|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-08-2007, 12:04 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 8
OS: xp sp2
|
three minute wait for IE to load
I don't know where it came from but something has attached to my IE and it takes about three minutes for it to load. Once It is loaded up I have no problem going from site to site. However, if I click on a link and it opens a new window, then it is another three minutes until it is visible. I've checked my history and have noticed a site called whataboutadog. I've also found something else called outerinfo. I have been trying to fix myself from different forums, but the problem still exists.... three minute load for IE. The problem is driving me a little wacko.... Can you help?
Deckard's System Scanner v20070905.67 Run by Dad on 2007-10-08 10:35:14 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 67: 2007-10-08 17:35:27 UTC - RP67 - Deckard's System Scanner Restore Point 66: 2007-10-08 03:01:27 UTC - RP66 - Installed SUPERAntiSpyware Free Edition 65: 2007-10-08 01:40:59 UTC - RP65 - ComboFix created restore point 64: 2007-10-07 10:00:24 UTC - RP64 - Software Distribution Service 3.0 63: 2007-10-07 02:26:10 UTC - RP63 - Removed Microsoft Office Standard Edition 2003 -- First Restore Point -- 1: 2007-08-20 23:49:04 UTC - RP1 - Unsigned driver install Backed up registry hives. Performed disk cleanup. Total Physical Memory: 504 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-10-08 10:37:03 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\TrojanHunter 5.0\THGuard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Yahoo!\browser\ycommon.exe C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Yahoo!\YOP\SSDK02.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.bin C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Dad.PIKER\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/watch?v=zpkVt...elated&search= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1D837817-E580-C775-A24E-EB2B58978FE8} - C:\WINDOWS\system32\uhj.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: (no name) - - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKEY_LOCAL_MACHINE\..\Run: [VTTimer] VTTimer.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKEY_LOCAL_MACHINE\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKEY_LOCAL_MACHINE\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKEY_LOCAL_MACHINE\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Tgyxmk] "C:\Documents and Settings\Dad.PIKER\My Documents\W?nSxS\?xplorer.exe" O4 - HKCU\..\Run: [Pjgxllg] C:\WINDOWS\system32\?racle\w?nspool.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.whataboutadog.com (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8359CF6-B252-410A-9F81-1B11EAF0B241}: NameServer = 68.94.156.1,68.94.157.1 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - "C:\Program Files\iPod\bin\iPodService.exe" O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 catchme - c:\docume~1\dad~1.pik\locals~1\temp\catchme.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-10-08 10:20:00 278 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job 2007-10-08 01:38:16 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2007-10-06 12:07:21 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-10-05 18:51:08 572 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Dad.job 2007-10-05 17:42:58 266 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job 2007-10-05 17:42:56 388 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job 2007-10-01 18:15:00 254 --a------ C:\WINDOWS\Tasks\Windows Update.job -- Files created between 2007-09-08 and 2007-10-08 ----------------------------- 2007-10-08 10:22:07 0 d-------- C:\Program Files\SpywareBlaster 2007-10-08 08:28:53 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-08 08:28:51 0 d-------- C:\WINDOWS\LastGood 2007-10-07 20:01:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-07 20:01:29 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-10-07 20:01:29 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\SUPERAntiSpyware.com 2007-10-07 20:00:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-07 07:44:27 0 d-------- C:\Program Files\TrojanHunter 2007-10-07 07:39:20 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\TrojanHunter 2007-10-07 07:32:43 0 d-------- C:\Program Files\TrojanHunter 5.0 2007-10-06 22:01:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-06 21:42:02 0 dr-h----- C:\Documents and Settings\Dad.PIKER\Recent 2007-10-06 21:35:48 0 d-------- C:\Program Files\CCleaner 2007-10-06 17:30:10 0 d-------- C:\Program Files\Windows Defender 2007-10-06 12:07:14 0 d-------- C:\Program Files\Apple Software Update 2007-10-06 12:07:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-06 11:46:27 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\ArcSoft 2007-10-06 11:34:34 0 d-------- C:\Program Files\Common Files\ArcSoft 2007-10-06 11:34:32 0 d-------- C:\Program Files\SanDisk 2007-10-05 18:56:40 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Yahoo! 