Someone PLEASE PLEASE help!!!!!!!!!!!!!!!!!!!

My younger sister was using search engines and I don’t know what. After that, whenever we started our computer. XXX stuff gets installed on the desktop and the taskbar and the C drive.

     When I open the Internet Explorer or sometimes it opens itself, this website would be shown......
     
   [thumb=H]thewebsite11782_6098142.JPG[/thumb]

Once this website is shown, some sort of really quick pluggin message comes up and they lead us to some XXX sites. And things start downloading.

I tried the Internet Options, the security settings. I tried changing my homepage to blank, etc. But that search engine website above is always there when the IE opens up. I tried deleting all those XXX files but they keep coming back after IE opens up itself.

    [thumb=H]internetoptions11782_3655882.JPG[/thumb]

     I am not an IT pro.  I don't know what to do.  I have young kids using this PC.  
     
     Allah kay naam hai, please meri madad karo.  :(

Also, I can’t do any Windows Update at all. {I thought doing some update would help.} They say it doesn’t install and to try again. I keep trying but no use.

Help!!!!!!!!

Re: Someone PLEASE PLEASE help!!!

lil human, try this first:

go to this page here, download Ad-Aware SE, and install it

http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5

before running the scan, close all IE windows.
After the scan is done, delete all the entries it finds.
Now run IE and see if that page is gone.

Re: Someone PLEASE PLEASE help!!!

^ I tried the Adaware. Download it and it found 800+ entries. I tried deleting it but when it’s in process the screen first goes blue with 2 or 3 error message and it goes all black. (It seemed it freezed.)

I tried the whole thing 3 times already (scanned and tried deleting the entries it found) with the same result. When I get to the deleting part the result is the whole screen goes black. Have to restart the PC and come back to the same problem.

What should I do now?

Re: Someone PLEASE PLEASE help!!!

Download SpyBot - Search n Destroy (http://www.safer-networking.org/en/mirrors/index.html) and run it after installing. Would remove all unneeded stuff. If it still does’nt work download Hijackthis, (http://www.spychecker.com/program/hijackthis.html) run it, save the logfile and post it here (or pm me). lets see what we can do for you.
good luck!

edit: also consider using firefox as your default web browser

Re: Someone PLEASE PLEASE help!!!!!!!!!!!!!!!!!!!

Try running these applciatiosn in Safe mode as well. i.e, when your system is booting, keep pressing f8 keey, you will get a menu of choices, select Safe Mode out of it and run the applciation there as wel.

Re: Someone PLEASE PLEASE help!!!

Try spy bot as ze01 mentioned. It will clean up the stuff. For future keep both Adware and Spybot running on the system. And phuleez, stop using IE. It has been a year now since I have not clicked on IE icon. I even deleted all the shortcuts to it. I have Firefox and Maxthon installed and they both rock :k: No popups, no spyware and no adware at all. System runs with full resources and smoothly. Live cyberlife in peace.

Re: Someone PLEASE PLEASE help!!!!!!!!!!!!!!!!!!!

enjoy the stuff ;) ... Can't suggest anything but try spywarez & addwarez

Re: Someone PLEASE PLEASE help!!!

Ah!!

I downloaded Spybot, scanned and deleted the entries it found (there’s just one left which I couldn’t delete even after numerous attempts of restarting the PC as instructed)

Bottomline, that thingie still pops up and the IE opens itself with Slimshield software :confused:
 
Maybe I'll try Hijackthis.

I myself always use Firefox to browse. Do I need to go somewhere to make it my default web browser. (Because IE opens up automatically when we switch on the PC)

I don’t like IE but use it because some things don’t open up on Firefox since Firefox prompts me to download the plugins which are required. I don’t wanna download the plugins because it will take up space. I can’t play games or watch animations on Firefox because I didn’t get those plugins.

So I use IE to play games (not me but the kids to be exact) or watch animation. By that I won’t have to download any plugins.

Now I guess I seriously need to think about getting rid of IE.

Trying to run in Safe Mode, um how will I be able to make it run back in Normal mode after I am done?

Maybe I'll get Maxthon as well.

Thanks a lot for you suggestions everyone really appreciate it.

When will this end.  :bummer:

Re: Someone PLEASE PLEASE help!!!

now that you managed to remove the entrires using spybot, run Adware and see if it detects anything - then delete it. If that website still shows up in IR then run a hijackthis and put the log here and we will go from there.

Re: Someone PLEASE PLEASE help!!!

Yes, I did run Adware after that. Surprisingly this time it did manage to remove some entries but there were some left that weren’t deleted.

The thing still pops up though BUT I can change the default website now.

I’ll try the hijackthis.

Thanks alot

Re: Someone PLEASE PLEASE help!!!!!!!!!!!!!!!!!!!

try the microsoft spyware program. it has a brownser hijack restore option ..
its also pretty decent as a antispyware program.

Re: Someone PLEASE PLEASE help!!!

This thing also springs up…

[thumb=H]spyware11782_8174423.JPG[/thumb]

I ran hijackthis…here’s the logfile. I have been running adaware and spybot but the problem is still there.

