0

people my pc finally started getting slower cause of u jbennet i uninstalled windownsliveonecare and installed avast but it seems that it doesn't protect my pc from spywares :'( i have a

svchost plenty of them takin the whole pc memory i need help faast pronto wut sort o programs should i install to get rid of them i will pay any thing to get rid of these spyware i already installed spyware doctor and it is extreme slow should it be like that or is there something wrong with it cause its been 2 hours and its only 22% and i am gettin sick of it , could it be a problem in the software or the hardware or the pc itself

if i reboot the windows xp can i get rid of them without losing my data

if i unplugged my harddrive and installed it in another pc and scanned ot with a spyware removal will that get rid of the damn spywares people help help help help :'(

3
Contributors
55
Replies
56
Views
10 Years
Discussion Span
Last Post by hamada_1990
0

you are supposed to have more than 1 svchost and they are supposed to use quite a lot of ram, bit it is true that sometimes they can be affected by viruses

when idle my svchost uses about 45mb of ram

1) get all the newest windows updates
2) tell us how much memory you have and post a screenshot of the "processes" tab in task manager
3) run a full virus scan
4) look out your xp cd, we may need it later

now is the time to fess up if your XP is a pirate copy as if you attempt to get any ms updates using one, you will get into trouble

0

dont see anything suspicious but you are definately using more ram that you should be..... compare it to mine

download something called HijackThis and run it. Make sure you choose the options to save a log file. DO NOT SELECT TO "FIX" ANYTHING JUST YET!

post the logfile here.

Attachments cad.JPG 76.87 KB
0

but if u r using this hijack this then how come u still have the svchost???????? isn't the svchost is the spyware or am i wrong?????:S

0

no svchost is a normal part of windows but it is possible that it may be hijacked by spyware

i suggest you go and get all the critical windows updates. I checked and saw that they are a number of fixes designed to reduce memory leakage from svchost

0

and now is your computer running normally and fast and does the spyware effect on the internet speed

0

Looking at your processes, windows defender and Spyware Doctor are blowing you outta the water, CPU time-wise. And what is winlogon doing using so much time? - it should be quiescent. Zero time, just barely showing..

0

my winlogon is 800konly but i have fast user switching off, maybe that makes a difference

if your svchost or winlogon have been replaced by fake spyware ones then heres what you do:

YOU MAY NEED YOUR XP CD!

Close all running apps including msn, bittorrent etc....

go to run

type sfc/scannow

Leave it until it is done then reboot.

0

would you please look at my hijckthis report :|


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:45:08, on 18/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\kfoibsrb.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\portableapps\PortableApps\PortableUTorrent\utorrent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\svchost solution i hope !!1\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\kcjxobff.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {B5B1316F-ECD5-4B2D-9102-3A9C1D9B0AA3} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O2 - BHO: (no name) - {EB9F03A2-9346-4903-A539-8AC72812C9B7} - C:\WINDOWS\system32\ssqqrpo.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\iqwtgvjf.dll",forkonce
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab46783.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152605288828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157319175640
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll (file missing)
O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll
O20 - Winlogon Notify: ssqqrpo - C:\WINDOWS\SYSTEM32\ssqqrpo.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Driver - Unknown owner - H:\portableapps\PortableApps\Portableavg(spyware)\guard.sys (file missing)
O23 - Service: avp - Unknown owner - H:\portableapps\PortableApps\portable kaspersky\avp.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)

--
End of file - 12344 bytes

0

I'll just pop this i here cos I don't think jb does malware fixes.... if you do, jb, my apologies....
Hamada, you're loaded; this will get the fix started...
Open a windows explorer folder, > tools > folder options > view, and
-press Show hidden files and folders
It appears that you have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important.
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to start it, click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
Check the log, if Vundofix could not delete some files, run the fix again.
Combofix:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Post the contents of C:\vundofix.txt, Combofix.txt plus a new HijackThis log.
PS, in the stickies in Virus forum head Crunchie has posted the link for the latest hijackthis.... if you use it for next scan, same deal - rename to imabunny.

0

wuill that make me lose my data???

no it wont. SFC (system file checker) compares the core windows filwes like winlogon and svchost against the ones on your windows cd (or ones it keeps hidden in a cache) and if they dont match (changed by spyware) then it replaces them with good ones

and yeah, spyware isnt my area.

0


no it wont. SFC (system file checker) compares the core windows filwes like winlogon and svchost against the ones on your windows cd (or ones it keeps hidden in a cache) and if they dont match (changed by spyware) then it replaces them with good ones

and yeah, spyware isnt my area.

thanx :)

0

but now i am gonna go for gerbil cause his is easier then i'll check out ur way jbennet

0

well here is the log

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 21:09:57 18/07/2007

Listing files found while scanning....