2007-10-05 18:38:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-10-05 18:38:33 86016 --a------ C:\WINDOWS\system32\YPcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module> 2007-10-05 18:38:33 131072 --a------ C:\WINDOWS\system32\ypclsp.dll <Not Verified; Yahoo! Inc.; Yahoo! YPCLSP> 2007-10-05 18:38:14 65536 --a------ C:\WINDOWS\system32\YCRWin32.dll <Not Verified; ; YCRWin32 Module> 2007-10-05 17:43:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Uniblue 2007-10-05 17:42:46 0 d-------- C:\Documents and Settings\LocalService\Desktop 2007-10-05 17:42:08 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2007-10-04 18:12:33 0 d---s---- C:\Documents and Settings\LocalService\UserData 2007-10-04 18:05:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Symantec 2007-10-03 19:40:49 0 d-------- C:\WINDOWS\bak 2007-10-03 19:40:44 0 d-------- C:\WINDOWS\system\bak 2007-10-03 19:40:40 0 d-------- C:\WINDOWS\system32\bak 2007-09-23 16:11:12 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Image Zone Express 2007-09-11 09:43:26 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia 2007-09-11 09:43:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google 2007-09-11 09:43:09 0 dr------- C:\Documents and Settings\LocalService\Favorites -- Find3M Report --------------------------------------------------------------- 2007-10-08 10:36:31 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-08 09:42:59 0 d-------- C:\Program Files\Symantec 2007-10-08 09:16:37 0 d-------- C:\Program Files\Google 2007-10-07 22:38:35 0 d-------- C:\Program Files\The Weather Channel FW 2007-10-07 22:30:26 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\OpenOffice.org2 2007-10-07 20:00:50 0 d-------- C:\Program Files\Common Files 2007-10-06 19:26:57 0 d-------- C:\Program Files\Microsoft Works 2007-10-06 12:09:05 0 d-------- C:\Program Files\QuickTime 2007-10-06 11:42:58 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-05 18:38:39 0 d-------- C:\Program Files\Yahoo! 2007-10-04 19:08:54 0 d-------- C:\Program Files\IncrediMail 2007-10-03 19:48:30 0 d-------- C:\Program Files\iTunes 2007-10-03 19:45:51 27660 --a------ C:\WINDOWS\system32\ps2.exe 2007-10-03 19:45:51 27660 --a------ C:\WINDOWS\system32\igfxtray.exe 2007-10-03 19:45:51 27660 --a------ C:\WINDOWS\system32\hphmon06.exe 2007-10-03 19:45:51 27660 --a------ C:\WINDOWS\system32\hkcmd.exe 2007-10-02 17:22:51 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\MP3Rocket 2007-09-12 09:19:41 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\AdobeUM 2007-09-04 16:40:24 0 d-------- C:\Program Files\MP3 Rocket 2007-09-01 17:55:18 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\HP 2007-08-28 09:50:00 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Adobe 2007-08-28 09:42:01 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-08-28 09:41:13 0 d-------- C:\Program Files\Common Files\Adobe 2007-08-27 19:24:45 0 d-------- C:\Program Files\OpenOffice.org 2.2 2007-08-27 19:22:20 0 d-------- C:\Program Files\Java 2007-08-24 12:12:21 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Google 2007-08-21 15:22:42 0 d-------- C:\Program Files\HP 2007-08-20 18:24:19 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Real 2007-08-20 18:18:42 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Macromedia 2007-08-20 17:42:23 112923 --a------ C:\WINDOWS\hpoins07.dat 2007-08-20 17:41:16 0 d-------- C:\Program Files\Messenger 2007-08-20 16:51:25 3885 --a------ C:\WINDOWS\viassary-hp.reg 2007-08-20 16:51:01 0 d-------- C:\Program Files\Easy Internet signup 2007-08-20 16:44:56 50 --a------ C:\AUTOEXEC.BAT 2007-08-20 16:21:23 0 d-------- C:\Program Files\Windows NT -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D837817-E580-C775-A24E-EB2B58978FE8}] C:\WINDOWS\system32\uhj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [10/03/2007 07:45 PM] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [10/03/2007 07:45 PM] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/03/2007 07:45 PM] "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [10/03/2007 07:45 PM] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [10/03/2007 07:45 PM] "KBD"="C:\HP\KBD\KBD.EXE" [10/03/2007 07:45 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/03/2007 07:45 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/03/2007 07:45 PM] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [10/03/2007 07:45 PM] "VTTimer"="VTTimer.exe" [] "AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 05:06 PM C:\WINDOWS\AGRSMMSG.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [10/03/2007 07:45 PM] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/03/2007 07:45 PM] "SoundMan"="SOUNDMAN.EXE" [09/21/2005 10:24 AM C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [09/21/2005 03:32 PM C:\WINDOWS\ALCWZRD.EXE] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM] "osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 12:11 AM] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [09/09/2007 09:31 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/03/2007 07:45 PM] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [09/20/2007 03:17 PM] "Tgyxmk"="C:\Documents and Settings\Dad.PIKER\My Documents\W?nSxS\?xplorer.exe" [] "Pjgxllg"="C:\WINDOWS\system32\?racle\w?nspool.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Dad.PIKER\Start Menu\Programs\Startup\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2/2/2007 4:54:56 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM] Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [8/7/2004 2:33:32 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7983ee9a-545b-11dc-8dca-00112f7450df}] AutoRun\command- K:\autorun.exe *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2007-10-08 10:38:52 ------------ |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-14-2007, 09:57 PM
|
#3 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 8
OS: xp sp2
|
Re: three minute wait for IE to load
Totally tired of waiting and for the last three days have been running scan after scan after scan.... I looked in the trusted zone in the IE internet options and found where whataboutadog and doginhispen were located. Removed them, rebooted my computer, opened several IE windows and then ran this scan. It has seemed to remove my problem. Thru all the system scans I have done, IE now opens much quicker, only taking about 3 to 5 seconds on youtube. I did learn that having just one antivirus/antispyware program is not enough. Each program I used found something different than the earlier scans I ran. I do have one thing though. When rebooting I get a system error with svchost when computer is trying to shut down. Please see if you can locate my problem.
