the kernel check i see is in the msconfig start list.it keeps re checking itself
couldnt see kernel check in hjt
have seen cdnup previously but ran search and it came up blank.
got a avg threat warning of worm/vb.AUG in docs+settings\pete\my docs\firefox setup 1.5
ran combo scan
ComboScan v20070306.20 run by pete on 2007-03-10 at 13:03:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created ComboScan Restore Point.
-- Last 5 Restore Point(s) --
10: 2007-03-10 13:03:40 UTC - RP10 - ComboScan Restore Point
9: 2007-03-09 19:57:37 UTC - RP9 - Software Distribution Service 2.0
8: 2007-03-09 17:58:16 UTC - RP8 - Software Distribution Service 2.0
7: 2007-03-08 21:45:49 UTC - RP7 - Software Distribution Service 2.0
6: 2007-03-08 18:04:21 UTC - RP6 - Software Distribution Service 2.0
-- First Restore Point --
1: 2007-03-07 18:16:17 UTC - RP1 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as pete.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:03:51, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pete\Desktop\comboscan.exe
C:\DOCUME~1\pete\MYDOCU~1\MYPROG~1\pete.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
-- HijackThis Fixed Entries (C:\DOCUME~1\pete\MYDOCU~1\MYPROG~1\backups\) ------
backup-20070303-134842-952 O23 - Service: jsefusf - Unknown owner - C:\WINDOWS\system32\jsefusf.exe (file missing)
backup-20070305-191213-609 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll
backup-20070305-191213-464 O2 - BHO: (no name) - AutorunsDisabled - (no file)
backup-20070305-191213-244 O2 - BHO: (no name) - {4627a870-d469-4829-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4829cfsb.dll (file missing)
backup-20070305-191213-639 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll
backup-20070305-191213-640 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll
backup-20070305-191213-463 O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
backup-20070305-191213-415 O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptimg.dll
backup-20070307-075255-727 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20070307-075255-644 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075255-424 O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\SYSTEMDATA\aS3RhXPMHt_2002.dll (file missing)
backup-20070307-075255-819 O2 - BHO: browser Class - {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\USERDATA\yI0nxwrhWZ_2002.dll (file missing)
backup-20070307-075255-633 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075255-456 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075255-723 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070307-075548-683 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075548-676 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075548-431 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-075548-168 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070307-075548-314 O23 - Service: CNTDBQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\CNTDBQ.exe
backup-20070307-075548-744 O23 - Service: DZATZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\DZATZ.exe
backup-20070307-075548-986 O23 - Service: HBYHPSIE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\HBYHPSIE.exe
backup-20070307-075548-261 O23 - Service: HYGJWU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\HYGJWU.exe
backup-20070307-075548-780 O23 - Service: MGCLAFSUSOV - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\MGCLAFSUSOV.exe
backup-20070307-075548-115 O23 - Service: MYMA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\MYMA.exe
backup-20070307-075548-719 O23 - Service: NLNG - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\NLNG.exe
backup-20070307-075548-798 O23 - Service: RYJIUB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\RYJIUB.exe
backup-20070307-075548-296 O23 - Service: WNDJQCPXD - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\WNDJQCPXD.exe
backup-20070307-075548-901 O23 - Service: ZQHAHUR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\pete\LOCALS~1\Temp\ZQHAHUR.exe
backup-20070307-080343-116 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-080343-158 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-080403-729 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070307-181959-417 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-181959-866 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
