Is this a virus!!

svchost.exe theres 7 or 8 of those same files running in processes in windows task manger under system . I am new and not fully good with computers

[Moderator]

It's a Windows running process...normal to have more than one instance running.

Just in case what are you using for protection ? ?

Im now using AVG was using norton . I said in my other posys im more than happy to send anyone a screenshot through msn or email. I have tryed so hard to keep up the performnce of my pc , theres still 32 exe files going and i know there shouldnt be when i shut down show my pc restarts its self i just need to know what the right ones are. cheers Tony

if you want to cut that down then go to start click run enter "msconfig" without "" and go to start up and uncheck like that doesnt ned to start up when windows does like MSN or other messengers any program like itunes acrobat reader, MS office

then click apply then ok

[Moderator]

You are infected with VUndo...list all the protection programs you have other than AVG and we can advise further...

[Mod & Malware Specialist]

Im now using AVG was using norton.

Because you're actually serious about protection, we'll help you out.  No need for a screenshot, we believe you.  Just post the protection programs like patio has requested, along with my own request: a HijackThis log.

svchost.exe

if "scvhost.exe" <--- is virus (trojan). 

Windows firwall , Avg 7.1 , and thats it . Because of the low hard drive and ram on my pc i dnt tend to download more than 1 proctection program i had 6 but stuck with this 1 now .

I need to know what this virus is doing because i have had this pc for 6 years its old but i have tried upgradeing it so much and i dnt want to lose it lol like a brother 2 me .

Logfile of HijackThis v1.99.1
Scan saved at 13:04:42, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system\CmSNXeye.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {3418F628-37AF-4667-8DEB-EB74CDE3590D} - (no file)
O2 - BHO: (no name) - {7602EA03-2895-41F8-91E6-C7F4FB82DCC6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FFTI] "C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n58ya4h0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/n58ya4h0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B80BF6E-4C18-457B-89FD-3FF1D5092F16}: NameServer = 212.139.132.21 212.139.132.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Mod & Malware Specialist]

You don't have Norton anymore?  If that's the case, you should take a look at the the removal steps to make sure you get rid of the traces of it left on your computer.

MSIE: Unable to get Internet Explorer version!
That one's new to me...  Have you ben having any problems with your IE?  Which version do you have?  Click on Help and then click on About Internet Explorer and tell me what it says next to Version.


Alright...now, before doing anything, go to the following page and follow the removal instructions...
http://www.bleepingcomputer.com/forums/topic17258.html

When you're done with that...

I'd like you to print out the following instructions (or save them in a Notepad file if you don't have a printer) because you soon won't have access to this page for a little while...  Please re-open HijackThis and scan.  Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {3418F628-37AF-4667-8DEB-EB74CDE3590D} - (no file)
O2 - BHO: (no name) - {7602EA03-2895-41F8-91E6-C7F4FB82DCC6} - (no file)

O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
(You have BearShare as your default Search.  Is this voluntary?  If so, you can leave them alone if you wish (although I wouldn't).  If not, then check them.)

Now close all windows other than HiJackThis, then click Fix Checked.  Close HijackThis.  Reboot into safe mode.
(Remember to have this page printed out.)

Restart your computer and as soon as it starts booting up again continuously tap F8.  A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Network Monitor

Please note any other programs that you don't recognize in that list in your next response.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
(Make sure you can view hidden files and folders.)

C:\Program Files\Network Monitor

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):
(Make sure you can view hidden files and folders.)

C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\system32\msasvc.exe

After that, reboot and post a new HijackThis log here in a reply.

When we're done here, we may need to talk about improving your security just a tad.

I got this back when i ran the program didnt take 2 hours took 2 min

Logfile of HijackThis v1.99.1
Scan saved at 13:04:42, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system\CmSNXeye.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {3418F628-37AF-4667-8DEB-EB74CDE3590D} - (no file)
O2 - BHO: (no name) - {7602EA03-2895-41F8-91E6-C7F4FB82DCC6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FFTI] "C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n58ya4h0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/n58ya4h0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11

need full log

Thats all that came up when i was in safe mode i saved it in safe mode.

oh ok

cbmatt I have done everything u told me 2 do , it wnt allow to me to resart in safe mode when i press f8 it only gives me 1 option and thats to run xp noramlly which is odd i couldnt deleted any or unstall the file u asked me to wouldnt allow me tryed search for them took me a hour to find a anything and it was infact nofing so i just ;eft it my computer seems to be running faster and im not having any problems what so ever if i end the suspected virus it warns me to save and shut down programs and gives me a min before i shuts down . I can close a few of them but not all . Cheers for your help guys if u wanna help me fight a bit more im still open for suggestions on how we can tackle this virus together . Thanks Tony 

[Mod & Malware Specialist]

Tony, don't worry if you can't find the files.  They're not always there.  Even thought HJT says the files are missing, I ask people to look because it may not always be true.  I have a question, though: you're absolutely sure you don't have a Network Monitoring folder in Program Folders?

You say you can't get into Safe Mode...  Were you able to before?  Did you try another function key such as F2 or F5 (and so on)?

if i end the suspected virus it warns me to save and shut down programs and gives me a min before i shuts down.

Exactly what process are you ending?  svchost?  That file is legitimate; there's no need to shut it down.

Please post a full HijackThis log and let me know if you are experiencing any other problems.

network montoring is in add/remove programs but it wnt let me unistall it , i tried unstalling it out of safe mode still wouldnt allow me came up with a error message , i will try and put my computer in safe mode again i have solved the problem with my shockwave player so embrassing i dnt want to say  what the problem was  lol

As far as any virus program i go on her goes its all saying im am fine i have tryed eveything ccleaner , norton , avg , spybot u name it . I went onto major geeks installed a few beta programs not very good to be honest , but theres a lot of files on here they shouldnt be here .


As for my pc's cpu its throught the roof its on a flat line then drops ____________
                                                                                                                              /
                                                                                                                             /

Remind me how do i post a screenshot on here of my pc's cpu and proccess 

[Mod & Malware Specialist]

Well, whatever you did, I'm glad you got your Shockwave issue sorted out.

Network Monitor may have already been removed.  Go to C:\Program Files and if you're absolutely sure the Network Monitor folder doesn't exist, then use the Tools feature on CCleaner to remove it from your list.  You should also run the Cleaner and Issues while you're at it, just for good measure.

HJT provides a list of all of your running processes, but if you would like to take a screenshot, press the Print Screen key on your keyboard.  Then open up Paint, press Ctrl+V, and save the file as screenshot.jpg.  You can then attach it to your next post (if the file is too big, you may need to upload it to PhotoBucket).

This gunna make me sound like a noob but i will list what ccleaner has listed on my start up ....

1.CFTMON.EXE
2.USERFAULTCHECK AKA (%SYSTEMROOT%\SYUSTEM32\DUMPREP 0-U


Now i have no clue what this 2 are the others i want to run

shall i close them in ccleaner

[Mod & Malware Specialist]

1.CFTMON.EXE

It says CFTMON?  Or does it say CTFMON?  If it's CTFMON, leave it alone.  If it's CFTMON, tell me.

Network Monitor wouldn't be listed in the Startup.  When in Tools, click on the Uninstall tab and it will give you a long list of programs.  Go all the way down to Network Monitor and click on Run Uninstaller.  If it still doesn't work, then click on Delete Entry.  But only do this if C:\Program Files\Network Monitor DOES NOT exist.

[Moderator]

The next HJT log should be run in full mode with Hijack this in it's own directory...

Carry on.