# It looks like you LOL - virus :-( HELP



## cr2115 (Dec 9, 2007)

While I was chatting on MSN with a friend, I received a zipped file that I assume was coming from him. But it wasn't. It had the text "it looks like you LOL. This was obviously a virus that I downloaded. Since then, I keep loosing my Internet connextion. My gmail access is now down. I have Norton and webroot but the scan doesnot show any threat. I know my computer has been infected (this is the 3rd time I am writing this post and keep being kicked out from the site). I really do not know what to do.Please help.


----------



## Cheeseball81 (Mar 3, 2004)

Hi and welcome

Go to here and download 'Hijack This!' self installer. 
Save it to the desktop or other suitable place. * DO NOT just press run from the website* 
Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu. 
Click on the entry in start menu to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log. 
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, 
so *do NOT fix anything yet.*


----------



## cr2115 (Dec 9, 2007)

Thank you for the prompt reply.
Here's the log.
Let me know and thank you again,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:13 PM, on 12/9/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{C2A3E578-EC01-47E1-A5C2-4D8FADD74940}
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9835 bytes


----------



## Cheeseball81 (Mar 3, 2004)

You're welcome

Please download *MsnCleaner.zip* and Save it to your Desktop.
Unzip it to the Desktop.
Now reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight SafeMode then hit Enter.
Double-click *MsnCleaner.exe* to run it.
Click the *Analyze* button.
A report will be created once after you finish scan.
If it finds an infection, click the *Deleted* button.
Now, please reboot back to normal mode.
Please post the contents of C:\*MsnCleaner.txt* in a reply to this post along with a new HJT log.


----------



## cr2115 (Dec 9, 2007)

No threat found...
- Logfile MSNCleaner 1.4.8 by www.forospyware.com
- Created Logfile: 12/9/2007 on 10:27:06 PM
- Operative System: Windows Vista
- Boot mode: Safe mode
_________________________________________

Detected files: 0
Deleted file: 0
Undeleted Files: 0

<<<<<<< No file found >>>>>>>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:13 PM, on 12/9/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{C2A3E578-EC01-47E1-A5C2-4D8FADD74940}
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9835 bytes

Thank you


----------



## Cheeseball81 (Mar 3, 2004)

Download ComboFix from *Here* or *Here* to your Desktop.

***Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_.
_Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask._
...
--------------------------------------------------------------------

Double click on *combofix.exe* & follow the prompts.

When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review.