Thanks Deckard's System Scanner v20070905.67 Run by Dad on 2007-10-14 20:39:33 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 78% (more than 75%). Total Physical Memory: 504 MiB (512 MiB recommended). -- HijackThis (run as Dad.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:39:38 PM, on 10/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\TrojanHunter 5.0\THGuard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Dad.PIKER\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Dad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/watch?v=H10I3ukSre4 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1D837817-E580-C775-A24E-EB2B58978FE8} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase2895.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{B8359CF6-B252-410A-9F81-1B11EAF0B241}: NameServer = 68.94.156.1,68.94.157.1 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 10171 bytes -- Files created between 2007-09-14 and 2007-10-14 ----------------------------- 2007-10-14 13:44:28 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Grisoft 2007-10-14 13:44:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-14 13:41:14 0 d-------- C:\{00004676-0000-0000-FE3A-19F571603268} 2007-10-14 13:41:13 0 d-------- C:\{00000BF6-0000-0000-FCC2-60E8FC1F0C99} 2007-10-14 11:04:25 0 d-------- C:\Program Files\Windows Live Safety Center 2007-10-14 08:56:33 0 d-------- C:\WINDOWS\BDOSCAN8 2007-10-13 08:36:33 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Lavasoft 2007-10-13 08:35:51 0 d-------- C:\Program Files\Lavasoft 2007-10-13 08:29:58 0 dr-h----- C:\Documents and Settings\Dad.PIKER\Recent 2007-10-13 08:09:00 0 d-------- C:\Program Files\Trend Micro 2007-10-12 21:02:51 0 d-------- C:\Program Files\WinBudget 2007-10-08 10:22:07 0 d-------- C:\Program Files\SpywareBlaster 2007-10-08 08:28:53 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-07 20:01:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-07 20:01:29 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-10-07 20:01:29 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\SUPERAntiSpyware.com 2007-10-07 20:00:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-07 07:44:27 0 d-------- C:\Program Files\TrojanHunter 2007-10-07 07:39:20 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\TrojanHunter 2007-10-07 07:32:43 0 d-------- C:\Program Files\TrojanHunter 5.0 2007-10-06 22:01:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-06 21:35:48 0 d-------- C:\Program Files\CCleaner 2007-10-06 17:30:10 0 d-------- C:\Program Files\Windows Defender 2007-10-06 12:07:14 0 d-------- C:\Program Files\Apple Software Update 2007-10-06 12:07:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-06 11:46:27 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\ArcSoft 2007-10-06 11:34:34 0 d-------- C:\Program Files\Common Files\ArcSoft 2007-10-06 11:34:32 0 d-------- C:\Program Files\SanDisk 2007-10-05 18:56:40 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Yahoo! 2007-10-05 18:38:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-10-05 18:38:33 86016 --a------ C:\WINDOWS\system32\YPcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module> 2007-10-05 18:38:33 131072 --a------ C:\WINDOWS\system32\ypclsp.dll <Not Verified; Yahoo! Inc.; Yahoo! YPCLSP> 2007-10-05 18:38:14 65536 --a------ C:\WINDOWS\system32\YCRWin32.dll <Not Verified; ; YCRWin32 Module> 2007-10-05 17:43:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Uniblue 2007-10-05 17:42:46 0 d-------- C:\Documents and Settings\LocalService\Desktop 2007-10-05 17:42:08 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2007-10-04 18:12:33 0 d---s---- C:\Documents and Settings\LocalService\UserData 2007-10-04 18:05:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Symantec 2007-10-03 19:40:49 0 d-------- C:\WINDOWS\bak 2007-10-03 19:40:44 0 d-------- C:\WINDOWS\system\bak 2007-10-03 19:40:40 0 d-------- C:\WINDOWS\system32\bak 2007-09-23 16:11:12 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Image Zone Express -- Find3M Report --------------------------------------------------------------- 2007-10-14 20:30:08 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\OpenOffice.org2 2007-10-14 18:27:30 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-14 13:26:18 0 d-------- C:\Program Files\iTunes 2007-10-13 08:03:32 0 d-------- C:\Program Files\MP3 Rocket 2007-10-13 08:03:32 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\MP3Rocket 2007-10-10 19:56:01 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\AdobeUM 2007-10-08 09:42:59 0 d-------- C:\Program Files\Symantec 2007-10-08 09:16:37 0 d-------- C:\Program Files\Google 2007-10-07 22:38:35 0 d-------- C:\Program Files\The Weather Channel FW 2007-10-07 20:00:50 0 d-------- C:\Program Files\Common Files 2007-10-06 19:26:57 0 d-------- C:\Program Files\Microsoft Works 2007-10-06 12:09:05 0 d-------- C:\Program Files\QuickTime 2007-10-06 11:42:58 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-05 18:38:39 0 d-------- C:\Program Files\Yahoo! 