# computer going so slow



## kanachoe (Apr 20, 2007)

Ive got xp and everytime i click on something the computer goes so slow its like its lagging or something does anyone have this problem and how to fix it.


----------



## golferbob (May 18, 2004)

is this a new problem ? why don't you post a hijack log.

http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html

Save HJTInstall.exe to your desktop. 
Doubleclick on the HJTInstall.exe icon on your desktop. 
By default it will install to C:\Program Files\Trend Micro\HijackThis . 
Click on Install. 
It will create a HijackThis icon on the desktop. 
Once installed, it will launch Hijackthis. 
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. 
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 
Come back here to this thread and Paste the log in your next reply. 
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. 
__________________


----------



## blues_harp28 (Jan 9, 2005)

Check link below for suggestions on Pc Maintenance.

http://computercleanup.blogspot.com/
List includes..
Scan For Viruses
Windows Disk Cleanup.
Check Hard Drive for Errors.
Defragment Your Hard Drive.
Microsoft Update.
Remove Spyware.
Remove Unwanted Programs.
Advanced Disk Cleanup.
Cleanup Startup Programs.
Registry Cleanup.
[Cleaning the registry may cause you more problem than you started with..so it would be best to skip that one].


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:56 AM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dodo Speed Accelerator\slipcore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Grisoft\AVG Free\avgw.exe
C:\PROGRA~1\Grisoft\AVG Free\avgwb.dat
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
F3 - REG:win.ini: load= c:\muppetss\muppetss.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Dodo Speed Accelerator\PBHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Dodo Speed Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dodo Speed Accelerator.lnk = C:\Program Files\Dodo Speed Accelerator\slipgui.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 7676 bytes

hi here it is i have tried tryed all the the things about and still it is going so slow


----------



## kanachoe (Apr 20, 2007)

it is annoying me this stupid computer as it is going so slow and lagging i have put avg thru and housecall and says it cant find anything wrong.but the fan seems to not be going either.


----------



## golferbob (May 18, 2004)

iam not a pro so i can't tell you to delete items. i do see a bearshare file. this site has been known to cause problems. also your java needs updated ,this will not fix your problem but is a security item. use your add/remove program to uninstall java , RESTART , download $ install the new .

http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html


----------



## kanachoe (Apr 20, 2007)

i cant find bearshare?


----------



## golferbob (May 18, 2004)

i see a 03 bearshare toobar.


----------



## kanachoe (Apr 20, 2007)

how do i get rid of that?


----------



## zabusant (Sep 6, 2007)

Have you tried Control panel>Add/Remove programs, could be as easy as that, however I don't think this will solve your lagging problem


----------



## kanachoe (Apr 20, 2007)

yeah and i cant find it there
the fan is not making noises either tho


----------



## zabusant (Sep 6, 2007)

What do you mean, the fan is not working at all?!


----------



## kanachoe (Apr 20, 2007)

no would that make the computer slow


----------



## zabusant (Sep 6, 2007)

If the fan is not working, your computer is probably overheating, I would address this problem immediately!


----------



## newspaper56 (Oct 2, 2007)

if it is lagging press alt ctrl delte and go to the processes tab and end all the programs that have the highest mem usage. ignore the wranin' and clik YES, i can't believe no-oone knew this


----------



## techkid (Sep 2, 2004)

Not really a help there. Depending on what the program is, and what the problem is, it will either fix it temporarily (at least until next startup) or may crash it (especially if it is a Windows system program).

I do see a couple of odd entries in your log (that BearShare line included).

Although I can't assist in HJT logs or malware removal, I must recommend that you have it moved to the Security forum.

In the top-right corner of your message is a red triangle with an exclamation mark: Report Post to Moderators. Ask them politely if they can move your post to the Security forum. You'll more likely (and more quickly) get a response.


----------



## kanachoe (Apr 20, 2007)

hi here is a new log the fan doesnt make noise at all and the computer is so slow i have done avg and other virus detectors like house call and system mechanic and they cant find nothing wrong.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:16 PM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Firebird\bin\ibserver.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\iolo\AntiVirus\ioloAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\iolo\System Mechanic 7\SMTrayNotify.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
F3 - REG:win.ini: load= c:\muppetss\muppetss.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 6215 bytes


----------



## ~Candy~ (Jan 27, 2001)

What fan isn't working?


----------



## kanachoe (Apr 20, 2007)

when it was loading you would hear a noise cause it was loading now there is no noise and it is going so slow.


----------



## ~Candy~ (Jan 27, 2001)

You need to see what fan isn't working before you kill the computer.


----------



## kanachoe (Apr 20, 2007)

I have got it fixed it was the power supply one but it is still going very slow like scrolling or clicking on a url it takes forever to load .


----------



## ~Candy~ (Jan 27, 2001)

Same slowness in safe mode?

Have you checked for overheating?


----------



## kanachoe (Apr 20, 2007)

How do i check?


----------



## ~Candy~ (Jan 27, 2001)

When it starts running slow, reboot into the bios (usually by pressing a key like DEL , F1 , F2) and see if there is an area there for PCHealth or Hardware Monitor, etc. and see if there are temperatures showing for the cpu.


----------



## kanachoe (Apr 20, 2007)

i finally found out how to do this is this it 
shutdown temp 90 c
fan speed auto control enable
cpu core voltage 1.52 v
+1.8v 1.84v
+3.3v 3.36v
+5.0v 5.13v
+12v 11.96v

standby 3.3v 3.40v
standby 5.0v 4.96v

voltage battery 3.29v
cpu temp 35 c
system temp 39 c
cpu fan speed 2766rpm
cas fan 1 speed 0 rpm


----------



## ~Candy~ (Jan 27, 2001)

Well, if those temps stay there, they are fine. I think I would change the shutdown temp though  90c is quite high......Maybe put it a 55C or 60C.


----------



## Cookiegal (Aug 27, 2003)

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet *after downloading the program and before scanning*.


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause _"unpredictable results"_.
Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Download *ComboFix* and save it to your desktop.

***Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.

 WARNING: *IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts. *
*Please do not re-connect your machine back to the Internet until ComboFix has completely finished.*
If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on *combofix.exe* and follow the prompts. When finished, it will produce a report for you. Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review.

***Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall***


----------



## kanachoe (Apr 20, 2007)

cookiegal i keeping getting corrupt copy of combo fix to download again but then the next one is saying the same.

acacandy how do i change the temperature

thanks both of youse.


----------



## ~Candy~ (Jan 27, 2001)

You should be able to highlight the shutdown temp in the bios, then scroll to a lower one.

I asked Karen to take a look at your hijack this log, for whatever silly reason, I had it in my mind that I had already asked someone to have a look, but, obviously I didn't 

Thanks Karen :up:


----------



## kanachoe (Apr 20, 2007)

"soner veli" - 07-12-18 9:27:03 Service Pack 2 
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\soner veli\Desktop\anti virus things\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\SONERV~1
C:\qoobox\purity\C\DOCUME~1\SONERV~1\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\SONERV~1\MYDOCU~1\CROSOF~1.NET
C:\qoobox\purity\C\DOCUME~1\SONERV~1\MYDOCU~1\DOBE~1
C:\qoobox\purity\C\DOCUME~1\SONERV~1\MYDOCU~1\RACLE~1
C:\qoobox\purity\C\Program Files\Common Files\MBOLS~1

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\nm
-------\LEGACY_NM

((((((((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))))))

2007-12-12 20:05	126,976	--a------	C:\WINDOWS\system32\iavlsp.dll
2007-12-12 20:04 d--------	C:\Program Files\Common Files\Authentium
2007-12-12 19:41	41,472	--a------	C:\WINDOWS\system32\iolobtdfg.exe
2007-12-12 19:41	363,368	--a------	C:\WINDOWS\system32\Incinerator.dll
2007-12-12 19:41	25,264	--a------	C:\WINDOWS\system32\smrgdf.exe
2007-12-12 19:41 d--------	C:\Program Files\iolo
2007-12-12 16:21 d--------	C:\DOCUME~1\NETWOR~1\APPLIC~1\iolo
2007-12-12 15:20 d--------	C:\DOCUME~1\LOCALS~1\APPLIC~1\iolo
2007-12-12 15:13	74,703	--a------	C:\WINDOWS\system32\mfc45.dll
2007-12-12 15:11 d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\iolo
2007-12-12 15:11 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-12-08 23:33 d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\MSNInstaller
2007-12-08 23:24 d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-08 23:24 d--------	C:\Program Files\Windows Live
2007-12-08 23:24 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-11-23 22:16 d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\Help
2007-11-20 22:09	19,200	--a------	C:\WINDOWS\system32\drivers\tbhsd.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-12-12 22:53	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\frigate3
2007-12-12 22:52	--------	d--------	C:\Program Files\dodo speed accelerator
2007-12-12 20:47	--------	d--------	C:\Program Files\ppstream
2007-12-12 17:01	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\uniblue
2007-12-12 16:12	--------	d--------	C:\Program Files\pc mightymax
2007-12-11 22:11	--------	d--------	C:\Program Files\myvirtualhome
2007-12-02 09:12	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\tunebite
2007-12-01 17:25	--------	d--------	C:\Program Files\tunebite
2007-11-26 01:11	--------	d--------	C:\Program Files\limewire
2007-11-25 23:57	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\limewire
2007-11-18 03:38	--------	d--------	C:\Program Files\easy flyer creator
2007-11-17 23:22	--------	d--------	C:\Program Files\ipod
2007-11-17 23:17	--------	d--------	C:\Program Files\itunes
2007-11-17 21:41	--------	d--------	C:\Program Files\frigate3
2007-11-17 21:34	--------	d--------	C:\Program Files\funwebproducts
2007-11-17 21:25	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\funwebproducts
2007-11-16 17:16	381012	--a------	C:\Program Files\uninstall fun web products.dll
2007-11-15 01:30	--------	d--------	C:\Program Files\opera
2007-11-13 02:25	20480	--a------	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-04 09:16	--------	d--------	C:\Program Files\replay media catcher
2007-11-04 09:05	2293712	--a------	C:\Program Files\flv playerfcsetup.exe
2007-11-04 09:02	3655488	--a------	C:\Program Files\flv playerrcatsetup.exe
2007-11-04 09:01	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\getrighttogo
2007-11-04 08:55	411248	--a------	C:\Program Files\flv playerrcsetup.exe
2007-11-04 08:54	--------	d--------	C:\Program Files\flv player
2007-11-01 21:41	--------	d--------	C:\Program Files\windows media recorder
2007-11-01 14:00	--------	d--------	C:\Program Files\wmr11
2007-11-01 10:12	--------	d--------	C:\Program Files\winpcap
2007-10-30 09:52	102664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-29 17:27	--------	d--------	C:\Program Files\intricate words
2007-10-29 17:25	--------	d--h-----	C:\Program Files\installshield installation information
2007-10-29 14:43	1287680	--a------	C:\WINDOWS\system32\quartz.dll
2007-10-27 19:08	--------	d--------	C:\Program Files\stk018_v2.01
2007-10-27 17:40	222720	--a------	C:\WINDOWS\system32\wmasf.dll
2007-10-27 15:32	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\housecall 6.6
2007-10-20 09:19	--------	d--------	C:\Program Files\telstra
2007-10-20 09:19	--------	d--------	C:\Program Files\Common Files\wise installation wizard
2007-10-20 09:19	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\telstra
2007-10-20 07:50	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\slipstream