C:\windows\system32\beejhupt.dll
C:\windows\system32\bfqepbbp.ini
C:\windows\system32\bskbrbbo.dll
C:\windows\system32\bwxnflhf.dll
C:\windows\system32\bylnndwd.exe
C:\windows\system32\cdfkopuh.exe
C:\windows\system32\cifavgke.exe
C:\windows\system32\cljlsjmw.dll
C:\windows\system32\cmksktlt.exe
C:\windows\system32\dapgobvx.dll
C:\windows\system32\dbyuwpgr.exe
C:\windows\system32\dmawingd.exe
C:\windows\system32\dwwutmjt.exe
C:\windows\system32\empwijpn.dll
C:\windows\system32\endyolyq.dll
C:\windows\system32\eopacstr.exe
C:\windows\system32\equjnjnj.exe
C:\windows\system32\evlywdek.dll
C:\windows\system32\evmndeqk.dll
C:\windows\system32\ewjulxqv.dll
C:\windows\system32\fbiesvgb.dll
C:\windows\system32\fdaugihx.dll
C:\windows\system32\ffeadryq.dll
C:\windows\system32\fhlfnxwb.ini
C:\windows\system32\fjvgtwqi.ini
C:\windows\system32\fmajmwvg.exe
C:\windows\system32\fnpblqrn.dll
C:\windows\system32\fugyymow.dll
C:\windows\system32\fvmfxoin.dll
C:\windows\system32\ggqqrtko.ini
C:\windows\system32\gjorlqyd.exe
C:\WINDOWS\system32\gpjgjdgl.dll
C:\windows\system32\gpsuvehj.dll
C:\windows\system32\gqxvdcsk.ini
C:\windows\system32\gyremwhv.dll
C:\windows\system32\hayjyfyo.dll
C:\windows\system32\hyetxhgi.dll
C:\windows\system32\iewonddg.dll
C:\windows\system32\ighxteyh.ini
C:\windows\system32\ilrkdagh.dll
C:\windows\system32\ilsmpray.exe
C:\windows\system32\inbbgkpg.exe
C:\windows\system32\iomnpksb.dll
C:\windows\system32\iqwtgvjf.dll
C:\windows\system32\jhpbtbue.dll
C:\windows\system32\jmtypgtp.exe
C:\windows\system32\jucouhvq.exe
C:\windows\system32\jvlnjdyu.dll
C:\windows\system32\kcjxobff.dll
C:\windows\system32\kedwylve.ini
C:\windows\system32\kfkuhrtn.ini
C:\windows\system32\kfoibsrb.exe
C:\windows\system32\kploihva.exe
C:\windows\system32\kqnqppat.dll
C:\windows\system32\krolhbht.dll
C:\windows\system32\kscdvxqg.dll
C:\windows\system32\ljmgnmir.dll
C:\windows\system32\llfotqhv.dll
C:\windows\system32\lobvedxy.exe
C:\windows\system32\ltghehtq.dll
C:\windows\system32\mgtwhyqn.ini
C:\windows\system32\miawwclm.exe
C:\windows\system32\mihijink.exe
C:\windows\system32\mkhiioku.exe
C:\WINDOWS\system32\mljgf.dll
C:\windows\system32\nahxxvvi.dll
C:\windows\system32\ncoaofds.exe
C:\windows\system32\nijkqsra.exe
C:\windows\system32\nqyhwtgm.dll
C:\windows\system32\ntrhukfk.dll
C:\windows\system32\nxaysrbt.ini
C:\windows\system32\odqvjoda.dll
C:\windows\system32\oktrqqgg.dll
C:\windows\system32\omtajobx.exe
C:\windows\system32\onqwghdd.dll
C:\windows\system32\opntcsxe.dll
C:\windows\system32\pbbpeqfb.dll
C:\windows\system32\pdaguemm.dll
C:\windows\system32\pfarimie.exe
C:\windows\system32\pgcrreum.exe
C:\windows\system32\pnsjrldg.dll
C:\windows\system32\prfnxixr.exe
C:\windows\system32\qavyxffq.ini
C:\windows\system32\qffxyvaq.dll
C:\windows\system32\qjhwtnuu.exe
C:\windows\system32\qthehgtl.ini
C:\windows\system32\qyxoiali.dll
C:\windows\system32\rdykugbw.exe
C:\windows\system32\reloyeeo.exe
C:\windows\system32\rkmwkcbw.dll
C:\windows\system32\rnfmotdw.exe
C:\windows\system32\rppsadru.dll
C:\windows\system32\rtykfogi.exe
C:\windows\system32\rwwxdowi.exe
C:\windows\system32\sdqhkbbv.dll
C:\windows\system32\seecghbw.ini
C:\windows\system32\slbfkbud.exe
C:\windows\system32\snabmvts.exe
C:\WINDOWS\system32\ssqqrpo.dll
C:\windows\system32\tbrsyaxn.dll
C:\windows\system32\tlhvoxgc.dll
C:\windows\system32\tpcvuvpn.dll
C:\windows\system32\ujaatklm.exe
C:\windows\system32\urdasppr.ini
C:\windows\system32\uskivkwk.exe
C:\windows\system32\uydjnlvj.ini
C:\windows\system32\varcyydv.ini
C:\windows\system32\vaysykkv.exe
C:\windows\system32\vbbkhqds.ini
C:\windows\system32\vdyycrav.dll
C:\windows\system32\vhqtofll.ini
C:\windows\system32\wacmpndx.exe
C:\windows\system32\wbckwmkr.ini
C:\windows\system32\wbhgcees.dll
C:\windows\system32\wbwcawok.exe
C:\windows\system32\wknjgucx.dll
C:\windows\system32\womyyguf.ini
C:\windows\system32\wphddhad.dll
C:\windows\system32\wphyncyy.exe
C:\WINDOWS\system32\wpilcpvw.dll
C:\WINDOWS\system32\wqjrhwdi.dll
C:\windows\system32\wsyxdals.exe
C:\windows\system32\wvpclipw.ini
C:\windows\system32\wxbsqypi.exe
C:\windows\system32\wyfnpihi.exe
C:\windows\system32\xcorqbah.exe
C:\windows\system32\xcugjnkw.ini
C:\windows\system32\xhiguadf.ini
C:\windows\system32\xlbgxmmq.exe
C:\windows\system32\ycabivwr.exe
C:\windows\system32\yksxsniu.exe
C:\windows\system32\ymutpoeg.exe
C:\windows\system32\yuedolcb.dll
C:\windows\system32\ywhopapo.exe

Beginning removal...