2007-10-04 19:08:54 0 d-------- C:\Program Files\IncrediMail 2007-09-01 17:55:18 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\HP 2007-08-28 09:50:00 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Adobe 2007-08-28 09:42:01 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-08-28 09:41:13 0 d-------- C:\Program Files\Common Files\Adobe 2007-08-27 19:24:45 0 d-------- C:\Program Files\OpenOffice.org 2.2 2007-08-27 19:22:20 0 d-------- C:\Program Files\Java 2007-08-24 12:12:21 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Google 2007-08-21 15:22:42 0 d-------- C:\Program Files\HP 2007-08-20 18:24:19 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Real 2007-08-20 18:18:42 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Macromedia 2007-08-20 17:42:23 112923 --a------ C:\WINDOWS\hpoins07.dat 2007-08-20 17:41:16 0 d-------- C:\Program Files\Messenger 2007-08-20 16:51:25 3885 --a------ C:\WINDOWS\viassary-hp.reg 2007-08-20 16:51:01 0 d-------- C:\Program Files\Easy Internet signup 2007-08-20 16:44:56 50 --a------ C:\AUTOEXEC.BAT 2007-08-20 16:21:23 0 d-------- C:\Program Files\Windows NT -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D837817-E580-C775-A24E-EB2B58978FE8}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [] "AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 05:06 PM C:\WINDOWS\AGRSMMSG.exe] "SoundMan"="SOUNDMAN.EXE" [09/21/2005 10:24 AM C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [09/21/2005 03:32 PM C:\WINDOWS\ALCWZRD.EXE] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM] "osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 12:11 AM] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [09/09/2007 09:31 AM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [09/20/2007 03:17 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Dad.PIKER\Start Menu\Programs\Startup\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2/2/2007 4:54:56 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM] Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [8/7/2004 2:33:32 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7983ee9a-545b-11dc-8dca-00112f7450df}] *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2007-10-14 20:40:08 ------------ |
|
|
|
|
10-14-2007, 10:30 PM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista
|
Re: three minute wait for IE to load
Hello queenBof3 and welcome to TSF,
Unfortunately, the steps you've taken will not rid you of whataboutadog and doginhispen. Specific steps and procedures are required to send this dog to the pound.  Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall |
|
|
|
|
10-15-2007, 12:06 AM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 8
OS: xp sp2
|
Re: three minute wait for IE to load
Okay here you go. I got an error popup that said:
windows - no disk exception processing message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c so I clicked on continue a few times before combofix would finish. Also noticed something called Uniblue in this log. Does that sound familiar to you? And here is the result: ComboFix 07-10-14.5 - Dad 2007-10-14 22:31:36.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.171 [GMT -7:00] Running from: C:\Documents and Settings\Dad.PIKER\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\WinBudget C:\Program Files\WinBudget\bin\crap.1192248173.old C:\Program Files\WinBudget\bin\matrix.dat C:\Program Files\WinBudget\bin\matrix.dll . ((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))) . 2007-10-14 13:44 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Grisoft 2007-10-14 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-14 13:44 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-10-14 13:41 <DIR> d-------- C:\{00004676-0000-0000-FE3A-19F571603268} 2007-10-14 13:41 <DIR> d-------- C:\{00000BF6-0000-0000-FCC2-60E8FC1F0C99} 2007-10-14 11:04 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2007-10-14 08:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-10-13 08:36 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Lavasoft 2007-10-13 08:35 <DIR> d-------- C:\Program Files\Lavasoft 2007-10-13 08:09 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-08 10:30 <DIR> d-------- C:\Deckard 2007-10-08 10:22 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-08 08:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-07 20:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-10-07 20:01 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\SUPERAntiSpyware.com 2007-10-07 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-07 20:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-07 18:39 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-07 07:44 <DIR> d-------- C:\Program Files\TrojanHunter 2007-10-07 07:39 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\TrojanHunter 2007-10-07 07:32 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 2007-10-06 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-06 21:35 <DIR> d-------- C:\Program Files\CCleaner 2007-10-06 17:30 <DIR> d-------- C:\Program Files\Windows Defender 2007-10-06 12:07 <DIR> d-------- C:\Program Files\Apple Software Update 2007-10-06 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-06 11:46 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\ArcSoft 2007-10-06 11:34 <DIR> d-------- C:\Program Files\SanDisk 2007-10-06 11:34 <DIR> d-------- C:\Program Files\Common Files\ArcSoft 2007-10-06 11:34 245,408 --a------ C:\WINDOWS\system32\unicows.dll 2007-10-05 18:56 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Yahoo! 