AIM6
2007-11-05 09:41:13 0 d-------- C:\Program Files\Viewpoint
2007-11-01 12:19:53 0 d-------- C:\Program Files\Common Files\logishrd
2007-11-01 12:18:01 0 d-------- C:\Program Files\Logitech
2007-10-22 22:19:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-20 20:29:21 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\PlayFirst
2007-10-16 11:28:36 80 -r-hs---- C:\WINDOWS\system32\520C2C3C87.dll
2007-10-15 18:36:47 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Adobe
2007-10-15 18:36:44 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-15 18:24:25 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\InterTrust
2007-10-15 17:55:11 0 d-------- C:\Program Files\Broderbund
2007-10-11 20:48:39 0 d-------- C:\Program Files\Real
2007-10-06 22:36:36 1408 --a----c- C:\WINDOWS\mozver.dat
2007-10-06 22:36:33 0 d-------- C:\Program Files\DivX
2007-10-05 10:11:08 225280 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2007-10-04 17:41:47 0 d-------- C:\Program Files\Samsung
2007-10-04 00:15:44 0 d-------- C:\Program Files\Microsoft Games
2007-10-03 23:54:45 0 d-------- C:\Program Files\WarRock
2007-10-03 23:50:26 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\Yahoo!
2007-10-02 21:46:24 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\dvdcss
2007-09-30 21:17:25 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\funkitron
2007-09-26 23:59:21 0 d-------- C:\Documents and Settings\daboyLoS\Application Data\MSN6
2007-09-23 20:12:59 4096 --a------ C:\WINDOWS\d3dx.dat
2007-09-23 18:41:33 0 d-------- C:\Program Files\Common Files\Real
2007-09-23 18:41:32 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2007-09-13 16:36:46 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:36:38 311296 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:48 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:32 61440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:14 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:54 200704 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:36 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:24 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:00 700416 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [06/28/2007 11:43 PM]
"nwiz "= "nwiz.exe" [06/28/2007 11:43 PM C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp "= "stsystra.exe" [07/27/2006 01:19 PM C:\WINDOWS\stsystra.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [06/28/2007 11:43 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 03:33 PM]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 03:37 PM]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 06:59 AM]
"OneCareUI "= "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [10/01/2007 09:53 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\Dell Support\DSAgnt.exe" [08/28/2006 08:57 PM]
"Aim6 "=" " []
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [09/03/2007 02:43 AM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 06:59 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/12/2007 1:22:28 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [9/3/2007 2:43:42 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^daboyLoS^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\daboyLoS\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^daboyLoS^Start Menu^Programs^Startup^MostFun.lnk]
path=C:\Documents and Settings\daboyLoS\Start Menu\Programs\Startup\MostFun.lnk
backup=C:\WINDOWS\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA "=2 (0x2)
"Boonty Games "=3 (0x3)
"Belkin Wireless USB Network Adapter Service "=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-11-16 13:10:21 ------------

 

Hi allcriedout

The log looks good.

Lets get a on-line scan to make sure there's nothing lurking.

Please do an on line scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky scan results.

Just so you'll know, P2P file sharing is not a good idea, It is an excellent way to become infected. I strongly recommend removing any P2P applications. Save your money (and possibly your computer) and buy the things you want.

Geri