ok bit defender came up cleanand dr web,ComboScan v20070306.20 run by chris pc on 2007-03-15 at 11:01:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as chris pc.exe) -------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:02:15 AM, on 3/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\5248\SiteAdv.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\SiteAdvisor\5248\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Documents and Settings\chris pc\Desktop\comboscan.exe
C:\DOCUME~1\CHRISP~1\Desktop\chris pc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\5248\SiteAdv.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170349875140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170351159718
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) -
http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -
http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4949/mcfscan.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\5248\SAService.exe
-- Files created between 2007-02-15 and 2007-03-15 -----------------------------
2007-03-15 10:10:03 0 d-------- C:\WINDOWS\LastGood
2007-03-15 09:40:10 0 d-------- C:\Documents and Settings\chris pc\DoctorWeb<DOCTOR~1>
2007-03-14 20:49:18 0 d-------- C:\WINDOWS\system32\Color
2007-03-14 20:49:18 0 d-------- C:\Program Files\E-Color
2007-03-14 20:43:42 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-03-14 20:43:25 0 d-------- C:\Program Files\Common Files\Nero
2007-03-14 19:47:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor<SITEAD~1>
2007-03-14 19:47:05 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-03-14 19:46:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor<SITEAD~1>
2007-03-14 17:15:31 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-14 13:53:55 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-03-14 13:53:54 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-03-14 13:53:48 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-03-14 13:15:01 0 d-a------ C:\WINDOWS\zts2.exe
2007-03-14 13:15:01 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-03-14 13:15:01 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-03-14 13:15:01 0 d-a------ C:\WINDOWS\rundl132.dll
2007-03-12 21:44:00 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-12 21:43:57 0 d-------- C:\Program Files\Grisoft
2007-03-12 13:24:35 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-12 13:24:33 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-12 13:24:33 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-12 13:24:30 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-12 13:24:30 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-12 13:24:22 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-12 03:21:39 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-03-11 16:08:17 0 d-------- C:\Documents and Settings\chris pc\Application Data\DMCache
2007-03-06 23:04:44 0 d-------- C:\Documents and Settings\chris pc\Application Data\MySpace
2007-03-06 23:04:42 0 d-------- C:\Program Files\MySpace
2007-03-05 20:50:13 0 d--h---c- C:\WINDOWS\ie7
2007-03-03 23:26:12 0 d-------- C:\Program Files\a-squared Free<A-SQUA~2>
2007-03-03 04:10:14 0 d-------- C:\WINDOWS\Prefetch
2007-02-26 20:36:44 0 d-------- C:\Documents and Settings\chris pc\Application Data\PC Tools<PCTOOL~1>
2007-02-25 05:14:44 349760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-02-25 05:14:44 288320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-02-24 07:46:09 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-02-19 18:15:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-19 18:15:25 0 d-------- C:\Documents and Settings\chris pc\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-16 01:53:50 0 d-------- C:\Program Files\DVDFab Platinum 3<DVDFAB~1>
2007-02-15 15:15:27 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-02-15 15:15:26 0 d-------- C:\Program Files\Trend Micro<TRENDM~1>
-- Find3M Report ---------------------------------------------------------------
2007-03-15 10:54:38 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~2>
2007-03-15 10:30:24 0 d-------- C:\Program Files\HP
2007-03-15 09:16:41 0 d-------- C:\Documents and Settings\chris pc\Application Data\MailWasher<MAILWA~1>
2007-03-15 07:57:37 0 d-------- C:\Program Files\Mozilla Thunderbird<MOZILL~1>
2007-03-14 20:35:23 0 d-------- C:\Program Files\SlySoft
2007-03-14 20:21:28 0 d-------- C:\Documents and Settings\chris pc\Application Data\Vso
2007-03-14 19:59:04 0 d-------- C:\Documents and Settings\chris pc\Application Data\SiteAdvisor<SITEAD~1>
2007-03-14 13:05:37 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-14 00:33:18 0 d-------- C:\Program Files\iTunes
2007-03-13 10:29:20 0 d-------- C:\Documents and Settings\chris pc\Application Data\uTorrent
2007-03-06 23:13:32 0 dr-h----- C:\Documents and Settings\chris pc\Application Data\yahoo!
