C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kevin\Desktop\fixing\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
http://fastsearchweb.com/srh.php?q=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell4me.com/mywayR3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\pmnnm.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CC61292-C640-417F-8D75-59C3362F4929} - C:\WINDOWS\system32\msbc.dll (file missing)
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\awtqo.dll
O3 - Toolbar: (no name) - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyElim] srbho.exe
O4 - HKLM\..\Run: [Testimonials] ActionScr.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [Brong32] DTOURS.exe
O4 - HKCU\..\Run: [backorif] nmdllw.exe
O4 - HKCU\..\Run: [PasswdMon] Shaitan1678.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} -
http://pak05.picture...-US.9.2.4.0.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2360632D-1873-419A-AFEF-CF5203B42F09}: NameServer = 69.50.176.156,195.225.176.31
O20 - Winlogon Notify: awtqo - C:\WINDOWS\system32\awtqo.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\SYSTEM32\pmnnm.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
CWS SHREDDER
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{16E92C54-71BE-4652-ABAA-C728A0F68E1D}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{16E92C54-71BE-4652-ABAA-C728A0F68E1D}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2360632D-1873-419A-AFEF-CF5203B42F09}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2360632D-1873-419A-AFEF-CF5203B42F09}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{766547BA-4AB0-4FED-B324-A082DCF25802}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{766547BA-4AB0-4FED-B324-A082DCF25802}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6403B7B4-AE4E-4FCD-B088-4EEC63354041}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6403B7B4-AE4E-4FCD-B088-4EEC63354041}] DATAGRAM 4
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
{166B1BCA-3F9C-11CF-8075-444553540000} [
http://active.macrom...or/cabs/sw.cab] {98BFD494-F6AD-4794-9038-832C0654CC43} [
http://pak05.picture...US.9.2.4.0.cab] {D27CDB6E-AE6D-11CF-96B8-444553540000} [
http://download.macr...sh/swflash.cab] **** Windows Services ****
[Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[Fax] %systemroot%\system32\fxssvc.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\system32\imapi.exe
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
[LexBceS] C:\WINDOWS\system32\LEXBCES.EXE
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\system32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetSvc] C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
[Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[w32time] %SystemRoot%\system32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs
**** Custom IE Search Items ****
SEARCH: [CustomizeSearch]
SEARCH: [Default_Search_URL]
SEARCH: [SearchAssistant]
SEARCH: [SearchAssistant]
http://ie.search.msn...st/srchasst.htm SEARCH: [CustomizeSearch]
http://ie.search.msn...st/srchcust.htm **** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page]
IEOPT: [Default_Page_URL]
IEOPT: [FullScreen] no
IEOPT: [Use FormSuggest] no
IEOPT: [Window_Placement] ,
IEOPT: [AddToFavoritesExpanded]
IEOPT: [NotifyDownloadComplete] no
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Default_Search_URL]
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Search Bar]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] No
IEOPT: [Default_Page_URL]
http://www.microsoft...er=6&ar=msnhome IEOPT: [Default_Search_URL]
http://www.microsoft...=ie&ar=iesearch IEOPT: [Search Page]
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Search Bar]
IEOPT: [HOMEOldSP] about:blank
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
kaspersky scans
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, November 20, 2005 17:29:10
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 21/11/2005
Kaspersky Anti-Virus database records: 151031
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Kevin\LOCALS~1\Temp\
Scan Statistics:
Total number of scanned objects: 10079
Number of viruses found: 4
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 397 sec
Infected Object Name - Virus Name
C:\WINDOWS\SYSTEM32\awtqo.dll Infected: Trojan.Win32.Crypt.o
C:\WINDOWS\SYSTEM32\mljge.dll Infected: Trojan-Downloader.Win32.ConHook.o
C:\WINDOWS\SYSTEM32\pmnnm.dll Infected: Trojan-Downloader.Win32.Agent.yf
C:\WINDOWS\SYSTEM32\xscan.exe/data0006 Infected: Trojan-Dropper.Win32.Agent.hy
C:\WINDOWS\SYSTEM32\xscan.exe Infected: Trojan-Dropper.Win32.Agent.hy
Scan process completed.
kaspersky scan for my computer
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, November 20, 2005 18:00:08
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 21/11/2005
Kaspersky Anti-Virus database records: 151031
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 38947
Number of viruses found: 7
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 1566 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-51cccb7c-233a98f2.class Infected: Trojan-Clicker.Win32.Spywad.b
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-c486e07-1a7589dd.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-c486e07-1a7589dd.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-c486e07-1a7589dd.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Kevin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-c486e07-1a7589dd.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\WINDOWS\SYSTEM32\awtqo.dll Infected: Trojan.Win32.Crypt.o
C:\WINDOWS\SYSTEM32\mljge.dll Infected: Trojan-Downloader.Win32.ConHook.o
C:\WINDOWS\SYSTEM32\pmnnm.dll Infected: Trojan-Downloader.Win32.Agent.yf
C:\WINDOWS\SYSTEM32\xscan.exe/data0006 Infected: Trojan-Dropper.Win32.Agent.hy
C:\WINDOWS\SYSTEM32\xscan.exe Infected: Trojan-Dropper.Win32.Agent.hy
Scan process completed.
also i have no spyware protection and anti virus protection and i still have the winfixer problem