Thread: MS Windows XP will not load when connected to internet
View Single Post
Old 03-12-2007, 11:55 PM   #44 (permalink)
cul8rman
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
Here is the list, files at end. Sorry about the delay, I let my job get in the way of my home life. Also post too long - did some surgery
your direction is colored, mine is colored as well
************
(click on) WeatherBug Browser Bar - powered by MyWebSearch
"Delete this entry"
Close HijackThis
*** REMOVED ***
-------------------

Using 'My Computer',

C:\Documents and Settings\Duane\Application Data\Ultimate Cleaner
C:\eryvk.exe
C:\loder.exe
C:\Program Files\BHO Plugin
C:\Program Files\Common Files\sagu292
C:\program files\mywebsearch *** Could not find ***
C:\WINDOWS\nnqvcc.dat
C:\WINDOWS\System32\byxwttt.dll
*** COMPLETED ***
--------------------------------------------------------------------

Upload following http://virusscan.jotti.org

C:\WINDOWS\System32\3718845C.exe
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
C:\Program Files\Common Files\wuopry.html
Service
Service load: 0% 100% About 10-15%

File: wuopry.html
Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 09cf569bb4d30b18db62dcc43090f84a
Packers detected: -

Scanner results
Scan taken on 13 Mar 2007 05:11:31 (GMT)
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


C:\WINDOWS\System32\svchost.exe
Service
Service load: 0% 100% About 10-15%

File: svchost.exe
Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 0f7d9c87b0ce1fa520473119752c6f79
Packers detected: -

Scanner results
Scan taken on 13 Mar 2007 05:02:36 (GMT)
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
--------------------------------------------------------------------
Panda Activescan results

Attached as file to preserve formatting
File too long, pasted in next post

--------------------------------------------------------------------
Comboscan

ComboScan v20070306.20 run by Duane on 2007-03-12 at 22:22:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Duane.exe) -----------------------------------------------

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-12 22:25:54
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.0.2800.1106)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\KBDAP32A.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Duane\Desktop\comboscan.exe
C:\Program Files\Hijack This\Duane.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra 'Tools' menuitem: (no name) - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker () - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon () - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo () - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack () - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers () - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess () - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage () - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice () - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish () - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire () - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker () - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids () - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...367/wmavax.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\System32\igfxsrvc.dll
O23 - Service: Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Application Layer Gateway Service (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Computer Browser (Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Indexing Service (CiSvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: COM+ System Application (COMSysApp) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: DHCP Client (Dhcp) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: DNS Client (Dnscache) - C:\WINDOWS\System32\svchost.exe -k NetworkService
O23 - Service: Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Event Log (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System (EventSystem) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Google Updater Service (gusvc) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Human Interface Device Access (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: InstallDriver Table Manager (IDriverT) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPodService - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server (lanmanserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Workstation (lanmanworkstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - C:\WINDOWS\System32\msiexec.exe /V
O23 - Service: Network DDE (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Network Location Awareness (NLA) (Nla) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Office Source Engine (ose) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Remote Access Connection Manager (RasMan) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access (RemoteAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card Helper (SCardDrv) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Smart Card (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Sygate Personal Firewall (SmcService) - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service (srservice) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\System32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\System32\dllhost.exe /Processid:{195E6122-CAE8-4FC9-BD96-F81BBD1135E2}
O23 - Service: SymWMI Service (SymWSC) - "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
O23 - Service: Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Terminal Services (TermService) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Upload Manager (uploadmgr) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Uninterruptible Power Supply (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Volume Shadow Copy (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Windows Time (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - "C:\WINDOWS\wanmpsvc.exe"
O23 - Service: WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WMI Performance Adapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Files created between 2007-02-12 and 2007-03-12 -----------------------------

2007-03-12 21:01:09 62739 --a------ C:\WINDOWS\System32\setup_66402.exe<SETUP_~1.EXE>
2007-03-12 18:55:59 0 --a------ C:\WINDOWS\System32\eraseme_04754.exe<ERASEM~1.EXE>
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 19:04:07 0 --a------ C:\WINDOWS\System32\setup_11784.exe<SETUP_~4.EXE>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 12:01:17 0 d-------- C:\avenger
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-09 18:42:41 639 --a------ C:\Combo.bat
2007-03-08 19:56:44 0 d-------- C:\WINDOWS\ERDNT
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe
2007-03-08 19:33:08 79360 --a------ C:\Documents and Settings\Duane\swxcacls.exe
2007-03-08 19:33:08 123904 --a------ C:\Documents and Settings\Duane\swsc.exe
2007-03-08 19:33:08 140800 --a------ C:\Documents and Settings\Duane\swreg.exe
2007-03-08 19:33:08 8192 --a------ C:\Documents and Settings\Duane\RestartIt.exe<RESTAR~1.EXE>
2007-03-08 19:33:08 6914 --a------ C:\Documents and Settings\Duane\Qoo.bat
2007-03-08 19:33:08 971 --a------ C:\Documents and Settings\Duane\Purity.bat
2007-03-08 19:33:08 39184 --a------ C:\Documents and Settings\Duane\Ntrights.exe
2007-03-08 19:33:08 5074 --a------ C:\Documents and Settings\Duane\NTPBack.exe
2007-03-08 19:33:08 42887 --a------ C:\Documents and Settings\Duane\ntp.exe
2007-03-08 19:33:08 26112 --a------ C:\Documents and Settings\Duane\nircmd.exe
2007-03-08 19:33:08 38400 --a------ C:\Documents and Settings\Duane\moveex.exe
2007-03-08 19:33:08 2304 --a------ C:\Documents and Settings\Duane\Look2Me.bat
2007-03-08 19:33:08 117379 --a------ C:\Documents and Settings\Duane\LIST-C.bat
2007-03-08 19:33:08 181776 --a------ C:\Documents and Settings\Duane\handle.exe
2007-03-08 19:33:08 73728 --a------ C:\Documents and Settings\Duane\FDSV.EXE
2007-03-08 19:33:08 51200 --a------ C:\Documents and Settings\Duane\dumphive.exe
2007-03-08 19:33:08 319415 --a------ C:\Documents and Settings\Duane\Creg.reg
2007-03-08 19:33:08 28672 --a------ C:\Documents and Settings\Duane\catchme.exe
2007-02-28 19:24:14 0 d-------- C:\!KillBox
2007-02-24 21:33:14 53248 --a------ C:\WINDOWS\System32\Process.exe
2007-02-24 21:33:08 0 d-------- C:\SmitfraudFix<SMITFR~1>
2007-02-24 10:28:21 19392 --a------ C:\WINDOWS\System32\drivers\avgmfx86.sys
2007-02-24 10:28:21 3968 --a------ C:\WINDOWS\System32\drivers\avgclean.sys
2007-02-21 21:42:30 129 --a------ C:\fix.bat
2007-02-20 23:22:43 0 d-------- C:\Program Files\backups
2007-02-16 05:28:25 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-02-13 05:48:17 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb<DOCTOR~1>
2007-02-12 21:43:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage<OFFICE~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-12 21:31:57 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-12 20:03:41 0 d-------- C:\Program Files\Picasa2
2007-03-12 20:01:52 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-12 19:56:46 0 d-------- C:\Program Files\iTunes
2007-03-12 19:55:38 0 d-------- C:\Program Files\Google
2007-03-12 19:53:11 0 d-------- C:\Program Files\BigFix
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-25 10:48:59 0 d---s---- C:\Documents and Settings\Duane\Application Data\Microsoft<MICROS~1>
2007-02-24 22:08:44 3762 --a------ C:\WINDOWS\System32\tmp.reg
2007-02-24 10:40:37 0 d-------- C:\Documents and Settings\Duane\Application Data\AVG7
2007-02-24 10:28:12 0 d-------- C:\Program Files\Grisoft
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 22:13:42 0 d-------- C:\Program Files\LG Software Innovations<LGSOFT~1>
2007-01-28 22:05:20 0 d-------- C:\Program Files\CloneDVD
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-28 21:26:56 0 d-------- C:\Documents and Settings\Duane\Application Data\Vso
2007-01-28 21:26:55 34 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.log
2007-01-28 21:26:41 47360 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.sys
2007-01-28 21:26:41 1144 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.inf
2007-01-28 21:26:41 7176 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.cat
2007-01-28 21:26:41 81920 --a------ C:\Documents and Settings\Duane\Application Data\ezpinst.exe
2007-01-21 15:19:32 0 d-------- C:\Documents and Settings\Duane\Application Data\Lavasoft
2007-01-21 15:19:15 0 d-------- C:\Program Files\Lavasoft
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-14 10:30:55 0 d-------- C:\Program Files\Sygate
2007-01-14 10:29:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-11 16:34:25 0 --a------ C:\WINDOWS\System32\3718845C.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat
2006-12-25 16:33:11 23066 --a------ C:\Program Files\plainoldfavorites-0.5.6-fx-windows.xpi<PLAINO~1.XPI>
2006-12-19 16:51:14 142 --a------ C:\Program Files\Common Files\wuopry.html<WUOPRY~1.HTM>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of ComboScan: finished at 2007-03-12 at 22:26:14 ------------------------

End of Report,
Attached Files
File Type: txt Activescan.txt (75.8 KB, 2 views)
cul8rman is offline