Logfile of HijackThis v1.97.7
Scan saved at 12:10:58 PM, on 3/13/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\CFOSDW.EXE
C:\PROGRAM FILES\NETVIGATOR\NETVIGATOR BROADBAND\DRIVER\CFNDIS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ATHAN\ATHAN.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\MPM.EXE
C:\WINDOWS\SYSTEM\CMD32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\APPLICATION DATA\ANNL.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\REALITY FUSION\REALITY FUSION GAMECAM SE\PROGRAM\RFTRAY.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
F1 - win.ini: run=C:\PROGRA~1\NETVIG~1\NETVIG~1\DRIVER\cfosdw.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\SYSTEM\DSMANA~1.DLL
O2 - BHO: (no name) - {21E5406E-48F6-402A-835D-A8DF863F781E} - C:\WINDOWS\SYSTEM\BII.DLL (file missing)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\EN-US\MSNTB.DLL
O4 - HKLM..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS askmon.exe
O4 - HKLM..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\Run: [CountrySelection] pctptt.exe
O4 - HKLM..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM..\Run: [PCCIOMON.EXE] “C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE”
O4 - HKLM..\Run: [pop3trap.exe] “C:\Program Files\Trend PC-cillin 2000\pop3trap.exe”
O4 - HKLM..\Run: [WebTrap.exe] “C:\Program Files\Trend PC-cillin 2000\WebTrap.exe”
O4 - HKLM..\Run: [LoadQM] loadqm.exe
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM..\Run: [NET16I] C:\WINDOWS\SYSTEM\NET16I.exe
O4 - HKLM..\Run: [Athan] C:\PROGRAM FILES\ATHAN\ATHAN.exe
O4 - HKLM..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM..\Run: [winupdt] RUNDLL32.EXE C:\WINDOWS\DBPM95.DLL,_mainRD
O4 - HKLM..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM..\Run: [Tts] C:\WINDOWS\Mpm.exe
O4 - HKLM..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
O4 - HKLM..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM..\Run: [ntddetect] WS\SYSTEM
tddetect.exe
O4 - HKLM..\Run: [Etc] C:\WINDOWS\Svb.exe
O4 - HKLM..\Run: [Lqk] C:\WINDOWS\SYSTEM\Unt.exe
O4 - HKLM..\Run: [Rvd] C:\WINDOWS\SYSTEM\Aji.exe
O4 - HKLM..\Run: [Cvo] C:\WINDOWS\Uiu.exe
O4 - HKLM..\Run: [Mto] C:\WINDOWS\SYSTEM\Dit.exe
O4 - HKLM..\Run: [Brf] C:\WINDOWS\SYSTEM\Ujq.exe
O4 - HKLM..\Run: [Sdu] C:\WINDOWS\SYSTEM\Vru.exe
O4 - HKLM..\Run: [Mhg] C:\WINDOWS\SYSTEM\Bkn.exe
O4 - HKLM..\Run: [Tfu] C:\WINDOWS\Mur.exe
O4 - HKLM..\Run: [Gtk] C:\WINDOWS\Umj.exe
O4 - HKLM..\Run: [Ebo] C:\WINDOWS\SYSTEM\Fvq.exe
O4 - HKLM..\Run: [Tjj] C:\WINDOWS\Kvq.exe
O4 - HKLM..\Run: [Div] C:\WINDOWS\SYSTEM\Vvb.exe
O4 - HKLM..\Run: [Vbh] C:\WINDOWS\Lkm.exe
O4 - HKLM..\Run: [Chr] C:\WINDOWS\Lop.exe
O4 - HKLM..\Run: [Rpr] C:\WINDOWS\Dpi.exe
O4 - HKLM..\Run: [Lah] C:\WINDOWS\SYSTEM\Dgs.exe
O4 - HKLM..\Run: [Fqf] C:\WINDOWS\SYSTEM\Bli.exe
O4 - HKLM..\Run: [Hcf] C:\WINDOWS\Ldj.exe
O4 - HKLM..\Run: [Eap] C:\WINDOWS\Jiq.exe
O4 - HKLM..\Run: [Tqa] C:\WINDOWS\SYSTEM\Vue.exe
O4 - HKLM..\Run: [Ppt] C:\WINDOWS\SYSTEM\Jgs.exe
O4 - HKLM..\Run: [Ohq] C:\WINDOWS\Unn.exe
O4 - HKLM..\Run: [Chq] C:\WINDOWS\Dah.exe
O4 - HKLM..\Run: [Lbs] C:\WINDOWS\SYSTEM\Jro.exe
O4 - HKLM..\Run: [Gdb] C:\WINDOWS\Nnu.exe
O4 - HKLM..\Run: [Qsp] C:\WINDOWS\SYSTEM\Mrr.exe
O4 - HKLM..\Run: [Rot] C:\WINDOWS\Svd.exe
O4 - HKLM..\Run: [Uts] C:\WINDOWS\SYSTEM\Chb.exe
O4 - HKLM..\Run: [Atl] C:\WINDOWS\SYSTEM\Jea.exe
O4 - HKLM..\Run: [Ufg] C:\WINDOWS\Hsn.exe
O4 - HKLM..\Run: [Gdn] C:\WINDOWS\SYSTEM\Nvb.exe
O4 - HKLM..\Run: [Pmm] C:\WINDOWS\SYSTEM\Vhu.exe
O4 - HKLM..\Run: [Goi] C:\WINDOWS\SYSTEM\Rfb.exe
O4 - HKLM..\Run: [Ptq] C:\WINDOWS\SYSTEM\Aoi.exe
O4 - HKLM..\Run: [Nkg] C:\WINDOWS\SYSTEM\Fnu.exe
O4 - HKLM..\Run: [Aag] C:\WINDOWS\SYSTEM\Prq.exe
O4 - HKLM..\Run: [Hjr] C:\WINDOWS\Kqr.exe
O4 - HKLM..\Run: [Unq] C:\WINDOWS\Pfr.exe
O4 - HKLM..\Run: [Kna] C:\WINDOWS\Usb.exe
O4 - HKLM..\Run: [Rsi] C:\WINDOWS\SYSTEM\Adr.exe
O4 - HKLM..\Run: [Fej] C:\WINDOWS\SYSTEM\Fpo.exe
O4 - HKLM..\Run: [Rrf] C:\WINDOWS\Crs.exe
O4 - HKLM..\Run: [Ses] C:\WINDOWS\SYSTEM\Ons.exe
O4 - HKLM..\Run: [Hvv] C:\WINDOWS\SYSTEM\Utq.exe
O4 - HKLM..\Run: [Gjk] C:\WINDOWS\Qhl.exe
O4 - HKLM..\Run: [Amg] C:\WINDOWS\SYSTEM\Gik.exe
O4 - HKLM..\Run: [Mkd] C:\WINDOWS\SYSTEM\Dco.exe
O4 - HKLM..\Run: [Jms] C:\WINDOWS\Hbk.exe
O4 - HKLM..\Run: [Jvg] C:\WINDOWS\SYSTEM\Puj.exe
O4 - HKLM..\Run: [Ecv] C:\WINDOWS\SYSTEM\Igb.exe
O4 - HKLM..\Run: [Lpl] C:\WINDOWS\Gar.exe
O4 - HKLM..\Run: [Rib] C:\WINDOWS\Ssk.exe
O4 - HKLM..\Run: [Fjn] C:\WINDOWS\Dis.exe
O4 - HKLM..\Run: [Pvu] C:\WINDOWS\Qun.exe
O4 - HKLM..\Run: [Akb] C:\WINDOWS\Hfb.exe
O4 - HKLM..\Run: [Pov] C:\WINDOWS\Mlh.exe
O4 - HKLM..\Run: [Hur] C:\WINDOWS\Oac.exe
O4 - HKLM..\Run: [Ffp] C:\WINDOWS\SYSTEM\Ngf.exe
O4 - HKLM..\Run: [Fjq] C:\WINDOWS\SYSTEM\Qpd.exe
O4 - HKLM..\Run: [Nbi] C:\WINDOWS\Pdt.exe
O4 - HKLM..\Run: [Mjp] C:\WINDOWS\SYSTEM\Jtc.exe
O4 - HKLM..\Run: [Kpb] C:\WINDOWS\SYSTEM\Bvd.exe
O4 - HKLM..\Run: [Nja] C:\WINDOWS\SYSTEM\Bog.exe
O4 - HKLM..\Run: [Euv] C:\WINDOWS\SYSTEM\Bdi.exe
O4 - HKLM..\Run: [Dva] C:\WINDOWS\Pap.exe
O4 - HKLM..\Run: [Mka] C:\WINDOWS\SYSTEM\Fkg.exe
O4 - HKLM..\Run: [Flk] C:\WINDOWS\SYSTEM\Dsj.exe
O4 - HKLM..\Run: [Csi] C:\WINDOWS\Fdg.exe
O4 - HKLM..\Run: [Lga] C:\WINDOWS\Qcc.exe
O4 - HKLM..\Run: [Cfq] C:\WINDOWS\Ebe.exe
O4 - HKLM..\Run: [Ohs] C:\WINDOWS\Dra.exe
O4 - HKLM..\Run: [Tsf] C:\WINDOWS\Snv.exe
O4 - HKLM..\Run: [Heh] C:\WINDOWS\SYSTEM\Drd.exe
O4 - HKLM..\Run: [Acg] C:\WINDOWS\Tas.exe
O4 - HKLM..\Run: [Atd] C:\WINDOWS\Tng.exe
O4 - HKLM..\Run: [Svm] C:\WINDOWS\SYSTEM\Ict.exe
O4 - HKLM..\Run: [Rrr] C:\WINDOWS\SYSTEM\Crh.exe
O4 - HKLM..\Run: [Oaj] C:\WINDOWS\Jre.exe
O4 - HKLM..\Run: [Qsq] C:\WINDOWS\Dca.exe
O4 - HKLM..\Run: [Npr] C:\WINDOWS\Snr.exe
O4 - HKLM..\Run: [Vbe] C:\WINDOWS\SYSTEM\Qqs.exe
O4 - HKLM..\Run: [Ree] C:\WINDOWS\SYSTEM\Qbp.exe
O4 - HKLM..\Run: [Jhs] C:\WINDOWS\Spb.exe
O4 - HKLM..\Run: [Kfk] C:\WINDOWS\SYSTEM\Pal.exe
O4 - HKLM..\Run: [Fbe] C:\WINDOWS\SYSTEM\Blj.exe
O4 - HKLM..\Run: [Qba] C:\WINDOWS\Rgv.exe
O4 - HKLM..\Run: [Jdq] C:\WINDOWS\SYSTEM\Cvl.exe
O4 - HKLM..\Run: [Tce] C:\WINDOWS\Uqv.exe
O4 - HKLM..\Run: [Kfj] C:\WINDOWS\Fdt.exe
O4 - HKLM..\Run: [Aut] C:\WINDOWS\SYSTEM\Jmf.exe
O4 - HKLM..\Run: [Kkl] C:\WINDOWS\SYSTEM\Ghd.exe
O4 - HKLM..\Run: [Eva] C:\WINDOWS\SYSTEM\Pem.exe
O4 - HKLM..\Run: [Ndi] C:\WINDOWS\Jlv.exe
O4 - HKLM..\Run: [Ood] C:\WINDOWS\Lgh.exe
O4 - HKLM..\Run: [Mks] C:\WINDOWS\Qhm.exe
O4 - HKLM..\Run: [Moh] C:\WINDOWS\Vgl.exe
O4 - HKLM..\Run: [Pbo] C:\WINDOWS\Ccr.exe
O4 - HKLM..\Run: [Mdq] C:\WINDOWS\Lgk.exe
O4 - HKLM..\Run: [Usd] C:\WINDOWS\Bom.exe
O4 - HKLM..\Run: [Afo] C:\WINDOWS\Dbl.exe
O4 - HKLM..\Run: [Jfi] C:\WINDOWS\SYSTEM\Plq.exe
O4 - HKLM..\Run: [Ehg] C:\WINDOWS\Jek.exe
O4 - HKLM..\Run: [Lib] C:\WINDOWS\SYSTEM\Ktu.exe
O4 - HKLM..\Run: [Rnb] C:\WINDOWS\SYSTEM\Kof.exe
O4 - HKLM..\Run: [Stb] C:\WINDOWS\SYSTEM\Ggi.exe
O4 - HKLM..\Run: [Sjd] C:\WINDOWS\Hkl.exe
O4 - HKLM..\Run: [Vth] C:\WINDOWS\Gfd.exe
O4 - HKLM..\Run: [Fct] C:\WINDOWS\SYSTEM\Tmm.exe
O4 - HKLM..\Run: [Fvl] C:\WINDOWS\Pdj.exe
O4 - HKLM..\Run: [Esg] C:\WINDOWS\Rqh.exe
O4 - HKLM..\Run: [Vjt] C:\WINDOWS\Vdt.exe
O4 - HKLM..\Run: [Ske] C:\WINDOWS\SYSTEM\Oei.exe
O4 - HKLM..\Run: [Mid] C:\WINDOWS\SYSTEM\Voj.exe
O4 - HKLM..\Run: [Lkj] C:\WINDOWS\Nfl.exe
O4 - HKLM..\Run: [Tgu] C:\WINDOWS\Fla.exe
O4 - HKLM..\Run: [Ojv] C:\WINDOWS\SYSTEM\Icu.exe
O4 - HKLM..\Run: [Crg] C:\WINDOWS\Gbe.exe
O4 - HKLM..\Run: [Fbf] C:\WINDOWS\Lhd.exe
O4 - HKLM..\Run: [Lbv] C:\WINDOWS\Uan.exe
O4 - HKLM..\Run: [Qsn] C:\WINDOWS\SYSTEM\Uid.exe
O4 - HKLM..\Run: [Vlg] C:\WINDOWS\SYSTEM\Jgk.exe
O4 - HKLM..\Run: [Tnt] C:\WINDOWS\SYSTEM\Hoo.exe
O4 - HKLM..\Run: [Vhi] C:\WINDOWS\SYSTEM\Nip.exe
O4 - HKLM..\Run: [Fnt] C:\WINDOWS\SYSTEM\Hrp.exe
O4 - HKLM..\Run: [Abd] C:\WINDOWS\SYSTEM\Fsb.exe
O4 - HKLM..\Run: [Kbc] C:\WINDOWS\Vst.exe
O4 - HKLM..\Run: [Pil] C:\WINDOWS\SYSTEM\Tsb.exe
O4 - HKLM..\Run: [Frp] C:\WINDOWS\SYSTEM\Nmn.exe
O4 - HKLM..\Run: [Nej] C:\WINDOWS\SYSTEM\Fmh.exe
O4 - HKLM..\Run: [Kqo] C:\WINDOWS\Hlg.exe
O4 - HKLM..\Run: [Udu] C:\WINDOWS\Spl.exe
O4 - HKLM..\Run: [Ceg] C:\WINDOWS\SYSTEM\Noi.exe
O4 - HKLM..\Run: [Cei] C:\WINDOWS\Cgu.exe
O4 - HKLM..\Run: [Sqf] C:\WINDOWS\Jrl.exe
O4 - HKLM..\Run: [Oht] C:\WINDOWS\SYSTEM\Htv.exe
O4 - HKLM..\Run: [Afs] C:\WINDOWS\Jkj.exe
O4 - HKLM..\Run: [Ond] C:\WINDOWS\Fog.exe
O4 - HKLM..\Run: [Rfl] C:\WINDOWS\SYSTEM\Abg.exe
O4 - HKLM..\Run: [Eqc] C:\WINDOWS\SYSTEM\Aag.exe
O4 - HKLM..\Run: [Rht] C:\WINDOWS\Rrf.exe
O4 - HKLM..\Run: [Ndq] C:\WINDOWS\Kfu.exe
O4 - HKLM..\Run: [Ipi] C:\WINDOWS\SYSTEM\Eum.exe
O4 - HKLM..\Run: [Ufh] C:\WINDOWS\SYSTEM\Smf.exe
O4 - HKLM..\Run: [Ruo] C:\WINDOWS\Tlj.exe
O4 - HKLM..\Run: [Nbs] C:\WINDOWS\Glh.exe
O4 - HKLM..\Run: [Hkp] C:\WINDOWS\Prh.exe
O4 - HKLM..\Run: [Qsi] C:\WINDOWS\Elf.exe
O4 - HKLM..\Run: [Mdf] C:\WINDOWS\Nna.exe
O4 - HKLM..\Run: [Lsu] C:\WINDOWS\SYSTEM\Uvh.exe
O4 - HKLM..\Run: [Gqs] C:\WINDOWS\SYSTEM\Mmq.exe
O4 - HKLM..\Run: [Fgg] C:\WINDOWS\SYSTEM\Csm.exe
O4 - HKLM..\Run: [Duk] C:\WINDOWS\Jur.exe
O4 - HKLM..\Run: [Mrn] C:\WINDOWS\SYSTEM\Enq.exe
O4 - HKLM..\Run: [Grv] C:\WINDOWS\Vjg.exe
O4 - HKLM..\Run: [Unn] C:\WINDOWS\Aee.exe
O4 - HKLM..\Run: [Udg] C:\WINDOWS\SYSTEM\Gue.exe
O4 - HKLM..\Run: [Rdq] C:\WINDOWS\Onf.exe
O4 - HKLM..\Run: [Qhe] C:\WINDOWS\SYSTEM\Dij.exe
O4 - HKLM..\Run: [Mrs] C:\WINDOWS\Hvs.exe
O4 - HKLM..\Run: [Eth] C:\WINDOWS\Knd.exe
O4 - HKLM..\Run: [Gil] C:\WINDOWS\Rpc.exe
O4 - HKLM..\Run: [Gsd] C:\WINDOWS\SYSTEM\Kbl.exe
O4 - HKLM..\Run: [Lmj] C:\WINDOWS\SYSTEM\Kdp.exe
O4 - HKLM..\Run: [Ndv] C:\WINDOWS\SYSTEM\Rhf.exe
O4 - HKLM..\Run: [Ivt] C:\WINDOWS\SYSTEM\Jtp.exe
O4 - HKLM..\Run: [Qpb] C:\WINDOWS\Rdc.exe
O4 - HKLM..\Run: [Use] C:\WINDOWS\SYSTEM\Bps.exe
O4 - HKLM..\Run: [Ggk] C:\WINDOWS\SYSTEM\Kct.exe
O4 - HKLM..\Run: [Qmk] C:\WINDOWS\Pau.exe
O4 - HKLM..\Run: [Vpu] C:\WINDOWS\Dhp.exe
O4 - HKLM..\Run: [Bpj] C:\WINDOWS\Boo.exe
O4 - HKLM..\Run: [Tmp] C:\WINDOWS\Gls.exe
O4 - HKLM..\Run: [Pqq] C:\WINDOWS\Hns.exe
O4 - HKLM..\Run: [Die] C:\WINDOWS\SYSTEM\Cum.exe
O4 - HKLM..\Run: [Ads] C:\WINDOWS\SYSTEM\Hkh.exe
O4 - HKLM..\Run: [Bck] C:\WINDOWS\SYSTEM\Egt.exe
O4 - HKLM..\Run: [Bkv] C:\WINDOWS\SYSTEM\Kpi.exe
O4 - HKLM..\Run: [Nmj] C:\WINDOWS\SYSTEM\Jnr.exe
O4 - HKLM..\Run: [Iqu] C:\WINDOWS\Lhd.exe
O4 - HKLM..\Run: [Smt] C:\WINDOWS\SYSTEM\Cht.exe