Attempting to delete C:\windows\system32\beejhupt.dll
C:\windows\system32\beejhupt.dll Has been deleted!

Attempting to delete C:\windows\system32\bfqepbbp.ini
C:\windows\system32\bfqepbbp.ini Has been deleted!

Attempting to delete C:\windows\system32\bskbrbbo.dll
C:\windows\system32\bskbrbbo.dll Has been deleted!

Attempting to delete C:\windows\system32\bwxnflhf.dll
C:\windows\system32\bwxnflhf.dll Has been deleted!

Attempting to delete C:\windows\system32\bylnndwd.exe
C:\windows\system32\bylnndwd.exe Has been deleted!

Attempting to delete C:\windows\system32\cdfkopuh.exe
C:\windows\system32\cdfkopuh.exe Has been deleted!

Attempting to delete C:\windows\system32\cifavgke.exe
C:\windows\system32\cifavgke.exe Has been deleted!

Attempting to delete C:\windows\system32\cljlsjmw.dll
C:\windows\system32\cljlsjmw.dll Has been deleted!

Attempting to delete C:\windows\system32\cmksktlt.exe
C:\windows\system32\cmksktlt.exe Has been deleted!

Attempting to delete C:\windows\system32\dapgobvx.dll
C:\windows\system32\dapgobvx.dll Has been deleted!

Attempting to delete C:\windows\system32\dbyuwpgr.exe
C:\windows\system32\dbyuwpgr.exe Has been deleted!

Attempting to delete C:\windows\system32\dmawingd.exe
C:\windows\system32\dmawingd.exe Has been deleted!

Attempting to delete C:\windows\system32\dwwutmjt.exe
C:\windows\system32\dwwutmjt.exe Has been deleted!

Attempting to delete C:\windows\system32\empwijpn.dll
C:\windows\system32\empwijpn.dll Has been deleted!

Attempting to delete C:\windows\system32\endyolyq.dll
C:\windows\system32\endyolyq.dll Has been deleted!

Attempting to delete C:\windows\system32\eopacstr.exe
C:\windows\system32\eopacstr.exe Has been deleted!

Attempting to delete C:\windows\system32\equjnjnj.exe
C:\windows\system32\equjnjnj.exe Has been deleted!

Attempting to delete C:\windows\system32\evlywdek.dll
C:\windows\system32\evlywdek.dll Has been deleted!

Attempting to delete C:\windows\system32\evmndeqk.dll
C:\windows\system32\evmndeqk.dll Has been deleted!

Attempting to delete C:\windows\system32\ewjulxqv.dll
C:\windows\system32\ewjulxqv.dll Has been deleted!

Attempting to delete C:\windows\system32\fbiesvgb.dll
C:\windows\system32\fbiesvgb.dll Has been deleted!

Attempting to delete C:\windows\system32\fdaugihx.dll
C:\windows\system32\fdaugihx.dll Has been deleted!

Attempting to delete C:\windows\system32\ffeadryq.dll
C:\windows\system32\ffeadryq.dll Has been deleted!

Attempting to delete C:\windows\system32\fhlfnxwb.ini
C:\windows\system32\fhlfnxwb.ini Has been deleted!

Attempting to delete C:\windows\system32\fjvgtwqi.ini
C:\windows\system32\fjvgtwqi.ini Has been deleted!

Attempting to delete C:\windows\system32\fmajmwvg.exe
C:\windows\system32\fmajmwvg.exe Has been deleted!

Attempting to delete C:\windows\system32\fnpblqrn.dll
C:\windows\system32\fnpblqrn.dll Has been deleted!

Attempting to delete C:\windows\system32\fugyymow.dll
C:\windows\system32\fugyymow.dll Has been deleted!

Attempting to delete C:\windows\system32\fvmfxoin.dll
C:\windows\system32\fvmfxoin.dll Has been deleted!

Attempting to delete C:\windows\system32\ggqqrtko.ini
C:\windows\system32\ggqqrtko.ini Has been deleted!

Attempting to delete C:\windows\system32\gjorlqyd.exe
C:\windows\system32\gjorlqyd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gpjgjdgl.dll
C:\WINDOWS\system32\gpjgjdgl.dll Has been deleted!

Attempting to delete C:\windows\system32\gpsuvehj.dll
C:\windows\system32\gpsuvehj.dll Has been deleted!

Attempting to delete C:\windows\system32\gqxvdcsk.ini
C:\windows\system32\gqxvdcsk.ini Has been deleted!

Attempting to delete C:\windows\system32\gyremwhv.dll
C:\windows\system32\gyremwhv.dll Has been deleted!

Attempting to delete C:\windows\system32\hayjyfyo.dll
C:\windows\system32\hayjyfyo.dll Has been deleted!

Attempting to delete C:\windows\system32\hyetxhgi.dll
C:\windows\system32\hyetxhgi.dll Has been deleted!

Attempting to delete C:\windows\system32\iewonddg.dll
C:\windows\system32\iewonddg.dll Has been deleted!

Attempting to delete C:\windows\system32\ighxteyh.ini
C:\windows\system32\ighxteyh.ini Has been deleted!

Attempting to delete C:\windows\system32\ilrkdagh.dll
C:\windows\system32\ilrkdagh.dll Has been deleted!

Attempting to delete C:\windows\system32\ilsmpray.exe
C:\windows\system32\ilsmpray.exe Has been deleted!

Attempting to delete C:\windows\system32\inbbgkpg.exe
C:\windows\system32\inbbgkpg.exe Has been deleted!