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{9AA2F14F-E956-44B8-8694-A5B615CDF341}	C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iolo AntiVirus"="\"C:\\Program Files\\iolo\\AntiVirus\\ioloAV.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages	REG_MULTI_SZ msv1_0\0\0
Security Packages	REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages	REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"item"="Adobe Reader Speed Launch"
"command"="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe "
"location"="Common Startup"
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"item"="Adobe Reader Synchronizer"
"command"="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AdobeCollabSync.exe "
"location"="Common Startup"
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dodo Speed Accelerator.lnk]
"item"="Dodo Speed Accelerator"
"command"="C:\\Program Files\\Dodo Speed Accelerator\\slipgui.exe "
"location"="Common Startup"
"backup"="C:\\WINDOWS\\pss\\Dodo Speed Accelerator.lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"item"="Google Updater"
"command"="C:\\Program Files\\Google\\Google Updater\\GoogleUpdater.exe "
"location"="Common Startup"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
"item"="MP3 Rocket (silent)"
"command"="C:\\Program Files\\MP3 Rocket\\MP3Rocket_on_startup.exe "
"location"="Startup"
"backup"="C:\\WINDOWS\\pss\\MP3 Rocket (silent).lnkStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^TA_Start.lnk]
"item"="TA_Start"
"command"="C:\\WINDOWS\\system32\\micro1\\z6.exe SKY003"
"location"="Startup"
"backup"="C:\\WINDOWS\\pss\\TA_Start.lnkStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"item"="ATICCC"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"item"="AVG7_CC"
"command"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BrMfcWnd"
"hkey"="HKCU"
"command"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"item"="ccApp"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"item"="ctfmon"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"hkey"="HKCU"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]
"item"="DeluxeCommunications"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker]
"item"="Error Nuker"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
"item"="HDInspector.exe"
"command"="C:\\Program Files\\Hard Drive Inspector\\HDInspector.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"item"="iTunesHelper"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="muppetss"
"hkey"="HKCU"
"command"=" c:\\muppetss\\muppetss.exe"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCECATS]
"item"="LXCECATS"
"command"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCEtime.dll,[email protected]"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"item"="MSMSGS"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"item"="NeroFilterCheck"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMRealtime]
"item"="PCMMRealtime"
"command"="C:\\Program Files\\PC MightyMax\\pcmm.exe /R"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"item"="QuickTime Task"
"command"="\"C:\\Program Files\\VistaCodecPack\\QT\\qttask.exe\" -atboottime"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
"item"="SlipStream"
"command"="\"C:\\Program Files\\Dodo Speed Accelerator\\slipcore.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iolo\\System Mechanic 7\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupXPert]
"item"="StartupXPert"
"command"="C:\\Documents and Settings\\soner veli\\Desktop\\Program Files\\StartupXPert\\StartupXPert.exe /min"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"item"="swg"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"item"="Symantec NetDriver Monitor"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryBooster"
"hkey"="HKCU"
"command"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
"item"="XoftSpySE"
"command"="C:\\Program Files\\XoftSpySE\\xoftspy.exe -s"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"item"="Yahoo! Pager"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
"item"="{ZN}"
"command"="C:\\WINDOWS\\system32\\micro1\\z6.exe SKY003"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter	REG_MULTI_SZ HTTPFilter\0\0
LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	REG_MULTI_SZ DnsCache\0\0
DcomLaunch	REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss	REG_MULTI_SZ RpcSs\0\0
imgsvc	REG_MULTI_SZ StiSvc\0\0
termsvcs	REG_MULTI_SZ TermService\0\0
WudfServiceGroup	REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 09:30:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-12-18 9:39:36
C:\ComboFix-quarantined-files.txt ... 07-12-18 09:39
C:\ComboFix2.txt ... 07-05-12 09:33
C:\ComboFix3.txt ... 07-05-07 09:52


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:00 AM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 5307 bytes