O4 - HKLM..\Run: [Omj] C:\WINDOWS\SYSTEM\Fbi.exe
O4 - HKLM..\Run: [Run] C:\WINDOWS\SYSTEM\Jca.exe
O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM..\RunServices: *StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM..\RunServices: [PCCIOMON.EXE] “C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE”
O4 - HKLM..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM..\RunServices: [ntddetect] WS\SYSTEM
tddetect.exe
O4 - HKCU..\Run: [Ruling Technologies Install] “D:..\bin\gwunst.exe” inst_run D:..\bin\demo32.exe -q -c gwdemo2_2.dbd
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU..\Run: [Tts] C:\WINDOWS\Mpm.exe
O4 - HKCU..\Run: [Nhpa] C:\WINDOWS\Application Data\annl.exe
O4 - HKCU..\Run: [ntddetect] WS\SYSTEM
tddetect.exe
O4 - HKCU..\Run: [Etc] C:\WINDOWS\Svb.exe
O4 - HKCU..\Run: [Lqk] C:\WINDOWS\SYSTEM\Unt.exe
O4 - HKCU..\Run: [Rvd] C:\WINDOWS\SYSTEM\Aji.exe
O4 - HKCU..\Run: [Cvo] C:\WINDOWS\Uiu.exe
O4 - HKCU..\Run: [Mto] C:\WINDOWS\SYSTEM\Dit.exe
O4 - HKCU..\Run: [Brf] C:\WINDOWS\SYSTEM\Ujq.exe
O4 - HKCU..\Run: [Sdu] C:\WINDOWS\SYSTEM\Vru.exe
O4 - HKCU..\Run: [Mhg] C:\WINDOWS\SYSTEM\Bkn.exe
O4 - HKCU..\Run: [Tfu] C:\WINDOWS\Mur.exe
O4 - HKCU..\Run: [Gtk] C:\WINDOWS\Umj.exe
O4 - HKCU..\Run: [Ebo] C:\WINDOWS\SYSTEM\Fvq.exe
O4 - HKCU..\Run: [Tjj] C:\WINDOWS\Kvq.exe
O4 - HKCU..\Run: [Div] C:\WINDOWS\SYSTEM\Vvb.exe
O4 - HKCU..\Run: [Vbh] C:\WINDOWS\Lkm.exe
O4 - HKCU..\Run: [Chr] C:\WINDOWS\Lop.exe
O4 - HKCU..\Run: [Rpr] C:\WINDOWS\Dpi.exe
O4 - HKCU..\Run: [Lah] C:\WINDOWS\SYSTEM\Dgs.exe
O4 - HKCU..\Run: [Fqf] C:\WINDOWS\SYSTEM\Bli.exe
O4 - HKCU..\Run: [Hcf] C:\WINDOWS\Ldj.exe
O4 - HKCU..\Run: [Eap] C:\WINDOWS\Jiq.exe
O4 - HKCU..\Run: [Tqa] C:\WINDOWS\SYSTEM\Vue.exe
O4 - HKCU..\Run: [Ppt] C:\WINDOWS\SYSTEM\Jgs.exe
O4 - HKCU..\Run: [Ohq] C:\WINDOWS\Unn.exe
O4 - HKCU..\Run: [Chq] C:\WINDOWS\Dah.exe
O4 - HKCU..\Run: [Lbs] C:\WINDOWS\SYSTEM\Jro.exe
O4 - HKCU..\Run: [Gdb] C:\WINDOWS\Nnu.exe
O4 - HKCU..\Run: [Qsp] C:\WINDOWS\SYSTEM\Mrr.exe
O4 - HKCU..\Run: [Rot] C:\WINDOWS\Svd.exe
O4 - HKCU..\Run: [Uts] C:\WINDOWS\SYSTEM\Chb.exe
O4 - HKCU..\Run: [Atl] C:\WINDOWS\SYSTEM\Jea.exe
O4 - HKCU..\Run: [Ufg] C:\WINDOWS\Hsn.exe
O4 - HKCU..\Run: [Gdn] C:\WINDOWS\SYSTEM\Nvb.exe
O4 - HKCU..\Run: [Pmm] C:\WINDOWS\SYSTEM\Vhu.exe
O4 - HKCU..\Run: [Goi] C:\WINDOWS\SYSTEM\Rfb.exe
O4 - HKCU..\Run: [Ptq] C:\WINDOWS\SYSTEM\Aoi.exe
O4 - HKCU..\Run: [Nkg] C:\WINDOWS\SYSTEM\Fnu.exe
O4 - HKCU..\Run: [Aag] C:\WINDOWS\SYSTEM\Prq.exe
O4 - HKCU..\Run: [Hjr] C:\WINDOWS\Kqr.exe
O4 - HKCU..\Run: [Unq] C:\WINDOWS\Pfr.exe
O4 - HKCU..\Run: [Kna] C:\WINDOWS\Usb.exe
O4 - HKCU..\Run: [Rsi] C:\WINDOWS\SYSTEM\Adr.exe
O4 - HKCU..\Run: [Fej] C:\WINDOWS\SYSTEM\Fpo.exe
O4 - HKCU..\Run: [Rrf] C:\WINDOWS\Crs.exe
O4 - HKCU..\Run: [Ses] C:\WINDOWS\SYSTEM\Ons.exe
O4 - HKCU..\Run: [Hvv] C:\WINDOWS\SYSTEM\Utq.exe
O4 - HKCU..\Run: [Gjk] C:\WINDOWS\Qhl.exe
O4 - HKCU..\Run: [Amg] C:\WINDOWS\SYSTEM\Gik.exe
O4 - HKCU..\Run: [Mkd] C:\WINDOWS\SYSTEM\Dco.exe
O4 - HKCU..\Run: [Jms] C:\WINDOWS\Hbk.exe
O4 - HKCU..\Run: [Jvg] C:\WINDOWS\SYSTEM\Puj.exe
O4 - HKCU..\Run: [Ecv] C:\WINDOWS\SYSTEM\Igb.exe
O4 - HKCU..\Run: [Lpl] C:\WINDOWS\Gar.exe
O4 - HKCU..\Run: [Rib] C:\WINDOWS\Ssk.exe
O4 - HKCU..\Run: [Fjn] C:\WINDOWS\Dis.exe
O4 - HKCU..\Run: [Pvu] C:\WINDOWS\Qun.exe
O4 - HKCU..\Run: [Akb] C:\WINDOWS\Hfb.exe
O4 - HKCU..\Run: [Pov] C:\WINDOWS\Mlh.exe
O4 - HKCU..\Run: [Hur] C:\WINDOWS\Oac.exe
O4 - HKCU..\Run: [Ffp] C:\WINDOWS\SYSTEM\Ngf.exe
O4 - HKCU..\Run: [Fjq] C:\WINDOWS\SYSTEM\Qpd.exe
O4 - HKCU..\Run: [Nbi] C:\WINDOWS\Pdt.exe
O4 - HKCU..\Run: [Mjp] C:\WINDOWS\SYSTEM\Jtc.exe
O4 - HKCU..\Run: [Kpb] C:\WINDOWS\SYSTEM\Bvd.exe
O4 - HKCU..\Run: [Nja] C:\WINDOWS\SYSTEM\Bog.exe
O4 - HKCU..\Run: [Euv] C:\WINDOWS\SYSTEM\Bdi.exe
O4 - HKCU..\Run: [Dva] C:\WINDOWS\Pap.exe
O4 - HKCU..\Run: [Mka] C:\WINDOWS\SYSTEM\Fkg.exe
O4 - HKCU..\Run: [Flk] C:\WINDOWS\SYSTEM\Dsj.exe
O4 - HKCU..\Run: [Csi] C:\WINDOWS\Fdg.exe
O4 - HKCU..\Run: [Lga] C:\WINDOWS\Qcc.exe
O4 - HKCU..\Run: [Cfq] C:\WINDOWS\Ebe.exe
O4 - HKCU..\Run: [Ohs] C:\WINDOWS\Dra.exe
O4 - HKCU..\Run: [Tsf] C:\WINDOWS\Snv.exe
O4 - HKCU..\Run: [Heh] C:\WINDOWS\SYSTEM\Drd.exe
O4 - HKCU..\Run: [Acg] C:\WINDOWS\Tas.exe
O4 - HKCU..\Run: [Atd] C:\WINDOWS\Tng.exe
O4 - HKCU..\Run: [Svm] C:\WINDOWS\SYSTEM\Ict.exe
O4 - HKCU..\Run: [Rrr] C:\WINDOWS\SYSTEM\Crh.exe
O4 - HKCU..\Run: [Oaj] C:\WINDOWS\Jre.exe
O4 - HKCU..\Run: [Qsq] C:\WINDOWS\Dca.exe
O4 - HKCU..\Run: [Npr] C:\WINDOWS\Snr.exe
O4 - HKCU..\Run: [Vbe] C:\WINDOWS\SYSTEM\Qqs.exe
O4 - HKCU..\Run: [Ree] C:\WINDOWS\SYSTEM\Qbp.exe
O4 - HKCU..\Run: [Jhs] C:\WINDOWS\Spb.exe
O4 - HKCU..\Run: [Kfk] C:\WINDOWS\SYSTEM\Pal.exe
O4 - HKCU..\Run: [Fbe] C:\WINDOWS\SYSTEM\Blj.exe
O4 - HKCU..\Run: [Qba] C:\WINDOWS\Rgv.exe
O4 - HKCU..\Run: [Jdq] C:\WINDOWS\SYSTEM\Cvl.exe
O4 - HKCU..\Run: [Tce] C:\WINDOWS\Uqv.exe
O4 - HKCU..\Run: [Kfj] C:\WINDOWS\Fdt.exe
O4 - HKCU..\Run: [Aut] C:\WINDOWS\SYSTEM\Jmf.exe
O4 - HKCU..\Run: [Kkl] C:\WINDOWS\SYSTEM\Ghd.exe
O4 - HKCU..\Run: [Eva] C:\WINDOWS\SYSTEM\Pem.exe
O4 - HKCU..\Run: [Ndi] C:\WINDOWS\Jlv.exe
O4 - HKCU..\Run: [Ood] C:\WINDOWS\Lgh.exe
O4 - HKCU..\Run: [Mks] C:\WINDOWS\Qhm.exe
O4 - HKCU..\Run: [Moh] C:\WINDOWS\Vgl.exe
O4 - HKCU..\Run: [Pbo] C:\WINDOWS\Ccr.exe
O4 - HKCU..\Run: [Mdq] C:\WINDOWS\Lgk.exe
O4 - HKCU..\Run: [Usd] C:\WINDOWS\Bom.exe
O4 - HKCU..\Run: [Afo] C:\WINDOWS\Dbl.exe
O4 - HKCU..\Run: [Jfi] C:\WINDOWS\SYSTEM\Plq.exe
O4 - HKCU..\Run: [Ehg] C:\WINDOWS\Jek.exe
O4 - HKCU..\Run: [Lib] C:\WINDOWS\SYSTEM\Ktu.exe
O4 - HKCU..\Run: [Rnb] C:\WINDOWS\SYSTEM\Kof.exe
O4 - HKCU..\Run: [Stb] C:\WINDOWS\SYSTEM\Ggi.exe
O4 - HKCU..\Run: [Sjd] C:\WINDOWS\Hkl.exe
O4 - HKCU..\Run: [Vth] C:\WINDOWS\Gfd.exe
O4 - HKCU..\Run: [Fct] C:\WINDOWS\SYSTEM\Tmm.exe
O4 - HKCU..\Run: [Fvl] C:\WINDOWS\Pdj.exe
O4 - HKCU..\Run: [Esg] C:\WINDOWS\Rqh.exe
O4 - HKCU..\Run: [Vjt] C:\WINDOWS\Vdt.exe
O4 - HKCU..\Run: [Ske] C:\WINDOWS\SYSTEM\Oei.exe
O4 - HKCU..\Run: [Mid] C:\WINDOWS\SYSTEM\Voj.exe
O4 - HKCU..\Run: [Lkj] C:\WINDOWS\Nfl.exe
O4 - HKCU..\Run: [Tgu] C:\WINDOWS\Fla.exe
O4 - HKCU..\Run: [Ojv] C:\WINDOWS\SYSTEM\Icu.exe
O4 - HKCU..\Run: [Crg] C:\WINDOWS\Gbe.exe
O4 - HKCU..\Run: [Fbf] C:\WINDOWS\Lhd.exe
O4 - HKCU..\Run: [Lbv] C:\WINDOWS\Uan.exe
O4 - HKCU..\Run: [Qsn] C:\WINDOWS\SYSTEM\Uid.exe
O4 - HKCU..\Run: [Vlg] C:\WINDOWS\SYSTEM\Jgk.exe
O4 - HKCU..\Run: [Tnt] C:\WINDOWS\SYSTEM\Hoo.exe
O4 - HKCU..\Run: [Vhi] C:\WINDOWS\SYSTEM\Nip.exe
O4 - HKCU..\Run: [Fnt] C:\WINDOWS\SYSTEM\Hrp.exe
O4 - HKCU..\Run: [Abd] C:\WINDOWS\SYSTEM\Fsb.exe
O4 - HKCU..\Run: [Kbc] C:\WINDOWS\Vst.exe
O4 - HKCU..\Run: [Pil] C:\WINDOWS\SYSTEM\Tsb.exe
O4 - HKCU..\Run: [Frp] C:\WINDOWS\SYSTEM\Nmn.exe
O4 - HKCU..\Run: [Nej] C:\WINDOWS\SYSTEM\Fmh.exe
O4 - HKCU..\Run: [Kqo] C:\WINDOWS\Hlg.exe
O4 - HKCU..\Run: [Udu] C:\WINDOWS\Spl.exe
O4 - HKCU..\Run: [Ceg] C:\WINDOWS\SYSTEM\Noi.exe
O4 - HKCU..\Run: [Cei] C:\WINDOWS\Cgu.exe
O4 - HKCU..\Run: [Sqf] C:\WINDOWS\Jrl.exe
O4 - HKCU..\Run: [Oht] C:\WINDOWS\SYSTEM\Htv.exe
O4 - HKCU..\Run: [Afs] C:\WINDOWS\Jkj.exe
O4 - HKCU..\Run: [Ond] C:\WINDOWS\Fog.exe
O4 - HKCU..\Run: [Rfl] C:\WINDOWS\SYSTEM\Abg.exe
O4 - HKCU..\Run: [Eqc] C:\WINDOWS\SYSTEM\Aag.exe
O4 - HKCU..\Run: [Rht] C:\WINDOWS\Rrf.exe
O4 - HKCU..\Run: [Ndq] C:\WINDOWS\Kfu.exe
O4 - HKCU..\Run: [Ipi] C:\WINDOWS\SYSTEM\Eum.exe
O4 - HKCU..\Run: [Ufh] C:\WINDOWS\SYSTEM\Smf.exe
O4 - HKCU..\Run: [Ruo] C:\WINDOWS\Tlj.exe
O4 - HKCU..\Run: [Nbs] C:\WINDOWS\Glh.exe
O4 - HKCU..\Run: [Hkp] C:\WINDOWS\Prh.exe
O4 - HKCU..\Run: [Qsi] C:\WINDOWS\Elf.exe
O4 - HKCU..\Run: [Mdf] C:\WINDOWS\Nna.exe
O4 - HKCU..\Run: [Lsu] C:\WINDOWS\SYSTEM\Uvh.exe
O4 - HKCU..\Run: [Gqs] C:\WINDOWS\SYSTEM\Mmq.exe
O4 - HKCU..\Run: [Fgg] C:\WINDOWS\SYSTEM\Csm.exe
O4 - HKCU..\Run: [Duk] C:\WINDOWS\Jur.exe
O4 - HKCU..\Run: [Mrn] C:\WINDOWS\SYSTEM\Enq.exe
O4 - HKCU..\Run: [Grv] C:\WINDOWS\Vjg.exe
O4 - HKCU..\Run: [Unn] C:\WINDOWS\Aee.exe
O4 - HKCU..\Run: [Udg] C:\WINDOWS\SYSTEM\Gue.exe
O4 - HKCU..\Run: [Rdq] C:\WINDOWS\Onf.exe
O4 - HKCU..\Run: [Qhe] C:\WINDOWS\SYSTEM\Dij.exe
O4 - HKCU..\Run: [Mrs] C:\WINDOWS\Hvs.exe
O4 - HKCU..\Run: [Eth] C:\WINDOWS\Knd.exe
O4 - HKCU..\Run: [Gil] C:\WINDOWS\Rpc.exe
O4 - HKCU..\Run: [Gsd] C:\WINDOWS\SYSTEM\Kbl.exe
O4 - HKCU..\Run: [Lmj] C:\WINDOWS\SYSTEM\Kdp.exe
O4 - HKCU..\Run: [Ndv] C:\WINDOWS\SYSTEM\Rhf.exe
O4 - HKCU..\Run: [Ivt] C:\WINDOWS\SYSTEM\Jtp.exe
O4 - HKCU..\Run: [Qpb] C:\WINDOWS\Rdc.exe
O4 - HKCU..\Run: [Use] C:\WINDOWS\SYSTEM\Bps.exe
O4 - HKCU..\Run: [Ggk] C:\WINDOWS\SYSTEM\Kct.exe
O4 - HKCU..\Run: [Qmk] C:\WINDOWS\Pau.exe
O4 - HKCU..\Run: [Vpu] C:\WINDOWS\Dhp.exe
O4 - HKCU..\Run: [Bpj] C:\WINDOWS\Boo.exe
O4 - HKCU..\Run: [Tmp] C:\WINDOWS\Gls.exe
O4 - HKCU..\Run: [Pqq] C:\WINDOWS\Hns.exe
O4 - HKCU..\Run: [Die] C:\WINDOWS\SYSTEM\Cum.exe
O4 - HKCU..\Run: [Ads] C:\WINDOWS\SYSTEM\Hkh.exe
O4 - HKCU..\Run: [Bck] C:\WINDOWS\SYSTEM\Egt.exe
O4 - HKCU..\Run: [Bkv] C:\WINDOWS\SYSTEM\Kpi.exe
O4 - HKCU..\Run: [Nmj] C:\WINDOWS\SYSTEM\Jnr.exe
O4 - HKCU..\Run: [Iqu] C:\WINDOWS\Lhd.exe
O4 - HKCU..\Run: [Smt] C:\WINDOWS\SYSTEM\Cht.exe
O4 - HKCU..\Run: [Omj] C:\WINDOWS\SYSTEM\Fbi.exe
O4 - HKCU..\Run: [Run] C:\WINDOWS\SYSTEM\Jca.exe
O4 - Startup: Reality Fusion GameCam SE.lnk = C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029XXHK
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS
pqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tinyOnline.com.hk
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.iframedollars.biz
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/022cfcb4c60735fd0700/netzip/RdxIE6.cab
O16 - DPF: FreedomAudio - http://www.freedomaudio.com/install/win/mv/freedominstaller.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {6785FBC7-13AD-4F28-8FB3-1AEA411C03A5} (GSAG.GSAudioControl) - http://gim.gupistan.com/vg/GSAG.CAB
O16 - DPF: {482FA9A6-8B46-48E4-AADE-924F3007DA4C} (GSUrdu.UrduType) - http://gim.gupshup.org/asim1/urdu/GSUrdu.CAB
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://www.webcamnow.com/voice/voice.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {3A835AF0-C223-4F83-A648-5A02F8FFEBFA} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/tc/filesharingctrl.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38029.1072106482
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx

So is there anything you guys would suggest?

Re: Someone PLEASE PLEASE help!!!!!!!!!!!!!!!!!!!

Format, format, format...no other solution, u'll just keep going round in circles. Backup ur data, clean fresh install, load firewall & anti virus & then proceed with normal activities

Re: Someone PLEASE PLEASE help!!!

^NOOOOOOOOOO!!!

OK my O.S. is OEM. I guess I have the recovery disk. Do you I just back up everything. Shut down. Start the PC and put the disk in and do as it instructs me to?

Re: Someone PLEASE PLEASE help!!!

hmm, wheres the firewall huh??!! :bailan:

No need to format just remove the enteries below from your registry.

Start your computer in safe mode. (keep pressing F8 while booting and select safe mode)

Run HijackThis, click on scan and tick/check the enteries below and click on fix. (close all other windows before clicking on fix button)

Close HijackThis, rerun it again, click on scan again and see if there is any entery left from the list below, remove it by ticking and clicking on fix.

After removing the enteries start Spybot Search & Destroy, click Check for problems and remove any entry if found.

resart your computer in normal mode. run Hijackthis and post the log file here again.

Good Luck!!

here are the enteries to remove: (do it in safe mode, other wise it wont work properly)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

O2 - BHO: (no name) - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\SYSTEM\DSMANA~1.DLL
O2 - BHO: (no name) - {21E5406E-48F6-402A-835D-A8DF863F781E} - C:\WINDOWS\SYSTEM\BII.DLL (file missing)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL

O4 - HKLM..\Run: [NET16I] C:\WINDOWS\SYSTEM\NET16I.exe
O4 - HKLM..\Run: [Tts] C:\WINDOWS\Mpm.exe
O4 - HKLM..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
O4 - HKLM..\Run: [ntddetect] WS\SYSTEM
tddetect.exe
O4 - HKLM..\Run: [Etc] C:\WINDOWS\Svb.exe
O4 - HKLM..\Run: [Lqk] C:\WINDOWS\SYSTEM\Unt.exe
O4 - HKLM..\Run: [Rvd] C:\WINDOWS\SYSTEM\Aji.exe
O4 - HKLM..\Run: [Cvo] C:\WINDOWS\Uiu.exe
O4 - HKLM..\Run: [Mto] C:\WINDOWS\SYSTEM\Dit.exe
O4 - HKLM..\Run: [Brf] C:\WINDOWS\SYSTEM\Ujq.exe
O4 - HKLM..\Run: [Sdu] C:\WINDOWS\SYSTEM\Vru.exe
O4 - HKLM..\Run: [Mhg] C:\WINDOWS\SYSTEM\Bkn.exe
O4 - HKLM..\Run: [Tfu] C:\WINDOWS\Mur.exe
O4 - HKLM..\Run: [Gtk] C:\WINDOWS\Umj.exe
O4 - HKLM..\Run: [Ebo] C:\WINDOWS\SYSTEM\Fvq.exe
O4 - HKLM..\Run: [Tjj] C:\WINDOWS\Kvq.exe
O4 - HKLM..\Run: [Div] C:\WINDOWS\SYSTEM\Vvb.exe
O4 - HKLM..\Run: [Vbh] C:\WINDOWS\Lkm.exe
O4 - HKLM..\Run: [Chr] C:\WINDOWS\Lop.exe
O4 - HKLM..\Run: [Rpr] C:\WINDOWS\Dpi.exe
O4 - HKLM..\Run: [Lah] C:\WINDOWS\SYSTEM\Dgs.exe
O4 - HKLM..\Run: [Fqf] C:\WINDOWS\SYSTEM\Bli.exe
O4 - HKLM..\Run: [Hcf] C:\WINDOWS\Ldj.exe
O4 - HKLM..\Run: [Eap] C:\WINDOWS\Jiq.exe
O4 - HKLM..\Run: [Tqa] C:\WINDOWS\SYSTEM\Vue.exe
O4 - HKLM..\Run: [Ppt] C:\WINDOWS\SYSTEM\Jgs.exe
O4 - HKLM..\Run: [Ohq] C:\WINDOWS\Unn.exe
O4 - HKLM..\Run: [Chq] C:\WINDOWS\Dah.exe
O4 - HKLM..\Run: [Lbs] C:\WINDOWS\SYSTEM\Jro.exe
O4 - HKLM..\Run: [Gdb] C:\WINDOWS\Nnu.exe
O4 - HKLM..\Run: [Qsp] C:\WINDOWS\SYSTEM\Mrr.exe
O4 - HKLM..\Run: [Rot] C:\WINDOWS\Svd.exe
O4 - HKLM..\Run: [Uts] C:\WINDOWS\SYSTEM\Chb.exe
O4 - HKLM..\Run: [Atl] C:\WINDOWS\SYSTEM\Jea.exe
O4 - HKLM..\Run: [Ufg] C:\WINDOWS\Hsn.exe
O4 - HKLM..\Run: [Gdn] C:\WINDOWS\SYSTEM\Nvb.exe
O4 - HKLM..\Run: [Pmm] C:\WINDOWS\SYSTEM\Vhu.exe
O4 - HKLM..\Run: [Goi] C:\WINDOWS\SYSTEM\Rfb.exe
O4 - HKLM..\Run: [Ptq] C:\WINDOWS\SYSTEM\Aoi.exe
O4 - HKLM..\Run: [Nkg] C:\WINDOWS\SYSTEM\Fnu.exe
O4 - HKLM..\Run: [Aag] C:\WINDOWS\SYSTEM\Prq.exe
O4 - HKLM..\Run: [Hjr] C:\WINDOWS\Kqr.exe
O4 - HKLM..\Run: [Unq] C:\WINDOWS\Pfr.exe
O4 - HKLM..\Run: [Kna] C:\WINDOWS\Usb.exe
O4 - HKLM..\Run: [Rsi] C:\WINDOWS\SYSTEM\Adr.exe
O4 - HKLM..\Run: [Fej] C:\WINDOWS\SYSTEM\Fpo.exe
O4 - HKLM..\Run: [Rrf] C:\WINDOWS\Crs.exe
O4 - HKLM..\Run: [Ses] C:\WINDOWS\SYSTEM\Ons.exe
O4 - HKLM..\Run: [Hvv] C:\WINDOWS\SYSTEM\Utq.exe
O4 - HKLM..\Run: [Gjk] C:\WINDOWS\Qhl.exe
O4 - HKLM..\Run: [Amg] C:\WINDOWS\SYSTEM\Gik.exe
O4 - HKLM..\Run: [Mkd] C:\WINDOWS\SYSTEM\Dco.exe
O4 - HKLM..\Run: [Jms] C:\WINDOWS\Hbk.exe
O4 - HKLM..\Run: [Jvg] C:\WINDOWS\SYSTEM\Puj.exe
O4 - HKLM..\Run: [Ecv] C:\WINDOWS\SYSTEM\Igb.exe
O4 - HKLM..\Run: [Lpl] C:\WINDOWS\Gar.exe
O4 - HKLM..\Run: [Rib] C:\WINDOWS\Ssk.exe
O4 - HKLM..\Run: [Fjn] C:\WINDOWS\Dis.exe
O4 - HKLM..\Run: [Pvu] C:\WINDOWS\Qun.exe
O4 - HKLM..\Run: [Akb] C:\WINDOWS\Hfb.exe
O4 - HKLM..\Run: [Pov] C:\WINDOWS\Mlh.exe
O4 - HKLM..\Run: [Hur] C:\WINDOWS\Oac.exe
O4 - HKLM..\Run: [Ffp] C:\WINDOWS\SYSTEM\Ngf.exe
O4 - HKLM..\Run: [Fjq] C:\WINDOWS\SYSTEM\Qpd.exe
O4 - HKLM..\Run: [Nbi] C:\WINDOWS\Pdt.exe
O4 - HKLM..\Run: [Mjp] C:\WINDOWS\SYSTEM\Jtc.exe
O4 - HKLM..\Run: [Kpb] C:\WINDOWS\SYSTEM\Bvd.exe
O4 - HKLM..\Run: [Nja] C:\WINDOWS\SYSTEM\Bog.exe
O4 - HKLM..\Run: [Euv] C:\WINDOWS\SYSTEM\Bdi.exe
O4 - HKLM..\Run: [Dva] C:\WINDOWS\Pap.exe
O4 - HKLM..\Run: [Mka] C:\WINDOWS\SYSTEM\Fkg.exe
O4 - HKLM..\Run: [Flk] C:\WINDOWS\SYSTEM\Dsj.exe
O4 - HKLM..\Run: [Csi] C:\WINDOWS\Fdg.exe
O4 - HKLM..\Run: [Lga] C:\WINDOWS\Qcc.exe
O4 - HKLM..\Run: [Cfq] C:\WINDOWS\Ebe.exe
O4 - HKLM..\Run: [Ohs] C:\WINDOWS\Dra.exe
O4 - HKLM..\Run: [Tsf] C:\WINDOWS\Snv.exe
O4 - HKLM..\Run: [Heh] C:\WINDOWS\SYSTEM\Drd.exe
O4 - HKLM..\Run: [Acg] C:\WINDOWS\Tas.exe
O4 - HKLM..\Run: [Atd] C:\WINDOWS\Tng.exe
O4 - HKLM..\Run: [Svm] C:\WINDOWS\SYSTEM\Ict.exe
O4 - HKLM..\Run: [Rrr] C:\WINDOWS\SYSTEM\Crh.exe
O4 - HKLM..\Run: [Oaj] C:\WINDOWS\Jre.exe
O4 - HKLM..\Run: [Qsq] C:\WINDOWS\Dca.exe
O4 - HKLM..\Run: [Npr] C:\WINDOWS\Snr.exe
O4 - HKLM..\Run: [Vbe] C:\WINDOWS\SYSTEM\Qqs.exe
O4 - HKLM..\Run: [Ree] C:\WINDOWS\SYSTEM\Qbp.exe
O4 - HKLM..\Run: [Jhs] C:\WINDOWS\Spb.exe
O4 - HKLM..\Run: [Kfk] C:\WINDOWS\SYSTEM\Pal.exe
O4 - HKLM..\Run: [Fbe] C:\WINDOWS\SYSTEM\Blj.exe
O4 - HKLM..\Run: [Qba] C:\WINDOWS\Rgv.exe
O4 - HKLM..\Run: [Jdq] C:\WINDOWS\SYSTEM\Cvl.exe
O4 - HKLM..\Run: [Tce] C:\WINDOWS\Uqv.exe
O4 - HKLM..\Run: [Kfj] C:\WINDOWS\Fdt.exe
O4 - HKLM..\Run: [Aut] C:\WINDOWS\SYSTEM\Jmf.exe
O4 - HKLM..\Run: [Kkl] C:\WINDOWS\SYSTEM\Ghd.exe
O4 - HKLM..\Run: [Eva] C:\WINDOWS\SYSTEM\Pem.exe
O4 - HKLM..\Run: [Ndi] C:\WINDOWS\Jlv.exe
O4 - HKLM..\Run: [Ood] C:\WINDOWS\Lgh.exe
O4 - HKLM..\Run: [Mks] C:\WINDOWS\Qhm.exe
O4 - HKLM..\Run: [Moh] C:\WINDOWS\Vgl.exe
O4 - HKLM..\Run: [Pbo] C:\WINDOWS\Ccr.exe
O4 - HKLM..\Run: [Mdq] C:\WINDOWS\Lgk.exe
O4 - HKLM..\Run: [Usd] C:\WINDOWS\Bom.exe
O4 - HKLM..\Run: [Afo] C:\WINDOWS\Dbl.exe
O4 - HKLM..\Run: [Jfi] C:\WINDOWS\SYSTEM\Plq.exe
O4 - HKLM..\Run: [Ehg] C:\WINDOWS\Jek.exe
O4 - HKLM..\Run: [Lib] C:\WINDOWS\SYSTEM\Ktu.exe
O4 - HKLM..\Run: [Rnb] C:\WINDOWS\SYSTEM\Kof.exe
O4 - HKLM..\Run: [Stb] C:\WINDOWS\SYSTEM\Ggi.exe
O4 - HKLM..\Run: [Sjd] C:\WINDOWS\Hkl.exe
O4 - HKLM..\Run: [Vth] C:\WINDOWS\Gfd.exe
O4 - HKLM..\Run: [Fct] C:\WINDOWS\SYSTEM\Tmm.exe
O4 - HKLM..\Run: [Fvl] C:\WINDOWS\Pdj.exe
O4 - HKLM..\Run: [Esg] C:\WINDOWS\Rqh.exe
O4 - HKLM..\Run: [Vjt] C:\WINDOWS\Vdt.exe
O4 - HKLM..\Run: [Ske] C:\WINDOWS\SYSTEM\Oei.exe
O4 - HKLM..\Run: [Mid] C:\WINDOWS\SYSTEM\Voj.exe
O4 - HKLM..\Run: [Lkj] C:\WINDOWS\Nfl.exe
O4 - HKLM..\Run: [Tgu] C:\WINDOWS\Fla.exe
O4 - HKLM..\Run: [Ojv] C:\WINDOWS\SYSTEM\Icu.exe
O4 - HKLM..\Run: [Crg] C:\WINDOWS\Gbe.exe
O4 - HKLM..\Run: [Fbf] C:\WINDOWS\Lhd.exe
O4 - HKLM..\Run: [Lbv] C:\WINDOWS\Uan.exe
O4 - HKLM..\Run: [Qsn] C:\WINDOWS\SYSTEM\Uid.exe
O4 - HKLM..\Run: [Vlg] C:\WINDOWS\SYSTEM\Jgk.exe
O4 - HKLM..\Run: [Tnt] C:\WINDOWS\SYSTEM\Hoo.exe
O4 - HKLM..\Run: [Vhi] C:\WINDOWS\SYSTEM\Nip.exe
O4 - HKLM..\Run: [Fnt] C:\WINDOWS\SYSTEM\Hrp.exe
O4 - HKLM..\Run: [Abd] C:\WINDOWS\SYSTEM\Fsb.exe
O4 - HKLM..\Run: [Kbc] C:\WINDOWS\Vst.exe
O4 - HKLM..\Run: [Pil] C:\WINDOWS\SYSTEM\Tsb.exe
O4 - HKLM..\Run: [Frp] C:\WINDOWS\SYSTEM\Nmn.exe
O4 - HKLM..\Run: [Nej] C:\WINDOWS\SYSTEM\Fmh.exe
O4 - HKLM..\Run: [Kqo] C:\WINDOWS\Hlg.exe
O4 - HKLM..\Run: [Udu] C:\WINDOWS\Spl.exe
O4 - HKLM..\Run: [Ceg] C:\WINDOWS\SYSTEM\Noi.exe
O4 - HKLM..\Run: [Cei] C:\WINDOWS\Cgu.exe
O4 - HKLM..\Run: [Sqf] C:\WINDOWS\Jrl.exe
O4 - HKLM..\Run: [Oht] C:\WINDOWS\SYSTEM\Htv.exe
O4 - HKLM..\Run: [Afs] C:\WINDOWS\Jkj.exe
O4 - HKLM..\Run: [Ond] C:\WINDOWS\Fog.exe
O4 - HKLM..\Run: [Rfl] C:\WINDOWS\SYSTEM\Abg.exe
O4 - HKLM..\Run: [Eqc] C:\WINDOWS\SYSTEM\Aag.exe
O4 - HKLM..\Run: [Rht] C:\WINDOWS\Rrf.exe
O4 - HKLM..\Run: [Ndq] C:\WINDOWS\Kfu.exe
O4 - HKLM..\Run: [Ipi] C:\WINDOWS\SYSTEM\Eum.exe
O4 - HKLM..\Run: [Ufh] C:\WINDOWS\SYSTEM\Smf.exe
O4 - HKLM..\Run: [Ruo] C:\WINDOWS\Tlj.exe
O4 - HKLM..\Run: [Nbs] C:\WINDOWS\Glh.exe
O4 - HKLM..\Run: [Hkp] C:\WINDOWS\Prh.exe
O4 - HKLM..\Run: [Qsi] C:\WINDOWS\Elf.exe
O4 - HKLM..\Run: [Mdf] C:\WINDOWS\Nna.exe
O4 - HKLM..\Run: [Lsu] C:\WINDOWS\SYSTEM\Uvh.exe
O4 - HKLM..\Run: [Gqs] C:\WINDOWS\SYSTEM\Mmq.exe
O4 - HKLM..\Run: [Fgg] C:\WINDOWS\SYSTEM\Csm.exe
O4 - HKLM..\Run: [Duk] C:\WINDOWS\Jur.exe
O4 - HKLM..\Run: [Mrn] C:\WINDOWS\SYSTEM\Enq.exe
O4 - HKLM..\Run: [Grv] C:\WINDOWS\Vjg.exe
O4 - HKLM..\Run: [Unn] C:\WINDOWS\Aee.exe
O4 - HKLM..\Run: [Udg] C:\WINDOWS\SYSTEM\Gue.exe
O4 - HKLM..\Run: [Rdq] C:\WINDOWS\Onf.exe
O4 - HKLM..\Run: [Qhe] C:\WINDOWS\SYSTEM\Dij.exe
O4 - HKLM..\Run: [Mrs] C:\WINDOWS\Hvs.exe
O4 - HKLM..\Run: [Eth] C:\WINDOWS\Knd.exe
O4 - HKLM..\Run: [Gil] C:\WINDOWS\Rpc.exe
O4 - HKLM..\Run: [Gsd] C:\WINDOWS\SYSTEM\Kbl.exe
O4 - HKLM..\Run: [Lmj] C:\WINDOWS\SYSTEM\Kdp.exe
O4 - HKLM..\Run: [Ndv] C:\WINDOWS\SYSTEM\Rhf.exe
O4 - HKLM..\Run: [Ivt] C:\WINDOWS\SYSTEM\Jtp.exe
O4 - HKLM..\Run: [Qpb] C:\WINDOWS\Rdc.exe
O4 - HKLM..\Run: [Use] C:\WINDOWS\SYSTEM\Bps.exe
O4 - HKLM..\Run: [Ggk] C:\WINDOWS\SYSTEM\Kct.exe
O4 - HKLM..\Run: [Qmk] C:\WINDOWS\Pau.exe
O4 - HKLM..\Run: [Vpu] C:\WINDOWS\Dhp.exe
O4 - HKLM..\Run: [Bpj] C:\WINDOWS\Boo.exe
O4 - HKLM..\Run: [Tmp] C:\WINDOWS\Gls.exe
O4 - HKLM..\Run: [Pqq] C:\WINDOWS\Hns.exe
O4 - HKLM..\Run: [Die] C:\WINDOWS\SYSTEM\Cum.exe
O4 - HKLM..\Run: [Ads] C:\WINDOWS\SYSTEM\Hkh.exe
O4 - HKLM..\Run: [Bck] C:\WINDOWS\SYSTEM\Egt.exe
O4 - HKLM..\Run: [Bkv] C:\WINDOWS\SYSTEM\Kpi.exe
O4 - HKLM..\Run: [Nmj] C:\WINDOWS\SYSTEM\Jnr.exe
O4 - HKLM..\Run: [Iqu] C:\WINDOWS\Lhd.exe
O4 - HKLM..\Run: [Smt] C:\WINDOWS\SYSTEM\Cht.exe
O4 - HKLM..\Run: [Omj] C:\WINDOWS\SYSTEM\Fbi.exe
O4 - HKLM..\Run: [Run] C:\WINDOWS\SYSTEM\Jca.exe
O4 - HKCU..\Run: [Ruling Technologies Install] “D:..\bin\gwunst.exe” inst_run D:..\bin\demo32.exe -q -c gwdemo2_2.dbd
