10 replies to this topic

[PJN]

Please help me to remove this trojan from my computer.

I have done a scan with Spybot and fixed the problems. I ran Ad-Aware (full system scan) and fixed all problems. I ran AVG Spyware in SAFE MODE and "applied all actions" and saved the report.

I am posting the HijackThis report followed by the AVG Anti-Spyware report.

Logfile of HijackThis v1.99.1
Scan saved at 1:20:32 AM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\FreeMem Professional\fmempro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1462DAD1-4735-45C1-912C-196F4FF3BD8b} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {b56432b5-87b8-4c9f-aca3-71aa0916a1cd} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)
O2 - BHO: (no name) - {FFEF7511-96E2-42EC-827D-8FCB3FCA3C77} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Program Files\FreeMem Professional\fmempro.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.co...eetnoagent7.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121775637406
O16 - DPF: {7CDD074F-98A9-4DB4-9DD2-B6F26B5F30DA} (InstallerAX Class) - http://foxmovies.a.c...installerAX.cab
O16 - DPF: {88B507F9-C6B2-45CC-AAB6-720A652DE11C} (TenOfTen Class) - https://help.verizon...tWebInstall.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - https://help.verizon...tWebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pog...aploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
O20 - Winlogon Notify: mdwser - C:\WINDOWS\
O20 - Winlogon Notify: pmnmkhi - C:\WINDOWS\
O20 - Winlogon Notify: vturs - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Automatic Updates wuauservEventSystem (wuauservEventSystem) - Unknown owner - C:\WINDOWS\system32\~.exe

_______________________________________

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:42:26 PM 6/2/2007

+ Scan result:



C:\WINDOWS\system32\perfc000.dat -> Backdoor.Small.os : Cleaned.
:mozilla.63:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.193:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.202:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Paul J\Cookies\paul j@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.56:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.215:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.216:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.31:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.32:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.33:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.34:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.149:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.150:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.151:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.152:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Paul J\Cookies\paul j@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.166:C:\Documents and Settings\Paul J\Application Data\Mozilla\Firefox\Profiles\cpr2c563.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.


::Report end

[LDTate]

Hello and welcome to the forums

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you, combofix.txt.Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[PJN]

Here is the ComboFix and HijackThis reports

"Paul J" - 2007-06-03 9:39:19 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Paul J\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))