----------



## kanachoe (Apr 20, 2007)

thanks akacandy


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the quote box below into it:


```
File::
C:\Program Files\uninstall fun web products.dll

Folder::
C:\WINDOWS\\system32\micro1 
C:\Program Files\funwebproducts
C:\DOCUME~1\SONERV~1\APPLIC~1\funwebproducts
c:\muppetss

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^TA_Start.lnk] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## kanachoe (Apr 20, 2007)

"soner veli" - 07-12-18 14:22:42 Service Pack 2 
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\soner veli\"
Command switches used :: ""C:\Documents and Settings\soner veli\Desktop\CFScript.txt""

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\SONERV~1
C:\qoobox\purity\C\DOCUME~1\SONERV~1\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\SONERV~1\MYDOCU~1\CROSOF~1.NET
C:\qoobox\purity\C\DOCUME~1\SONERV~1\MYDOCU~1\DOBE~1
C:\qoobox\purity\C\DOCUME~1\SONERV~1\MYDOCU~1\RACLE~1
C:\qoobox\purity\C\Program Files\Common Files\MBOLS~1

((((((((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))))))

2007-12-12 20:05	126,976	--a------	C:\WINDOWS\system32\iavlsp.dll
2007-12-12 20:04 d--------	C:\Program Files\Common Files\Authentium
2007-12-12 19:41	41,472	--a------	C:\WINDOWS\system32\iolobtdfg.exe
2007-12-12 19:41	363,368	--a------	C:\WINDOWS\system32\Incinerator.dll
2007-12-12 19:41	25,264	--a------	C:\WINDOWS\system32\smrgdf.exe
2007-12-12 19:41 d--------	C:\Program Files\iolo
2007-12-12 16:21 d--------	C:\DOCUME~1\NETWOR~1\APPLIC~1\iolo
2007-12-12 15:20 d--------	C:\DOCUME~1\LOCALS~1\APPLIC~1\iolo
2007-12-12 15:13	74,703	--a------	C:\WINDOWS\system32\mfc45.dll
2007-12-12 15:11 d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\iolo
2007-12-12 15:11 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-12-08 23:33 d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\MSNInstaller
2007-12-08 23:24 d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-08 23:24 d--------	C:\Program Files\Windows Live
2007-12-08 23:24 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-11-23 22:16 d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\Help
2007-11-20 22:09	19,200	--a------	C:\WINDOWS\system32\drivers\tbhsd.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-12-12 22:53	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\frigate3
2007-12-12 22:52	--------	d--------	C:\Program Files\dodo speed accelerator
2007-12-12 20:47	--------	d--------	C:\Program Files\ppstream
2007-12-12 17:01	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\uniblue
2007-12-12 16:12	--------	d--------	C:\Program Files\pc mightymax
2007-12-11 22:11	--------	d--------	C:\Program Files\myvirtualhome
2007-12-02 09:12	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\tunebite
2007-12-01 17:25	--------	d--------	C:\Program Files\tunebite
2007-11-26 01:11	--------	d--------	C:\Program Files\limewire
2007-11-25 23:57	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\limewire
2007-11-18 03:38	--------	d--------	C:\Program Files\easy flyer creator
2007-11-17 23:22	--------	d--------	C:\Program Files\ipod
2007-11-17 23:17	--------	d--------	C:\Program Files\itunes
2007-11-17 21:41	--------	d--------	C:\Program Files\frigate3
2007-11-17 21:34	--------	d--------	C:\Program Files\funwebproducts
2007-11-17 21:25	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\funwebproducts
2007-11-16 17:16	381012	--a------	C:\Program Files\uninstall fun web products.dll
2007-11-15 01:30	--------	d--------	C:\Program Files\opera
2007-11-13 02:25	20480	--a------	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-04 09:16	--------	d--------	C:\Program Files\replay media catcher
2007-11-04 09:05	2293712	--a------	C:\Program Files\flv playerfcsetup.exe
2007-11-04 09:02	3655488	--a------	C:\Program Files\flv playerrcatsetup.exe
2007-11-04 09:01	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\getrighttogo
2007-11-04 08:55	411248	--a------	C:\Program Files\flv playerrcsetup.exe
2007-11-04 08:54	--------	d--------	C:\Program Files\flv player
2007-11-01 21:41	--------	d--------	C:\Program Files\windows media recorder
2007-11-01 14:00	--------	d--------	C:\Program Files\wmr11
2007-11-01 10:12	--------	d--------	C:\Program Files\winpcap
2007-10-30 09:52	102664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-29 17:27	--------	d--------	C:\Program Files\intricate words
2007-10-29 17:25	--------	d--h-----	C:\Program Files\installshield installation information
2007-10-29 14:43	1287680	--a------	C:\WINDOWS\system32\quartz.dll
2007-10-27 19:08	--------	d--------	C:\Program Files\stk018_v2.01
2007-10-27 17:40	222720	--a------	C:\WINDOWS\system32\wmasf.dll
2007-10-27 15:32	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\housecall 6.6
2007-10-20 09:19	--------	d--------	C:\Program Files\telstra
2007-10-20 09:19	--------	d--------	C:\Program Files\Common Files\wise installation wizard
2007-10-20 09:19	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\telstra
2007-10-20 07:50	--------	d--------	C:\DOCUME~1\SONERV~1\APPLIC~1\slipstream

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{9AA2F14F-E956-44B8-8694-A5B615CDF341}	C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iolo AntiVirus"="\"C:\\Program Files\\iolo\\AntiVirus\\ioloAV.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages	REG_MULTI_SZ msv1_0\0\0
Security Packages	REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages	REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"item"="Adobe Reader Speed Launch"
"command"="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe "
"location"="Common Startup"
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"item"="Adobe Reader Synchronizer"
"command"="C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AdobeCollabSync.exe "
"location"="Common Startup"
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dodo Speed Accelerator.lnk]
"item"="Dodo Speed Accelerator"
"command"="C:\\Program Files\\Dodo Speed Accelerator\\slipgui.exe "
"location"="Common Startup"
"backup"="C:\\WINDOWS\\pss\\Dodo Speed Accelerator.lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"item"="Google Updater"
"command"="C:\\Program Files\\Google\\Google Updater\\GoogleUpdater.exe "
"location"="Common Startup"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
"item"="MP3 Rocket (silent)"
"command"="C:\\Program Files\\MP3 Rocket\\MP3Rocket_on_startup.exe "
"location"="Startup"
"backup"="C:\\WINDOWS\\pss\\MP3 Rocket (silent).lnkStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^TA_Start.lnk]
"item"="TA_Start"
"command"="C:\\WINDOWS\\system32\\micro1\\z6.exe SKY003"
"location"="Startup"
"backup"="C:\\WINDOWS\\pss\\TA_Start.lnkStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"item"="ATICCC"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"item"="AVG7_CC"
"command"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BrMfcWnd"
"hkey"="HKCU"
"command"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"item"="ccApp"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"item"="ctfmon"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"hkey"="HKCU"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]
"item"="DeluxeCommunications"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker]
"item"="Error Nuker"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
"item"="HDInspector.exe"
"command"="C:\\Program Files\\Hard Drive Inspector\\HDInspector.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"item"="iTunesHelper"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="muppetss"
"hkey"="HKCU"
"command"=" c:\\muppetss\\muppetss.exe"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCECATS]
"item"="LXCECATS"
"command"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCEtime.dll,[email protected]"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"item"="MSMSGS"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"item"="NeroFilterCheck"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMRealtime]
"item"="PCMMRealtime"
"command"="C:\\Program Files\\PC MightyMax\\pcmm.exe /R"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"item"="QuickTime Task"
"command"="\"C:\\Program Files\\VistaCodecPack\\QT\\qttask.exe\" -atboottime"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
"item"="SlipStream"
"command"="\"C:\\Program Files\\Dodo Speed Accelerator\\slipcore.exe\""
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iolo\\System Mechanic 7\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupXPert]
"item"="StartupXPert"
"command"="C:\\Documents and Settings\\soner veli\\Desktop\\Program Files\\StartupXPert\\StartupXPert.exe /min"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"item"="swg"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"item"="Symantec NetDriver Monitor"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryBooster"
"hkey"="HKCU"
"command"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
"item"="XoftSpySE"
"command"="C:\\Program Files\\XoftSpySE\\xoftspy.exe -s"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"item"="Yahoo! Pager"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"hkey"="HKEY"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
"item"="{ZN}"
"command"="C:\\WINDOWS\\system32\\micro1\\z6.exe SKY003"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter	REG_MULTI_SZ HTTPFilter\0\0
LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	REG_MULTI_SZ DnsCache\0\0
DcomLaunch	REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss	REG_MULTI_SZ RpcSs\0\0
imgsvc	REG_MULTI_SZ StiSvc\0\0
termsvcs	REG_MULTI_SZ TermService\0\0
WudfServiceGroup	REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 14:25:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-12-18 14:33:49
C:\ComboFix-quarantined-files.txt ... 07-12-18 14:33
C:\ComboFix2.txt ... 07-12-18 09:39
C:\ComboFix3.txt ... 07-05-12 09:33


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:37 PM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 5274 bytes


----------



## Cookiegal (Aug 27, 2003)

That looks like a pretty old version of ComboFix so you must have had the program before and are still running it. Please remove all previous versions and download a new one:

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet *after downloading the program and before scanning*.


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause _"unpredictable results"_.
Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Download *ComboFix* and save it to your desktop.

***Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.

 WARNING: *IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts. *
*Please do not re-connect your machine back to the Internet until ComboFix has completely finished.*
If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on *combofix.exe* and follow the prompts. When finished, it will produce a report for you. Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review.

***Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall***


----------



## kanachoe (Apr 20, 2007)

ComboFix 07-12-18.1 - soner veli 2007-12-19 7:38:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.244 [GMT -8:00]
Running from: C:\Documents and Settings\soner veli\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\soner veli\Application Data\FunWebProducts
C:\Documents and Settings\soner veli\Application Data\macromedia\Flash Player\#SharedObjects\U2K5JENY\iforex.com
C:\Documents and Settings\soner veli\Application Data\macromedia\Flash Player\#SharedObjects\U2K5JENY\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\soner veli\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\soner veli\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\soner veli\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\soner veli\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\soner veli\err.log
C:\Documents and Settings\soner veli\ResErrors.log
C:\Program Files\FunWebProducts
C:\temp\tn3
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\kr_done1

.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-12 20:10 . 2007-12-12 20:10	432	--a------	C:\WINDOWS\system32\iolo.ini
2007-12-12 20:05 . 2007-07-25 08:42	126,976	--a------	C:\WINDOWS\system32\iavlsp.dll
2007-12-12 20:04 . 2007-12-12 20:04 d--------	C:\Program Files\Common Files\Authentium
2007-12-12 19:41 . 2007-12-12 20:04 d--------	C:\Program Files\iolo
2007-12-12 19:41 . 2007-11-03 11:38	363,368	--a------	C:\WINDOWS\system32\Incinerator.dll
2007-12-12 19:41 . 2006-11-25 16:39	41,472	--a------	C:\WINDOWS\system32\iolobtdfg.exe
2007-12-12 19:41 . 2006-11-25 16:39	25,264	--a------	C:\WINDOWS\system32\smrgdf.exe
2007-12-12 16:21 . 2007-12-12 16:21 d--------	C:\Documents and Settings\NetworkService\Application Data\iolo
2007-12-12 15:20 . 2007-12-12 15:20 d--------	C:\Documents and Settings\LocalService\Application Data\iolo
2007-12-12 15:20 . 2007-12-12 15:20	406	--a------	C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-12-12 15:13 . 2007-12-12 15:13	74,703	--a------	C:\WINDOWS\system32\mfc45.dll
2007-12-12 15:11 . 2007-12-13 19:12 d--------	C:\Documents and Settings\soner veli\Application Data\iolo
2007-12-12 15:11 . 2007-12-13 21:41 d--------	C:\Documents and Settings\All Users\Application Data\iolo
2007-12-08 23:33 . 2007-12-08 23:33 d--------	C:\Documents and Settings\soner veli\Application Data\MSNInstaller
2007-12-08 23:24 . 2007-12-09 00:19 d--------	C:\Program Files\Windows Live
2007-12-08 23:24 . 2007-12-09 00:18 d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-08 23:24 . 2007-12-09 00:14 d--------	C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-06 23:14 . 2002-12-29 01:14	81,920	--a------	C:\WINDOWS\system32\Startup.cpl
2007-11-20 22:09 . 2007-09-06 13:40	19,200	--a------	C:\WINDOWS\system32\drivers\tbhsd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 06:53	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Frigate3
2007-12-13 06:52	---------	d-----w	C:\Program Files\Dodo Speed Accelerator
2007-12-13 04:47	---------	d-----w	C:\Program Files\PPStream
2007-12-13 03:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-13 01:01	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Uniblue
2007-12-13 00:12	---------	d-----w	C:\Program Files\PC MightyMax
2007-12-13 00:12	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Bitcomet Turbo
2007-12-12 06:11	---------	d-----w	C:\Program Files\MyVirtualHome
2007-12-02 17:12	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\tunebite
2007-12-02 01:25	---------	d-----w	C:\Program Files\Tunebite
2007-11-26 09:11	---------	d-----w	C:\Program Files\LimeWire
2007-11-26 07:57	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\LimeWire
2007-11-26 07:51	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 11:38	---------	d-----w	C:\Program Files\Easy Flyer Creator
2007-11-18 07:22	---------	d-----w	C:\Program Files\iPod
2007-11-18 07:17	---------	d-----w	C:\Program Files\iTunes
2007-11-18 05:41	---------	d-----w	C:\Program Files\Frigate3
2007-11-17 01:16	381,012	----a-w	C:\Program Files\Uninstall Fun Web Products.dll
2007-11-15 09:30	---------	d-----w	C:\Program Files\Opera
2007-11-13 10:25	20,480	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 07:35	---------	d-----w	C:\Documents and Settings\All Users\Application Data\MGS
2007-11-04 17:16	---------	d-----w	C:\Program Files\Replay Media Catcher
2007-11-04 17:05	2,293,712	----a-w	C:\Program Files\FLV PlayerFCSetup.exe
2007-11-04 17:02	3,655,488	----a-w	C:\Program Files\FLV PlayerRCATSetup.exe
2007-11-04 17:01	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\GetRightToGo
2007-11-04 16:55	411,248	----a-w	C:\Program Files\FLV PlayerRCSetup.exe
2007-11-04 16:54	---------	d-----w	C:\Program Files\FLV Player
2007-11-02 05:41	---------	d-----w	C:\Program Files\Windows Media Recorder
2007-11-01 22:00	---------	d-----w	C:\Program Files\WMR11
2007-11-01 18:12	---------	d-----w	C:\Program Files\WinPcap
2007-10-31 19:03	---------	d-----w	C:\Program Files\Java
2007-10-31 19:01	---------	d-----w	C:\Program Files\Common Files\Java
2007-10-31 18:53	---------	d-----w	C:\Program Files\Apple Software Update
2007-10-30 17:52	102,664	----a-w	C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-30 01:27	---------	d-----w	C:\Program Files\Intricate Words
2007-10-30 01:25	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-10-29 22:43	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-28 03:08	---------	d-----w	C:\Program Files\STK018_V2.01
2007-10-28 01:40	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:32	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\HouseCall 6.6
2007-10-20 17:19	---------	d-----w	C:\Program Files\Telstra
2007-10-20 17:19	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2007-10-20 17:19	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Telstra
2007-10-20 15:50	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\SlipStream
2007-10-07 02:35	78,750	----a-w	C:\p49v449.zip
2007-09-30 20:26	113,036	----a-w	C:\98_3mode.zip
2007-06-02 21:27	774,144	-c--a-w	C:\Program Files\RngInterstitial.dll
2007-07-21 21:18	88	-csh--r	C:\WINDOWS\system32\F23BE58C7E.sys
2007-07-21 21:18	3,350	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iolo AntiVirus"="C:\Program Files\iolo\AntiVirus\ioloAV.exe" [2007-12-07 12:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dodo Speed Accelerator.lnk]
backup=C:\WINDOWS\pss\Dodo Speed Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
backup=C:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^TA_Start.lnk]
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00	15360	--a------	C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
C:\Program Files\Hard Drive Inspector\HDInspector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-14 09:00	267064	--a------	C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
c:\muppetss\muppetss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCECATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50	155648	--a--c---	C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMRealtime]
C:\Program Files\PC MightyMax\pcmm.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\VistaCodecPack\QT\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
2006-06-09 03:05	253952	--a------	C:\Program Files\Dodo Speed Accelerator\slipcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
2007-11-03 11:38	820072	--a------	C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupXPert]
C:\Documents and Settings\soner veli\Desktop\Program Files\StartupXPert\StartupXPert.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05	204288	-----c---	C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
C:\Program Files\XoftSpySE\xoftspy.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
C:\WINDOWS\system32\micro1\z6.exe SKY003

R2 InterBaseGuardian;Firebird Guardian Service;C:\Program Files\Firebird\bin\ibguard -s []
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R3 als4k;Avance Audio Miniport Driver (WDM);C:\WINDOWS\system32\drivers\als4000.sys [2001-10-22 12:46]
R3 InterBaseServer;Firebird Server;C:\Program Files\Firebird\bin\ibserver -s []
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys [2007-09-06 13:40]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 11:50]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 09:31]

*Newly Created Service* - CATCHME 
.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 10:19:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-19 11:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2007-12-13 00:22:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-12 21:21:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 07:41:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19 7:42:45
.
2007-12-15 09:04:59	--- E O F ---


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:34 AM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 5307 bytes


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the quote box below into it:

*Note: If you recogize the two zip files shown in bold red and want to keep them then remove them from the script before proceeding.*



> File::
> C:\Program Files\Uninstall Fun Web Products.dll
> C:\WINDOWS\pss\TA_Start.lnkStartup
> C:\*p49v449.zip*
> ...


Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## kanachoe (Apr 20, 2007)

ComboFix 07-12-18.1 - soner veli 2007-12-19 10:01:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.380 [GMT -8:00]
Running from: C:\Documents and Settings\soner veli\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\soner veli\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\98_3mode.zip
C:\p49v449.zip
C:\Program Files\Uninstall Fun Web Products.dll
C:\WINDOWS\pss\TA_Start.lnkStartup
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\98_3mode.zip
C:\p49v449.zip
C:\Program Files\Uninstall Fun Web Products.dll
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\system32\micro1

.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-12 20:10 . 2007-12-12 20:10	432	--a------	C:\WINDOWS\system32\iolo.ini
2007-12-12 20:05 . 2007-07-25 08:42	126,976	--a------	C:\WINDOWS\system32\iavlsp.dll
2007-12-12 20:04 . 2007-12-12 20:04 d--------	C:\Program Files\Common Files\Authentium
2007-12-12 19:41 . 2007-12-12 20:04 d--------	C:\Program Files\iolo
2007-12-12 19:41 . 2007-11-03 11:38	363,368	--a------	C:\WINDOWS\system32\Incinerator.dll
2007-12-12 19:41 . 2006-11-25 16:39	41,472	--a------	C:\WINDOWS\system32\iolobtdfg.exe
2007-12-12 19:41 . 2006-11-25 16:39	25,264	--a------	C:\WINDOWS\system32\smrgdf.exe
2007-12-12 16:21 . 2007-12-12 16:21 d--------	C:\Documents and Settings\NetworkService\Application Data\iolo