O4 - HKCU..\Run: [Tts] C:\WINDOWS\Mpm.exe
O4 - HKCU..\Run: [Nhpa] C:\WINDOWS\Application Data\annl.exe
O4 - HKCU..\Run: [ntddetect] WS\SYSTEM
tddetect.exe
O4 - HKCU..\Run: [Etc] C:\WINDOWS\Svb.exe
O4 - HKCU..\Run: [Lqk] C:\WINDOWS\SYSTEM\Unt.exe
O4 - HKCU..\Run: [Rvd] C:\WINDOWS\SYSTEM\Aji.exe
O4 - HKCU..\Run: [Cvo] C:\WINDOWS\Uiu.exe
O4 - HKCU..\Run: [Mto] C:\WINDOWS\SYSTEM\Dit.exe
O4 - HKCU..\Run: [Brf] C:\WINDOWS\SYSTEM\Ujq.exe
O4 - HKCU..\Run: [Sdu] C:\WINDOWS\SYSTEM\Vru.exe
O4 - HKCU..\Run: [Mhg] C:\WINDOWS\SYSTEM\Bkn.exe
O4 - HKCU..\Run: [Tfu] C:\WINDOWS\Mur.exe
O4 - HKCU..\Run: [Gtk] C:\WINDOWS\Umj.exe
O4 - HKCU..\Run: [Ebo] C:\WINDOWS\SYSTEM\Fvq.exe
O4 - HKCU..\Run: [Tjj] C:\WINDOWS\Kvq.exe
O4 - HKCU..\Run: [Div] C:\WINDOWS\SYSTEM\Vvb.exe
O4 - HKCU..\Run: [Vbh] C:\WINDOWS\Lkm.exe
O4 - HKCU..\Run: [Chr] C:\WINDOWS\Lop.exe
O4 - HKCU..\Run: [Rpr] C:\WINDOWS\Dpi.exe
O4 - HKCU..\Run: [Lah] C:\WINDOWS\SYSTEM\Dgs.exe
O4 - HKCU..\Run: [Fqf] C:\WINDOWS\SYSTEM\Bli.exe
O4 - HKCU..\Run: [Hcf] C:\WINDOWS\Ldj.exe
O4 - HKCU..\Run: [Eap] C:\WINDOWS\Jiq.exe
O4 - HKCU..\Run: [Tqa] C:\WINDOWS\SYSTEM\Vue.exe
O4 - HKCU..\Run: [Ppt] C:\WINDOWS\SYSTEM\Jgs.exe
O4 - HKCU..\Run: [Ohq] C:\WINDOWS\Unn.exe
O4 - HKCU..\Run: [Chq] C:\WINDOWS\Dah.exe
O4 - HKCU..\Run: [Lbs] C:\WINDOWS\SYSTEM\Jro.exe
O4 - HKCU..\Run: [Gdb] C:\WINDOWS\Nnu.exe
O4 - HKCU..\Run: [Qsp] C:\WINDOWS\SYSTEM\Mrr.exe
O4 - HKCU..\Run: [Rot] C:\WINDOWS\Svd.exe
O4 - HKCU..\Run: [Uts] C:\WINDOWS\SYSTEM\Chb.exe
O4 - HKCU..\Run: [Atl] C:\WINDOWS\SYSTEM\Jea.exe
O4 - HKCU..\Run: [Ufg] C:\WINDOWS\Hsn.exe
O4 - HKCU..\Run: [Gdn] C:\WINDOWS\SYSTEM\Nvb.exe
O4 - HKCU..\Run: [Pmm] C:\WINDOWS\SYSTEM\Vhu.exe
O4 - HKCU..\Run: [Goi] C:\WINDOWS\SYSTEM\Rfb.exe
O4 - HKCU..\Run: [Ptq] C:\WINDOWS\SYSTEM\Aoi.exe
O4 - HKCU..\Run: [Nkg] C:\WINDOWS\SYSTEM\Fnu.exe
O4 - HKCU..\Run: [Aag] C:\WINDOWS\SYSTEM\Prq.exe
O4 - HKCU..\Run: [Hjr] C:\WINDOWS\Kqr.exe
O4 - HKCU..\Run: [Unq] C:\WINDOWS\Pfr.exe
O4 - HKCU..\Run: [Kna] C:\WINDOWS\Usb.exe
O4 - HKCU..\Run: [Rsi] C:\WINDOWS\SYSTEM\Adr.exe
O4 - HKCU..\Run: [Fej] C:\WINDOWS\SYSTEM\Fpo.exe
O4 - HKCU..\Run: [Rrf] C:\WINDOWS\Crs.exe
O4 - HKCU..\Run: [Ses] C:\WINDOWS\SYSTEM\Ons.exe
O4 - HKCU..\Run: [Hvv] C:\WINDOWS\SYSTEM\Utq.exe
O4 - HKCU..\Run: [Gjk] C:\WINDOWS\Qhl.exe
O4 - HKCU..\Run: [Amg] C:\WINDOWS\SYSTEM\Gik.exe
O4 - HKCU..\Run: [Mkd] C:\WINDOWS\SYSTEM\Dco.exe
O4 - HKCU..\Run: [Jms] C:\WINDOWS\Hbk.exe
O4 - HKCU..\Run: [Jvg] C:\WINDOWS\SYSTEM\Puj.exe
O4 - HKCU..\Run: [Ecv] C:\WINDOWS\SYSTEM\Igb.exe
O4 - HKCU..\Run: [Lpl] C:\WINDOWS\Gar.exe
O4 - HKCU..\Run: [Rib] C:\WINDOWS\Ssk.exe
O4 - HKCU..\Run: [Fjn] C:\WINDOWS\Dis.exe
O4 - HKCU..\Run: [Pvu] C:\WINDOWS\Qun.exe
O4 - HKCU..\Run: [Akb] C:\WINDOWS\Hfb.exe
O4 - HKCU..\Run: [Pov] C:\WINDOWS\Mlh.exe
O4 - HKCU..\Run: [Hur] C:\WINDOWS\Oac.exe
O4 - HKCU..\Run: [Ffp] C:\WINDOWS\SYSTEM\Ngf.exe
O4 - HKCU..\Run: [Fjq] C:\WINDOWS\SYSTEM\Qpd.exe
O4 - HKCU..\Run: [Nbi] C:\WINDOWS\Pdt.exe
O4 - HKCU..\Run: [Mjp] C:\WINDOWS\SYSTEM\Jtc.exe
O4 - HKCU..\Run: [Kpb] C:\WINDOWS\SYSTEM\Bvd.exe
O4 - HKCU..\Run: [Nja] C:\WINDOWS\SYSTEM\Bog.exe
O4 - HKCU..\Run: [Euv] C:\WINDOWS\SYSTEM\Bdi.exe
O4 - HKCU..\Run: [Dva] C:\WINDOWS\Pap.exe
O4 - HKCU..\Run: [Mka] C:\WINDOWS\SYSTEM\Fkg.exe
O4 - HKCU..\Run: [Flk] C:\WINDOWS\SYSTEM\Dsj.exe
O4 - HKCU..\Run: [Csi] C:\WINDOWS\Fdg.exe
O4 - HKCU..\Run: [Lga] C:\WINDOWS\Qcc.exe
O4 - HKCU..\Run: [Cfq] C:\WINDOWS\Ebe.exe
O4 - HKCU..\Run: [Ohs] C:\WINDOWS\Dra.exe
O4 - HKCU..\Run: [Tsf] C:\WINDOWS\Snv.exe
O4 - HKCU..\Run: [Heh] C:\WINDOWS\SYSTEM\Drd.exe
O4 - HKCU..\Run: [Acg] C:\WINDOWS\Tas.exe
O4 - HKCU..\Run: [Atd] C:\WINDOWS\Tng.exe
O4 - HKCU..\Run: [Svm] C:\WINDOWS\SYSTEM\Ict.exe
O4 - HKCU..\Run: [Rrr] C:\WINDOWS\SYSTEM\Crh.exe
O4 - HKCU..\Run: [Oaj] C:\WINDOWS\Jre.exe
O4 - HKCU..\Run: [Qsq] C:\WINDOWS\Dca.exe
O4 - HKCU..\Run: [Npr] C:\WINDOWS\Snr.exe
O4 - HKCU..\Run: [Vbe] C:\WINDOWS\SYSTEM\Qqs.exe
O4 - HKCU..\Run: [Ree] C:\WINDOWS\SYSTEM\Qbp.exe
O4 - HKCU..\Run: [Jhs] C:\WINDOWS\Spb.exe
O4 - HKCU..\Run: [Kfk] C:\WINDOWS\SYSTEM\Pal.exe
O4 - HKCU..\Run: [Fbe] C:\WINDOWS\SYSTEM\Blj.exe
O4 - HKCU..\Run: [Qba] C:\WINDOWS\Rgv.exe
O4 - HKCU..\Run: [Jdq] C:\WINDOWS\SYSTEM\Cvl.exe
O4 - HKCU..\Run: [Tce] C:\WINDOWS\Uqv.exe
O4 - HKCU..\Run: [Kfj] C:\WINDOWS\Fdt.exe
O4 - HKCU..\Run: [Aut] C:\WINDOWS\SYSTEM\Jmf.exe
O4 - HKCU..\Run: [Kkl] C:\WINDOWS\SYSTEM\Ghd.exe
O4 - HKCU..\Run: [Eva] C:\WINDOWS\SYSTEM\Pem.exe
O4 - HKCU..\Run: [Ndi] C:\WINDOWS\Jlv.exe
O4 - HKCU..\Run: [Ood] C:\WINDOWS\Lgh.exe
O4 - HKCU..\Run: [Mks] C:\WINDOWS\Qhm.exe
O4 - HKCU..\Run: [Moh] C:\WINDOWS\Vgl.exe
O4 - HKCU..\Run: [Pbo] C:\WINDOWS\Ccr.exe
O4 - HKCU..\Run: [Mdq] C:\WINDOWS\Lgk.exe
O4 - HKCU..\Run: [Usd] C:\WINDOWS\Bom.exe
O4 - HKCU..\Run: [Afo] C:\WINDOWS\Dbl.exe
O4 - HKCU..\Run: [Jfi] C:\WINDOWS\SYSTEM\Plq.exe
O4 - HKCU..\Run: [Ehg] C:\WINDOWS\Jek.exe
O4 - HKCU..\Run: [Lib] C:\WINDOWS\SYSTEM\Ktu.exe
O4 - HKCU..\Run: [Rnb] C:\WINDOWS\SYSTEM\Kof.exe
O4 - HKCU..\Run: [Stb] C:\WINDOWS\SYSTEM\Ggi.exe
O4 - HKCU..\Run: [Sjd] C:\WINDOWS\Hkl.exe
O4 - HKCU..\Run: [Vth] C:\WINDOWS\Gfd.exe
O4 - HKCU..\Run: [Fct] C:\WINDOWS\SYSTEM\Tmm.exe
O4 - HKCU..\Run: [Fvl] C:\WINDOWS\Pdj.exe
O4 - HKCU..\Run: [Esg] C:\WINDOWS\Rqh.exe
O4 - HKCU..\Run: [Vjt] C:\WINDOWS\Vdt.exe
O4 - HKCU..\Run: [Ske] C:\WINDOWS\SYSTEM\Oei.exe
O4 - HKCU..\Run: [Mid] C:\WINDOWS\SYSTEM\Voj.exe
O4 - HKCU..\Run: [Lkj] C:\WINDOWS\Nfl.exe
O4 - HKCU..\Run: [Tgu] C:\WINDOWS\Fla.exe
O4 - HKCU..\Run: [Ojv] C:\WINDOWS\SYSTEM\Icu.exe
O4 - HKCU..\Run: [Crg] C:\WINDOWS\Gbe.exe
O4 - HKCU..\Run: [Fbf] C:\WINDOWS\Lhd.exe
O4 - HKCU..\Run: [Lbv] C:\WINDOWS\Uan.exe
O4 - HKCU..\Run: [Qsn] C:\WINDOWS\SYSTEM\Uid.exe
O4 - HKCU..\Run: [Vlg] C:\WINDOWS\SYSTEM\Jgk.exe
O4 - HKCU..\Run: [Tnt] C:\WINDOWS\SYSTEM\Hoo.exe
O4 - HKCU..\Run: [Vhi] C:\WINDOWS\SYSTEM\Nip.exe
O4 - HKCU..\Run: [Fnt] C:\WINDOWS\SYSTEM\Hrp.exe
O4 - HKCU..\Run: [Abd] C:\WINDOWS\SYSTEM\Fsb.exe
O4 - HKCU..\Run: [Kbc] C:\WINDOWS\Vst.exe
O4 - HKCU..\Run: [Pil] C:\WINDOWS\SYSTEM\Tsb.exe
O4 - HKCU..\Run: [Frp] C:\WINDOWS\SYSTEM\Nmn.exe
O4 - HKCU..\Run: [Nej] C:\WINDOWS\SYSTEM\Fmh.exe
O4 - HKCU..\Run: [Kqo] C:\WINDOWS\Hlg.exe
O4 - HKCU..\Run: [Udu] C:\WINDOWS\Spl.exe
O4 - HKCU..\Run: [Ceg] C:\WINDOWS\SYSTEM\Noi.exe
O4 - HKCU..\Run: [Cei] C:\WINDOWS\Cgu.exe
O4 - HKCU..\Run: [Sqf] C:\WINDOWS\Jrl.exe
O4 - HKCU..\Run: [Oht] C:\WINDOWS\SYSTEM\Htv.exe
O4 - HKCU..\Run: [Afs] C:\WINDOWS\Jkj.exe
O4 - HKCU..\Run: [Ond] C:\WINDOWS\Fog.exe
O4 - HKCU..\Run: [Rfl] C:\WINDOWS\SYSTEM\Abg.exe
O4 - HKCU..\Run: [Eqc] C:\WINDOWS\SYSTEM\Aag.exe
O4 - HKCU..\Run: [Rht] C:\WINDOWS\Rrf.exe
O4 - HKCU..\Run: [Ndq] C:\WINDOWS\Kfu.exe
O4 - HKCU..\Run: [Ipi] C:\WINDOWS\SYSTEM\Eum.exe
O4 - HKCU..\Run: [Ufh] C:\WINDOWS\SYSTEM\Smf.exe
O4 - HKCU..\Run: [Ruo] C:\WINDOWS\Tlj.exe
O4 - HKCU..\Run: [Nbs] C:\WINDOWS\Glh.exe
O4 - HKCU..\Run: [Hkp] C:\WINDOWS\Prh.exe
O4 - HKCU..\Run: [Qsi] C:\WINDOWS\Elf.exe
O4 - HKCU..\Run: [Mdf] C:\WINDOWS\Nna.exe
O4 - HKCU..\Run: [Lsu] C:\WINDOWS\SYSTEM\Uvh.exe
O4 - HKCU..\Run: [Gqs] C:\WINDOWS\SYSTEM\Mmq.exe
O4 - HKCU..\Run: [Fgg] C:\WINDOWS\SYSTEM\Csm.exe
O4 - HKCU..\Run: [Duk] C:\WINDOWS\Jur.exe
O4 - HKCU..\Run: [Mrn] C:\WINDOWS\SYSTEM\Enq.exe
O4 - HKCU..\Run: [Grv] C:\WINDOWS\Vjg.exe
O4 - HKCU..\Run: [Unn] C:\WINDOWS\Aee.exe
O4 - HKCU..\Run: [Udg] C:\WINDOWS\SYSTEM\Gue.exe
O4 - HKCU..\Run: [Rdq] C:\WINDOWS\Onf.exe
O4 - HKCU..\Run: [Qhe] C:\WINDOWS\SYSTEM\Dij.exe
O4 - HKCU..\Run: [Mrs] C:\WINDOWS\Hvs.exe
O4 - HKCU..\Run: [Eth] C:\WINDOWS\Knd.exe
O4 - HKCU..\Run: [Gil] C:\WINDOWS\Rpc.exe
O4 - HKCU..\Run: [Gsd] C:\WINDOWS\SYSTEM\Kbl.exe
O4 - HKCU..\Run: [Lmj] C:\WINDOWS\SYSTEM\Kdp.exe
O4 - HKCU..\Run: [Ndv] C:\WINDOWS\SYSTEM\Rhf.exe
O4 - HKCU..\Run: [Ivt] C:\WINDOWS\SYSTEM\Jtp.exe
O4 - HKCU..\Run: [Qpb] C:\WINDOWS\Rdc.exe
O4 - HKCU..\Run: [Use] C:\WINDOWS\SYSTEM\Bps.exe
O4 - HKCU..\Run: [Ggk] C:\WINDOWS\SYSTEM\Kct.exe
O4 - HKCU..\Run: [Qmk] C:\WINDOWS\Pau.exe
O4 - HKCU..\Run: [Vpu] C:\WINDOWS\Dhp.exe
O4 - HKCU..\Run: [Bpj] C:\WINDOWS\Boo.exe
O4 - HKCU..\Run: [Tmp] C:\WINDOWS\Gls.exe
O4 - HKCU..\Run: [Pqq] C:\WINDOWS\Hns.exe
O4 - HKCU..\Run: [Die] C:\WINDOWS\SYSTEM\Cum.exe
O4 - HKCU..\Run: [Ads] C:\WINDOWS\SYSTEM\Hkh.exe
O4 - HKCU..\Run: [Bck] C:\WINDOWS\SYSTEM\Egt.exe
O4 - HKCU..\Run: [Bkv] C:\WINDOWS\SYSTEM\Kpi.exe
O4 - HKCU..\Run: [Nmj] C:\WINDOWS\SYSTEM\Jnr.exe
O4 - HKCU..\Run: [Iqu] C:\WINDOWS\Lhd.exe
O4 - HKCU..\Run: [Smt] C:\WINDOWS\SYSTEM\Cht.exe
O4 - HKCU..\Run: [Omj] C:\WINDOWS\SYSTEM\Fbi.exe
O4 - HKCU..\Run: [Run] C:\WINDOWS\SYSTEM\Jca.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear…?p=ZSzeb029XXHK
O14 - IERESET.INF: START_PAGE_URL=http://www.tinyOnline.com.hk
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.iframedollars.biz