2007-06-03 09:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-01 20:42 <DIR> d-------- C:\DOCUME~1\PAULJ~1\APPLIC~1\URSoft
2007-06-01 20:41 <DIR> d-------- C:\Program Files\Your Uninstaller 2006
2007-06-01 16:05 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-01 10:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-26 23:16 <DIR> d-------- C:\Program Files\Support Tools
2007-05-26 14:26 0 --a------ C:\WINDOWS\system32\Ultra.dll
2007-05-26 12:47 <DIR> d-------- C:\Program Files\3B Software
2007-05-26 07:02 6,029,312 --a------ C:\Documents and Settings\PAULJ~1\ntuser.dat
2007-05-26 07:02 6,029,312 --a------ C:\DOCUME~1\PAULJ~1\ntuser.dat
2007-05-26 06:31 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2007-05-26 06:29 <DIR> d-------- C:\Program Files\McAfee.com
2007-05-26 06:04 <DIR> d-------- C:\Program Files\AOL 9.0
2007-05-13 02:44 <DIR> d----c--- C:\WINDOWS\ie7(2)
2007-05-13 01:32 <DIR> d-------- C:\Program Files\Duplicate File Finder
2007-05-10 09:03 <DIR> d--hs---- C:\WINDOWS\CSC
2007-05-10 08:42 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-10 08:13 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 10:46 <DIR> d-------- C:\VundoFix Backups
2007-05-08 16:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-08 11:39 2,466 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-08 10:42 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-05-07 11:33 77,312 --a------ C:\WINDOWS\ua2.dll
2007-05-07 11:08 <DIR> d-------- C:\Program Files\MsnMusic
2007-05-07 11:08 <DIR> d-------- C:\Program Files\Comcast Rhapsody
2007-05-07 10:00 <DIR> d-------- C:\DOCUME~1\PAULJ~1\APPLIC~1\Prevx
2007-05-07 09:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-05-06 13:14 109 --ahs---- C:\WINDOWS\system32\3771280746.dat
2007-05-05 13:31 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-05-05 13:31 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-05-05 13:31 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-05-05 13:31 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-05-05 13:31 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-05-05 13:30 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-05 09:38 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-05-05 06:11 8,464 --a------ C:\WINDOWS\system32\sporder.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-03 13:36:21 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-0000000A-00001102-00000004-20021102}.dat
2007-06-03 13:36:21 384 ----a-w C:\WINDOWS\system32\DVCState-{00000003-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-26 18:36:58 -------- d-----w C:\Program Files\Windows NT
2007-05-26 18:26:29 -------- d-----w C:\Program Files\Online Services
2007-05-26 10:07:21 -------- d-----w C:\Program Files\Common Files\aolshare
2007-05-26 10:06:49 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-25 07:34:04 -------- d-----w C:\Program Files\Spyware Doctor
2007-05-13 12:08:39 -------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-05-12 02:24:27 -------- d-----w C:\Program Files\PFilesRes
2007-04-20 23:35:49 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 06:49:06 1,044,480 ----a-w C:\WINDOWS\system32\roboex32.dll
2007-04-18 06:49:03 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-04-18 06:49:03 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-13 17:30:43 33,592 ----a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-04-13 17:30:39 25,136 ----a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
2007-04-05 18:10:14 -------- d-----w C:\Program Files\Common Files\eSellerate
2007-03-28 15:29:26 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll
2007-03-28 15:29:25 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 16:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 16:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-13 16:37:11 2,951 ----a-w C:\WINDOWS\mozver.dat
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 17:45:18 822,784 ----a-w C:\WINDOWS\system32\wininet(5).dll
2007-03-07 17:45:18 1,150,464 ----a-w C:\WINDOWS\system32\urlmon(5).dll
2007-03-07 17:45:17 3,581,952 ----a-w C:\WINDOWS\system32\mshtml(3).dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}=C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll [2006-01-10 12:09]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBM 5"="C:\Program Files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Motive SmartBridge"="C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 12:33]
"PrevxOne"="C:\Program Files\Prevx1\PXConsole.exe" [2007-05-30 14:22]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 11:00]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [2003-08-21 18:10]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeMem Pro"="C:\Program Files\FreeMem Professional\fmempro.exe" [2004-10-07 01:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DriveConfiguration"=40bee8ed02442dda469910c5051a8f87440fde52fed2fef25f339152321ced419d716f760c3a12d26b0440e69884e7b5187ed0bb08e52d2e57447083335c6434c10f76c1117d53f4516cb96ac441ed864fe63c166983e9cb58c535ed1c3ebfb5d71460a4d4fb5319c960992359e79b94dd18125764552403f810cfaf233a8b08b2ff2ba2b9b0058cd8015227bc74d738e815c53bb568dffa97a3a0da5fa31109874ee83a17781adad3a99a606d9acfe99af745206b63a361dbbcdd1ea4a1aa8158323953ac171f1c17c4948c9cfbe019e39210ea8f76edf4ccf02f632727ed3ba3e6583f09a0f4a9117fb2589c5ce78faf3b41deea4ef730def5bafe70903cc27e91f3afc6d51a9f0334fa4d585767c4f2c98d17e951ed536880a2b20e86e9119449e0a4afb98ee9385d24da8a3282672bb6fdcb23af40603eda9230b305b135c2c3f435a1c45c036ff923b869f8984160a3291a6a04c258d87c56ed691dba28bd54ba7b0dcb6781188dae3f616b2faa979f4b6a55b07fde0b95f1603c1d49cad9eb8fc2394f8d8111ce3e254129ab9fc8f56a44774a7a20f9bf6f8e1295cf052432bb35f7d1d253b97952b1442b8091a0604b3bc9b22c4db2da505389daf9973d7b213a3efa618483ff1279d2cfceb2ad3cc18959e6f68cad104581684f7564a71daf0afa943204bd7749c6a6727a089aa3016dc5587c63e91be84af6ecccd8dccdb4bc9d84e181a69c3fb65fad974c01dd063fa7a7ae78a8dbbbabf225e6491dde5474804a936fa1e6fac929cd098e4489f3ba472959f395935977c31cc753fa56bad59d294b452c2699d0691710c5b9dbec04cc71f8b280529c320304165138ec08c15d6333c5c9ea0d823abc664aa5729ed0cb18a70c55028cacc6fb045cad9f47451f0620d364a344bcf16be23e96397ba7f971f41b43e3ea9219f34520cef71079d7e187b47f1e724fdbbdb27401d41a7aa7752080afe4eb13551533eeea1c08eeacd136c15d80244044e2fcff744c0c2250276c724fa0e2affda0022843ff9a8ae7f44df656d17d56a2ed6ef0c7e1a93b32f79ff284df8f6893a4aa1bb199df748b312a6d4d28d8f15b71e35daef426730f27cd002ad409bbe41d0871eebe245f9a935bdfee5aff48f7b9ae0f60838532433791d63fca862ecba6b4a0caf236235f146dec0274ac49d483df35cd2ffc65ad826a2b6a5cebbeb0c633907ed6d47d8881bc49dab1ff49bd97d660de43e82dad72c98304a7c11a097dce84553bec6256a993d7f122823d6cebbb178cc3cf47fabb5b81eb48d3c30000977e786b20c24b547ea2ff7b7e85f01e7639421dd8371a5c06290e6968a9d95fbc4c540aaedfa24ba9f0aabeec90ca9be058c9daa9aa0e9bfb3910c42fcc0eec963e00780dcacd03d185febe03952c33aad220950b5faf8b7e41957145c4c30570ca5f64fd640b36449f6a2592a0e09315f49a8cf821cff9ce81451734501628b203b468e3db2b43d6bba6c5b3363552a2edcd97e81890b4c053624fecd9fa4ede7ce747f5709bb15e80cc4188ae7fb2d81a66c29f256b7d49d58dbdd67bebf28e941e1ff1eecc25ee0b7a4455caa2df8d44067f8af5431bfa1ca997bf644a8aa2c35144e346a396105a406fb61351c844