2007-12-12 15:20 . 2007-12-12 15:20 d--------	C:\Documents and Settings\LocalService\Application Data\iolo
2007-12-12 15:20 . 2007-12-12 15:20	406	--a------	C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-12-12 15:13 . 2007-12-12 15:13	74,703	--a------	C:\WINDOWS\system32\mfc45.dll
2007-12-12 15:11 . 2007-12-13 19:12 d--------	C:\Documents and Settings\soner veli\Application Data\iolo
2007-12-12 15:11 . 2007-12-13 21:41 d--------	C:\Documents and Settings\All Users\Application Data\iolo
2007-12-08 23:33 . 2007-12-08 23:33 d--------	C:\Documents and Settings\soner veli\Application Data\MSNInstaller
2007-12-08 23:24 . 2007-12-09 00:19 d--------	C:\Program Files\Windows Live
2007-12-08 23:24 . 2007-12-09 00:18 d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-08 23:24 . 2007-12-09 00:14 d--------	C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-06 23:14 . 2002-12-29 01:14	81,920	--a------	C:\WINDOWS\system32\Startup.cpl
2007-11-20 22:09 . 2007-09-06 13:40	19,200	--a------	C:\WINDOWS\system32\drivers\tbhsd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 06:53	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Frigate3
2007-12-13 06:52	---------	d-----w	C:\Program Files\Dodo Speed Accelerator
2007-12-13 04:47	---------	d-----w	C:\Program Files\PPStream
2007-12-13 03:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-13 01:01	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Uniblue
2007-12-13 00:12	---------	d-----w	C:\Program Files\PC MightyMax
2007-12-13 00:12	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Bitcomet Turbo
2007-12-12 06:11	---------	d-----w	C:\Program Files\MyVirtualHome
2007-12-02 17:12	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\tunebite
2007-12-02 01:25	---------	d-----w	C:\Program Files\Tunebite
2007-11-26 09:11	---------	d-----w	C:\Program Files\LimeWire
2007-11-26 07:57	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\LimeWire
2007-11-26 07:51	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 11:38	---------	d-----w	C:\Program Files\Easy Flyer Creator
2007-11-18 07:22	---------	d-----w	C:\Program Files\iPod
2007-11-18 07:17	---------	d-----w	C:\Program Files\iTunes
2007-11-18 05:41	---------	d-----w	C:\Program Files\Frigate3
2007-11-15 09:30	---------	d-----w	C:\Program Files\Opera
2007-11-13 10:25	20,480	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 07:35	---------	d-----w	C:\Documents and Settings\All Users\Application Data\MGS
2007-11-04 17:16	---------	d-----w	C:\Program Files\Replay Media Catcher
2007-11-04 17:05	2,293,712	----a-w	C:\Program Files\FLV PlayerFCSetup.exe
2007-11-04 17:02	3,655,488	----a-w	C:\Program Files\FLV PlayerRCATSetup.exe
2007-11-04 17:01	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\GetRightToGo
2007-11-04 16:55	411,248	----a-w	C:\Program Files\FLV PlayerRCSetup.exe
2007-11-04 16:54	---------	d-----w	C:\Program Files\FLV Player
2007-11-02 05:41	---------	d-----w	C:\Program Files\Windows Media Recorder
2007-11-01 22:00	---------	d-----w	C:\Program Files\WMR11
2007-11-01 18:12	---------	d-----w	C:\Program Files\WinPcap
2007-10-31 19:03	---------	d-----w	C:\Program Files\Java
2007-10-31 19:01	---------	d-----w	C:\Program Files\Common Files\Java
2007-10-31 18:53	---------	d-----w	C:\Program Files\Apple Software Update
2007-10-30 17:52	102,664	----a-w	C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-30 01:27	---------	d-----w	C:\Program Files\Intricate Words
2007-10-30 01:25	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-10-29 22:43	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-28 03:08	---------	d-----w	C:\Program Files\STK018_V2.01
2007-10-28 01:40	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:32	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\HouseCall 6.6
2007-10-20 17:19	---------	d-----w	C:\Program Files\Telstra
2007-10-20 17:19	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2007-10-20 17:19	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Telstra
2007-10-20 15:50	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\SlipStream
2007-06-02 21:27	774,144	-c--a-w	C:\Program Files\RngInterstitial.dll
2007-07-21 21:18	88	-csh--r	C:\WINDOWS\system32\F23BE58C7E.sys
2007-07-21 21:18	3,350	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iolo AntiVirus"="C:\Program Files\iolo\AntiVirus\ioloAV.exe" [2007-12-07 12:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dodo Speed Accelerator.lnk]
backup=C:\WINDOWS\pss\Dodo Speed Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
backup=C:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00	15360	--a------	C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
C:\Program Files\Hard Drive Inspector\HDInspector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-14 09:00	267064	--a------	C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCECATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50	155648	--a--c---	C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMRealtime]
C:\Program Files\PC MightyMax\pcmm.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\VistaCodecPack\QT\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
2006-06-09 03:05	253952	--a------	C:\Program Files\Dodo Speed Accelerator\slipcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
2007-11-03 11:38	820072	--a------	C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupXPert]
C:\Documents and Settings\soner veli\Desktop\Program Files\StartupXPert\StartupXPert.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05	204288	-----c---	C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
C:\Program Files\XoftSpySE\xoftspy.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

R2 InterBaseGuardian;Firebird Guardian Service;C:\Program Files\Firebird\bin\ibguard -s []
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R3 als4k;Avance Audio Miniport Driver (WDM);C:\WINDOWS\system32\drivers\als4000.sys [2001-10-22 12:46]
R3 InterBaseServer;Firebird Server;C:\Program Files\Firebird\bin\ibserver -s []
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys [2007-09-06 13:40]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 11:50]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 09:31]

*Newly Created Service* - CATCHME 
.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 10:19:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-19 11:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2007-12-13 00:22:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-12 21:21:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 10:04:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19 10:05:20
C:\ComboFix2.txt ... 2007-12-19 07:42
.
2007-12-15 09:04:59	--- E O F ---


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:44 AM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 5201 bytes


----------



## kanachoe (Apr 20, 2007)

is this right now i swear i am hopeless with these computers lol thanks for helping it is still lagging tho.


----------



## zabusant (Sep 6, 2007)

Perhaps it would be best to move this thread?


----------



## kanachoe (Apr 20, 2007)

hi i just rebooted the computer and i done scans again here are the logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:12 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 5166 bytes

ComboFix 07-12-18.1 - soner veli 2007-12-19 13:39:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.353 [GMT -8:00]
Running from: C:\Documents and Settings\soner veli\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-12 20:10 . 2007-12-12 20:10	432	--a------	C:\WINDOWS\system32\iolo.ini
2007-12-12 20:05 . 2007-07-25 08:42	126,976	--a------	C:\WINDOWS\system32\iavlsp.dll
2007-12-12 20:04 . 2007-12-12 20:04 d--------	C:\Program Files\Common Files\Authentium
2007-12-12 19:41 . 2007-12-12 20:04 d--------	C:\Program Files\iolo
2007-12-12 19:41 . 2007-11-03 11:38	363,368	--a------	C:\WINDOWS\system32\Incinerator.dll
2007-12-12 19:41 . 2006-11-25 16:39	41,472	--a------	C:\WINDOWS\system32\iolobtdfg.exe
2007-12-12 19:41 . 2006-11-25 16:39	25,264	--a------	C:\WINDOWS\system32\smrgdf.exe
2007-12-12 16:21 . 2007-12-12 16:21 d--------	C:\Documents and Settings\NetworkService\Application Data\iolo
2007-12-12 15:20 . 2007-12-12 15:20 d--------	C:\Documents and Settings\LocalService\Application Data\iolo
2007-12-12 15:20 . 2007-12-12 15:20	406	--a------	C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-12-12 15:13 . 2007-12-12 15:13	74,703	--a------	C:\WINDOWS\system32\mfc45.dll
2007-12-12 15:11 . 2007-12-13 19:12 d--------	C:\Documents and Settings\soner veli\Application Data\iolo
2007-12-12 15:11 . 2007-12-13 21:41 d--------	C:\Documents and Settings\All Users\Application Data\iolo
2007-12-08 23:33 . 2007-12-08 23:33 d--------	C:\Documents and Settings\soner veli\Application Data\MSNInstaller
2007-12-08 23:24 . 2007-12-09 00:19 d--------	C:\Program Files\Windows Live
2007-12-08 23:24 . 2007-12-09 00:18 d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-08 23:24 . 2007-12-09 00:14 d--------	C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-06 23:14 . 2002-12-29 01:14	81,920	--a------	C:\WINDOWS\system32\Startup.cpl
2007-11-20 22:09 . 2007-09-06 13:40	19,200	--a------	C:\WINDOWS\system32\drivers\tbhsd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 06:53	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Frigate3
2007-12-13 06:52	---------	d-----w	C:\Program Files\Dodo Speed Accelerator
2007-12-13 04:47	---------	d-----w	C:\Program Files\PPStream
2007-12-13 03:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-13 01:01	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Uniblue
2007-12-13 00:12	---------	d-----w	C:\Program Files\PC MightyMax
2007-12-13 00:12	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Bitcomet Turbo
2007-12-12 06:11	---------	d-----w	C:\Program Files\MyVirtualHome
2007-12-02 17:12	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\tunebite
2007-12-02 01:25	---------	d-----w	C:\Program Files\Tunebite
2007-11-26 09:11	---------	d-----w	C:\Program Files\LimeWire
2007-11-26 07:57	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\LimeWire
2007-11-26 07:51	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 11:38	---------	d-----w	C:\Program Files\Easy Flyer Creator
2007-11-18 07:22	---------	d-----w	C:\Program Files\iPod
2007-11-18 07:17	---------	d-----w	C:\Program Files\iTunes
2007-11-18 05:41	---------	d-----w	C:\Program Files\Frigate3
2007-11-15 09:30	---------	d-----w	C:\Program Files\Opera
2007-11-13 10:25	20,480	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 07:35	---------	d-----w	C:\Documents and Settings\All Users\Application Data\MGS
2007-11-04 17:16	---------	d-----w	C:\Program Files\Replay Media Catcher
2007-11-04 17:05	2,293,712	----a-w	C:\Program Files\FLV PlayerFCSetup.exe
2007-11-04 17:02	3,655,488	----a-w	C:\Program Files\FLV PlayerRCATSetup.exe
2007-11-04 17:01	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\GetRightToGo
2007-11-04 16:55	411,248	----a-w	C:\Program Files\FLV PlayerRCSetup.exe
2007-11-04 16:54	---------	d-----w	C:\Program Files\FLV Player
2007-11-02 05:41	---------	d-----w	C:\Program Files\Windows Media Recorder
2007-11-01 22:00	---------	d-----w	C:\Program Files\WMR11
2007-11-01 18:12	---------	d-----w	C:\Program Files\WinPcap
2007-10-31 19:03	---------	d-----w	C:\Program Files\Java
2007-10-31 19:01	---------	d-----w	C:\Program Files\Common Files\Java
2007-10-31 18:53	---------	d-----w	C:\Program Files\Apple Software Update
2007-10-30 17:52	102,664	----a-w	C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-30 01:27	---------	d-----w	C:\Program Files\Intricate Words
2007-10-30 01:25	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-10-29 22:43	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-28 03:08	---------	d-----w	C:\Program Files\STK018_V2.01
2007-10-28 01:40	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:32	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\HouseCall 6.6
2007-10-20 17:19	---------	d-----w	C:\Program Files\Telstra
2007-10-20 17:19	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2007-10-20 17:19	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Telstra
2007-10-20 15:50	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\SlipStream
2007-06-02 21:27	774,144	-c--a-w	C:\Program Files\RngInterstitial.dll
2007-07-21 21:18	88	-csh--r	C:\WINDOWS\system32\F23BE58C7E.sys
2007-07-21 21:18	3,350	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iolo AntiVirus"="C:\Program Files\iolo\AntiVirus\ioloAV.exe" [2007-12-07 12:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dodo Speed Accelerator.lnk]
backup=C:\WINDOWS\pss\Dodo Speed Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
backup=C:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00	15360	--a------	C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
C:\Program Files\Hard Drive Inspector\HDInspector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-14 09:00	267064	--a------	C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCECATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50	155648	--a--c---	C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMRealtime]
C:\Program Files\PC MightyMax\pcmm.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\VistaCodecPack\QT\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
2006-06-09 03:05	253952	--a------	C:\Program Files\Dodo Speed Accelerator\slipcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
2007-11-03 11:38	820072	--a------	C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupXPert]
C:\Documents and Settings\soner veli\Desktop\Program Files\StartupXPert\StartupXPert.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05	204288	-----c---	C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
C:\Program Files\XoftSpySE\xoftspy.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

R2 InterBaseGuardian;Firebird Guardian Service;C:\Program Files\Firebird\bin\ibguard -s []
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R3 als4k;Avance Audio Miniport Driver (WDM);C:\WINDOWS\system32\drivers\als4000.sys [2001-10-22 12:46]
R3 InterBaseServer;Firebird Server;C:\Program Files\Firebird\bin\ibserver -s []
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys [2007-09-06 13:40]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 11:50]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 09:31]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 21:38:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-19 11:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2007-12-13 00:22:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-12 21:21:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 13:44:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\iavlsp.dll
.
Completion time: 2007-12-19 13:46:39
C:\ComboFix2.txt ... 2007-12-19 10:05
C:\ComboFix3.txt ... 2007-12-19 07:42
.
2007-12-15 09:04:59	--- E O F ---


----------



## Cookiegal (Aug 27, 2003)

You are running several anti-virus programs. It's not good to have more than one as they will conflict and cause problems. You need to decide which one you want to keep and remove the others.

Download and install *AVG Anti-Spyware v7.5*. Note to AVG Free anti-virus program users only: This is not the same program as the one you already have, this is an anti-spyware program so please proceed with the instructions. 

After download, double click on the file to launch the install process. 
Choose a language, click "*OK*" and then click "*Next*". 
Read the "_License Agreement_" and click "*I Agree*". 
Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "*Next*", then click "*Install*". 
After setup completes, click "*Finish*" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray. 
The main "*Status*" menu will appear. Select "_Change state_" to inactivate '*Resident Shield*' and '*Automatic Updates*'. _As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them._ 
Then right click on AVG Anti-Spyware in the system tray and *uncheck* "*Start with Windows*". 
Connect to the Internet, go back to AVG Anti-Spyware, select the "*Update*" button and click "*Start update*". 
Wait until you see the "_Update successful_" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer. 
Exit AVG Anti-Spyware when done - *DO NOT perform a scan yet*.
*Reboot your computer in SAFE MODE* using the *F8* method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". _(Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)_

*Scan with AVG Anti-Spyware as follows*:
Click on the "*Scanner*" button and choose the "*Settings*" tab.

Under "*How to act?*", click on "*Recommended actions*" and choose "*Quarantine*" to set default action for detected malware. 
Under "*How to Scan? *", "*Possibly unwanted software*", and *What to Scan?*" leave all the default settings. 
Under "*Reports*" select "*Do not automatically generate reports*". 
Click the "*Scan*" tab to return to scanning options. 
Click "*Complete System Scan*" to start. 
When the scan has finished, it should automatically be set to *Quarantine*--if not click on _Recommended Action_ and set it there. 
You will also be presented with a list of infected objects found. Click "*Apply all actions*" to place the files in Quarantine.
_*IMPORTANT!* Do not save the report before you have clicked the :*Apply all actions* button. If you do, the log that is created will indicate "*No action taken*", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button._
Click on "*Save Report*" to view all completed scans. Click on the most recent scan you just performed and select "*Save report as*" - the default file name will be in date/time format as follows: *Report-Scan-20060620-142816.txt*. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\ 
Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
_Note: Close all open windows, programs, and *DO NOT USE the computer while AVG Anti-Spyware is scanning*. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection._

_AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period._

Please go *HERE* to run Panda's ActiveScan
You need to use IE to run this scan
Once you are on the Panda site click the *Scan your PC* button
A new window will open...click the *Check Now* button
Enter your *Country*
Enter your *State/Province*
Enter your *e-mail address* and click *send*
Select either *Home User* or *Company*
Click the big *Scan Now* button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on *My Computer* to start the scan
When the scan completes, if anything malicious is detected, click the *See Report* button, *then Save Report* and save it to a convenient location. Post the contents of the ActiveScan report

*Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.*


----------



## kanachoe (Apr 20, 2007)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:	7:25:56 AM 12/20/2007

+ Scan result:

C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\soner veli\Application Data\Mozilla\Firefox\Profiles\g5poq9hg.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\soner veli\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\soner veli\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\soner veli\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.18:C:\Documents and Settings\soner veli\Application Data\Mozilla\Firefox\Profiles\g5poq9hg.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.13:C:\Documents and Settings\soner veli\Application Data\Mozilla\Firefox\Profiles\g5poq9hg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\soner veli\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.

::Report end


----------



## kanachoe (Apr 20, 2007)

Incident Status Location

Adware:adware/oemji Not disinfected Windows Registry 
Adware:adware/cws.searchmeup Not disinfected Windows Registry 
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\soner veli\Application Data\iolo\Disabled Entries\Current User\PowerReg Scheduler.exe 
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt 
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt 
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\soner veli\Desktop\ComboFix.exe[nircmd.exe] 
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\soner veli\Desktop\ComboFix.exe[nircmd.cfexe]  
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\soner veli\Desktop\SDFix.exe[SDFix\apps\Process.exe] 
Possible Virus. Not disinfected C:\Program Files\FaxTools\Install\Setup.exe 
Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\Setup.exe 
Spyware:Spyware/New.net Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir[z1.exe] 
Adware:Adware/TTC Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir[z3.exe] 
Adware:Adware/DeluxeComunications Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir[z4.exe] 
Adware:Adware/DeluxeComunications Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir[zin5.exe] 
Adware:Adware/Zenosearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir[z6.exe] 
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:28 AM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 5370 bytes


----------



## kanachoe (Apr 20, 2007)

ComboFix 07-12-18.1 - soner veli 2007-12-20 9:44:13.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.444 [GMT -8:00]
Running from: C:\Documents and Settings\soner veli\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.

2007-12-20 03:52 . 2007-12-20 03:52 d--------	C:\Documents and Settings\soner veli\Application Data\Grisoft
2007-12-20 03:51 . 2007-05-30 04:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-12 20:10 . 2007-12-12 20:10	432	--a------	C:\WINDOWS\system32\iolo.ini
2007-12-12 20:05 . 2007-07-25 08:42	126,976	--a------	C:\WINDOWS\system32\iavlsp.dll
2007-12-12 20:04 . 2007-12-12 20:04 d--------	C:\Program Files\Common Files\Authentium