2007-10-05 18:42 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-05 18:42 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-05 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-10-05 18:38 131,072 --a------ C:\WINDOWS\system32\ypclsp.dll 2007-10-05 18:38 86,016 --a------ C:\WINDOWS\system32\YPcservice.exe 2007-10-05 18:38 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll 2007-10-05 17:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Uniblue 2007-10-05 17:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Uniblue 2007-10-05 17:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Uniblue 2007-10-04 18:12 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData 2007-10-04 18:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec 2007-10-04 18:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec 2007-10-04 18:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec 2007-10-03 19:40 <DIR> d-------- C:\WINDOWS\system32\bak 2007-10-03 19:40 <DIR> d-------- C:\WINDOWS\system\bak 2007-10-03 19:40 <DIR> d-------- C:\WINDOWS\bak 2007-09-23 16:11 <DIR> d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Image Zone Express 2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-15 03:30 --------- d-----w C:\Documents and Settings\Dad.PIKER\Application Data\OpenOffice.org2 2007-10-15 01:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-14 20:26 --------- d-----w C:\Program Files\iTunes 2007-10-13 15:03 --------- d-----w C:\Program Files\MP3 Rocket 2007-10-13 15:03 --------- d-----w C:\Documents and Settings\Dad.PIKER\Application Data\MP3Rocket 2007-10-11 02:56 --------- d-----w C:\Documents and Settings\Dad.PIKER\Application Data\AdobeUM 2007-10-08 16:42 --------- d-----w C:\Program Files\Symantec 2007-10-08 16:16 --------- d-----w C:\Program Files\Google 2007-10-08 05:38 --------- d-----w C:\Program Files\The Weather Channel FW 2007-10-07 02:26 --------- d-----w C:\Program Files\Microsoft Works 2007-10-06 19:09 --------- d-----w C:\Program Files\QuickTime 2007-10-06 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-06 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-06 01:58 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-06 01:58 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-06 01:38 --------- d-----w C:\Program Files\Yahoo! 2007-10-05 02:08 --------- d-----w C:\Program Files\IncrediMail 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 21:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 21:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 21:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 21:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-02 00:55 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\HP 2007-09-02 00:55 --------- d-----w C:\Documents and Settings\Dad.PIKER\Application Data\HP 2007-08-28 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-08-28 16:42 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-08-28 16:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-08-28 02:24 --------- d-----w C:\Program Files\OpenOffice.org 2.2 2007-08-28 02:22 --------- d-----w C:\Program Files\Java 2007-08-21 22:22 --------- d-----w C:\Program Files\HP 2007-08-21 15:21 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Motive 2007-08-21 01:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec 2007-08-21 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-08-20 23:51 3,885 ----a-w C:\WINDOWS\viassary-hp.reg 2007-08-20 23:51 --------- d-----w C:\Program Files\Easy Internet signup 2007-08-20 23:48 4,204 --sha-r C:\WINDOWS\system32\drivers\HP_PJ510AA-ABA A730N_YC_Pavi_QMXY439_E44NAheBLU5_4_IGrouper_SASUSTeK Computer INC._V1.xx_B3.10_T041112_WXH2_L409_M504_J200_7Intel_8Pentium 4_93_111063044_N10EC8139_P_Z11C1048C_K_A_U80862658_G80862582.MRK 2005-10-01 19:58 483,401 ----a-w C:\Documents and Settings\HP_Owner\314_gotomypc.exe 2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 61,440 2003-02-12 03:02:48 C:\hp\KBD\bak\KBD.EXE ----a-w 180,269 2004-08-07 21:03:31 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe ----a-w 70,776 2003-12-09 06:18:34 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe ----a-w 115,816 2007-01-10 05:59:52 C:\Program Files\Common Files\Symantec Shared\ccApp.exe ----a-w 68,856 2007-06-16 09:07:53 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe ----a-w 49,152 2004-06-08 01:53:26 C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe ----a-w 208,946 2007-08-21 18:44:02 C:\Program Files\IncrediMail\bin\bak\IncMail.exe ----a-w 208,946 2007-09-20 22:17:20 C:\Program Files\IncrediMail\bin\IncMail.exe ----a-w 286,720 2004-04-22 01:28:18 C:\Program Files\iTunes\bak\iTunesHelper.exe ----a-w 132,496 2007-07-12 11:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe ----a-w 98,304 2004-08-07 21:20:54 C:\Program Files\QuickTime\bak\qttask.exe ----a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\QTTask.exe ----a-w 233,472 2004-04-15 03:43:46 C:\WINDOWS\SMINST\bak\RECGUARD.EXE ----a-w 179 2007-10-06 01:00:56 C:\WINDOWS\system\bak\hpsysdrv.DAT ----a-w 246 2007-10-04 22:54:29 C:\WINDOWS\system\hpsysdrv.dat ----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe ----a-w 15,360 2004-08-04 19:00:00 C:\WINDOWS\system32\bak\ctfmon.exe ----a-w 15,360 2004-08-04 19:00:00 C:\WINDOWS\system32\ctfmon.exe ----a-w 126,976 2004-11-02 15:59:42 C:\WINDOWS\system32\bak\hkcmd.exe ----a-w 659,456 2004-06-08 01:42:30 C:\WINDOWS\system32\bak\hphmon06.exe ----a-w 155,648 2004-11-02 16:03:44 C:\WINDOWS\system32\bak\igfxtray.exe ----a-w 81,920 2002-10-16 23:57:10 C:\WINDOWS\system32\bak\ps2.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D837817-E580-C775-A24E-EB2B58978FE8}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 10:24 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 C:\WINDOWS\ALCWZRD.EXE] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 00:11] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-09-20 15:17] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Dad.PIKER\Start Menu\Programs\Startup\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26] Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 14:33:32] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7983ee9a-545b-11dc-8dca-00112f7450df}] AutoRun\command *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-10-11 17:27:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-10-15 05:20:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job" - C:\Program Files\Easy Internet signup\HPSdpApp.exe "2007-10-15 05:39:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2007-10-09 04:29:58 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Dad.job" "2007-10-06 00:42:58 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-10-06 00:42:56 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-10-09 01:15:00 C:\WINDOWS\Tasks\Windows Update.job" - C:\WINDOWS\system32\wupdmgr.