backup-20070307-181959-645 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-181959-855 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-181959-677 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070307-193858-214 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-193858-725 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-193858-973 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070307-193858-368 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070308-203817-741 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070308-203817-720 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070308-203817-500 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070308-203817-895 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070309-092547-679 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092547-907 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092547-687 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092547-897 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070309-092710-710 R3 - URLSearchHook: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092710-627 O2 - BHO: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092710-407 O3 - Toolbar: 8855 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4b2cntos.dll (file missing)
backup-20070309-092710-802 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070309-141707-842 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070309-143913-285 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070309-185545-860 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
backup-20070310-124556-997 O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1R Avg7RsXP (AVG7 Rezident Driver) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys
2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys
0S bdhabijg - C:\WINDOWS\system32\drivers\bdhabijg.sys (not found)
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3R cmuda (C-Media WDM Audio Interface) - C:\WINDOWS\system32\drivers\cmuda.sys
3R FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\fetnd5.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2R GenPort - C:\WINDOWS\system32\drivers\genport.sys
0S gjhbcdid - C:\WINDOWS\system32\drivers\gjhbcdid.sys (not found)
3S hidgame (Microsoft Hid to Joystick Port Enabler) - C:\WINDOWS\system32\drivers\hidgame.sys
2R hidproc - C:\WINDOWS\system32\drivers\hidproc.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
2S https - C:\WINDOWS\system32\drivers\https.sys (not found)
3S iMSPQMn - C:\DOCUME~1\pete\LOCALS~1\Temp\iMSPQMn.sys (not found)
1S intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
2R irda (IrDA Protocol) - C:\WINDOWS\system32\drivers\irda.sys
3S irsir (Microsoft Serial Infrared Driver) - C:\WINDOWS\system32\DRIVERS\irsir.sys (not found)
1S kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S MadgeTRN (Madge Token-Ring Adapter NDIS5 Driver) - C:\WINDOWS\system32\drivers\mdgndis5.sys
2R MapMem - C:\WINDOWS\system32\drivers\MAPMEM.SYS
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSIRCOMM (Microsoft IR Communications Driver) - C:\WINDOWS\system32\drivers\MSIRCOMM.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - C:\WINDOWS\system32\drivers\msmpu401.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
2R NTRemap - C:\WINDOWS\system32\drivers\NTREMAP.SYS
3R PAC207 (SoC PC-Camer@) - C:\WINDOWS\system32\drivers\PFC027.sys
0R PrevxDriver (PREVX Kernel Mode Agent) - C:\WINDOWS\system32\drivers\pxfsf.sys
3S PREVXEmulator (PREVX Emulator driver) - C:\WINDOWS\system32\drivers\PxEmu.sys
1R PREVXTdi (PREVX TDI filter) - C:\WINDOWS\system32\drivers\pxtdi.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
1R PXRDDriver (PREVX Rootkitscan driver) - C:\WINDOWS\system32\drivers\PxRD.sys
3R Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
3S RegGuard - C:\WINDOWS\system32\drivers\regguard.sys
3R S6U12BScanner (MUSTEK 1200 UB Still Image Device Service) - C:\WINDOWS\system32\drivers\usbscan.sys
1R SCDEmu - C:\WINDOWS\system32\drivers\scdemu.sys
3S SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
1S SiSEsc (SISLIB_ESC) - C:\WINDOWS\system32\sisesc.sys
0R SiSide - C:\WINDOWS\system32\drivers\siside.sys
0R sisidex - C:\WINDOWS\system32\drivers\sisidex.sys
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3S SISNIC (SiS PCI Fast Ethernet Adapter Driver) - C:\WINDOWS\system32\drivers\sisnic.sys
0R sisperf (Add Performance Filter Driver) - C:\WINDOWS\system32\drivers\sisperf.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
0R srescan - C:\WINDOWS\system32\ZoneLabs\srescan.sys
3S ss_bus (Samsung Mobile USB Device 1.0 driver (WDM)) - C:\WINDOWS\system32\drivers\ss_bus.sys