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/022cfcb4c60735…tzip/RdxIE6.cab
O16 - DPF: FreedomAudio - http://www.freedomaudio.com/install…ominstaller.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/…all/xscan53.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx

to free some system memory you can also remove following from registary. Just check/tick them and click fix in hijack this.

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10

I highly recommend you to use a Firewall with a combination of AV software as soon as posible. Alone an AV software wont save your computer. Also download **Advanced System Optimizer **from Sys-Tweak. It will help you to fix your registry and defrag it.

Re: Someone PLEASE PLEASE help!!!!!!!!!!!!!!!!!!!

oh I forgot, After removing the entries, go to your control panel, click on Internet Options (dont call them by starting IE).
In General tab, under HomePage click on Use Blank. Go to Security tab, click on Trusted Sites, Set the level to high and click on the bottun Sites. remove following from the websites panel:

*.windupdates.com
*.skoobidoo.com
*.slotchbar.com
*.iframedollars.biz

now click on Restricted Sites (next to trusted sites) set the level to high and add the above four sites to the zone by clicking on sites button.
edit:
also add to restricted zone
*.mywebsearch.com
*.tinyOnline.com.hk

Re: Someone PLEASE PLEASE help!!!

Sorry for my late reply. I don’t use the PC these days.

Now I did as you said.

Firstly I’ll begin with the Internet Options. At the Trusted Site section, there are no sites there so I cannot remove any. At the Restricted Site Section, there’s no tool bar where I could set the setting to be high.

Also with regard to adding these sites to the restricted zone…

.windupdates.com
*.skoobidoo.com
*.slotchbar.com
*.iframedollars.biz

Erro message pops up for all these 4 sites that “The site you specified exists in another zone. Pls remove the site from the other zone before adding it in the current zone.”

Now what’s that suppose to mean?

I’ll be back with the logfile.

Re: Someone PLEASE PLEASE help!!!

Bottomline, the problem still exists after I went to safe mode and removed the entries that you mentioned, ran Spybot again. The dialler still dials and the thing still pops up.

The current logfile shows.

Logfile of HijackThis v1.97.7
Scan saved at 11:01:38 AM, on 3/19/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\CFOSDW.EXE
C:\PROGRAM FILES\NETVIGATOR\NETVIGATOR BROADBAND\DRIVER\CFNDIS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ATHAN\ATHAN.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\CMD32.EXE
C:\WINDOWS\VMU.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\REALITY FUSION\REALITY FUSION GAMECAM SE\PROGRAM\RFTRAY.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\HIJACKTHIS.EXE