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 22:37:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-14 22:47:40 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-07 18:57 C:\ComboFix2.txt ... 2007-10-07 18:57 . --- E O F --- Deckard's System Scanner v20070905.67 Run by Dad on 2007-10-14 22:52:56 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 78% (more than 75%). Total Physical Memory: 504 MiB (512 MiB recommended). -- HijackThis (run as Dad.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:53:08 PM, on 10/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\TrojanHunter 5.0\THGuard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Dad.PIKER\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Dad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sfbay.craigslist.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1D837817-E580-C775-A24E-EB2B58978FE8} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase2895.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{B8359CF6-B252-410A-9F81-1B11EAF0B241}: NameServer = 68.94.156.1,68.94.157.1 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 10142 bytes -- Files created between 2007-09-14 and 2007-10-14 ----------------------------- 2007-10-14 13:44:28 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Grisoft 2007-10-14 13:44:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-14 13:41:14 0 d-------- C:\{00004676-0000-0000-FE3A-19F571603268} 2007-10-14 13:41:13 0 d-------- C:\{00000BF6-0000-0000-FCC2-60E8FC1F0C99} 2007-10-14 11:04:25 0 d-------- C:\Program Files\Windows Live Safety Center 2007-10-14 08:56:33 0 d-------- C:\WINDOWS\BDOSCAN8 2007-10-13 08:36:33 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Lavasoft 2007-10-13 08:35:51 0 d-------- C:\Program Files\Lavasoft 2007-10-13 08:29:58 0 dr-h----- C:\Documents and Settings\Dad.PIKER\Recent 2007-10-13 08:09:00 0 d-------- C:\Program Files\Trend Micro 2007-10-08 10:22:07 0 d-------- C:\Program Files\SpywareBlaster 2007-10-08 08:28:53 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-07 20:01:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-07 20:01:29 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-10-07 20:01:29 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\SUPERAntiSpyware.com 2007-10-07 20:00:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-07 07:44:27 0 d-------- C:\Program Files\TrojanHunter 2007-10-07 07:39:20 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\TrojanHunter 2007-10-07 07:32:43 0 d-------- C:\Program Files\TrojanHunter 5.0 2007-10-06 22:01:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-06 21:35:48 0 d-------- C:\Program Files\CCleaner 2007-10-06 17:30:10 0 d-------- C:\Program Files\Windows Defender 2007-10-06 12:07:14 0 d-------- C:\Program Files\Apple Software Update 2007-10-06 12:07:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-06 11:46:27 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\ArcSoft 2007-10-06 11:34:34 0 d-------- C:\Program Files\Common Files\ArcSoft 2007-10-06 11:34:32 0 d-------- C:\Program Files\SanDisk 2007-10-05 18:56:40 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Yahoo! 2007-10-05 18:38:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-10-05 18:38:33 86016 --a------ C:\WINDOWS\system32\YPcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module> 2007-10-05 18:38:33 131072 --a------ C:\WINDOWS\system32\ypclsp.dll <Not Verified; Yahoo! Inc.; Yahoo! YPCLSP> 2007-10-05 18:38:14 65536 --a------ C:\WINDOWS\system32\YCRWin32.dll <Not Verified; ; YCRWin32 Module> 2007-10-05 17:43:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Uniblue 2007-10-05 17:42:46 0 d-------- C:\Documents and Settings\LocalService\Desktop 2007-10-05 17:42:08 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2007-10-04 18:12:33 0 d---s---- C:\Documents and Settings\LocalService\UserData 2007-10-04 18:05:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Symantec 2007-10-03 19:40:49 0 d-------- C:\WINDOWS\bak 2007-10-03 19:40:44 0 d-------- C:\WINDOWS\system\bak 2007-10-03 19:40:40 0 d-------- C:\WINDOWS\system32\bak 2007-09-23 16:11:12 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Image Zone Express -- Find3M Report --------------------------------------------------------------- 2007-10-14 22:41:34 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\OpenOffice.org2 2007-10-14 18:27:30 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-14 13:26:18 0 d-------- C:\Program Files\iTunes 2007-10-13 08:03:32 0 d-------- C:\Program Files\MP3 Rocket 2007-10-13 08:03:32 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\MP3Rocket 2007-10-10 19:56:01 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\AdobeUM 2007-10-08 09:42:59 0 d-------- C:\Program Files\Symantec 2007-10-08 09:16:37 0 d-------- C:\Program Files\Google 2007-10-07 22:38:35 0 d-------- C:\Program Files\The Weather Channel FW 2007-10-07 20:00:50 0 d-------- C:\Program Files\Common Files 2007-10-06 19:26:57 0 d-------- C:\Program Files\Microsoft Works 2007-10-06 12:09:05 0 d-------- C:\Program Files\QuickTime 2007-10-06 11:42:58 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-05 18:38:39 0 d-------- C:\Program Files\Yahoo! 