daea760e41a1c8f43cef5fe38eda409e81d128bfdad81ff80ce4509fac89186a25d25d77ad70218f781857ab2b26f5b793864a9797d492686bc2c80807bbbbd8a8d8c564c0b5ac7774145d38f67e90905c40aa60d464e115e5dfa17cf80c2ed816598b33f3409bf12c7a87abcd6f5f3a16f004117f2845d0f9d0481777a32c98ad12ec71173887b83e105e5737b4e6dd1a6c0b5d069ecd49ed2ba6803f8db4fb232469b0c63584b6f33240a9e53ccb5059e6f97de63c3a359103c9119c4327e4a003c89edb540c71cb917032fce406011e0c222c5a5e5751e60af3a2c3d8a0e42f38d39680587cb8ff68e10abf45387f389267ef320a0e0ce414c7975e98acd324121a3b1ce5b570aaf1ad7519673f1e3ddc7ec6569d53413843c311a98770dd0b57631e3a2808b91cb88f7a19080b01cc5725d91161bc36de939a84796d4af3e82b2e33a9a4cc7ca47269d25e53d9876fcf9501361c0ebdcb3e419435728c3edecdc0144321771af020a83cacc478d8f1ed537d9c9f4c3cf2f081617baf80f357a539348d5478d2e9e80a73416b2191fc38f988d5b2bceddd36a322bf4d5f274827b7b327457284f17577f3670333cbfc2e3b5b92d933ca8583eeabea79d6d119984a8f65687cd7353a7db14f39dcc2cfdfb9fbf53b7b787bf2c0a825849aaf99d0f80871da626f8fcdeafeb03c5f9644adc3807d58ff54a72cd61ab71318b02677186b00055f0137b1a2a73efab8f276d36f33131c72cf8ff63cab8c8a215ba2211591003970dc57d8ee8ff320fafe2b242cf1fcfa1052f111292946c535ca4c31b34d0f45a33f37188d972c7fc4ec7edeece5833ebaf042a0fb95378f91d8cf78ff5833e04b26f26a9f95a49882e12234aab7f7f011f811494ababcb11690d1ec330c2bbb74825bb8160e9d8152d80a182f960f8a9a531dcfb86fa2f27be8397174d71de7e83e95e4e825006a2d16310bf11690159a02527c9c9222d09be9656dcf6ac2f1adcee2f4c47374f3e5f7758c8606aef168707e97787fd92ef38791d6cebed490554ef6f212a9711ff01d2bf7a0a8f7958b3c0d5dd42b279ea4447ef3dc361816e0279103489b6e00d898afdbb307a373cb5e01799c7c33781ad4f513e8ce1f8eca6abf915d276b280623d60d2883a02a9a15735a58344b7078ed157a95605f7c4637680026997e48f18fdab94abedc4725deab8b866e1b168ca6d506afaeb1d6460d677a4c6467ac635c058119ddd93f6b8066728748f93dd68cd4ef3a388cd69436b0588a26ab3f879555ec5503ed443104698f50e54c9667561334f8a468b8243a988bc0684712ab6462d65e8f56e3c4f9806d4c26e4ba3d13213b4a74a4fc67401d3fdb6f2f6495026c0dc345807fa151ac4a8fd495772c6715a0330d32562248acab16d0264769a76a59d7adadd3df6f14d76c41766cb58c6476626867e5f06e882c56c716f5e989a3137d4450b8cdd74ae81c89952d1d55098d11849ab92f81dc958748eac5a2abe3b58046afb5950f81fcc7a28fb8212c690bcb8789533aa62baea4345ebdb7785ca98a7c1764d46e14325b467c67b0a971721a0e9e1ad01f12086b624e869a189c861865a3e6addbb239f28e50782b425e144661eceb78e360def1c419e0a6b5534c54114b7cc214a397464707aa8a3f11fb90876a99f4db33387297a33ca76ef1141c5f74c980e508d7356fb53b0e0f8bcd589576d0d017205ec891cc468b112fb99be5e929b3a9b8aba0c7eca0523f1b9433a41566b7671aa935584b4bf56a5f748ab797b162c4f4529b05a71018a4c9f4d57e4c73776e32de28cffcfaa13c9566ea889a5156fd5901c66ff6884fb5c582725aed034138b4cec348fdc89ab80eace33e97ff5eadf047cfc5a378a4502aafd76afa221621c057223eea95756169982754b5891299122d344512f65d56115cb6ebafab913b5a1a36c1b19e4cd1c5d4947d71fdd8baea461dbf964d20ae22e20176ce0a39f80c4ad1684a22d6f70cd708af3d75d29ec7157f36615caaf4a844f640721f00945fd89592e1b07d192f5dfa5a83612760055906b9624d45e270ce0bff1041f1cf597a4de0f38db7ffc0e0c6f3c2851b6b39c7a1340b0312af69b9be83b0e3888f8d8631226586d96ff4bec23b345058ffd9803a6e58f92bcbfb2994e5e9e601ec2679aa0ac20045e951111f779aa06be69323daf68ef36c76adf685089b7b43267e650f62278c72f28c602a6b79cf7ecd8269cec03cc36e1dad19b4b0950037503c7d99dcc0b9d1b4f90a2908283e8a30158d9c3f54cb2fdac7e2da4b6480e1d1390d5c3aade096b408b2b4e136539729c79b02543ba400587d36806fad83436d2215f851b004a51a26956c48dc1b1ebe12eb96e536fc2dfd8f4690554a127123cd017db348518dc48d5c202e216109c99387658b0c1fd0f0282ad89f041bb24a98dd2cd64818e3bcb5b1b6afd98f7b7e53a5f03dff2d95f49fca31f7a7c550af8077bf0ca8788e6f543b2d16112c2edba7fb4c1f4237ad01d41e64d3b5b43ace8c12ae0473013a9756c7d8299c41c5930a3285dae4db275e55ccca5510f960783810b295fc7d0aa4c48800bbd59a41dc0a70a1570969132375ea7b6b6502bd4a164a1ad3dc10bc555fb48fdd035153fca8a0efca941a092aad5dd350ecd128810e8bd71a8d723fd4cea01c469c0aa0abd7d564c5e6633fe2c36e757d80d0c6618ccac3f08ef5ebbaa97b154eff860d4f74f982cbb45e20c97720f92103fb2991f3b0ba0c38fdc5555dccdacd0faba289dc7cc3a83b6e04e4cd2cb266e2955342df3f2a37d41e8d4639772bb9427ef211766dc6ef058379355b4df868f524c25874f79f04f04a8eb88e7fff78555542a13dae40ce899569f9577fede276d12fb577a376e707c4e6617bfefeb0e0ad9b859c07275027dd78249900ec73ea90f2829f11cc19a9c1927f8a297ba5b9f358a248fb615fc4a834945c7d1bf346eb8ea25f6af9ef12c7be407ac07e48cbce9481ee42e3d66b93d2959f8cf794d3bf30ad793da9b260e9c150107b678f00dde7580ad503351be546592f6f95e07d1d0757ee80f67fd4f8574ed9d3463735b9e5ab254767e098fa68d12b4f808657281795e9727be9edb3052fc282cb86fd4f257196ba8a966bb371a2437b72df0ecba8096e52595d7765d9f4b3f3ab4f6ab7ea3320b1e7b75ed6149bb60721db01406484eb127ec7b2533c4c2a13bbc805d3d0d25195f2a6f24268a9fc32b6a39ce61d2531130f29df20e3f5df2ecc431a560c9ef731650f719ed1f96cbf72424945ccb3b8ee32a2cd4b7ece56c7058a6de5cb1e49c9f26a59fa79cc946623440aa795b4d6c0846330babb8d8d59fda7d9e73b7616712082fed5dec8ea1b2eaff209923d56f1de8b1ccef676fb8fd99878b3df764f163efb140bd3261aaa20ff946b91cffaf40390af3086a3e0a16295c1aff7593491e12c47f42360fb25e942fb725b29d28b71fb5c2e09f37a0437a10ac6dc3217a37af14ce6460eafd47f9e8bd3ffe4aed20fcfd5e480c3652ef79c5c0489f1864f8895f4329c6495aaed153c98017f49cc947786e518be80cb288c5d9db2271eeb5bb321261f4cea54385222084204e0929c51287311eab113b89cecb718dd41ad90a59cc9f67f28157fdf5ac5dfb63269b144be9566182ddfa7a7d04f907ed4e334b6030ec7005ca7568863ecb520bcc6b99af84ea875af91eebccf90122c338be895788007820cee7d1c87dec24c3f24eb2016e32070974f50c142b7236923c2d531f4a9f871c7b685f403f33ad3ad66d5650b4682b6510ea2357cd0caad7fcc0f779d4181ed1683f521054e08cf895a6091232f35525f3b1005b722d397b455fa2256e62063b69ac56eea404e95a029424dd62f7a03dce347232838dfd9c951e70b9ae841dfbbf0257d427973162dd547259bf9cef53c25596307c8b0e52b9da9cb471bf9c5dd0c49a6047b8c675ed4916f4a47d4115b6d9a5795082e3dfea5e2c4c191b6b6dab25230c71eb9364a1b7047b34ae234611f03318794342d2c1f665f76e183222720090268f7f817c54cef917a039295ed712e487b14a028778173a3709d48e2b3e6107be611f703d7e3d99a994add1e9fbb3a3804bcee3bd8e8b34fb7392fcea1876bee054b86a11fa9abb984ae4050fcd660678fd18ccde3869d42c559fddd05a917ab879d0c999721a8947d2b9594ee5143cd041142541ef15a2796f256713db623fefa9390f1b4e652b972aa4b41c1490b6756b198b0f5ab6a3a9168baf2b55dfd062251ab9dbab544c69d3395af91893718a7985a071bb8c0c2bc7d4f0ce70ea23d196deb767973ab00b85b41914726bccfc73dee10c059c16497a0ced5ba102ced1e218679eba6718d75f5fcc86f4788d95b62da4245756e5cb1430e9cd283a414fd874d3d955c1daef3e7b38bc190be955fbe5b8479fd3766b2f4ad37e9972fb1bb9de76549359e0b3bf5dc170413518c68d773153c5069526e4728704571dcfce9e889f925dcf2306c86bac71a5ec915fd958ef1b514a6d1d99691fae136c8512da6c5b42f5abbe1c48e8493c48adbedd725cb1c8b886739a434bc6cb3460457ebfa1cb22f6f39326faad6b035dcf0877be8763ec020fb675b4fafc60efd958db6deeed6c922ecbdafdbc664594399075da84e779d7b64cb23a4f0525019e2cb36af89d942305ab11eaded16d5164887390760b781e5dd3d372a1e8d52fd7d279e06d40e65803f7c48902495d46ed571d8e140251c342612ba6993e14813e25607b88ad55d793b2686f52a75866aa89d621dfaa58ffd658bab8388416bdceef6d54ae496afc8889437ec23e71412b9528db7dee9f923cad195764bb047def54ce4f71dbb1fea989013f7f7248266ae2d1bc17593f840ef7f6b858ab4fa89a622a8d7f9b876f8327b2a2edcd54f64862f7d6621c1db4ea9a9e13e073b63553799cbdba683a595bfde70624464dd55f7e1e502e4811298099973bc0b8cee8828efd8d46debc3b429e39741a157e49d05097731a35e2c395b06028353df7573eb17084bf49121a91c8b1951ad7d942d78440