3S ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - C:\WINDOWS\system32\drivers\ss_mdfl.sys
3S ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - C:\WINDOWS\system32\drivers\ss_mdm.sys
3R StillCam (Still Serial Digital Camera Driver) - C:\WINDOWS\system32\drivers\serscan.sys
3S STIrUsb (SigmaTel USB-IrDA Dongle) - C:\WINDOWS\system32\drivers\irstusb.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3S U81xbus (LGE U8XXX driver (WDM)) - C:\WINDOWS\system32\drivers\U81xbus.sys
3S U81xmdfl (LGE U8XXX USB WMC Modem Filter) - C:\WINDOWS\system32\drivers\U81xmdfl.sys
3S U81xmdm (LGE U8XXX USB WMC Modem Driver) - C:\WINDOWS\system32\drivers\U81xmdm.sys
3S U81xmgmt (LGE U8XXX USB WMC Device Management Drivers (WDM)) - C:\WINDOWS\system32\drivers\U81xmgmt.sys
3S U81xobex (LGE U8XXX USB WMC OBEX Interface) - C:\WINDOWS\system32\drivers\U81xobex.sys
0R uagp35 (Microsoft AGPv3.5 Filter) - C:\WINDOWS\system32\drivers\uagp35.sys
3S usb2vcom (USB Data Cable) - C:\WINDOWS\system32\drivers\usb2vcom.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3R viagfx - C:\WINDOWS\system32\drivers\vtmini.sys
0R viamraid - C:\WINDOWS\system32\drivers\viamraid.sys
1R vsdatant - C:\WINDOWS\system32\vsdatant.sys
4S WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
-- Scheduled Tasks -------------------------------------------------------------
2007-03-06 14:10:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
-- Files created between 2007-02-10 and 2007-03-10 -----------------------------
2007-03-10 11:31:56 0 d-------- C:\Documents and Settings\gillian\Application Data\Prevx
2007-03-09 19:32:39 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-03-09 16:06:40 0 d-------- C:\Documents and Settings\kate\Application Data\Prevx
2007-03-09 14:06:14 0 d-------- C:\Documents and Settings\pete\Application Data\Prevx
2007-03-09 14:06:06 7680 --a------ C:\WINDOWS\system32\pxinst.dll
2007-03-09 14:06:06 100864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2007-03-09 14:06:05 18560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2007-03-09 14:06:05 276992 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2007-03-09 14:06:05 7552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2007-03-09 14:05:35 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2007-03-09 14:05:34 0 d-------- C:\Program Files\Prevx1
2007-03-09 14:05:04 13952 --a------ C:\WINDOWS\system32\drivers\PxRD.sys
2007-03-09 13:57:46 0 d-------- C:\Documents and Settings\pete\DoctorWeb<DOCTOR~1>
2007-03-09 13:27:14 0 d-------- C:\WINDOWS\ERDNT
2007-03-08 08:34:26 0 d--hs---- C:\FOUND.000
2007-03-07 19:09:32 0 d-------- C:\Documents and Settings\lucy\Application Data\Help
2007-03-06 14:38:56 0 d-------- C:\!KillBox
2007-03-06 14:12:07 0 d-------- C:\NoLopBackups<NOLOPB~1>
2007-03-04 17:44:47 0 d-------- C:\Program Files\ACW
2007-03-04 17:29:22 46352 --a------ C:\WINDOWS\setdebug.exe
2007-03-04 17:29:21 139536 --a------ C:\WINDOWS\system32\javaee.dll
2007-03-04 17:08:00 2256 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-04 17:07:45 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-04 17:07:45 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-04 17:07:45 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-04 17:07:45 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-04 17:07:45 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-04 17:07:45 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-02 20:49:43 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-03-02 20:49:38 0 d-------- C:\8206950b53814547c488e2<820695~1>
2007-03-02 17:10:15 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-03-02 17:07:28 0 d-------- C:\WINDOWS\system32\LogFiles
2007-03-02 17:07:28 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-28 17:05:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-27 10:12:45 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan<SECTAS~1>
2007-02-27 10:12:39 0 d-------- C:\Program Files\Security Task Manager<SECURI~1>
2007-02-26 08:28:16 0 d-------- C:\kav
2007-02-25 23:04:25 1 --a------ C:\WINDOWS\system32\index.dat
2007-02-25 22:09:49 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-25 16:40:51 0 d-------- C:\Program Files\Agnitum
2007-02-25 16:03:14 42036 --a------ C:\WINDOWS\system32\431172419388.dat<431172~4.DAT>
2007-02-25 12:58:25 42036 --a------ C:\WINDOWS\system32\431172408301.dat<431172~3.DAT>
2007-02-25 12:27:55 42036 --a------ C:\WINDOWS\system32\431172406458.dat<431172~2.DAT>
2007-02-25 11:57:53 9327 --a------ C:\WINDOWS\system32\drivers\hidproc.sys