Attempting to delete C:\windows\system32\iomnpksb.dll
C:\windows\system32\iomnpksb.dll Has been deleted!

Attempting to delete C:\windows\system32\iqwtgvjf.dll
C:\windows\system32\iqwtgvjf.dll Has been deleted!

Attempting to delete C:\windows\system32\jhpbtbue.dll
C:\windows\system32\jhpbtbue.dll Has been deleted!

Attempting to delete C:\windows\system32\jmtypgtp.exe
C:\windows\system32\jmtypgtp.exe Has been deleted!

Attempting to delete C:\windows\system32\jucouhvq.exe
C:\windows\system32\jucouhvq.exe Has been deleted!

Attempting to delete C:\windows\system32\jvlnjdyu.dll
C:\windows\system32\jvlnjdyu.dll Has been deleted!

Attempting to delete C:\windows\system32\kcjxobff.dll
C:\windows\system32\kcjxobff.dll Has been deleted!

Attempting to delete C:\windows\system32\kedwylve.ini
C:\windows\system32\kedwylve.ini Has been deleted!

Attempting to delete C:\windows\system32\kfkuhrtn.ini
C:\windows\system32\kfkuhrtn.ini Has been deleted!

Attempting to delete C:\windows\system32\kfoibsrb.exe
C:\windows\system32\kfoibsrb.exe Has been deleted!

Attempting to delete C:\windows\system32\kploihva.exe
C:\windows\system32\kploihva.exe Has been deleted!

Attempting to delete C:\windows\system32\kqnqppat.dll
C:\windows\system32\kqnqppat.dll Has been deleted!

Attempting to delete C:\windows\system32\krolhbht.dll
C:\windows\system32\krolhbht.dll Has been deleted!

Attempting to delete C:\windows\system32\kscdvxqg.dll
C:\windows\system32\kscdvxqg.dll Has been deleted!

Attempting to delete C:\windows\system32\ljmgnmir.dll
C:\windows\system32\ljmgnmir.dll Has been deleted!

Attempting to delete C:\windows\system32\llfotqhv.dll
C:\windows\system32\llfotqhv.dll Has been deleted!

Attempting to delete C:\windows\system32\lobvedxy.exe
C:\windows\system32\lobvedxy.exe Has been deleted!

Attempting to delete C:\windows\system32\ltghehtq.dll
C:\windows\system32\ltghehtq.dll Has been deleted!

Attempting to delete C:\windows\system32\mgtwhyqn.ini
C:\windows\system32\mgtwhyqn.ini Has been deleted!

Attempting to delete C:\windows\system32\miawwclm.exe
C:\windows\system32\miawwclm.exe Has been deleted!

Attempting to delete C:\windows\system32\mihijink.exe
C:\windows\system32\mihijink.exe Has been deleted!

Attempting to delete C:\windows\system32\mkhiioku.exe
C:\windows\system32\mkhiioku.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!

Attempting to delete C:\windows\system32\nahxxvvi.dll
C:\windows\system32\nahxxvvi.dll Has been deleted!

Attempting to delete C:\windows\system32\ncoaofds.exe
C:\windows\system32\ncoaofds.exe Has been deleted!

Attempting to delete C:\windows\system32\nijkqsra.exe
C:\windows\system32\nijkqsra.exe Has been deleted!

Attempting to delete C:\windows\system32\nqyhwtgm.dll
C:\windows\system32\nqyhwtgm.dll Has been deleted!

Attempting to delete C:\windows\system32\ntrhukfk.dll
C:\windows\system32\ntrhukfk.dll Has been deleted!

Attempting to delete C:\windows\system32\nxaysrbt.ini
C:\windows\system32\nxaysrbt.ini Has been deleted!

Attempting to delete C:\windows\system32\odqvjoda.dll
C:\windows\system32\odqvjoda.dll Has been deleted!

Attempting to delete C:\windows\system32\oktrqqgg.dll
C:\windows\system32\oktrqqgg.dll Has been deleted!

Attempting to delete C:\windows\system32\omtajobx.exe
C:\windows\system32\omtajobx.exe Has been deleted!

Attempting to delete C:\windows\system32\onqwghdd.dll
C:\windows\system32\onqwghdd.dll Has been deleted!

Attempting to delete C:\windows\system32\opntcsxe.dll
C:\windows\system32\opntcsxe.dll Has been deleted!

Attempting to delete C:\windows\system32\pbbpeqfb.dll
C:\windows\system32\pbbpeqfb.dll Has been deleted!

Attempting to delete C:\windows\system32\pdaguemm.dll
C:\windows\system32\pdaguemm.dll Has been deleted!

Attempting to delete C:\windows\system32\pfarimie.exe
C:\windows\system32\pfarimie.exe Has been deleted!

Attempting to delete C:\windows\system32\pgcrreum.exe
C:\windows\system32\pgcrreum.exe Has been deleted!

Attempting to delete C:\windows\system32\pnsjrldg.dll
C:\windows\system32\pnsjrldg.dll Has been deleted!

Attempting to delete C:\windows\system32\prfnxixr.exe
C:\windows\system32\prfnxixr.exe Has been deleted!

Attempting to delete C:\windows\system32\qavyxffq.ini
C:\windows\system32\qavyxffq.ini Has been deleted!

Attempting to delete C:\windows\system32\qffxyvaq.dll
C:\windows\system32\qffxyvaq.dll Has been deleted!

Attempting to delete C:\windows\system32\qjhwtnuu.exe
C:\windows\system32\qjhwtnuu.exe Has been deleted!

Attempting to delete C:\windows\system32\qthehgtl.ini
C:\windows\system32\qthehgtl.ini Has been deleted!