e92950b7fb7c52b3a81be7ec9772c87f750b8d761448e821c1e1ad19e930f36dbd2ae85ae5c45607b16f6f3129cb9e2d7d9a48020d46a42dfcd237381894b2916ea0c77b1c2c0e412e9b11c828e2495e6ffca9756997b46441c4ff4fcef1fe7373c7f354b51933e9e47237a60e1f2757ab64c17c193df29701bcb15d5b0fced4a97b8af675674c87661ecd627f673b2854687ae29d5a81bae236a0f95648cca64496dbe0435880f6454aa6b4fd98ab6e5f1f5a2e3f6287f25e67d5468134b2e551c07b8bb1baf0c1d2068c96cdf656615a50cc63e90540c4d0072b0ab49b4d2c7aaadcf5d839213f8f6c2e42eb59f4f294b89d21a486021f69de448a75d6e905ec2dda62b71d4facaff2366c0b38210a78e8591c788cc57e61d7a476008e9a77a4f9c3cf37f76afdc392935aaedf06f8ae6818ff487953dbd83d4abb9043324c1cc74d0b54f10d079efaebd9b12ec5236775b6516cacb1c1c76ca5de4ba6786a6ff3b5f5a69ab4c20ac67c8de21360e2b18f6196c70decf3c66077912ab2b771db9acd2327366d8516bba6b3047fe558e1715be85d90f48c0e5fc94e889fe075ff0a2ce3148711f4823c1c2df1ed1d138c116bc92a7cf8f55dfdf789191dc83a6e564a94420b00997106b75bbabc4309576f3c2f6261cd73df8f1b9bb5b746d28b5c5a44554454b1da7fa5e8bae35fdfcaf73c1762b8250d910e52f663078d87df2570dab47fd6be3e0a9420c9e06a4bc4b0abc44871f61ec0581eb7fa0f7e7460bc66544e2079138e4aae5c0017564e2f9b1805b66243c33fd3f8e95119707de5899b5f4f27a49d9a76e7580711a98df3a4b9d45e6e820ee9425d3d421fa21c9eed411c3e48a6c77b5dc9222296475eac207802923cbbd15b93a211a51b9077c2e55dd3f59bf1e44399480b463e26ea1b3e8b8eb9c1e8a61bc759a29b4e0a66236131e075f8b1d1748ce9ef3d8f4ed07dc665bac59e695364d20d0f9c9a49fbf1909b2fe337d50712ecbeb56a62da1da626208d234012bab210dd0a4c2c9fd3aeacebae4895a1701d1eb710f970df21dfb7057834b3df6d025aaff04dccc02001dadb1ca3ad39fe7b547d0ea318c1eed9e1a2cdad7b9b54e8da120e481df55b6f7fad02167d7f3c975daa1dd234e089c4607be193645103bcadc960784920b2208c95c91d35effc429d086d34fa5740795fb094f9c09b9f7c56f1f35f173be974d1bd17c8ae62f6be0b972a9531c580a35a66907ecb6db11f564b22529b82ba13f195b56930814de250e082fe5f231712e30700d90a77407d292dd8d3795b9a1d001e8af1234a1d3009c0eda431139f652fa7f638a10424b8064dfe896a4e0e8cc9a7215d9f519357a4ca22f0b60597054a27d8da5f5f12a25b4341a67f793c73e129ed5d35fd802f43e95b251af59bb67202d113587c51bd79dc97abc29b83c08ce72533627f94602157827865885c5a35da322a2570b281b91ac97160370427123c17b81fd4bccfc8604e7172e6ae0ebb40c9a1d3e4cd67fbea96375701ea60dcbe607fdff7fded0baefeadc4c58927508cd7160ee64128a888cf8fa12a1e205ddbe4cc1f5d339bb02f730ed6cff85eac34fd95c5df0e4b041e3721043b5ac9271549995afae21e5f69d46e001c14ac9a9e2e24d76b20b4b59b055da9e4d828d1c4d4ff5af719268e8538501029162e8182d30d49634dcceed9e8b378c762f0c0b3a5869a9854d4cf8eb5c9cd7256e6a95a16ede76a42c8cf5d5d32d91c107e5b2c70017fc85337b18902f72b868c597d5ab6b973b88e242487717e2f12747cb05b86733b62bc3445517e5705d9db805b39ded012c2a9e27503c32525ed6a5800a8f4737559f837dcf8af4d6fd935e48df8be1bcc45073a862948ceb26e023f8c9d8da3724c076a8453f91cac26393bb4de6dea089b049471c9cd00b067f89f93166da304920ea8ecdfd95558967d4245a794bfc61f85295c57df16e5b9944c0c969c3b0eb6bc7c875904aa8da93eff96d8842a3c6b8404068ac1ad0a08836aeb09a77c22d33bef9a6b6b1f286eebbfa3ca5533b997282953079d29f5ca57a5d3cf8ec087ac1490c636966b79b562140100ef6072ca0cd1e4f3f16097c3118c252e786003f6e54b9f006c8e60c0fd486212da3e5dea4721e8404a1df970b0a6cd9c791e79578fbfcce87c405c5ab7cae9617dfd576ba6c0889b60e9aa915fcf763b7de34438f31eb520fec45dce1645877d86db44026c23868cfa72af05dcc87b0d675989eebd8c64d72c6afb4178e7a31954e1f67cd8b6caac2b615793ad943645a1cd3e57ff4b838c8979a6cd4b3c3bacd5f3c17a55233059f53a0ae12f02833697342426f1298e6c966b0a4c41ecbc352f50eeb4ee1dff2088e92f2fde40a459fe6c208d7f5ad417b5bc74f7e0dc16e3bc8f7db0c52a23818034f316c858f604dd8f16ecd992d7c9d83a2c122360374cb374deca139fc05209b7ec74531e842e847e8bc4ce3fa0ff54b95df4cb9c74ba41aa8de89d3895610b1d5039aa4897bb3163c8e3a7b5c7