2007-12-12 19:41 . 2007-12-12 20:04 d--------	C:\Program Files\iolo
2007-12-12 19:41 . 2007-11-03 11:38	363,368	--a------	C:\WINDOWS\system32\Incinerator.dll
2007-12-12 19:41 . 2006-11-25 16:39	41,472	--a------	C:\WINDOWS\system32\iolobtdfg.exe
2007-12-12 19:41 . 2006-11-25 16:39	25,264	--a------	C:\WINDOWS\system32\smrgdf.exe
2007-12-12 16:21 . 2007-12-12 16:21 d--------	C:\Documents and Settings\NetworkService\Application Data\iolo
2007-12-12 15:20 . 2007-12-12 15:20 d--------	C:\Documents and Settings\LocalService\Application Data\iolo
2007-12-12 15:20 . 2007-12-12 15:20	406	--a------	C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-12-12 15:13 . 2007-12-12 15:13	74,703	--a------	C:\WINDOWS\system32\mfc45.dll
2007-12-12 15:11 . 2007-12-13 19:12 d--------	C:\Documents and Settings\soner veli\Application Data\iolo
2007-12-12 15:11 . 2007-12-13 21:41 d--------	C:\Documents and Settings\All Users\Application Data\iolo
2007-12-08 23:33 . 2007-12-08 23:33 d--------	C:\Documents and Settings\soner veli\Application Data\MSNInstaller
2007-12-08 23:24 . 2007-12-09 00:19 d--------	C:\Program Files\Windows Live
2007-12-08 23:24 . 2007-12-09 00:18 d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-08 23:24 . 2007-12-09 00:14 d--------	C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-06 23:14 . 2002-12-29 01:14	81,920	--a------	C:\WINDOWS\system32\Startup.cpl
2007-11-20 22:09 . 2007-09-06 13:40	19,200	--a------	C:\WINDOWS\system32\drivers\tbhsd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 06:53	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Frigate3
2007-12-13 06:52	---------	d-----w	C:\Program Files\Dodo Speed Accelerator
2007-12-13 04:47	---------	d-----w	C:\Program Files\PPStream
2007-12-13 03:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-13 01:01	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Uniblue
2007-12-13 00:12	---------	d-----w	C:\Program Files\PC MightyMax
2007-12-13 00:12	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Bitcomet Turbo
2007-12-12 06:11	---------	d-----w	C:\Program Files\MyVirtualHome
2007-12-02 17:12	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\tunebite
2007-12-02 01:25	---------	d-----w	C:\Program Files\Tunebite
2007-11-26 09:11	---------	d-----w	C:\Program Files\LimeWire
2007-11-26 07:57	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\LimeWire
2007-11-26 07:51	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 11:38	---------	d-----w	C:\Program Files\Easy Flyer Creator
2007-11-18 07:22	---------	d-----w	C:\Program Files\iPod
2007-11-18 07:17	---------	d-----w	C:\Program Files\iTunes
2007-11-18 05:41	---------	d-----w	C:\Program Files\Frigate3
2007-11-15 09:30	---------	d-----w	C:\Program Files\Opera
2007-11-13 10:25	20,480	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 07:35	---------	d-----w	C:\Documents and Settings\All Users\Application Data\MGS
2007-11-04 17:16	---------	d-----w	C:\Program Files\Replay Media Catcher
2007-11-04 17:05	2,293,712	----a-w	C:\Program Files\FLV PlayerFCSetup.exe
2007-11-04 17:02	3,655,488	----a-w	C:\Program Files\FLV PlayerRCATSetup.exe
2007-11-04 17:01	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\GetRightToGo
2007-11-04 16:55	411,248	----a-w	C:\Program Files\FLV PlayerRCSetup.exe
2007-11-04 16:54	---------	d-----w	C:\Program Files\FLV Player
2007-11-02 05:41	---------	d-----w	C:\Program Files\Windows Media Recorder
2007-11-01 22:00	---------	d-----w	C:\Program Files\WMR11
2007-11-01 18:12	---------	d-----w	C:\Program Files\WinPcap
2007-10-31 19:03	---------	d-----w	C:\Program Files\Java
2007-10-31 19:01	---------	d-----w	C:\Program Files\Common Files\Java
2007-10-31 18:53	---------	d-----w	C:\Program Files\Apple Software Update
2007-10-30 17:52	102,664	----a-w	C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-30 01:27	---------	d-----w	C:\Program Files\Intricate Words
2007-10-30 01:25	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-10-29 22:43	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-28 03:08	---------	d-----w	C:\Program Files\STK018_V2.01
2007-10-28 01:40	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:32	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\HouseCall 6.6
2007-10-20 17:19	---------	d-----w	C:\Program Files\Telstra
2007-10-20 17:19	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2007-10-20 17:19	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Telstra
2007-10-20 15:50	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\SlipStream
2007-06-02 21:27	774,144	-c--a-w	C:\Program Files\RngInterstitial.dll
2007-07-21 21:18	88	-csh--r	C:\WINDOWS\system32\F23BE58C7E.sys
2007-07-21 21:18	3,350	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iolo AntiVirus"="C:\Program Files\iolo\AntiVirus\ioloAV.exe" [2007-12-07 12:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dodo Speed Accelerator.lnk]
backup=C:\WINDOWS\pss\Dodo Speed Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
backup=C:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00	15360	--a------	C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
C:\Program Files\Hard Drive Inspector\HDInspector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-14 09:00	267064	--a------	C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCECATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50	155648	--a--c---	C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMRealtime]
C:\Program Files\PC MightyMax\pcmm.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
 C:\Program Files\VistaCodecPack\QT\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
2006-06-09 03:05	253952	--a------	C:\Program Files\Dodo Speed Accelerator\slipcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
2007-11-03 11:38	820072	--a------	C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupXPert]
C:\Documents and Settings\soner veli\Desktop\Program Files\StartupXPert\StartupXPert.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05	204288	-----c---	C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
C:\Program Files\XoftSpySE\xoftspy.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

R2 InterBaseGuardian;Firebird Guardian Service;C:\Program Files\Firebird\bin\ibguard -s []
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R3 als4k;Avance Audio Miniport Driver (WDM);C:\WINDOWS\system32\drivers\als4000.sys [2001-10-22 12:46]
R3 InterBaseServer;Firebird Server;C:\Program Files\Firebird\bin\ibserver -s []
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys [2007-09-06 13:40]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 11:50]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 09:31]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-20 17:44:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-20 11:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2007-12-13 00:22:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-12 21:21:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 09:47:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\iavlsp.dll
.
Completion time: 2007-12-20 9:49:43
C:\ComboFix2.txt ... 2007-12-19 13:46
C:\ComboFix3.txt ... 2007-12-19 10:05
.
2007-12-15 09:04:59	--- E O F ---


----------



## Cookiegal (Aug 27, 2003)

Go to *Start* - *Search* - *All Files and Folders* and under *More advanced search options*. 
Make sure there is a check by *Search System Folders* and *Search hidden files and folders* and *Search system subfolders*.

Next click on *My Computer*. Go to *Tools* - *Folder Options*. Click on the View tab and make sure that *Show hidden files and folders* is checked. Also uncheck *Hide protected operating system files* and *Hide extensions for known file types*. Now click *Apply to all folders*. Click *Apply* then *OK*.

Now, go to the following link and upload each of the following files for analysis and let me know what the results are please:

http://virusscan.jotti.org/

*C:\Program Files\FaxTools\Install\Setup.exe 
C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\Setup.exe *


----------



## kanachoe (Apr 20, 2007)

how do i post it as i cant highlight them


----------



## Cookiegal (Aug 27, 2003)

Can you take a screenshot of the results?


----------



## kanachoe (Apr 20, 2007)

how do i do that?


----------



## Cookiegal (Aug 27, 2003)

When you see the report on your screen, hit the Print Screen button on your keyboard. This copies it to the clipboard. Then open up MS Paint and paste it there. Save it and then upload it as an attachment.


----------



## kanachoe (Apr 20, 2007)

im having trouble taking the screen shot because wen i do that u cant c the whole screen cuz it has those scroll bars n u cant c the whole window? is there any way i can make it smaller to get the whole screen shot?


----------



## Cookiegal (Aug 27, 2003)

Did the scan find anything?


----------



## kanachoe (Apr 20, 2007)

hi is this it


----------



## Cookiegal (Aug 27, 2003)

That is a SpyHunter scan. I asked you to run two files through the on-line scan at Jotti's to see if they are infected. This is the log I need.


Open HijackThis and click on "Config" and then on the "Misc Tools" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## kanachoe (Apr 20, 2007)

AccelClip Professional
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
Aimersoft DVD Ripper(Build 1.0.16)
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Authentium AntiVirus SDK - 2
Avance ALS4000 Sound System
AVG Anti-Spyware 7.5
BigPond Username & Password Tool
Brother MFL-Pro Suite
CHM Editor
Copernic Agent Basic
Digital Camera
Dodo Speed Accelerator
Driver Detective
DVD Shrink 3.2
Easy Flyer Creator 
EVEREST Home Edition v2.20
Ez-Architect
FaxTools
Firebird 1.0.0.796
FLV Player
Gadget Buster 1.0
goCRM
Google Desktop
Google Earth
Hijackthis 1.99.1
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HouseCall 6.6
Incomedia WebSite X5
IncrediMail Xe
iolo AntiVirus
iolo technologies' System Mechanic 7
IrfanView (remove only)
iTunes
Java(TM) 6 Update 3
Joost (tm) 0.9.4
LimeWire 4.12.15
LiveUpdate 3.0 (Symantec Corporation)
MagicWorld version 1.01
Media Resizer
Media Resizer PRO
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Monopoly
Monopoly Casino
Monopoly Tycoon
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MultiStage Recovery 2.7
MyVirtualHome
Nero Media Player
Nero OEM
NeroVision Express 2
ninemsn Internet Software
Opera 9.24
Panda ActiveScan
PaperPort
PhotoImpression
Picasa 2
Power Phone Book Enterprise Edition
PPTexpert PPTmovie
Punch! Super Home Suite Demo
QuickTime
RapidTyping 1.1.9.6
Recover My Files
RegSweep
Replay Media Catcher
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Showoff Home Design 1.0
Simpaplex version 1.4.16.859
Slot_Parthenon 7.0
Slot_Scary 4.0
Slots_Cleo 3.0
Slots_Dreaming 4.0
Slots_TUT 4.0
SpyHunter
StartupXPert 2.1 Professional
STK018_V2.01
Tunebite 4.1.0.35
Ulead Photo Express 4.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Vista Codec Package
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Recorder
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 4.0
WM Recorder 12.0
XviD MPEG-4 Video Codec
Yahoo! Messenger


----------



## kanachoe (Apr 20, 2007)

sorry i just worked out the other one you told me the first one found nothing
the 2nd one found nothing


----------



## ~Candy~ (Jan 27, 2001)

While you are waiting for cookiegal to return....might I suggest that you UNISTALL Limewire.......


----------



## kanachoe (Apr 20, 2007)

yeah thanks


----------



## kanachoe (Apr 20, 2007)

acacandy i deleted limewire now


----------



## Cookiegal (Aug 27, 2003)

Did you fix those things detected by SpyHunter?

I would remove SpyHunter as it has a dubious reputation.


How are things running now?


----------



## kanachoe (Apr 20, 2007)

No not yet i was waiting for you what to should i do that now i have deleted limewire now. its still lagging


----------



## Cookiegal (Aug 27, 2003)

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause _"unpredictable results"_.
Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Download *SDFix* and save it to your Desktop.

Double click *SDFix.exe* and it will extract the files to %systemdrive% 
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in *Safe Mode* by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press *Enter*
Choose your usual account.

Open the extracted SDFix folder and double click *RunThis.bat* to start the script. 
Type *Y* to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot. 
Press any Key and it will restart the PC. 
When the PC restarts the Fixtool will run again and complete the removal process then display *Finished*, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as *Report.txt* 
(Report.txt will also be copied to the clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


----------



## kanachoe (Apr 20, 2007)

SDFix: Version 1.119

Run by soner veli on Sat 12/22/2007 at 05:18 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\SONERV~1\Desktop\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\ULTRA.DLL - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 17:27:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\SONERV~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 29 Aug 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 21 Jul 2007 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 15 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Finished!


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:34 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\Program Files\iolo\AntiVirus\ioloAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 5282 bytes


----------



## Cookiegal (Aug 27, 2003)

Go *here* and download *Spybot Search & Destroy*.

Install the program and launch it.

Before scanning press *Online* and *Search for Updates* .

Put a check mark at and install *all updates*.

Click *Check for Problems* and when the scan is finished let Spybot fix/remove *all* it finds marked in RED.

Then locate the log file and post it here please. You will find it a a .txt file in the Logs directory at this location:

C:\Documents and Settings\UserName\Application Data\Spybot - Search & Destroy\Logs


----------



## kanachoe (Apr 20, 2007)

12/23/2007 10:28:26 AM Allowed (based on user decision) value "SpybotDeletingB5235" (new data: "command /c del "C:\Program Files\Mozilla Firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}\install.rdf"") added in System Startup user entry!
12/23/2007 10:28:32 AM Allowed (based on user decision) value "SpybotDeletingD1072" (new data: "cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}\install.rdf"") added in System Startup user entry!
12/23/2007 10:28:34 AM Allowed (based on user decision) value "SpybotDeletingA945" (new data: "command /c del "C:\Program Files\Mozilla Firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}\install.rdf"") added in System Startup global entry!
12/23/2007 10:28:36 AM Allowed (based on user decision) value "SpybotDeletingC1441" (new data: "cmd /c del "C:\Program Files\Mozilla Firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}\install.rdf"") added in System Startup global entry!


----------



## Cookiegal (Aug 27, 2003)

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply with a new hijackthis log.*

Click *Close* to exit the program.


----------



## kanachoe (Apr 20, 2007)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/23/2007 at 02:51 PM

Application Version : 3.9.1008

Core Rules Database Version : 3366
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 01:02:49

Memory items scanned : 363
Memory threats detected : 0
Registry items scanned : 6068
Registry threats detected : 1
File items scanned : 67281
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][2].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][2].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][2].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][2].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][3].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt
C:\Documents and Settings\soner veli\Cookies\[email protected][1].txt

Unclassified.PC MightyMax
HKU\S-1-5-21-1454471165-152049171-839522115-1003\Software\PC MightyMax
C:\Program Files\PC MightyMax\lic.conf
C:\Program Files\PC MightyMax\lic.dat
C:\Program Files\PC MightyMax\pcdocrx.conf
C:\Program Files\PC MightyMax\undo
C:\Program Files\PC MightyMax


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:08 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\AntiVirus\ioloAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\AntiVirus\ioloAV.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 6002 bytes


----------



## Cookiegal (Aug 27, 2003)

Can you run SpyHunter again and post the screen shot? You may need to post two screen shots as I need to see the entire location in the registry.


----------



## kanachoe (Apr 20, 2007)

heres 
one


----------



## kanachoe (Apr 20, 2007)

hi is this ok


----------



## kanachoe (Apr 20, 2007)

hi here is the first section


----------



## Cookiegal (Aug 27, 2003)

Go *here* to download AlcanShorty_en.exe. Scroll down to the middle of the page and click on "Download File" and save it to your desktop.

Double click the *alcanShorty.exe* file and follow prompts. 
It will make a folder on desktop called *Alcan Shorty*
Open the Alcan Shorty folder & double click the *run.bat* file to run it.
This will download a file called BFU.exe and a BFU script. 
If your firewall asks for permission to connect to the Internet you must allow it.
A message box will pop up saying "complete". 
Be patient and wait for the message box to appear as it may take some time.
Press OK then BFU.exe will open. 
Select the option to "Show log after script ends"
Execute the script by clicking the *Execute* button.
Note that you should see a progress bar while the script is being executed.
When the script has finished press "copy" and that will make a copy of the report in your clipboard. 
Paste the log into Notepad and save it to your desktop in case it's needed later.
*Note*: If you have any questions about the use of BFU please read *here*.

Download new.netfix.exe by noahdfear. Save the file to your desktop. Double click, then click Start to extract the contents to its own folder. Open the folder and double click the RunThis.bat file to start the tool. Follow the prompts and post the contents of the new.net.txt file it creates in the folder.

Then run SpyHunter once more and post the results please.


----------



## kanachoe (Apr 20, 2007)

I have just done this one thanks for this help



BFU v1.10.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 12:55:56 PM, on 12/25/2007

Option Unload Explorer: Yes
Warning: unknown command 'OptionStatusOn' on line #7
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll|1 (file not found)
Failed: DllUnregister \888Bar.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\software\microsoft\windows\currentversion\policies\explorer\run|{84c4d3ae-0bb0-1033-0729-050001} (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FolderDelete C:\WINDOWS\system32\nstlr (folder not found)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
Failed: FileDelete C:\DOCUME~1\SONERV~1\LOCALS~1\Temp\~DF7DF5.tmp (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\fb_408.lck (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\PSCastor (folder not found)
Failed: FolderDelete C:\Program Files\CMIntex (folder not found)
Failed: FolderDelete C:\Program Files\PadsysAssistant (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20000 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\Program Files\Ipwindows (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
Failed: FolderDelete C:\Program Files\folder.js (folder not found)
Failed: FolderDelete C:\Program Files\ini.ini (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
Failed: FolderDelete C:\Program Files\PSDream (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\Web Buying (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Failed: FileMove C:\bintheredunthat\GoggleboxTV.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\PPnt2000.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\Ppnt95.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\PPnt97.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\RestartIt!.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\TrialArticleRewriterPro.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\6-12_xp_dd_ccc_wdm_enu_38463.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\7-9_xp32_dd_ccc_wdm_enu_52443.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\avgas-signatures-full-current.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\eMule0.47c-Installer.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\LimeWireWin.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\LimeWireWin4.12.15.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\LimeWireWin4.14.10.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\MozillaBrowserPlugin.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\MozillaPluginUninstaller.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\setup.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\setup_rac.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\ShowOff2005LANDSCAPEUnlimited_setupVA.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\uninst.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\Uninstall.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\Wheel_of_Fortune_Deluxe_Setup.exe|C:\bintheredunthat (operation failed)
Script completed.


----------