F1 - win.ini: run=C:\PROGRA~1\NETVIG~1\NETVIG~1\DRIVER\cfosdw.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\EN-US\MSNTB.DLL
O4 - HKLM..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS askmon.exe
O4 - HKLM..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\Run: [CountrySelection] pctptt.exe
O4 - HKLM..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM..\Run: [PCCIOMON.EXE] “C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE”
O4 - HKLM..\Run: [pop3trap.exe] “C:\Program Files\Trend PC-cillin 2000\pop3trap.exe”
O4 - HKLM..\Run: [WebTrap.exe] “C:\Program Files\Trend PC-cillin 2000\WebTrap.exe”
O4 - HKLM..\Run: [LoadQM] loadqm.exe
O4 - HKLM..\Run: [Athan] C:\PROGRAM FILES\ATHAN\ATHAN.exe
O4 - HKLM..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM..\Run: [winupdt] RUNDLL32.EXE C:\WINDOWS\DBPM95.DLL,_mainRD
O4 - HKLM..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM..\Run: [Jqp] C:\WINDOWS\Vmu.exe
O4 - HKLM..\Run: [Vct] C:\WINDOWS\SYSTEM\Hrm.exe
O4 - HKLM..\Run: [Gcj] C:\WINDOWS\Fvm.exe
O4 - HKLM..\Run: [Shk] C:\WINDOWS\SYSTEM\Ltk.exe
O4 - HKLM..\Run: [Cuh] C:\WINDOWS\Ddo.exe
O4 - HKLM..\Run: [Uvd] C:\WINDOWS\SYSTEM\Ang.exe
O4 - HKLM..\Run: [Uad] C:\WINDOWS\Qna.exe
O4 - HKLM..\Run: [Oqf] C:\WINDOWS\SYSTEM\Orv.exe
O4 - HKLM..\Run: [Sic] C:\WINDOWS\Saa.exe
O4 - HKLM..\Run: [Tvs] C:\WINDOWS\Uqs.exe
O4 - HKLM..\Run: [Gfv] C:\WINDOWS\Vec.exe
O4 - HKLM..\Run: [Khe] C:\WINDOWS\SYSTEM\Onk.exe
O4 - HKLM..\Run: [Ldf] C:\WINDOWS\Oar.exe
O4 - HKLM..\Run: [Gkn] C:\WINDOWS\SYSTEM\Dbl.exe
O4 - HKLM..\Run: [Rjs] C:\WINDOWS\SYSTEM\Ess.exe
O4 - HKLM..\Run: [Oea] C:\WINDOWS\SYSTEM\Afn.exe
O4 - HKLM..\Run: [Kae] C:\WINDOWS\SYSTEM\Ini.exe
O4 - HKLM..\Run: [Ckt] C:\WINDOWS\Soq.exe
O4 - HKLM..\Run: [Jbi] C:\WINDOWS\Dtg.exe
O4 - HKLM..\Run: [Are] C:\WINDOWS\SYSTEM\Rro.exe
O4 - HKLM..\Run: [Hed] C:\WINDOWS\SYSTEM\Lee.exe
O4 - HKLM..\Run: [Uhv] C:\WINDOWS\SYSTEM\Ftu.exe
O4 - HKLM..\Run: [Qmq] C:\WINDOWS\Ici.exe
O4 - HKLM..\Run: [Jop] C:\WINDOWS\SYSTEM\Nvd.exe
O4 - HKLM..\Run: [Ibc] C:\WINDOWS\Sdi.exe
O4 - HKLM..\Run: [Hqp] C:\WINDOWS\SYSTEM\Aos.exe
O4 - HKLM..\Run: [Doa] C:\WINDOWS\Hnq.exe
O4 - HKLM..\Run: [Mhl] C:\WINDOWS\Hic.exe
O4 - HKLM..\Run: [Dtk] C:\WINDOWS\SYSTEM\Red.exe
O4 - HKLM..\Run: [Drv] C:\WINDOWS\SYSTEM\Hln.exe
O4 - HKLM..\Run: [Smi] C:\WINDOWS\SYSTEM\Bef.exe
O4 - HKLM..\Run: [Bct] C:\WINDOWS\SYSTEM\Mtt.exe
O4 - HKLM..\Run: [Dho] C:\WINDOWS\SYSTEM\Cjk.exe
O4 - HKLM..\Run: [Qpc] C:\WINDOWS\Mvc.exe
O4 - HKLM..\Run: [Kjt] C:\WINDOWS\SYSTEM\Eio.exe
O4 - HKLM..\Run: [Nuj] C:\WINDOWS\Ejp.exe
O4 - HKLM..\Run: [Ajb] C:\WINDOWS\Rrr.exe
O4 - HKLM..\Run: [Rjl] C:\WINDOWS\SYSTEM\Svr.exe
O4 - HKLM..\Run: [Hqr] C:\WINDOWS\SYSTEM\Kcp.exe
O4 - HKLM..\Run: [Lqi] C:\WINDOWS\SYSTEM\Ome.exe
O4 - HKLM..\Run: [Gqk] C:\WINDOWS\SYSTEM\Nib.exe
O4 - HKLM..\Run: [Lct] C:\WINDOWS\SYSTEM\Bec.exe
O4 - HKLM..\Run: [Gib] C:\WINDOWS\Jhj.exe
O4 - HKLM..\Run: [Tuu] C:\WINDOWS\Naq.exe
O4 - HKLM..\Run: [Pdd] C:\WINDOWS\Qac.exe
O4 - HKLM..\Run: [Djb] C:\WINDOWS\Blo.exe
O4 - HKLM..\Run: [Huv] C:\WINDOWS\SYSTEM\Krn.exe
O4 - HKLM..\Run: [Prj] C:\WINDOWS\SYSTEM\Nsf.exe
O4 - HKLM..\Run: [Nae] C:\WINDOWS\Agp.exe
O4 - HKLM..\Run: [Vqq] C:\WINDOWS\Nnb.exe
O4 - HKLM..\Run: [Jkt] C:\WINDOWS\Ipq.exe
O4 - HKLM..\Run: [Cbh] C:\WINDOWS\Iek.exe
O4 - HKLM..\Run: [Tcm] C:\WINDOWS\Ppj.exe
O4 - HKLM..\Run: [Nte] C:\WINDOWS\SYSTEM\Nge.exe
O4 - HKLM..\Run: [Obh] C:\WINDOWS\SYSTEM\Vch.exe
O4 - HKLM..\Run: [Fdq] C:\WINDOWS\Vjj.exe
O4 - HKLM..\Run: [Hbv] C:\WINDOWS\SYSTEM\Dfd.exe
O4 - HKLM..\Run: [Mcb] C:\WINDOWS\Nfj.exe
O4 - HKLM..\Run: [Shg] C:\WINDOWS\Ill.exe
O4 - HKLM..\Run: [Pmh] C:\WINDOWS\SYSTEM\Hph.exe
O4 - HKLM..\Run: [She] C:\WINDOWS\Epk.exe
O4 - HKLM..\Run: [Lff] C:\WINDOWS\Kvb.exe
O4 - HKLM..\Run: [Knq] C:\WINDOWS\Khi.exe
O4 - HKLM..\Run: [Btk] C:\WINDOWS\SYSTEM\Sjr.exe
O4 - HKLM..\Run: [Jtb] C:\WINDOWS\Gtm.exe
O4 - HKLM..\Run: [Ajo] C:\WINDOWS\SYSTEM\Sud.exe
O4 - HKLM..\Run: [Rnu] C:\WINDOWS\SYSTEM\Erh.exe
O4 - HKLM..\Run: [Ppi] C:\WINDOWS\Clk.exe
O4 - HKLM..\Run: [Drb] C:\WINDOWS\Khf.exe
O4 - HKLM..\Run: [Vpn] C:\WINDOWS\Qfu.exe
O4 - HKLM..\Run: [Nlu] C:\WINDOWS\SYSTEM\Jcn.exe
O4 - HKLM..\Run: [Pap] C:\WINDOWS\Ejq.exe
O4 - HKLM..\Run: [Sbh] C:\WINDOWS\SYSTEM\Drs.exe
O4 - HKLM..\Run: [Nlv] C:\WINDOWS\Dui.exe
O4 - HKLM..\Run: [Vhl] C:\WINDOWS\SYSTEM\Dip.exe
O4 - HKLM..\Run: [Dbg] C:\WINDOWS\SYSTEM\Svb.exe
O4 - HKLM..\Run: [Ifj] C:\WINDOWS\Dfq.exe
O4 - HKLM..\Run: [Dtv] C:\WINDOWS\Llb.exe
O4 - HKLM..\Run: [Pkl] C:\WINDOWS\Rcb.exe
O4 - HKLM..\Run: [Heb] C:\WINDOWS\Kdg.exe
O4 - HKLM..\Run: [Faa] C:\WINDOWS\Kce.exe
O4 - HKLM..\Run: [Dvd] C:\WINDOWS\SYSTEM\Jpk.exe
O4 - HKLM..\Run: [Hlo] C:\WINDOWS\Hqv.exe
O4 - HKLM..\Run: [Lik] C:\WINDOWS\SYSTEM\Tit.exe
O4 - HKLM..\Run: [Vkp] C:\WINDOWS\Mnh.exe
O4 - HKLM..\Run: [Jas] C:\WINDOWS\SYSTEM\Bem.exe
O4 - HKLM..\Run: [Grp] C:\WINDOWS\SYSTEM\Bmq.exe
O4 - HKLM..\Run: [Ahb] C:\WINDOWS\Tes.exe
O4 - HKLM..\Run: [Das] C:\WINDOWS\Huo.exe
O4 - HKLM..\Run: [Gsb] C:\WINDOWS\Dno.exe
O4 - HKLM..\Run: [Njp] C:\WINDOWS\SYSTEM\Fqk.exe
O4 - HKLM..\Run: [Aoe] C:\WINDOWS\SYSTEM\Mmv.exe
O4 - HKLM..\Run: [Cdi] C:\WINDOWS\Hrf.exe
O4 - HKLM..\Run: [Tni] C:\WINDOWS\Srr.exe
O4 - HKLM..\Run: [Fgp] C:\WINDOWS\Fhp.exe
O4 - HKLM..\Run: [Kti] C:\WINDOWS\Tid.exe
O4 - HKLM..\Run: [Gmb] C:\WINDOWS\Fba.exe
O4 - HKLM..\Run: [Kkd] C:\WINDOWS\SYSTEM\Gld.exe
O4 - HKLM..\Run: [Gds] C:\WINDOWS\SYSTEM\Fje.exe
O4 - HKLM..\Run: [Ilp] C:\WINDOWS\SYSTEM\Ljm.exe
O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM..\RunServices: *StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM..\RunServices: [PCCIOMON.EXE] “C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE”
O4 - HKLM..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM..\RunServices: [ntddetect] WS\SYSTEM
tddetect.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU..\Run: [Jqp] C:\WINDOWS\Vmu.exe
O4 - HKCU..\Run: [Vct] C:\WINDOWS\SYSTEM\Hrm.exe
O4 - HKCU..\Run: [Gcj] C:\WINDOWS\Fvm.exe
O4 - HKCU..\Run: [Shk] C:\WINDOWS\SYSTEM\Ltk.exe
O4 - HKCU..\Run: [Cuh] C:\WINDOWS\Ddo.exe
O4 - HKCU..\Run: [Uvd] C:\WINDOWS\SYSTEM\Ang.exe
O4 - HKCU..\Run: [Uad] C:\WINDOWS\Qna.exe
O4 - HKCU..\Run: [Oqf] C:\WINDOWS\SYSTEM\Orv.exe
O4 - HKCU..\Run: [Sic] C:\WINDOWS\Saa.exe
O4 - HKCU..\Run: [Tvs] C:\WINDOWS\Uqs.exe
O4 - HKCU..\Run: [Gfv] C:\WINDOWS\Vec.exe
O4 - HKCU..\Run: [Khe] C:\WINDOWS\SYSTEM\Onk.exe
O4 - HKCU..\Run: [Ldf] C:\WINDOWS\Oar.exe
O4 - HKCU..\Run: [Gkn] C:\WINDOWS\SYSTEM\Dbl.exe
O4 - HKCU..\Run: [Rjs] C:\WINDOWS\SYSTEM\Ess.exe
O4 - HKCU..\Run: [Oea] C:\WINDOWS\SYSTEM\Afn.exe
O4 - HKCU..\Run: [Kae] C:\WINDOWS\SYSTEM\Ini.exe
O4 - HKCU..\Run: [Ckt] C:\WINDOWS\Soq.exe
O4 - HKCU..\Run: [Jbi] C:\WINDOWS\Dtg.exe
O4 - HKCU..\Run: [Are] C:\WINDOWS\SYSTEM\Rro.exe
O4 - HKCU..\Run: [Hed] C:\WINDOWS\SYSTEM\Lee.exe
O4 - HKCU..\Run: [Uhv] C:\WINDOWS\SYSTEM\Ftu.exe
O4 - HKCU..\Run: [Qmq] C:\WINDOWS\Ici.exe
O4 - HKCU..\Run: [Jop] C:\WINDOWS\SYSTEM\Nvd.exe
O4 - HKCU..\Run: [Ibc] C:\WINDOWS\Sdi.exe
O4 - HKCU..\Run: [Hqp] C:\WINDOWS\SYSTEM\Aos.exe
O4 - HKCU..\Run: [Doa] C:\WINDOWS\Hnq.exe
O4 - HKCU..\Run: [Mhl] C:\WINDOWS\Hic.exe
O4 - HKCU..\Run: [Dtk] C:\WINDOWS\SYSTEM\Red.exe
O4 - HKCU..\Run: [Drv] C:\WINDOWS\SYSTEM\Hln.exe
O4 - HKCU..\Run: [Smi] C:\WINDOWS\SYSTEM\Bef.exe
O4 - HKCU..\Run: [Bct] C:\WINDOWS\SYSTEM\Mtt.exe
O4 - HKCU..\Run: [Dho] C:\WINDOWS\SYSTEM\Cjk.exe
O4 - HKCU..\Run: [Qpc] C:\WINDOWS\Mvc.exe
O4 - HKCU..\Run: [Kjt] C:\WINDOWS\SYSTEM\Eio.exe
O4 - HKCU..\Run: [Nuj] C:\WINDOWS\Ejp.exe
O4 - HKCU..\Run: [Ajb] C:\WINDOWS\Rrr.exe
O4 - HKCU..\Run: [Rjl] C:\WINDOWS\SYSTEM\Svr.exe
O4 - HKCU..\Run: [Hqr] C:\WINDOWS\SYSTEM\Kcp.exe
O4 - HKCU..\Run: [Lqi] C:\WINDOWS\SYSTEM\Ome.exe
O4 - HKCU..\Run: [Gqk] C:\WINDOWS\SYSTEM\Nib.exe
O4 - HKCU..\Run: [Lct] C:\WINDOWS\SYSTEM\Bec.exe
O4 - HKCU..\Run: [Gib] C:\WINDOWS\Jhj.exe
O4 - HKCU..\Run: [Tuu] C:\WINDOWS\Naq.exe
O4 - HKCU..\Run: [Pdd] C:\WINDOWS\Qac.exe
O4 - HKCU..\Run: [Djb] C:\WINDOWS\Blo.exe
O4 - HKCU..\Run: [Huv] C:\WINDOWS\SYSTEM\Krn.exe
O4 - HKCU..\Run: [Prj] C:\WINDOWS\SYSTEM\Nsf.exe
O4 - HKCU..\Run: [Nae] C:\WINDOWS\Agp.exe
O4 - HKCU..\Run: [Vqq] C:\WINDOWS\Nnb.exe
O4 - HKCU..\Run: [Jkt] C:\WINDOWS\Ipq.exe
O4 - HKCU..\Run: [Cbh] C:\WINDOWS\Iek.exe
O4 - HKCU..\Run: [Tcm] C:\WINDOWS\Ppj.exe
O4 - HKCU..\Run: [Nte] C:\WINDOWS\SYSTEM\Nge.exe
O4 - HKCU..\Run: [Obh] C:\WINDOWS\SYSTEM\Vch.exe
O4 - HKCU..\Run: [Fdq] C:\WINDOWS\Vjj.exe
O4 - HKCU..\Run: [Hbv] C:\WINDOWS\SYSTEM\Dfd.exe
O4 - HKCU..\Run: [Mcb] C:\WINDOWS\Nfj.exe
O4 - HKCU..\Run: [Shg] C:\WINDOWS\Ill.exe
O4 - HKCU..\Run: [Pmh] C:\WINDOWS\SYSTEM\Hph.exe
O4 - HKCU..\Run: [She] C:\WINDOWS\Epk.exe
O4 - HKCU..\Run: [Lff] C:\WINDOWS\Kvb.exe
O4 - HKCU..\Run: [Knq] C:\WINDOWS\Khi.exe
O4 - HKCU..\Run: [Btk] C:\WINDOWS\SYSTEM\Sjr.exe
O4 - HKCU..\Run: [Jtb] C:\WINDOWS\Gtm.exe
O4 - HKCU..\Run: [Ajo] C:\WINDOWS\SYSTEM\Sud.exe
O4 - HKCU..\Run: [Rnu] C:\WINDOWS\SYSTEM\Erh.exe
O4 - HKCU..\Run: [Ppi] C:\WINDOWS\Clk.exe
O4 - HKCU..\Run: [Drb] C:\WINDOWS\Khf.exe
O4 - HKCU..\Run: [Vpn] C:\WINDOWS\Qfu.exe
O4 - HKCU..\Run: [Nlu] C:\WINDOWS\SYSTEM\Jcn.exe
O4 - HKCU..\Run: [Pap] C:\WINDOWS\Ejq.exe
O4 - HKCU..\Run: [Sbh] C:\WINDOWS\SYSTEM\Drs.exe
O4 - HKCU..\Run: [Nlv] C:\WINDOWS\Dui.exe
O4 - HKCU..\Run: [Vhl] C:\WINDOWS\SYSTEM\Dip.exe
O4 - HKCU..\Run: [Dbg] C:\WINDOWS\SYSTEM\Svb.exe
O4 - HKCU..\Run: [Ifj] C:\WINDOWS\Dfq.exe
O4 - HKCU..\Run: [Dtv] C:\WINDOWS\Llb.exe
O4 - HKCU..\Run: [Pkl] C:\WINDOWS\Rcb.exe
O4 - HKCU..\Run: [Heb] C:\WINDOWS\Kdg.exe
O4 - HKCU..\Run: [Faa] C:\WINDOWS\Kce.exe
O4 - HKCU..\Run: [Dvd] C:\WINDOWS\SYSTEM\Jpk.exe
O4 - HKCU..\Run: [Hlo] C:\WINDOWS\Hqv.exe
O4 - HKCU..\Run: [Lik] C:\WINDOWS\SYSTEM\Tit.exe
O4 - HKCU..\Run: [Vkp] C:\WINDOWS\Mnh.exe
O4 - HKCU..\Run: [Jas] C:\WINDOWS\SYSTEM\Bem.exe
O4 - HKCU..\Run: [Grp] C:\WINDOWS\SYSTEM\Bmq.exe
O4 - HKCU..\Run: [Ahb] C:\WINDOWS\Tes.exe
O4 - HKCU..\Run: [Das] C:\WINDOWS\Huo.exe
O4 - HKCU..\Run: [Gsb] C:\WINDOWS\Dno.exe
O4 - HKCU..\Run: [Njp] C:\WINDOWS\SYSTEM\Fqk.exe
O4 - HKCU..\Run: [Aoe] C:\WINDOWS\SYSTEM\Mmv.exe
O4 - HKCU..\Run: [Cdi] C:\WINDOWS\Hrf.exe
O4 - HKCU..\Run: [Tni] C:\WINDOWS\Srr.exe
O4 - HKCU..\Run: [Fgp] C:\WINDOWS\Fhp.exe
O4 - HKCU..\Run: [Kti] C:\WINDOWS\Tid.exe
O4 - HKCU..\Run: [Gmb] C:\WINDOWS\Fba.exe
O4 - HKCU..\Run: [Kkd] C:\WINDOWS\SYSTEM\Gld.exe
O4 - HKCU..\Run: [Gds] C:\WINDOWS\SYSTEM\Fje.exe
O4 - HKCU..\Run: [Ilp] C:\WINDOWS\SYSTEM\Ljm.exe
O4 - Startup: Reality Fusion GameCam SE.lnk = C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS
pqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS
pqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {6785FBC7-13AD-4F28-8FB3-1AEA411C03A5} (GSAG.GSAudioControl) - http://gim.gupistan.com/vg/GSAG.CAB
O16 - DPF: {482FA9A6-8B46-48E4-AADE-924F3007DA4C} (GSUrdu.UrduType) - http://gim.gupshup.org/asim1/urdu/GSUrdu.CAB
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://www.webcamnow.com/voice/voice.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {3A835AF0-C223-4F83-A648-5A02F8FFEBFA} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/tc/filesharingctrl.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38029.1072106482
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

Re: Someone PLEASE PLEASE help!!!

Dude, I would format my PC if I were u … there is far toooo much crap on the system. Can’t bother to clean it one by one. I say you copy all your necesary documents to an external hard disk (if you have one) or back it up by other means. And yes, I suggest you scan all your documents before you create the backup and don’t bother copying any program installation files … most likely they will be corrupted as well.

good luck bro :k:

Re: Someone PLEASE PLEASE help!!!!!!!!!!!!!!!!!!!

lil human, about half of those .ex files that I see are either trojans, virus, trojan downloaders, spyware or malware.

What kinda of anti-virus do you use? Do you ever keep it updated? Do you ever scan you computer? See it wouldnt be this bad if you had done all this from time to time.

At this point, the best solution is to format that hard-disk completely. Dont even bother saving anything unless your life depends upon it. Reinstall windows. And please buy a reputable anti-virus software. Its the most importan software you will ever need when using a computer.