2007-10-04 19:08:54 0 d-------- C:\Program Files\IncrediMail 2007-09-01 17:55:18 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\HP 2007-08-28 09:50:00 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Adobe 2007-08-28 09:42:01 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-08-28 09:41:13 0 d-------- C:\Program Files\Common Files\Adobe 2007-08-27 19:24:45 0 d-------- C:\Program Files\OpenOffice.org 2.2 2007-08-27 19:22:20 0 d-------- C:\Program Files\Java 2007-08-24 12:12:21 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Google 2007-08-21 15:22:42 0 d-------- C:\Program Files\HP 2007-08-20 18:24:19 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Real 2007-08-20 18:18:42 0 d-------- C:\Documents and Settings\Dad.PIKER\Application Data\Macromedia 2007-08-20 17:42:23 112923 --a------ C:\WINDOWS\hpoins07.dat 2007-08-20 17:41:16 0 d-------- C:\Program Files\Messenger 2007-08-20 16:51:25 3885 --a------ C:\WINDOWS\viassary-hp.reg 2007-08-20 16:51:01 0 d-------- C:\Program Files\Easy Internet signup 2007-08-20 16:44:56 50 --a------ C:\AUTOEXEC.BAT 2007-08-20 16:21:23 0 d-------- C:\Program Files\Windows NT -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D837817-E580-C775-A24E-EB2B58978FE8}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [] "AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 05:06 PM C:\WINDOWS\AGRSMMSG.exe] "SoundMan"="SOUNDMAN.EXE" [09/21/2005 10:24 AM C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [09/21/2005 03:32 PM C:\WINDOWS\ALCWZRD.EXE] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM] "osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 12:11 AM] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [09/09/2007 09:31 AM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [09/20/2007 03:17 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Dad.PIKER\Start Menu\Programs\Startup\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2/2/2007 4:54:56 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM] Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [8/7/2004 2:33:32 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7983ee9a-545b-11dc-8dca-00112f7450df}] *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2007-10-14 22:53:38 ------------ |
|
|
|
|
10-15-2007, 07:10 AM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista
|
Re: three minute wait for IE to load
Hi,
Uniblue is a legit program. Someone there downloaded and installed it. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. *************************************************** 1. Download ResetProtocolDefaults.reg and save it to your desktop. 2. Right click on this link http://www.mvps.org/winhelp2002/DelDomains.inf and choose Save As. Save it to your desktop. -------------------------------------------------------------------- Close any open browsers. -------------------------------------------------------------------- Please disable the following active protection programs as they will interfere with the registry changes that need to take place. Spybot TeaTimer
Windows Defender
TrojanHunter Guard
Run a scan with HijackThis and 'check' the following entry: O3 - Toolbar: (no name) - - (no file) Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Right click on the DelO15Domains file you downloade earlier, and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. Locate "ResetProtocolDefaults.reg" on your desktop. Right-click and select Merge (Ok the prompt) -------------------------------------------------------------------- Reboot your system. -------------------------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Please download FindAWF to your Desktop.
-------------------------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: Panda results awf.txt New HijackThis log |
|
|
|
|
10-15-2007, 05:36 PM
|
#7 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 8
OS: xp sp2
|
Re: three minute wait for IE to load
Okay, here are my results...
This was not in my hijackthis O3 - Toolbar: (no name) - - (no file) and... DelO15Domains just opened in notepad. Also... while running awf the trojanhunter kept opening so I had to uninstall trojanhunter during the scan. Incident Status Location Potentially unwanted tool:application/regclean32 Not disinfected c:\program files\Registry Cleaner Trial Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Dad.DESKTOP\Application Data\Mozilla\Firefox\Profiles\9djn6ikc.default\cookies.txt[.ct.360i.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dad.PIKER\Cookies\dad@realmedia[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Dad.PIKER\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Dad.PIKER\Desktop\ComboFix.exe[nircmd.cfexe] Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\Dad.PIKER\My Documents\downloads\BearShareV6.exe Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Adware:Adware/Comet Not disinfected C:\qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe.vir[SSSInstaller.dll] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Find AWF report by noahdfear ©2006 Version 1.40 The current date is: Mon 10/15/2007 The current time is: 16:22:39.81 bak folders found ~~~~~~~~~~~ Directory of C:\WINDOWS\BAK 0 File(s) 0 bytes Directory of C:\HP\KBD\BAK 02/11/2003 08:02 PM 61,440 KBD.EXE 1 File(s) 61,440 bytes Directory of C:\PROGRA~1\ITUNES\BAK 04/21/2004 06:28 PM 286,720 iTunesHelper.exe 1 File(s) 286,720 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 08/07/2004 02:20 PM 98,304 qttask.exe 1 File(s) 98,304 bytes Directory of C:\WINDOWS\SMINST\BAK 04/14/2004 08:43 PM 233,472 RECGUARD.EXE 1 File(s) 233,472 bytes Directory of C:\WINDOWS\SYSTEM\BAK 10/05/2007 06:00 PM 179 hpsysdrv.DAT 05/07/1998 04:04 PM 52,736 hpsysdrv.exe 2 File(s) 52,915 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/04/2004 12:00 PM 15,360 ctfmon.exe 11/02/2004 08:59 AM 126,976 hkcmd.exe 06/07/2004 06:42 PM 659,456 