## kanachoe (Apr 20, 2007)

this is coming up new.net regsitry key fix

by noahdfear ©2006

checking for new.net key

new.net not found!
new.net regsitry key fix

by noahdfear ©2006

checking for new.net key

new.net not found!


----------



## Cookiegal (Aug 27, 2003)

Run SpyHunter again please and post the screenshots.


----------



## kanachoe (Apr 20, 2007)

here it is


----------



## kanachoe (Apr 20, 2007)

this is the other one


----------



## Cookiegal (Aug 27, 2003)

Have SpyHunter fix the remaining things it found.

How are things now?


----------



## kanachoe (Apr 20, 2007)

I have to own the product for it to work and i dont own it so what is the best way to fix it.


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a Fixkanachoe.zip file to this post. Save it to your desktop. Unzip it and double click the Fixkanachoe.reg file and allow it to enter into the registry.

Reboot and run SpyHunter again and be sure to post the enter registry keys where whatever remains is found. I don't need the cookies though.


----------



## kanachoe (Apr 20, 2007)

Do you need the first part what programms they are.


----------



## kanachoe (Apr 20, 2007)

everytime i scan with this program it is hard to get rid off it keeps saying execute


----------



## Cookiegal (Aug 27, 2003)

Are you sure these were run after using the regfix and rebooting?


----------



## kanachoe (Apr 20, 2007)

yeah i did


----------



## Cookiegal (Aug 27, 2003)

Are you at all familiar with the registry? Do you know how to go looking around and/or deleting things?


----------



## kanachoe (Apr 20, 2007)

no i dont understand that.


----------



## Cookiegal (Aug 27, 2003)

OK. I'm attaching another regfix. Please do exactly the same as you did with the previous one.

Then reboot and run SpyHunter again. There was one I couldn't see the entire registry key so it will still be there. Please be sure to show the entire registry key.


----------



## kanachoe (Apr 20, 2007)

hi happy new year and is the file? these were all bear share


----------



## Cookiegal (Aug 27, 2003)

Those were all taken out by the regfix so I really don't trust these results. 

Get rid of SpyHunter, as I suggested before, as it's not trustworthy.

Are there any problems remaining?


----------



## kanachoe (Apr 20, 2007)

na its a lot better than before thanks for that


----------



## Cookiegal (Aug 27, 2003)

You can delete the ComboFix utility and delete this folder, which is where ComboFix stores deleted files as backups:

C:\*Qoobox*

Here are some final instructions for you.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.

Delete Temporary Files:

Go to *Start* - *Run* and type in *cleanmgr* and click OK. 
Let it scan your system for files to remove. 
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. 
Press OK to remove them.


----------



## kanachoe (Apr 20, 2007)

Hi sorry but its still going really slow and even the scrolling is going slow do you know if this could be the problem. I have deleted all the things that you said but the bearshare is in with the IE toolbar and i cany find were to delete it.


----------



## Cookiegal (Aug 27, 2003)

I don't understand what this screenshot is meant to show me?


----------



## kanachoe (Apr 20, 2007)

it says conflicts and sharing is this normal as this thing is going so slow.


----------



## Cookiegal (Aug 27, 2003)

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet *after downloading the program and before scanning*.


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause _"unpredictable results"_.
Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Download *ComboFix* and save it to your desktop.

***Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.

 WARNING: *IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts. *
*Please do not re-connect your machine back to the Internet until ComboFix has completely finished.*
If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on *combofix.exe* and follow the prompts. When finished, it will produce a report for you. Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review.

***Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall***


----------



## kanachoe (Apr 20, 2007)

ComboFix 08-01-13.1 - soner veli 2008-01-13 13:31:05.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.386 [GMT -8:00]
Running from: C:\Documents and Settings\soner veli\Desktop\ComboFix.exe
* Created a new restore point

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 13:28 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-10 20:08 . 2008-01-10 20:10	1,374	--a------	C:\WINDOWS\imsins.BAK
2008-01-10 18:52 . 2008-01-10 18:52 d--------	C:\WINDOWS\12A83A720CF44FB08DBD87E46884433A.TMP
2008-01-09 14:27 . 2008-01-09 14:27 d--------	C:\Documents and Settings\soner veli\Application Data\ScanSoft
2008-01-05 01:05 . 2008-01-11 18:22 d--------	C:\Program Files\Aussie Slots
2008-01-05 01:05 . 2008-01-05 01:04	720,896	--a------	C:\WINDOWS\iun6002.exe
2008-01-04 23:31 . 2008-01-04 23:31 d--------	C:\Program Files\Pokie Magic Games
2007-12-27 11:16 . 2007-12-04 05:04	837,496	--a------	C:\WINDOWS\system32\aswBoot.exe
2007-12-27 11:16 . 2007-12-04 04:54	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2007-12-27 11:16 . 2007-12-04 06:55	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-27 11:16 . 2007-12-04 06:56	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-27 11:16 . 2007-12-04 06:51	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-27 11:16 . 2007-12-04 06:49	26,624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-27 11:16 . 2007-12-04 06:53	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-27 10:22 . 2007-12-27 10:22 d--------	C:\Program Files\CCleaner
2007-12-25 15:03 . 2007-12-25 15:03 d--------	C:\Documents and Settings\soner veli\new.netfix
2007-12-25 09:50 . 2008-01-12 11:33 d--------	C:\bintheredunthat
2007-12-25 09:40 . 2007-12-25 09:40 d--------	C:\Documents and Settings\soner veli\alcanshorty_en
2007-12-22 17:17 . 2008-01-11 18:20 d--------	C:\WINDOWS\ERUNT
2007-12-21 09:46 . 2008-01-01 01:58 d--------	C:\Program Files\Enigma Software Group
2007-12-20 03:52 . 2007-12-20 03:52 d--------	C:\Documents and Settings\soner veli\Application Data\Grisoft
2007-12-20 03:51 . 2007-05-30 04:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 03:09	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\LimeWire
2008-01-11 10:04	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-01-11 09:43	---------	d-----w	C:\Program Files\iolo
2007-12-29 11:07	---------	d-----w	C:\Program Files\Gnutella Turbo
2007-12-29 11:07	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\MP3Rocket
2007-12-29 11:07	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\LimeWireTurbo
2007-12-27 21:46	---------	d-----w	C:\Program Files\Opera
2007-12-25 18:34	---------	d-----w	C:\Program Files\Showoff Home Design
2007-12-25 18:33	---------	d-----w	C:\Program Files\Picasa2
2007-12-25 18:33	---------	d-----w	C:\Program Files\LimeWire
2007-12-25 18:33	---------	d-----w	C:\Program Files\eMule
2007-12-20 19:13	---------	d-----w	C:\Program Files\Windows Defender
2007-12-20 19:03	---------	d-----w	C:\Program Files\Dodo Speed Accelerator
2007-12-13 06:53	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Frigate3
2007-12-13 04:47	---------	d-----w	C:\Program Files\PPStream
2007-12-13 03:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-13 01:01	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Uniblue
2007-12-13 00:12	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Bitcomet Turbo
2007-12-12 23:13	74,703	----a-w	C:\WINDOWS\system32\mfc45.dll
2007-12-12 06:11	---------	d-----w	C:\Program Files\MyVirtualHome
2007-12-09 08:19	---------	d-----w	C:\Program Files\Windows Live
2007-12-09 08:18	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-09 08:14	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-09 07:33	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\MSNInstaller
2007-11-26 07:51	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 11:38	---------	d-----w	C:\Program Files\Easy Flyer Creator
2007-11-18 07:22	---------	d-----w	C:\Program Files\iPod
2007-11-18 07:17	---------	d-----w	C:\Program Files\iTunes
2007-11-18 05:41	---------	d-----w	C:\Program Files\Frigate3
2007-11-13 10:25	20,480	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26	721,920	----a-w	C:\WINDOWS\system32\lsasrv.dll
2007-11-04 17:05	2,293,712	----a-w	C:\Program Files\FLV PlayerFCSetup.exe
2007-11-04 17:02	3,655,488	----a-w	C:\Program Files\FLV PlayerRCATSetup.exe
2007-11-04 16:55	411,248	----a-w	C:\Program Files\FLV PlayerRCSetup.exe
2007-10-29 22:43	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-06-02 21:27	774,144	-c--a-w	C:\Program Files\RngInterstitial.dll
2007-07-21 21:18	88	-csh--r	C:\WINDOWS\system32\F23BE58C7E.sys
2007-07-21 21:18	3,350	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:34 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symant


----------



## Cookiegal (Aug 27, 2003)

You didn't post your entire ComboFix log and you also cut off the bottom of the HijackThis log.


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:34 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 4985 bytes


----------



## kanachoe (Apr 20, 2007)

ComboFix 08-01-13.1 - soner veli 2008-01-13 13:31:05.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.386 [GMT -8:00]
Running from: C:\Documents and Settings\soner veli\Desktop\ComboFix.exe
* Created a new restore point

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 13:28 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-10 20:08 . 2008-01-10 20:10	1,374	--a------	C:\WINDOWS\imsins.BAK
2008-01-10 18:52 . 2008-01-10 18:52 d--------	C:\WINDOWS\12A83A720CF44FB08DBD87E46884433A.TMP
2008-01-09 14:27 . 2008-01-09 14:27 d--------	C:\Documents and Settings\soner veli\Application Data\ScanSoft
2008-01-05 01:05 . 2008-01-11 18:22 d--------	C:\Program Files\Aussie Slots
2008-01-05 01:05 . 2008-01-05 01:04	720,896	--a------	C:\WINDOWS\iun6002.exe
2008-01-04 23:31 . 2008-01-04 23:31 d--------	C:\Program Files\Pokie Magic Games
2007-12-27 11:16 . 2007-12-04 05:04	837,496	--a------	C:\WINDOWS\system32\aswBoot.exe
2007-12-27 11:16 . 2007-12-04 04:54	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2007-12-27 11:16 . 2007-12-04 06:55	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-27 11:16 . 2007-12-04 06:56	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-27 11:16 . 2007-12-04 06:51	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-27 11:16 . 2007-12-04 06:49	26,624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-27 11:16 . 2007-12-04 06:53	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-27 10:22 . 2007-12-27 10:22 d--------	C:\Program Files\CCleaner
2007-12-25 15:03 . 2007-12-25 15:03 d--------	C:\Documents and Settings\soner veli\new.netfix
2007-12-25 09:50 . 2008-01-12 11:33 d--------	C:\bintheredunthat
2007-12-25 09:40 . 2007-12-25 09:40 d--------	C:\Documents and Settings\soner veli\alcanshorty_en
2007-12-22 17:17 . 2008-01-11 18:20 d--------	C:\WINDOWS\ERUNT
2007-12-21 09:46 . 2008-01-01 01:58 d--------	C:\Program Files\Enigma Software Group
2007-12-20 03:52 . 2007-12-20 03:52 d--------	C:\Documents and Settings\soner veli\Application Data\Grisoft
2007-12-20 03:51 . 2007-05-30 04:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 03:09	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\LimeWire
2008-01-11 10:04	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-01-11 09:43	---------	d-----w	C:\Program Files\iolo
2007-12-29 11:07	---------	d-----w	C:\Program Files\Gnutella Turbo
2007-12-29 11:07	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\MP3Rocket
2007-12-29 11:07	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\LimeWireTurbo
2007-12-27 21:46	---------	d-----w	C:\Program Files\Opera
2007-12-25 18:34	---------	d-----w	C:\Program Files\Showoff Home Design
2007-12-25 18:33	---------	d-----w	C:\Program Files\Picasa2
2007-12-25 18:33	---------	d-----w	C:\Program Files\LimeWire
2007-12-25 18:33	---------	d-----w	C:\Program Files\eMule
2007-12-20 19:13	---------	d-----w	C:\Program Files\Windows Defender
2007-12-20 19:03	---------	d-----w	C:\Program Files\Dodo Speed Accelerator
2007-12-13 06:53	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Frigate3
2007-12-13 04:47	---------	d-----w	C:\Program Files\PPStream
2007-12-13 03:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-13 01:01	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Uniblue
2007-12-13 00:12	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\Bitcomet Turbo
2007-12-12 23:13	74,703	----a-w	C:\WINDOWS\system32\mfc45.dll
2007-12-12 06:11	---------	d-----w	C:\Program Files\MyVirtualHome
2007-12-09 08:19	---------	d-----w	C:\Program Files\Windows Live
2007-12-09 08:18	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-09 08:14	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-09 07:33	---------	d-----w	C:\Documents and Settings\soner veli\Application Data\MSNInstaller
2007-11-26 07:51	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 11:38	---------	d-----w	C:\Program Files\Easy Flyer Creator
2007-11-18 07:22	---------	d-----w	C:\Program Files\iPod
2007-11-18 07:17	---------	d-----w	C:\Program Files\iTunes
2007-11-18 05:41	---------	d-----w	C:\Program Files\Frigate3
2007-11-13 10:25	20,480	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26	721,920	----a-w	C:\WINDOWS\system32\lsasrv.dll
2007-11-04 17:05	2,293,712	----a-w	C:\Program Files\FLV PlayerFCSetup.exe
2007-11-04 17:02	3,655,488	----a-w	C:\Program Files\FLV PlayerRCATSetup.exe
2007-11-04 16:55	411,248	----a-w	C:\Program Files\FLV PlayerRCSetup.exe
2007-10-29 22:43	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-06-02 21:27	774,144	-c--a-w	C:\Program Files\RngInterstitial.dll
2007-07-21 21:18	88	-csh--r	C:\WINDOWS\system32\F23BE58C7E.sys
2007-07-21 21:18	3,350	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dodo Speed Accelerator.lnk]
backup=C:\WINDOWS\pss\Dodo Speed Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^soner veli^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
backup=C:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
-r---c--- 2006-03-28 14:48 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
C:\Program Files\Hard Drive Inspector\HDInspector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo AntiVirus]
C:\Program Files\iolo\AntiVirus\ioloAV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-14 09:00 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCECATS]
--a--c--- 2005-07-20 05:46 73728 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMRealtime]
C:\Program Files\PC MightyMax\pcmm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-06-29 05:24 286720 C:\Program Files\VistaCodecPack\QT\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
--a------ 2006-06-09 03:05 253952 C:\Program Files\Dodo Speed Accelerator\slipcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupXPert]
--a--c--- 2006-09-16 11:21 476160 C:\Documents and Settings\soner veli\Desktop\Program Files\StartupXPert\StartupXPert.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a--c--- 2007-03-16 22:59 100048 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
C:\Program Files\XoftSpySE\xoftspy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a--c--- 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R2 InterBaseGuardian;Firebird Guardian Service;C:\Program Files\Firebird\bin\ibguard []
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R3 als4k;Avance Audio Miniport Driver (WDM);C:\WINDOWS\system32\drivers\als4000.sys [2001-10-22 12:46]
R3 InterBaseServer;Firebird Server;C:\Program Files\Firebird\bin\ibserver []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 11:50]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 09:31]
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 09:30:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-13 11:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2008-01-12 00:22:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-12 21:21:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 13:35:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-01-13 13:36:28
.
2008-01-12 03:57:20	--- E O F ---

sorry


----------



## Cookiegal (Aug 27, 2003)

You're using AVAST anti-virus yet you also have entries for AVG Free, Norton and Iolo anti-virus so you need to uninstall all of the others. It's not good enough to disable them through msconfig as they will still have components running. Having more than one anti-virus program installed can cause problems. 

Please take care of that and then post a new HijackThis log and let me know how things are.


----------



## kanachoe (Apr 20, 2007)

Its saying iolo is being used in another program how can i find out which program?


----------



## Cookiegal (Aug 27, 2003)

It's the program itself that's running. You need to shut it down before trying to remove it.

I'm not familiar with Iolo. Is it just an anti-virus program or does this software do something else?


----------



## kanachoe (Apr 20, 2007)

i dont know i have deleted it and i have clsed all antivirus programs down


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:31 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Zards software\Cleanse Uninstaller\Cleanse uninstaller.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 4702 bytes


----------



## kanachoe (Apr 20, 2007)

They wolnt delet and i have a firebird on here i dont know what that is


----------



## Cookiegal (Aug 27, 2003)

Here's information on Firebird:

http://www.firebirdnews.org/docs/fb2min.html


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on "Config" and then on the "Misc Tools" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## kanachoe (Apr 20, 2007)

Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
Aimersoft DVD Ripper(Build 1.0.16)
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avance ALS4000 Sound System
avast! Antivirus
BigPond Username & Password Tool
Brother MFL-Pro Suite
CCleaner (remove only)
Copernic Agent Basic
Digital Camera
Dodo Speed Accelerator
DVD Shrink 3.2
Easy Flyer Creator 
Ez-Architect
FaxTools
Firebird 1.0.0.796
FLV Player
Gadget Buster 1.0
goCRM
Google Earth
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Incomedia WebSite X5
IncrediMail Xe
IrfanView (remove only)
iTunes
Java(TM) 6 Update 3
Joost (tm) 0.9.4
MagicWorld version 1.01
Media Resizer
Media Resizer PRO
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Monopoly
Monopoly Casino
Monopoly Tycoon
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MultiStage Recovery 2.7
MyVirtualHome
Nero Media Player
Nero OEM
NeroVision Express 2
ninemsn Internet Software
Opera 9.25
PaperPort
PhotoImpression
Power Phone Book Enterprise Edition
PPTexpert PPTmovie
Punch! Super Home Suite Demo
QuickTime
RapidTyping 1.1.9.6
Recover My Files
RegSweep
Replay Media Catcher
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Simpaplex version 1.4.16.859
Slot_Parthenon 7.0
Slot_Scary 4.0
Slots_Cleo 3.0
Slots_Dreaming 4.0
Slots_TUT 4.0
StartupXPert 2.1 Professional
STK018_V2.01
Ulead Photo Express 4.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Vista Codec Package
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Recorder
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 4.0
WM Recorder 12.0
XviD MPEG-4 Video Codec
Yahoo! Messenger


----------



## Cookiegal (Aug 27, 2003)

Ca you tell me what this program is?

*STK018_V2.01*

What exactly did you remove that pertains to Iolo?


----------



## kanachoe (Apr 20, 2007)

dont know about this STK018_V2.01

i deleted it from add and remove under my computer


----------



## Cookiegal (Aug 27, 2003)

What problems remain now?


----------



## kanachoe (Apr 20, 2007)

its still going slow like its lagging and then other times it goes ok


----------



## Cookiegal (Aug 27, 2003)

What are you doing when it goes slow?


----------



## kanachoe (Apr 20, 2007)

i just wait for it to finish loading which is ages otherwise i cant moove the mouse or anything.


----------



## Cookiegal (Aug 27, 2003)

Does that happen when loading web pages or any applications such as Word documents, etc.?


----------



## kanachoe (Apr 20, 2007)

whenever i do anything on the computer


----------



## Cookiegal (Aug 27, 2003)

Download *WinPFind3U.exe* to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program.

In the *Processes * group click *ALL* 
In the *Win32 Services * group click *ALL* 
In the *Driver Services * group click *ALL* 
In the *Registry * group click *ALL* 
In the *Files Created Within* group click *60 days* Make sure Non-Microsoft only is *UNCHECKED*
In the *Files Modified Within* group select *30 days* Make sure Non-Microsoft only is *UNCHECKED*
In the *File String Search* group click *SELECT ALL*
in the *Additional Scans* sections please press select *ALL* and make sure Non-Microsoft only is *UNCHECKED*.
Now click the *Run Scan* button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
Please post the resulting log here as an attachment.


----------



## kanachoe (Apr 20, 2007)

Hi here it is


----------



## Cookiegal (Aug 27, 2003)

Disconnect from the Internet and disable your anti-virus and firewall programs. *Be sure to remember to re-start them before going on-line again.*

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program. Copy and paste the information in the box below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Post the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log) back here along with a new HijackThis log please.