2007-03-06 03:38:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-05 21:47:24 0 d-------- C:\Documents and Settings\chris pc\Application Data\Image Zone Express<IMAGEZ~1>
2007-03-04 16:47:43 0 d---s---- C:\Documents and Settings\chris pc\Application Data\Microsoft<MICROS~1>
2007-03-03 00:11:54 0 d-------- C:\Program Files\Common Files\MicroWorld<MICROW~1>
2007-02-14 07:59:48 0 d-------- C:\Documents and Settings\chris pc\Application Data\Lavasoft
2007-02-14 07:59:28 0 d-------- C:\Program Files\Lavasoft
2007-02-14 05:14:57 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1>
2007-02-11 14:47:48 0 d-------- C:\Documents and Settings\chris pc\Application Data\Ahead
2007-02-10 22:33:45 34 --a------ C:\Documents and Settings\chris pc\Application Data\pcouffin.log
2007-02-10 22:33:40 47360 --a------ C:\Documents and Settings\chris pc\Application Data\pcouffin.sys
2007-02-10 22:33:40 1144 --a------ C:\Documents and Settings\chris pc\Application Data\pcouffin.inf
2007-02-10 22:33:40 1074 --a------ C:\Documents and Settings\chris pc\Application Data\pcouffin.cat
2007-02-10 22:33:40 87608 --a------ C:\Documents and Settings\chris pc\Application Data\ezpinst.exe
2007-02-10 22:33:38 0 d-------- C:\Program Files\vso
2007-02-10 22:02:36 0 d-------- C:\Program Files\Ahead
2007-02-10 01:01:06 0 d-------- C:\Documents and Settings\chris pc\Application Data\Uniblue
2007-02-10 00:51:28 0 d-------- C:\Documents and Settings\chris pc\Application Data\SlySoft
2007-02-08 23:59:59 0 d-------- C:\Program Files\PartyGaming<PARTYG~1>
2007-02-07 21:03:13 8192 --a------ C:\WINDOWS\system32\cidaemon.exe
2007-02-07 12:52:04 0 d-------- C:\Program Files\Common Files\Real
2007-02-07 12:51:47 0 d-------- C:\Documents and Settings\chris pc\Application Data\Real
2007-02-04 13:38:36 0 d-------- C:\Program Files\ToniArts
2007-02-04 10:22:20 0 d-------- C:\Documents and Settings\chris pc\Application Data\CyberLink<CYBERL~1>
2007-02-04 06:36:58 0 d-------- C:\Program Files\MailWasher<MAILWA~1>
2007-02-04 02:41:43 0 d-------- C:\Documents and Settings\chris pc\Application Data\MailWasherPro<MAILWA~2>
2007-02-03 02:59:51 0 d-------- C:\Program Files\OpenOffice.org 2.1<OPENOF~1.1>
2007-02-03 02:51:50 0 d-------- C:\Documents and Settings\chris pc\Application Data\OpenOffice.org2<OPENOF~1.ORG>
2007-02-01 20:52:39 0 d-------- C:\Documents and Settings\chris pc\Application Data\MSNInstaller<MSNINS~1>
2007-02-01 01:44:25 0 d-------- C:\Program Files\Raw Logic Software<RAWLOG~1>
2007-01-31 22:36:38 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>
2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-28 16:32:45 0 d-------- C:\Documents and Settings\chris pc\Application Data\MyPhoneExplorer<MYPHON~1>
2007-01-28 16:27:30 0 d-------- C:\Program Files\MyPhoneExplorer<MYPHON~1>
2007-01-26 09:09:28 0 d-------- C:\Program Files\Common Files\Agnitum Shared<AGNITU~1>
2007-01-16 07:08:58 1992 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-15 19:36:04 117644 --a------ C:\WINDOWS\hpoins11.dat
2007-01-15 19:35:07 0 d-------- C:\Program Files\Common Files\HP
2007-01-15 19:33:34 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-01-12 13:42:34 14 --a------ C:\WINDOWS\system32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-12 10:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 20:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 20:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 20:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-04 22:17:37 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-01-02 14:14:53 7685 --a------ C:\WINDOWS\mozver.dat
2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 14:36:45 0 --a------ C:\WINDOWS\nsreg.dat
2006-12-19 14:29:22 82032 --a------ C:\WINDOWS\winsbak2.reg
2006-12-19 14:29:22 11026 --a------ C:\WINDOWS\winsbak.reg
2006-12-19 12:05:55 0 -rahs---- C:\MSDOS.SYS
2006-12-19 12:05:55 0 -rahs---- C:\IO.SYS
2006-12-19 12:05:55 0 --a------ C:\CONFIG.SYS
2006-12-19 12:05:55 0 -----n--- C:\AUTOEXEC.BAT
2006-12-19 12:03:02 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-19 03:56:12 62 --ahs---- C:\Documents and Settings\chris pc\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"RTHDCPL"="RTHDCPL.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\5248\\SiteAdv.exe"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of ComboScan: finished at 2007-03-15 at 11:02:41 ------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:02:15 AM, on 3/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\5248\SiteAdv.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\SiteAdvisor\5248\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Documents and Settings\chris pc\Desktop\comboscan.exe
C:\DOCUME~1\CHRISP~1\Desktop\chris pc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\5248\SiteAdv.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170349875140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170351159718
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) -
http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -
http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4949/mcfscan.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\5248\SAService.exe
i think all is well sd was comprimized i d loaded a clean install ran a scan it picked up cws black worm and viking worm i deleted them this morning , seems ok