hphmon06.exe 11/02/2004 09:03 AM 155,648 igfxtray.exe 10/16/2002 04:57 PM 81,920 ps2.exe 5 File(s) 1,039,360 bytes Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK 12/08/2003 11:18 PM 70,776 ccApp.exe 1 File(s) 70,776 bytes Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK 06/16/2007 02:07 AM 68,856 GoogleToolbarNotifier.exe 1 File(s) 68,856 bytes Directory of C:\PROGRA~1\HP\{AAC4F~1\BAK 06/07/2004 06:53 PM 49,152 hphupd06.exe 1 File(s) 49,152 bytes Directory of C:\PROGRA~1\INCRED~1\BIN\BAK 08/21/2007 11:44 AM 208,946 IncMail.exe 1 File(s) 208,946 bytes Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK 08/07/2004 02:03 PM 180,269 realsched.exe 1 File(s) 180,269 bytes Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK 07/12/2007 04:00 AM 132,496 jusched.exe 1 File(s) 132,496 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 61440 Feb 11 2003 "C:\hp\KBD\bak\KBD.EXE" 286720 Apr 21 2004 "C:\Program Files\iTunes\bak\iTunesHelper.exe" 102400 Jun 5 2007 "C:\WINDOWS\Installer\{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}\iTunesIco.exe" 116288 Jun 1 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.2.0.35\iTunesSetupAdmin.exe" 286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe" 98304 Aug 7 2004 "C:\Program Files\QuickTime\bak\qttask.exe" 233472 Apr 14 2004 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE" 246 Oct 4 2007 "C:\WINDOWS\system\hpsysdrv.dat" 179 Oct 5 2007 "C:\WINDOWS\system\bak\hpsysdrv.DAT" 52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe" 118784 Aug 3 2004 "C:\hp\drivers\video_Intel\hkcmd.exe" 126976 Nov 2 2004 "C:\WINDOWS\system32\bak\hkcmd.exe" 118784 Aug 3 2004 "C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\hkcmd.exe" 118784 Aug 3 2004 "C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\hkcmd.exe" 118784 Aug 20 2004 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\hkcmd.exe" 659456 Jun 7 2004 "C:\WINDOWS\system32\bak\hphmon06.exe" 155648 Aug 3 2004 "C:\hp\drivers\video_Intel\igfxtray.exe" 155648 Nov 2 2004 "C:\WINDOWS\system32\bak\igfxtray.exe" 155648 Aug 3 2004 "C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\igfxtray.exe" 155648 Aug 20 2004 "C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\igfxtray.exe" 155648 Aug 20 2004 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\igfxtray.exe" 81920 Oct 16 2002 "C:\hp\drivers\keyboard\PS2.EXE" 81920 Oct 16 2002 "C:\WINDOWS\system32\bak\ps2.exe" 115816 Jan 9 2007 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" 70776 Dec 8 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe" 40960 Aug 20 2007 "C:\Program Files\Google\googletoolbar1user.exe" 1421912 Oct 19 2005 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe" 138168 Aug 20 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" 68856 Jun 16 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe" 49152 Jun 7 2004 "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe" 208946 Sep 20 2007 "C:\Program Files\IncrediMail\bin\IncMail.exe" 208946 Aug 21 2007 "C:\Program Files\IncrediMail\bin\bak\IncMail.exe" 180269 Aug 7 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe" 32881 Aug 7 2004 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" 36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" 75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" 77824 Aug 27 2007 "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" 132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe" end of report Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:30:49 PM, on 10/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sfbay.craigslist.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1D837817-E580-C775-A24E-EB2B58978FE8} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase2895.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{B8359CF6-B252-410A-9F81-1B11EAF0B241}: NameServer = 68.94.156.1,68.94.157.1 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 9825 bytes |
|
|
|
|
10-15-2007, 10:26 PM
|
#8 (permalink) | ||
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista
|
Re: three minute wait for IE to load
Hi,
Quote:
Quote:
Delete the following file and folder: C:\Documents and Settings\Dad.PIKER\My Documents\downloads\ BearShareV6.exe c:\program files\ Registry Cleaner Trial -------------------------------------------------------------- How is the system behaving? |
||
|
|
|
|
10-16-2007, 09:32 AM
|
#9 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 8
OS: xp sp2
|
Re: three minute wait for IE to load
Found the install when I right clicked Del015Domains. I guess I overlooked it on the last pass. It did exactly what you said this time.
I restarted the system and I got the ccSvcHst error again. Ever since I removed the whataboutadog, etc from the trusted zone it has not returned. Do I need to give you another HijackThis log? |
|
|
|
|
10-16-2007, 01:11 PM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista
|
Re: three minute wait for IE to load
The whataboutadog is more than just an entry in your Trusted Zone. It comes along with what is known as the AWF Trojan. That trojan 'replaces' legit program processes that run at startup. I see no indications that AWF is still on the system and it appears all the legit program processes are back in place. There are times the programs still will not work properly afterwards. Noteably ITunes and Anti Virus programs.
Uninstall your Symantec AV, reboot, then reinstall it again. |
|
|
|
|
10-19-2007, 10:20 PM
|
#12 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista
|
Re: three minute wait for IE to load
Hi,
Glad to hear it.  The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. 
|
|
|
|
| Thread Tools | |
|
|
located at the bottom of the page.
then click 