```
[Kill Explorer]
[Unregister Dlls]
[Registry - All]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
YN -> MVH -> 
[Registry - Additional Scans - All]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> iolo AntiVirus -> %ProgramFiles%\iolo\AntiVirus\ioloAV.exe
YN -> SpyHunter Security Suite -> %ProgramFiles%\Enigma Software Group\SpyHunter\SpyHunter3.exe
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\VXTSysReg\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\VXTSysReg\Data\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\VXTSysReg\Data\\fxwnrmd_xdyxnwdx_sxt -> 1929773567
[Files/Folders - Created Within 60 days]
NY -> 12A83A720CF44FB08DBD87E46884433A.TMP -> %SystemRoot%\12A83A720CF44FB08DBD87E46884433A.TMP
NY -> hosts.20071223-094114.backup -> %System32%\drivers\etc\hosts.20071223-094114.backup
NY -> hosts.20071228-222023.backup -> %System32%\drivers\etc\hosts.20071228-222023.backup
[File String Scan - All]
NY -> @Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:029666E0
NY -> @Alternate Data Stream - 100 bytes -> %AllUsersAppData%\TEMP:05BF1B63
NY -> @Alternate Data Stream - 155 bytes -> %AllUsersAppData%\TEMP:0CE7F3C9
NY -> @Alternate Data Stream - 128 bytes -> %AllUsersAppData%\TEMP:3A6BC948
NY -> @Alternate Data Stream - 102 bytes -> %AllUsersAppData%\TEMP:483AC68A
NY -> @Alternate Data Stream - 125 bytes -> %AllUsersAppData%\TEMP:8DA9DB01
NY -> @Alternate Data Stream - 123 bytes -> %AllUsersAppData%\TEMP:91486201
NY -> @Alternate Data Stream - 118 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```
I also see some .reg files and I'd like to know what they contain. Right-click them and select "open with" and then Notepad and then copy and paste the contents here please. There are others but we'll just look at a couple. They are in "my documents".

cc_20071227_1031.reg
cc_20071227_1032.reg

You also seem to have several jpg images on your desktop, such as:

pr0014.jpg
pr0017.jpg

There are others with different names as well. Are these pictures you put there intentionally?


----------



## kanachoe (Apr 20, 2007)

Explorer killed successfully
[Registry - All]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\MVH deleted successfully.
[Registry - Additional Scans - All]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iolo AntiVirus deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpyHunter Security Suite deleted successfully.
File not found.
Registry value HKEY_LOCAL_MACHINE\\\ not found.
Registry value HKEY_LOCAL_MACHINE\\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\policies\VXTSysReg\Data\\fxwnrmd_xdyxnwdx_sxt deleted successfully.
[Files/Folders - Created Within 60 days]
C:\WINDOWS\12A83A720CF44FB08DBD87E46884433A.TMP moved successfully.
C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20071223-094114.backup moved successfully.
C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20071228-222023.backup moved successfully.
[File String Scan - All]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:029666E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05BF1B63 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DA9DB01 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:91486201 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
[Empty Temp Folders]
C:\DOCUME~1\SONERV~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\soner veli\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 01/20/2008 18:02:27


----------



## kanachoe (Apr 20, 2007)

Hi here is the latest ones but the last entry i copied to here has a grin on it what does this mean ?And as for thOse two files i dont know what they are! But when i go to copy them it wont let me it says the file is to big to paste here.


----------



## Cookiegal (Aug 27, 2003)

Pasting the HijackThis log for easier viewing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:29 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 4484 bytes


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

*R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank*

Did you have Iolo anti-virus as part of Iolo System Mechanic or a stand-alone anti-virus product?


----------



## kanachoe (Apr 20, 2007)

Ok i had system mechanic the iolo and i cant delete it or the firebird


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:36 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 4211 bytes


----------



## Cookiegal (Aug 27, 2003)

Did you try to remove Firebird via the Control Panel? If so, what happened?


----------



## kanachoe (Apr 20, 2007)

im search for the program on search so i can delet it but it doesnt come up and here is the new log.I done firebird and it says its not on the computer but in the log it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:10 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 4268 bytes


----------



## kanachoe (Apr 20, 2007)

I turned firewall off and antivirus and i went to the folder of iolo and this is the message im getting


CANNOT DELETE IOLOSERVICE MANAGER.EXE IT IS BEING USED BY ANOTHER PERSON OR PROGRAM.CLOSE ANY PROGRAMS THAT MIGHT BE USING THE FILE AND TRY AGAIN.


----------



## Cookiegal (Aug 27, 2003)

Open the Task Manager (Ctrl-Alt-Del) and end task on this process:

*ioloServiceManager.exe*

Then proceed with Iola removal.

As for Firebird, I'm not sure what this does. Are you are you don't actually need it and want to remove it and all of its components?


----------



## kanachoe (Apr 20, 2007)

Ideleted it from programs and its still in the log
as for the firebird i dont know what it is but i want to delete it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:37 AM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 4382 bytes


----------



## Cookiegal (Aug 27, 2003)

Do a search for each of the following and see what files are found and let me know the entire path to their locations please.

*Iolo
Firebird*


----------



## kanachoe (Apr 20, 2007)

C:\documents And Settings\all Users\application Data\iolo
C:\documents And Settings\soner Veli\application Data\iolo


----------



## Cookiegal (Aug 27, 2003)

Create a new system restore point before doing this:

To create a new restore point, click on *Start* - *All Programs* - *Accessories* - *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Stop InterBaseServer*

Then press Enter

Type:

*SC Delete InterBaseServer*

Then press Enter.

Type:

*SC Stop ioloFileInfoList*

Then press Enter

Type:

*SC Delete ioloFileInfoList*

Type:

*SC Stop ioloSystemService*

Then press Enter

Type:

*SC Delete ioloSystemService*

Type:

Exit

Delete these folders if found:

C:\Program Files\*Firebird*
C:\Program Files\*iolo*

and these ones you found:

C:\documents And Settings\all Users\application Data\*iolo*
C:\documents And Settings\soner Veli\application Data\*iolo *

Reboot and post a new HijackThis log please.


----------



## kanachoe (Apr 20, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:59 AM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe
C:\Documents and Settings\soner veli\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68D10A2-EA41-465E-852F-E3E38BAED22F}: NameServer = 10.0.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 3893 bytes


----------



## kanachoe (Apr 20, 2007)

that symantec is part of iolo


----------



## Cookiegal (Aug 27, 2003)

No, it's not but it should go.

You should run this Norton removal tool for the Norton product you had.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

Then reboot and post a new log.


----------