Attempting to delete C:\windows\system32\qyxoiali.dll
C:\windows\system32\qyxoiali.dll Has been deleted!

Attempting to delete C:\windows\system32\rdykugbw.exe
C:\windows\system32\rdykugbw.exe Has been deleted!

Attempting to delete C:\windows\system32\reloyeeo.exe
C:\windows\system32\reloyeeo.exe Has been deleted!

Attempting to delete C:\windows\system32\rkmwkcbw.dll
C:\windows\system32\rkmwkcbw.dll Has been deleted!

Attempting to delete C:\windows\system32\rnfmotdw.exe
C:\windows\system32\rnfmotdw.exe Has been deleted!

Attempting to delete C:\windows\system32\rppsadru.dll
C:\windows\system32\rppsadru.dll Has been deleted!

Attempting to delete C:\windows\system32\rtykfogi.exe
C:\windows\system32\rtykfogi.exe Has been deleted!

Attempting to delete C:\windows\system32\rwwxdowi.exe
C:\windows\system32\rwwxdowi.exe Has been deleted!

Attempting to delete C:\windows\system32\sdqhkbbv.dll
C:\windows\system32\sdqhkbbv.dll Has been deleted!

Attempting to delete C:\windows\system32\seecghbw.ini
C:\windows\system32\seecghbw.ini Has been deleted!

Attempting to delete C:\windows\system32\slbfkbud.exe
C:\windows\system32\slbfkbud.exe Has been deleted!

Attempting to delete C:\windows\system32\snabmvts.exe
C:\windows\system32\snabmvts.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqrpo.dll
C:\WINDOWS\system32\ssqqrpo.dll Has been deleted!

Attempting to delete C:\windows\system32\tbrsyaxn.dll
C:\windows\system32\tbrsyaxn.dll Has been deleted!

Attempting to delete C:\windows\system32\tlhvoxgc.dll
C:\windows\system32\tlhvoxgc.dll Has been deleted!

Attempting to delete C:\windows\system32\tpcvuvpn.dll
C:\windows\system32\tpcvuvpn.dll Has been deleted!

Attempting to delete C:\windows\system32\ujaatklm.exe
C:\windows\system32\ujaatklm.exe Has been deleted!

Attempting to delete C:\windows\system32\urdasppr.ini
C:\windows\system32\urdasppr.ini Has been deleted!

Attempting to delete C:\windows\system32\uskivkwk.exe
C:\windows\system32\uskivkwk.exe Has been deleted!

Attempting to delete C:\windows\system32\uydjnlvj.ini
C:\windows\system32\uydjnlvj.ini Has been deleted!

Attempting to delete C:\windows\system32\varcyydv.ini
C:\windows\system32\varcyydv.ini Has been deleted!

Attempting to delete C:\windows\system32\vaysykkv.exe
C:\windows\system32\vaysykkv.exe Has been deleted!

Attempting to delete C:\windows\system32\vbbkhqds.ini
C:\windows\system32\vbbkhqds.ini Has been deleted!

Attempting to delete C:\windows\system32\vdyycrav.dll
C:\windows\system32\vdyycrav.dll Has been deleted!

Attempting to delete C:\windows\system32\vhqtofll.ini
C:\windows\system32\vhqtofll.ini Has been deleted!

Attempting to delete C:\windows\system32\wacmpndx.exe
C:\windows\system32\wacmpndx.exe Has been deleted!

Attempting to delete C:\windows\system32\wbckwmkr.ini
C:\windows\system32\wbckwmkr.ini Has been deleted!

Attempting to delete C:\windows\system32\wbhgcees.dll
C:\windows\system32\wbhgcees.dll Has been deleted!

Attempting to delete C:\windows\system32\wbwcawok.exe
C:\windows\system32\wbwcawok.exe Has been deleted!

Attempting to delete C:\windows\system32\wknjgucx.dll
C:\windows\system32\wknjgucx.dll Has been deleted!

Attempting to delete C:\windows\system32\womyyguf.ini
C:\windows\system32\womyyguf.ini Has been deleted!

Attempting to delete C:\windows\system32\wphddhad.dll
C:\windows\system32\wphddhad.dll Has been deleted!

Attempting to delete C:\windows\system32\wphyncyy.exe
C:\windows\system32\wphyncyy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wpilcpvw.dll
C:\WINDOWS\system32\wpilcpvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wqjrhwdi.dll
C:\WINDOWS\system32\wqjrhwdi.dll Has been deleted!

Attempting to delete C:\windows\system32\wsyxdals.exe
C:\windows\system32\wsyxdals.exe Has been deleted!

Attempting to delete C:\windows\system32\wvpclipw.ini
C:\windows\system32\wvpclipw.ini Has been deleted!

Attempting to delete C:\windows\system32\wxbsqypi.exe
C:\windows\system32\wxbsqypi.exe Has been deleted!

Attempting to delete C:\windows\system32\wyfnpihi.exe
C:\windows\system32\wyfnpihi.exe Has been deleted!

Attempting to delete C:\windows\system32\xcorqbah.exe
C:\windows\system32\xcorqbah.exe Has been deleted!

Attempting to delete C:\windows\system32\xcugjnkw.ini
C:\windows\system32\xcugjnkw.ini Has been deleted!

Attempting to delete C:\windows\system32\xhiguadf.ini
C:\windows\system32\xhiguadf.ini Has been deleted!

Attempting to delete C:\windows\system32\xlbgxmmq.exe
C:\windows\system32\xlbgxmmq.exe Could not be deleted.