2007-02-25 11:57:43 42036 --a------ C:\WINDOWS\system32\431172404659.dat<431172~1.DAT>
2007-02-25 11:57:25 185 --a------ C:\WINDOWS\system32\E25F6992.dat
2007-02-22 18:06:43 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-22 18:06:42 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-13 19:02:37 0 d-------- C:\Documents and Settings\gillian\Application Data\Talkback
-- Find3M Report ---------------------------------------------------------------
2007-02-25 11:58:00 132 --a------ C:\Program Files\2.ini
2007-02-08 15:00:54 0 d-------- C:\Program Files\PC Camer@<PCCAME~1>
2007-02-08 15:00:54 0 d-------- C:\Program Files\Common Files\PCCamera
2007-02-03 19:19:40 0 d-------- C:\Program Files\LG PC Suite<LGPCSU~1>
2007-02-02 20:07:12 0 d-------- C:\Program Files\Yahoo!
2007-01-29 08:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-12 13:28:04 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2006-12-19 21:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 18:16:48 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SiS Tray"="C:\\WINDOWS\\System32\\sistray.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SiS Windows KeyHook"="C:\\WINDOWS\\System32\\keyhook.exe"
"WireLessKeyboard"="C:\\Program Files\\Multimedia Keyboard\\PS2USBKbdDrv.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"VTTrayp"="VTtrayp.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"CdnCtr"="C:\\Program Files\\CNNIC\\Cdn\\cdnup.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^RealDownload.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\RealDownload.lnk"
"backup"="C:\\WINDOWS\\pss\\RealDownload.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Real\\REALDO~1\\REALDO~1.EXE -hidden"
"item"="RealDownload"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Find Fast.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\FINDFAST.EXE "
"item"="Microsoft Find Fast"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^Office Startup.lnk]
"backup"="C:\\WINDOWS\\pss\\Office Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA.EXE -b"
"item"="Office Startup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8tv3fg93wkked7]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iexpl0ra"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\iexpl0ra.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFD"
"hkey"="HKLM"
"command"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttp"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\drivers\\ttp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="????"
"hkey"="HKCU"
"command"="????"
"inimapping"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="raid_tool"
"hkey"="HKLM"
"command"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealJukeboxSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tsystray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealJukebox\\tsystray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realplay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RFX_auto_upgrade]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shimdvdlongmess]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="htm internet"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\date flap shim dvd\\htm internet.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sysonling"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\pete\\LOCALS~1\\Temp\\sysonling.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tau Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Taumon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Agnitum\\Tauscan 1.7\\Taumon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray way]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inside deaf"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\pete\\APPLIC~1\\LOUDCU~1\\inside deaf.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\workflow]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="workflow"
"hkey"="HKLM"
"command"="D:\\installs\\workflow.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=""
"{754FB7D8-B8FE-4810-B363-A788CD060F1F}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptimg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce098a11-a562-11d9-88ff-806d6172696f}]
Shell\AutoRun\command D:\Setup.exe
-- End of ComboScan: finished at 2007-03-10 at 13:04:51 ------------------------
new hjt after fix checked
Logfile of HijackThis v1.99.1
Scan saved at 13:24:43, on 10/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\pete\My Documents\my programs\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe