Thread: three minute wait for IE to load
View Single Post
Old 10-15-2007, 12:06 AM   #5 (permalink)
queenBof3
Registered User
 
Join Date: Oct 2007
Posts: 8
OS: xp sp2


Re: three minute wait for IE to load
Okay here you go. I got an error popup that said:

windows - no disk
exception processing message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c

so I clicked on continue a few times before combofix would finish.

Also noticed something called Uniblue in this log. Does that sound familiar to you?

And here is the result:

ComboFix 07-10-14.5 - Dad 2007-10-14 22:31:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.171 [GMT -7:00]
Running from: C:\Documents and Settings\Dad.PIKER\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1192248173.old
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-14 13:44 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Grisoft
2007-10-14 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 13:44 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-14 13:41 <DIR> d-------- C:\{00004676-0000-0000-FE3A-19F571603268}
2007-10-14 13:41 <DIR> d-------- C:\{00000BF6-0000-0000-FCC2-60E8FC1F0C99}
2007-10-14 11:04 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-10-14 08:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-13 08:36 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Lavasoft
2007-10-13 08:35 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-13 08:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-08 10:30 <DIR> d-------- C:\Deckard
2007-10-08 10:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 08:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-07 20:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-07 20:01 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\SUPERAntiSpyware.com
2007-10-07 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-07 20:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-07 18:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 07:44 <DIR> d-------- C:\Program Files\TrojanHunter
2007-10-07 07:39 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\TrojanHunter
2007-10-07 07:32 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-06 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 21:35 <DIR> d-------- C:\Program Files\CCleaner
2007-10-06 17:30 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-06 12:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-06 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-06 11:46 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\ArcSoft
2007-10-06 11:34 <DIR> d-------- C:\Program Files\SanDisk
2007-10-06 11:34 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-10-06 11:34 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-10-05 18:56 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Yahoo!
2007-10-05 18:42 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-05 18:42 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-05 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-05 18:38 131,072 --a------ C:\WINDOWS\system32\ypclsp.dll
2007-10-05 18:38 86,016 --a------ C:\WINDOWS\system32\YPcservice.exe
2007-10-05 18:38 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2007-10-05 17:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Uniblue
2007-10-05 17:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Uniblue
2007-10-05 17:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Uniblue
2007-10-04 18:12 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2007-10-04 18:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-10-04 18:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-10-04 18:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-10-03 19:40 <DIR> d-------- C:\WINDOWS\system32\bak
2007-10-03 19:40 <DIR> d-------- C:\WINDOWS\system\bak
2007-10-03 19:40 <DIR> d-------- C:\WINDOWS\bak
2007-09-23 16:11 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Image Zone Express
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 03:30 --------- d-----w C:\Documents and Settings\Dad.PIKER\Application Data\OpenOffice.org2
2007-10-15 01:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-14 20:26 --------- d-----w C:\Program Files\iTunes
2007-10-13 15:03 --------- d-----w C:\Program Files\MP3 Rocket
2007-10-13 15:03 --------- d-----w C:\Documents and Settings\Dad.PIKER\Application Data\MP3Rocket
2007-10-11 02:56 --------- d-----w C:\Documents and Settings\Dad.PIKER\Application Data\AdobeUM
2007-10-08 16:42 --------- d-----w C:\Program Files\Symantec
2007-10-08 16:16 --------- d-----w C:\Program Files\Google
2007-10-08 05:38 --------- d-----w C:\Program Files\The Weather Channel FW
2007-10-07 02:26 --------- d-----w C:\Program Files\Microsoft Works
2007-10-06 19:09 --------- d-----w C:\Program Files\QuickTime
2007-10-06 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-06 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-06 01:58 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-06 01:58 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-06 01:38 --------- d-----w C:\Program Files\Yahoo!
2007-10-05 02:08 --------- d-----w C:\Program Files\IncrediMail
2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 21:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 21:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 21:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 21:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-02 00:55 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\HP
2007-09-02 00:55 --------- d-----w C:\Documents and Settings\Dad.PIKER\Application Data\HP
2007-08-28 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-08-28 16:42 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-08-28 16:41 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-28 02:24 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-08-28 02:22 --------- d-----w C:\Program Files\Java
2007-08-21 22:22 --------- d-----w C:\Program Files\HP
2007-08-21 15:21 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Motive
2007-08-21 01:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2007-08-21 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-08-20 23:51 3,885 ----a-w C:\WINDOWS\viassary-hp.reg
2007-08-20 23:51 --------- d-----w C:\Program Files\Easy Internet signup
2007-08-20 23:48 4,204 --sha-r C:\WINDOWS\system32\drivers\HP_PJ510AA-ABA A730N_YC_Pavi_QMXY439_E44NAheBLU5_4_IGrouper_SASUSTeK Computer INC._V1.xx_B3.10_T041112_WXH2_L409_M504_J200_7Intel_8Pentium 4_93_111063044_N10EC8139_P_Z11C1048C_K_A_U80862658_G80862582.MRK
2005-10-01 19:58 483,401 ----a-w C:\Documents and Settings\HP_Owner\314_gotomypc.exe
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2003-02-12 03:02:48 C:\hp\KBD\bak\KBD.EXE

----a-w 180,269 2004-08-07 21:03:31 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 70,776 2003-12-09 06:18:34 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 115,816 2007-01-10 05:59:52 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

----a-w 68,856 2007-06-16 09:07:53 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 49,152 2004-06-08 01:53:26 C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe

----a-w 208,946 2007-08-21 18:44:02 C:\Program Files\IncrediMail\bin\bak\IncMail.exe
----a-w 208,946 2007-09-20 22:17:20 C:\Program Files\IncrediMail\bin\IncMail.exe

----a-w 286,720 2004-04-22 01:28:18 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 132,496 2007-07-12 11:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe

----a-w 98,304 2004-08-07 21:20:54 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\QTTask.exe

----a-w 233,472 2004-04-15 03:43:46 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

----a-w 179 2007-10-06 01:00:56 C:\WINDOWS\system\bak\hpsysdrv.DAT
----a-w 246 2007-10-04 22:54:29 C:\WINDOWS\system\hpsysdrv.dat

----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe

----a-w 15,360 2004-08-04 19:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 19:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 126,976 2004-11-02 15:59:42 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 659,456 2004-06-08 01:42:30 C:\WINDOWS\system32\bak\hphmon06.exe

----a-w 155,648 2004-11-02 16:03:44 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 81,920 2002-10-16 23:57:10 C:\WINDOWS\system32\bak\ps2.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D837817-E580-C775-A24E-EB2B58978FE8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 10:24 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 C:\WINDOWS\ALCWZRD.EXE]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 00:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-09-20 15:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Dad.PIKER\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 14:33:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7983ee9a-545b-11dc-8dca-00112f7450df}]
AutoRun\command


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 17:27:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-15 05:20:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2007-10-15 05:39:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-09 04:29:58 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Dad.job"
"2007-10-06 00:42:58 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-06 00:42:56 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-09 01:15:00 C:\WINDOWS\Tasks\Windows Update.job"
- C:\WINDOWS\system32\wupdmgr.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 22:37:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 22:47:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 18:57
C:\ComboFix2.txt ... 2007-10-07 18:57
.
--- E O F ---





Deckard's System Scanner v20070905.67
Run by Dad on 2007-10-14 22:52:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Dad.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:08 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Dad.PIKER\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sfbay.craigslist.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D837817-E580-C775-A24E-EB2B58978FE8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase2895.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8359CF6-B252-410A-9F81-1B11EAF0B241}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10142 bytes

-- Files created between 2007-09-14 and 2007-10-14 -----------------------------

2007-10-14 13:44:28 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Grisoft
2007-10-14 13:44:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 13:41:14 0 d-------- C:\{00004676-0000-0000-FE3A-19F571603268}
2007-10-14 13:41:13 0 d-------- C:\{00000BF6-0000-0000-FCC2-60E8FC1F0C99}
2007-10-14 11:04:25 0 d-------- C:\Program Files\Windows Live Safety Center
2007-10-14 08:56:33 0 d-------- C:\WINDOWS\BDOSCAN8
2007-10-13 08:36:33 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Lavasoft
2007-10-13 08:35:51 0 d-------- C:\Program Files\Lavasoft
2007-10-13 08:29:58 0 dr-h----- C:\Documents and Settings\Dad.PIKER\Recent
2007-10-13 08:09:00 0 d-------- C:\Program Files\Trend Micro
2007-10-08 10:22:07 0 d-------- C:\Program Files\SpywareBlaster
2007-10-08 08:28:53 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-07 20:01:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-07 20:01:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-07 20:01:29 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\SUPERAntiSpyware.com
2007-10-07 20:00:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-07 07:44:27 0 d-------- C:\Program Files\TrojanHunter
2007-10-07 07:39:20 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\TrojanHunter
2007-10-07 07:32:43 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-10-06 22:01:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 21:35:48 0 d-------- C:\Program Files\CCleaner
2007-10-06 17:30:10 0 d-------- C:\Program Files\Windows Defender
2007-10-06 12:07:14 0 d-------- C:\Program Files\Apple Software Update
2007-10-06 12:07:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-06 11:46:27 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\ArcSoft
2007-10-06 11:34:34 0 d-------- C:\Program Files\Common Files\ArcSoft
2007-10-06 11:34:32 0 d-------- C:\Program Files\SanDisk
2007-10-05 18:56:40 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Yahoo!
2007-10-05 18:38:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-05 18:38:33 86016 --a------ C:\WINDOWS\system32\YPcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module>
2007-10-05 18:38:33 131072 --a------ C:\WINDOWS\system32\ypclsp.dll <Not Verified; Yahoo! Inc.; Yahoo! YPCLSP>
2007-10-05 18:38:14 65536 --a------ C:\WINDOWS\system32\YCRWin32.dll <Not Verified; ; YCRWin32 Module>
2007-10-05 17:43:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Uniblue
2007-10-05 17:42:46 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-10-05 17:42:08 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-10-04 18:12:33 0 d---s---- C:\Documents and Settings\LocalService\UserData
2007-10-04 18:05:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-10-03 19:40:49 0 d-------- C:\WINDOWS\bak
2007-10-03 19:40:44 0 d-------- C:\WINDOWS\system\bak
2007-10-03 19:40:40 0 d-------- C:\WINDOWS\system32\bak
2007-09-23 16:11:12 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Image Zone Express


-- Find3M Report ---------------------------------------------------------------

2007-10-14 22:41:34 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\OpenOffice.org2
2007-10-14 18:27:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-14 13:26:18 0 d-------- C:\Program Files\iTunes
2007-10-13 08:03:32 0 d-------- C:\Program Files\MP3 Rocket
2007-10-13 08:03:32 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\MP3Rocket
2007-10-10 19:56:01 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\AdobeUM
2007-10-08 09:42:59 0 d-------- C:\Program Files\Symantec
2007-10-08 09:16:37 0 d-------- C:\Program Files\Google
2007-10-07 22:38:35 0 d-------- C:\Program Files\The Weather Channel FW
2007-10-07 20:00:50 0 d-------- C:\Program Files\Common Files
2007-10-06 19:26:57 0 d-------- C:\Program Files\Microsoft Works
2007-10-06 12:09:05 0 d-------- C:\Program Files\QuickTime
2007-10-06 11:42:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-05 18:38:39 0 d-------- C:\Program Files\Yahoo!
2007-10-04 19:08:54 0 d-------- C:\Program Files\IncrediMail
2007-09-01 17:55:18 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\HP
2007-08-28 09:50:00 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Adobe
2007-08-28 09:42:01 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-08-28 09:41:13 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-27 19:24:45 0 d-------- C:\Program Files\OpenOffice.org 2.2
2007-08-27 19:22:20 0 d-------- C:\Program Files\Java
2007-08-24 12:12:21 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Google
2007-08-21 15:22:42 0 d-------- C:\Program Files\HP
2007-08-20 18:24:19 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Real
2007-08-20 18:18:42 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Macromedia
2007-08-20 17:42:23 112923 --a------ C:\WINDOWS\hpoins07.dat
2007-08-20 17:41:16 0 d-------- C:\Program Files\Messenger
2007-08-20 16:51:25 3885 --a------ C:\WINDOWS\viassary-hp.reg
2007-08-20 16:51:01 0 d-------- C:\Program Files\Easy Internet signup
2007-08-20 16:44:56 50 --a------ C:\AUTOEXEC.BAT
2007-08-20 16:21:23 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D837817-E580-C775-A24E-EB2B58978FE8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 05:06 PM C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [09/21/2005 10:24 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [09/21/2005 03:32 PM C:\WINDOWS\ALCWZRD.EXE]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 12:11 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [09/09/2007 09:31 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [09/20/2007 03:17 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Dad.PIKER\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2/2/2007 4:54:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [8/7/2004 2:33:32 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7983ee9a-545b-11dc-8dca-00112f7450df}]

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-10-14 22:53:38 ------------
queenBof3 is offline