dc22aba66396b4903c7d12294f9cacc1a1f74bbc6f2b216b17b7fbdcd30838b1c5fe4d820d05f4392a597ae5686ad8995affb1054b019975ff361cdd58ce58bf840accdaef358be3d600615530d76a4497d6c2ea8a7567aeda72ea589b4a2bc2c52738a43c81bafbfd5b2f2199f12d993ec3a76c094f0834636aab1e3f02baf3eaeb87ac6a0885f5b525970d708f5a271ef642c8fa36030dbf4099d99eada543806dc8a27cb196de97d540a6c29f76e97e54d0b2259f15eaa7f87cf05a6a9d9d3bd246a55ce658d82c9952e4658838dbd71fe0f9fd6eb31c2176d17089c208185365afae4f9b152064ebd4fed441ea0d927c112b0546006a34b48230f065f48a18965c5bebb7aca2274e11fc7d7031608e2b7bf0643c0f55a4b6e9712adec6be875f667edc14233b4271dbd079bba39d993ca667c684c141400a7e34caaf64d4749a3e7d9b537e3f85e70da6d3394c8cfc20658b2a017631c0b1eb338cecb0c4f65b86db4f36241937e0f96bfbb550eb9e2dcbf15ca744bb55ab4fc8f40e014b0e6105e81a28f094a2d82b6f457cad013f92b1c232aad9112b64269ffcbaa7842f694bdac4e063710effef902ab5981de9efbf5460c3c13908318ff8c8c42f2a0c96637fc755f8d72edabcd87701dccca23d2836458666df10f68318ebd0b81334d1e4243653eed62ea4a3587c617ea52e9651d9f8d12855bbf8e21961ba58f1fdad706fdbc0251eeb00eb27f228d007ac2389c0a1f35a721779a7217cd2d36933d6d06af8dd701570462ccf27f4c3f45c1185f940bd78d0aeca8fc5a5b7b69a7031a06a1de69b7f205ecbe80d8c78b3e13f89296018bfc2c0863f11534678d8e21d5e3ee1cd842d9855cb6b77721d264ab0ead299ac92bece2847ea3eb19ec0eca5ad2a666a2e9d0d9b0c85719b6aa19d7ac7201a7eaecd23562f65690c89b1f526a3bee16c765e605b6aa284a04ad9ac55d7ae7047019c76f4e6281c21312aec1c91f3f268949c2dfe3f2e076802f2bd1061f161b3c7c45026f6f082314a922c2aeafcea4bff37504c52a2ff8c5d764e3a39a44072e553bed568dc6f299138601bfe392a2c74c123421510a761e4f734da4e190c126017f48d3700e470e57d1d61f2e71c328dd47da5a212a64683285eed13ca3ac4ce98970dce2dff00f6929b3264a58f43ac8ee3d7fd86237c98dc6c150d4a73fb061353534e9a3145392d1537ba729c20e91c61caa03dcdbae745450fad2b6f2f5754cf7d55184211bb87197db5ca068844769af0be44356bc1a05235974a0986d240c18dd49834ac06deec270529cdfe1ee3aef32b4009a8215287d0547a415574510df1017e6bd9853f19c3ce40454820aebcfbaa2a2a26ed6a8c5a87cfa48f4585e68eab7c7e1a552d4626b679a3e900fa36497cb36919b60d9c4ede515f2ff1a79fc81fbe1dec995f8297819fcb35b2fc28d8f8cf935e9c7b20d9468200cfc429dceb4eb04ee44f20ac82e0b7993cb7c8a6d4eff2672f61fb43b88e52ea4fdb47bd37872f9767be8584b596cafe6efbdc9af8f2ec02a3d07ce7b1e285f292def6b22305c02ffea73298a93e2e47dd085e4948d386583a77067be7ab5a423350475ba92c4f24813fb5b228bc2b640e1f6ba921131ec9773f9082b4000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdwser]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkhi]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
backup=C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\AOL 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
C:\Program Files\ATI Multimedia\main\ATISched.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastTVSync]
"C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1112564115\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
C:\PROGRA~1\Pinnacle\PPE\ppe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVolution]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsService]
rundll32.exe "C:\WINDOWS\system32\gmpmxewb.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RioMSC"=2 (0x2)
"AOLService"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-05-26 10:18:56 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (MAIN-Paul J).job
2007-06-03 10:20:20 C:\WINDOWS\tasks\McAfee.com Update Check (MAIN-Paul J).job
2007-06-03 13:40:19 C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-03 09:42:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-06-03 9:43:44
C:\ComboFix-quarantined-files.txt ... 2007-06-03 09:43
C:\ComboFix2.txt ... 2007-06-03 09:29