Attempting to delete C:\windows\system32\ycabivwr.exe
C:\windows\system32\ycabivwr.exe Has been deleted!

Attempting to delete C:\windows\system32\yksxsniu.exe
C:\windows\system32\yksxsniu.exe Has been deleted!

Attempting to delete C:\windows\system32\ymutpoeg.exe
C:\windows\system32\ymutpoeg.exe Has been deleted!

Attempting to delete C:\windows\system32\yuedolcb.dll
C:\windows\system32\yuedolcb.dll Has been deleted!

Attempting to delete C:\windows\system32\ywhopapo.exe
C:\windows\system32\ywhopapo.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\xlbgxmmq.exe
C:\windows\system32\xlbgxmmq.exe Has been deleted!

Performing Repairs to the registry.
Done!


its all been deleted :) so any other step??

0

well my pc is a bit better but not the way it used to be :( but thanx anyway here is a screen shot of my taskmanager

but i still got few problems

winlogon is 1.304 and peopl what is Mspeng????


is my tasks normal or good or bad??

Attachments task_manager.JPG 122.97 KB
0

people i am a very cautious man so i did the vundu and the combo and here is the combo report

"Owner" - 2007-07-18 21:58:47 - ComboFix 07-07-14.6 - Service Pack 2  NTFS  

[i] ADS removed - svchost.exe: deleted 36 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\YE8YZJEZ\[url]www.broadcaster.com[/url]
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\YE8YZJEZ\[url]www.broadcaster.com\played_list.sol[/url]
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\YE8YZJEZ\[url]www.broadcaster.com\video_queue.sol[/url]
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[url]www.broadcaster.com[/url]
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[url]www.broadcaster.com\settings.sol[/url]
C:\UGA6P
C:\WINDOWS\b.exe
C:\WINDOWS\system32\afiborhd.exe
C:\WINDOWS\system32\aftjwhks.exe
C:\WINDOWS\system32\cqnomxtp.exe
C:\WINDOWS\system32\dpiyysno.exe
C:\WINDOWS\system32\fgtyjary.exe
C:\WINDOWS\system32\fpmwldgn.exe
C:\WINDOWS\system32\fqqlaera.exe
C:\WINDOWS\system32\habfxevr.exe
C:\WINDOWS\system32\ioirfbyy.exe
C:\WINDOWS\system32\jhnoyeqd.exe
C:\WINDOWS\system32\jrqusrdq.exe
C:\WINDOWS\system32\juqkwlqn.exe
C:\WINDOWS\system32\kxgkbgsw.exe
C:\WINDOWS\system32\lausopeu.exe
C:\WINDOWS\system32\lyqmtoew.exe
C:\WINDOWS\system32\mtbhmuyx.exe
C:\WINDOWS\system32\nucxyjyo.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\qbecivfi.exe
C:\WINDOWS\system32\qltjgbvn.exe
C:\WINDOWS\system32\rgglxvxl.exe
C:\WINDOWS\system32\rhhallyg.exe
C:\WINDOWS\system32\sorboqoo.exe
C:\WINDOWS\system32\toqyxupl.exe
C:\WINDOWS\system32\trprpvcp.exe
C:\WINDOWS\system32\tsofaohv.exe
C:\WINDOWS\system32\tvxymvdf.exe
C:\WINDOWS\system32\uryevdap.exe
C:\WINDOWS\system32\uxnenixc.exe
C:\WINDOWS\system32\vutelehy.exe
C:\WINDOWS\system32\wnxcuddw.exe
C:\WINDOWS\system32\wtlbpdvd.exe
C:\WINDOWS\system32\yaabbalt.exe
C:\WINDOWS\system32\yspxmthf.exe


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPF


(((((((((((((((((((((((((   Files Created from 2007-06-18 to 2007-07-18  )))))))))))))))))))))))))))))))


2007-07-18 21:57    51,200  --a------   C:\WINDOWS\nircmd.exe
2007-07-18 21:09    <DIR>    d--------   C:\VundoFix Backups
2007-07-18 14:17    <DIR>    d--------   C:\Program Files\Western Digital Technologies
2007-07-18 01:49    1,324   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-07-18 01:12    <DIR>    d--------   C:\svchost solution i hope !!1
2007-07-17 23:08    1,222,434   ---hs----   C:\WINDOWS\system32\fgjlm.ini2
2007-07-17 21:19    1,214,356   ---hs----   C:\WINDOWS\system32\fgjlm.bak2
2007-07-17 13:34    6,369   ---hs----   C:\WINDOWS\system32\fgjlm.bak1
2007-07-17 00:41    1,347,825   ---hs----   C:\WINDOWS\system32\bcbeg.ini2
2007-07-16 22:17    83,024  --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-16 22:17    57,424  --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-16 22:17    53,840  --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-16 22:17    39,376  --a------   C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-16 22:17    29,264  --a------   C:\WINDOWS\system32\drivers\kcom.sys
2007-07-16 22:16    <DIR>    d--------   C:\Program Files\Spyware Doctor
2007-07-16 22:16    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\PC Tools
2007-07-14 19:17    3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-14 19:01    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\Babylon
2007-07-13 17:48    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\URSoft
2007-07-12 18:34    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\IDM
2007-07-12 18:34    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\DMCache
2007-07-12 18:33    <DIR>    d--------   C:\Program Files\Internet Download Manager
2007-07-11 18:18    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\GTek
2007-07-11 01:23    91,672  --a------   C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-07-11 01:23    116,632 --a------   C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-07-11 01:13    7,168   ---------   C:\WINDOWS\system32\bitsprx4.dll
2007-07-10 23:01    <DIR>    d--------   C:\Program Files\FRISK Software
2007-07-10 23:01    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\FRISK Software
2007-07-09 02:29    <DIR>    d--------   C:\Program Files\IMVU
2007-07-09 01:56    67,784  --a------   C:\WINDOWS\system32\drivers\MpFilter.sys
2007-07-09 01:32    1,052,032   --a------   C:\Program Files\SetupOneCare2.0beta.exe
2007-07-09 01:31    <DIR>    d--------   C:\Program Files\Microsoft Windows OneCare Live
2007-07-09 00:45    <DIR>    d--------   C:\Program Files\Error Expert
2007-07-07 00:06    143,360 --a------   C:\WINDOWS\system32\dunzip32.dll
2007-07-06 23:29    <DIR>    d--------   C:\Program Files\VirtualDJ
2007-07-05 00:52    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-07-04 20:25    98,304  --a------   C:\WINDOWS\system32\CmdLineExt.dll
2007-07-04 20:00    <DIR>    d--------   C:\WINDOWS\winmech
2007-07-04 19:59    72,192  --a------   C:\WINDOWS\system32\tasklist.exe
2007-07-04 19:59    2,074   --a------   C:\WINDOWS\regedit.exe.reg
2007-07-04 19:21    <DIR>    d--------   C:\Program Files\SystemRequirementsLab
2007-07-04 19:20    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\SystemRequirementsLab
2007-07-04 10:39    <DIR>    d--------   C:\Program Files\DaemonTools_WhenUSave_Installer
2007-07-04 10:39    <DIR>    d--------   C:\Program Files\DAEMON Tools
2007-07-04 10:23    682,232 --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-07-04 08:53    202,424 --a------   C:\WINDOWS\system32\idmmbc.dll
2007-07-03 10:27    <DIR>    d--h-----   C:\WINDOWS\Icons
2007-07-03 10:16    2,275,840   --a------   C:\WINDOWS\system32\TUKernel.exe
2007-07-03 10:13    0   --a------   C:\WINDOWS\nsreg.dat
2007-07-03 09:38    29,704  --a------   C:\WINDOWS\system32\uxtuneup.dll
2007-07-03 09:37    <DIR>    d--------   C:\Program Files\TuneUp Utilities 2007
2007-07-03 09:37    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\TuneUp Software
2007-07-03 09:36    <DIR>    d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-07-03 09:36    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
2007-07-02 22:14    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\Disney Interactive Studios
2007-07-02 18:57    <DIR>    d--------   C:\Program Files\Bonjour
2007-07-02 18:04    <DIR>    d--------   C:\Program Files\MagicISO
2007-07-02 16:56    35,363  --a------   C:\WINDOWS\system32\windrvNT.sys
2007-07-02 16:56    110,592 --a------   C:\WINDOWS\system32\suppdll.dll
2007-07-02 16:55    <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2007-07-02 00:51    6,488,096   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-02 00:51    159,520 --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-02 00:49    110,360 --a------   C:\WINDOWS\system32\drivers\kl1.sys
2007-07-01 20:24    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\Thinstall
2007-07-01 00:43    <DIR>    d--------   C:\Downloads
2007-06-29 20:40    <DIR>    d--------   C:\Program Files\MyWebSearch
2007-06-28 19:41    4,336   --a------   C:\WINDOWS\system32\waekvln.dat
2007-06-28 19:41    281,088 --a------   C:\WINDOWS\system32\waekvln.exe
2007-06-28 19:41    254,865 --a------   C:\WINDOWS\system32\waekvln_nav.dat
2007-06-28 19:41    1,183   --a------   C:\WINDOWS\system32\waekvln_navps.dat
2007-06-26 04:28    786,432 --ah-----   C:\DOCUME~1\ADMINI~1.FAM\NTUSER.DAT
2007-06-26 04:28    <DIR>    d---s----   C:\DOCUME~1\ADMINI~1.FAM\UserData
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\WINDOWS
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\VERITAS
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\TSO
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\SampleView
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Registry Cleaner
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Real
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\NetPumper
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\MSN6
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\MSN Search Toolbar
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Leadertech
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Lavasoft
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Kazaa Lite
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\InterVideo
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\InterTrust
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\info nurb browse
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Hewlett-Packard
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Help
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Google
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Deepnet Explorer
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Conceiva
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\bonelitebias
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Apple Computer
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\AdobeUM
2007-06-26 04:28    <DIR>    d--------   C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\AdobeAUM
2007-06-26 04:15    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\10
2007-06-26 04:13    24,064  --a------   C:\WINDOWS\system32\msxml3a.dll
2007-06-26 04:12    <DIR>    d--------   C:\Program Files\bonelitebias
2007-06-25 22:27    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Load junk ball enc


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 21:08:50 72,812  --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-18 21:08:50 12,644  --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-07-15 01:01:13 --------    d-----w C:\Program Files\Google
2007-07-14 22:40:03 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\IMVU
2007-07-08 20:10:25 --------    d-----w C:\Program Files\JetAudio
2007-07-08 20:06:45 --------    d-----w C:\Program Files\Common Files\COWON
2007-07-05 21:37:15 --------    d-----w C:\Program Files\blueyonder
2007-07-05 01:12:44 --------    d-----w C:\Program Files\SoftDisc
2007-07-04 19:17:52 --------    d--h--w C:\Program Files\InstallShield Installation Information
2007-06-30 16:43:36 --------    d-----w C:\Program Files\MSN Messenger
2007-06-26 03:51:00 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\bonelitebias
2007-06-24 03:17:21 --------    d---a-w C:\Program Files\FunWebProducts
2007-06-20 12:38:10 --------    d-----w C:\Program Files\Macrogaming
2007-06-17 22:43:13 --------    d-----w C:\Program Files\iTunes
2007-06-17 22:42:52 --------    d-----w C:\Program Files\iPod
2007-06-17 22:31:59 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\Miranda IM
2007-06-17 21:40:09 --------    d-----w C:\Program Files\Opera
2007-06-17 21:35:40 --------    d-----w C:\Program Files\NCH Swift Sound
2007-06-17 13:50:26 --------    d-----w C:\Program Files\ImTOO
2007-06-17 13:50:15 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\FunWebProducts
2007-06-17 13:40:27 --------    d-----w C:\Program Files\Pinnacle
2007-06-17 13:34:12 --------    d-----w C:\Program Files\UltraISO
2007-06-17 13:33:53 --------    d-----w C:\Program Files\Picasa2
2007-06-17 13:33:46 --------    d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-17 13:17:36 --------    d-----w C:\Program Files\Thomson
2007-06-17 13:17:18 --------    d-----w C:\Program Files\Life-in-the-uk-test-Free-Trial-Chap2
2007-06-17 13:17:17 --------    d-----w C:\Program Files\Dealio(2)
2007-06-17 12:59:22 --------    d-----w C:\Program Files\Blubster
2007-06-17 12:59:19 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\PC Tools(2)
2007-06-07 21:17:45 70,008  ----a-w C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-07 11:45:30 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-06 22:11:17 --------    d-----w C:\Program Files\AviSynth 2.5
2007-06-04 15:49:59 --------    d-----w C:\Program Files\DivX
2007-06-03 23:57:18 --------    d-----w C:\Program Files\Apple Software Update
2007-06-02 02:57:49 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-06-01 00:34:32 --------    d-----w C:\Program Files\Microsoft Silverlight
2007-05-31 18:01:50 --------    d-----w C:\Program Files\portableapps
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-30 21:41:21 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-05-30 02:10:08 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\GetRightToGo
2007-05-21 15:49:54 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\COWON
2007-05-21 14:03:05 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-21 12:57:15 --------    d-----w C:\Program Files\Common Files\Real
2007-05-20 23:58:42 --------    d-----w C:\DOCUME~1\Owner\APPLIC~1\Opera
2007-05-19 09:54:58 --------    d-----w C:\Program Files\Ares
2007-05-19 07:29:36 273 ----a-w C:\WINDOWS\comm.bin
2007-05-19 07:28:14 257 ----a-w C:\WINDOWS\msdres.bin
2007-05-18 20:25:05 --------    d-----w C:\Program Files\Common Files\Macrovision Shared
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:59:29 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-05-14 17:22:20 414,272 ----a-w C:\WINDOWS\system32\DivXc32f.dll
2007-05-14 17:22:20 414,272 ----a-w C:\WINDOWS\system32\DivXc32.dll
2007-05-14 17:22:18 33,280  ----a-w C:\WINDOWS\system32\HUFFYUV.DLL
2007-05-14 17:17:44 0   ----a-w C:\WINDOWS\system32\taskkill.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel(2)(2).dll
2007-04-25 08:41:17 822,784 ----a-w C:\WINDOWS\system32\wininet(5)(2).dll
2007-04-25 08:41:16 1,152,000   ----a-w C:\WINDOWS\system32\urlmon(5)(2).dll
2007-04-25 08:41:15 105,984 ----a-w C:\WINDOWS\system32\url(5)(2).dll
2007-04-25 08:41:11 267,776 ----a-w C:\WINDOWS\system32\iertutil(2)(2).dll
2007-04-23 00:15:29 3,596,288   ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:24 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-04-23 00:15:24 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480   ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728  ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248  ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344  ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288  ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400   ----a-w C:\WINDOWS\system32\msi.dll
2005-10-01 13:03:17 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
2007-07-04 09:08    91568   --a------   C:\Program Files\Internet Download Manager\IDMIECC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16    59032   --a------   C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{316AEF8D-3C37-423E-9E6E-13820A9DC37A}]
2004-01-14 16:19    53248   --a------   C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43    501400  --a------   C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33    322368  --a------   C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45    544032  --a------   C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E188373D-F47C-4B0C-BE35-FAD41E3360AD}]
            C:\WINDOWS\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E22F9B9D-1A1F-473E-BED6-D8BC152441F4}]
2004-08-04 21:10    77824   --a------   C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-22 15:10]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-07-05 11:50]
"ATIModeChange"="Ati2mdxx.exe" [2002-10-01 22:27 C:\WINDOWS\system32\Ati2mdxx.exe]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" [2007-06-29 20:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-07-04 09:06]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcb] 
C:\WINDOWS\system32\gebcb.dll 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\FPAVServer]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
"Messenger"=C:\Program Files\MSN Messenger\msnmsgr.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
"icq.com"=rundll32.exe "C:\WINDOWS\system32\iybsjtvk.dll",forkonce
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=2 /w
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
"dwStart"=C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
"F-PROT Antivirus Tray application"=C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
"PS2"=C:\WINDOWS\system32\ps2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6826874-0167-11dc-97ee-0010dcaa70f4}]
AutoRun\command- I:\IEXPLORE.EXE [url]http://www.sciencexchange.co.uk[/url]


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{
C:\WINDOWS\ctfmon.exe s

Contents of the 'Scheduled Tasks' folder
2007-07-13 16:19:28  C:\WINDOWS\tasks\1-Click Maintenance.job
2007-06-24 09:21:03  C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-18 20:21:00  C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2005-12-11 19:45:27  C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1125858363.job

ok

Edited by mike_2000_17: Fixed formatting

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.