--- E O F ---

__________________________________

Logfile of HijackThis v1.99.1
Scan saved at 09:45, on 2007-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\FreeMem Professional\fmempro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1462DAD1-4735-45C1-912C-196F4FF3BD8b} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {b56432b5-87b8-4c9f-aca3-71aa0916a1cd} - (no file)
O2 - BHO: (no name) - {FFEF7511-96E2-42EC-827D-8FCB3FCA3C77} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Program Files\FreeMem Professional\fmempro.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.co...eetnoagent7.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121775637406
O16 - DPF: {7CDD074F-98A9-4DB4-9DD2-B6F26B5F30DA} (InstallerAX Class) - http://foxmovies.a.c...installerAX.cab
O16 - DPF: {88B507F9-C6B2-45CC-AAB6-720A652DE11C} (TenOfTen Class) - https://help.verizon...tWebInstall.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - https://help.verizon...tWebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pog...aploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
O20 - Winlogon Notify: mdwser - C:\WINDOWS\
O20 - Winlogon Notify: pmnmkhi - C:\WINDOWS\
O20 - Winlogon Notify: vturs - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Automatic Updates wuauservEventSystem (wuauservEventSystem) - Unknown owner - C:\WINDOWS\system32\~.exe (file missing)

[LDTate]

Are you running 2 anti-virus programs?
Prevx1 and McAfee


Click Start > Run > and type in:

services.msc

Click OK.

In the services window find (wuauservEventSystem)
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: (no name) - {1462DAD1-4735-45C1-912C-196F4FF3BD8b} - (no file)
O2 - BHO: (no name) - {b56432b5-87b8-4c9f-aca3-71aa0916a1cd} - (no file)
O2 - BHO: (no name) - {FFEF7511-96E2-42EC-827D-8FCB3FCA3C77} - (no file)
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
O20 - Winlogon Notify: mdwser - C:\WINDOWS\
O20 - Winlogon Notify: pmnmkhi - C:\WINDOWS\
O20 - Winlogon Notify: vturs - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservEventSystem (wuauservEventSystem) - Unknown owner - C:\WINDOWS\system32\~.exe (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"



Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

[PJN]

I am running McAfee and Prevx1. I was under the impression that Prevx1 was a anti-spyware program and McAfee was an anti-virus program. When I opened the services window (wuauservEventSystem) was not there. What should I do?

[LDTate]

You might want to check, I think it's both. Did you run the HJT fix?

[PJN]

I stopped McAfee from starting at Start Up.
I ran the HJT fix and rebooted. Here is the log.
When I ran ComboFix earlier today, Prevx1 found the C:\windows\system32\perfc000.dat and deleted the file.
My system appears to be running normally. Can you determine if there is a problem by looking at the HJT log?

Logfile of HijackThis v1.99.1
Scan saved at 23:49, on 2007-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\FreeMem Professional\fmempro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Program Files\FreeMem Professional\fmempro.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.co...eetnoagent7.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121775637406
O16 - DPF: {7CDD074F-98A9-4DB4-9DD2-B6F26B5F30DA} (InstallerAX Class) - http://foxmovies.a.c...installerAX.cab
O16 - DPF: {88B507F9-C6B2-45CC-AAB6-720A652DE11C} (TenOfTen Class) - https://help.verizon...tWebInstall.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - https://help.verizon...tWebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pog...aploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Automatic Updates wuauservEventSystem (wuauservEventSystem) - Unknown owner - C:\WINDOWS\system32\~.exe (file missing)

[LDTate]

Delete this file if found.
C:\WINDOWS\system32\~.exe


You can remove any programs / Tools I had you install. Use Add/Remove Programs to remove if listed there otherwise just delete them and empty recycle bin.

Log looks good


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.



If you dont have any programs like these, I would recommend that you get them.
Spywareblaster,
Spywareguard.


Also get a FREE FIREWALL and FREE ANTI VIRUS if you need one.

Only run one Anti-Virus and Firewall program.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Do not use Ad-aware if you have McAfee's VirusScan and AntiSpyware


Safe Surfing.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

[PJN]

I will take your advice about my computer security. Thank you very much for your help.

[LDTate]

Great job You're more then welcome. Glad we were able to help Peace be with you

[LDTate]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php