***Note: Do not mouseclick combofix's window while it's running. That may cause it to stall***


----------



## cr2115 (Dec 9, 2007)

Here they are (2 posts total)
Thank you for helping.
ComboFix 07-12-09.1 - Owner 2007-12-10 22:42:17.2 - NTFSx86
Microsoft® Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.1046 [GMT -5:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-09 22:22 . 2007-12-09 22:22 d--------	C:\Users\All Users\WinZip
2007-12-09 22:22 . 2007-12-09 22:22 d--------	C:\ProgramData\WinZip
2007-12-09 22:09 . 2007-12-09 22:09 d--------	C:\Program Files\Trend Micro
2007-12-04 22:15 . 2007-12-04 22:15 d--------	C:\Users\All Users\LightScribe
2007-12-04 22:15 . 2007-12-04 22:15 d--------	C:\ProgramData\LightScribe
2007-12-01 15:15 . 2007-12-01 15:21 d--------	C:\Users\Owner\AppData\Roaming\Creative
2007-12-01 13:53 . 1999-10-10 12:00	41,984	---------	C:\Windows\Ctregrun.exe
2007-12-01 13:52 . 2007-12-01 13:52	417,792	--a------	C:\Windows\System32\awrdscdc.ax
2007-12-01 13:52 . 2001-08-17 22:43	24,576	---------	C:\Windows\System32\msxml3a.dll
2007-12-01 13:51 . 2007-12-01 13:52 d--------	C:\Program Files\Audible
2007-12-01 13:48 . 1999-12-12 12:01	44,032	---------	C:\Windows\System32\CTSVCCDA.EXE
2007-12-01 13:48 . 1999-11-17 12:00	25,088	---------	C:\Windows\System32\CTSVCCTL.EXE
2007-12-01 13:47 . 2007-12-01 13:50 d--h-----	C:\Program Files\Creative Installation Information
2007-12-01 13:47 . 2007-12-01 13:47 d--------	C:\Program Files\Common Files\Creative
2007-12-01 13:23 . 2007-12-01 13:23 d--------	C:\Users\All Users\Creative
2007-12-01 13:23 . 2007-12-01 13:23 d--------	C:\ProgramData\Creative
2007-12-01 13:20 . 2007-12-01 13:53 d--------	C:\Program Files\Creative
2007-11-18 08:34 . 2007-11-18 08:34	1,244,672	--a------	C:\Windows\System32\mcmde.dll
2007-11-14 08:07 . 2007-11-14 08:07	224,768	--a------	C:\Windows\System32\drivers\usbport.sys
2007-11-14 08:07 . 2007-11-14 08:07	193,536	--a------	C:\Windows\System32\drivers\usbhub.sys
2007-11-14 08:07 . 2007-11-14 08:07	73,216	--a------	C:\Windows\System32\drivers\usbccgp.sys
2007-11-14 08:07 . 2007-11-14 08:07	38,400	--a------	C:\Windows\System32\drivers\usbehci.sys
2007-11-14 08:07 . 2007-11-14 08:07	19,456	--a------	C:\Windows\System32\drivers\usbohci.sys
2007-11-14 08:07 . 2007-11-14 08:07	8,704	--a------	C:\Windows\System32\hcrstco.dll
2007-11-14 08:07 . 2007-11-14 08:07	8,704	--a------	C:\Windows\System32\hccoin.dll
2007-11-14 08:07 . 2007-11-14 08:07	5,888	--a------	C:\Windows\System32\drivers\usbd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 02:44	---------	d-----w	C:\ProgramData\Symantec
2007-12-10 02:53	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2007-12-09 23:11	---------	d-----w	C:\Program Files\Symantec
2007-12-09 19:28	---------	d-----w	C:\Users\Owner\AppData\Roaming\Skype
2007-12-01 18:52	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-11-14 13:11	704,000	----a-w	C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 13:11	67,584	----a-w	C:\Windows\System32\wlanhlp.dll
2007-11-14 13:11	542,720	----a-w	C:\Windows\System32\sysmain.dll
2007-11-14 13:11	502,784	----a-w	C:\Windows\System32\wlansvc.dll
2007-11-14 13:11	47,104	----a-w	C:\Windows\System32\wlanapi.dll
2007-11-14 13:11	3,504,824	----a-w	C:\Windows\System32\ntkrnlpa.exe
2007-11-14 13:11	3,471,032	----a-w	C:\Windows\System32\ntoskrnl.exe
2007-11-14 13:11	297,984	----a-w	C:\Windows\System32\wlansec.dll
2007-11-14 13:11	290,816	----a-w	C:\Windows\System32\wlanmsm.dll
2007-11-14 13:11	28,344	----a-w	C:\Windows\system32\drivers\battc.sys
2007-11-14 13:11	258,232	----a-w	C:\Windows\system32\drivers\acpi.sys
2007-11-14 13:11	24,064	----a-w	C:\Windows\System32\wtsapi32.dll
2007-11-14 13:11	20,920	----a-w	C:\Windows\system32\drivers\compbatt.sys
2007-11-14 13:11	2,923,520	----a-w	C:\Windows\explorer.exe
2007-11-14 13:11	2,027,008	----a-w	C:\Windows\System32\win32k.sys
2007-11-14 13:11	14,208	----a-w	C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 13:11	11,264	----a-w	C:\Windows\system32\drivers\wmiacpi.sys
2007-11-14 13:07	---------	d-----w	C:\Program Files\Windows Mail
2007-11-14 03:15	805	----a-w	C:\Windows\system32\drivers\SYMEVENT.INF
2007-11-14 03:15	123,952	----a-w	C:\Windows\system32\drivers\SYMEVENT.SYS
2007-11-14 03:15	10,740	----a-w	C:\Windows\system32\drivers\SYMEVENT.CAT
2007-11-03 14:12	---------	d-----w	C:\ProgramData\Hewlett-Packard
2007-11-02 00:18	---------	d-----w	C:\Program Files\MARS
2007-11-02 00:17	---------	d-----w	C:\Program Files\AvailaSoft
2007-10-22 00:44	---------	d-----w	C:\Users\Owner\AppData\Roaming\Webroot
2007-10-22 00:44	---------	d-----w	C:\ProgramData\Webroot
2007-10-22 00:44	---------	d-----w	C:\Program Files\Webroot
2007-10-21 22:48	---------	d-----w	C:\Users\Owner\AppData\Roaming\Apple Computer
2007-10-21 22:48	---------	d-----w	C:\ProgramData\Apple Computer
2007-10-21 22:48	---------	d-----w	C:\Program Files\iTunes
2007-10-21 22:48	---------	d-----w	C:\Program Files\iPod
2007-10-21 22:47	---------	d-----w	C:\Program Files\QuickTime
2007-10-21 22:45	---------	d-----w	C:\Program Files\Apple Software Update
2007-10-21 22:44	---------	d-----w	C:\ProgramData\Apple
2007-10-21 22:44	---------	d-----w	C:\Program Files\Common Files\Apple
2007-10-21 20:06	---------	d-----w	C:\ProgramData\Skype
2007-10-21 20:06	---------	d-----w	C:\Program Files\Skype
2007-10-21 20:06	---------	d-----w	C:\Program Files\Google
2007-10-21 20:06	---------	d-----w	C:\Program Files\Common Files\Skype
2007-10-21 18:14	---------	d-----w	C:\Program Files\Norton AntiVirus
2007-10-21 18:00	174	--sha-w	C:\Program Files\desktop.ini
2007-10-21 17:56	---------	d-----w	C:\Program Files\Windows Calendar
2007-10-21 17:55	8,192	----a-w	C:\Windows\System32\riched32.dll
2007-10-21 17:55	77,824	----a-w	C:\Windows\System32\rascfg.dll
2007-10-21 17:55	70,144	----a-w	C:\Windows\system32\drivers\pacer.sys
2007-10-21 17:55	694,784	----a-w	C:\Windows\System32\localspl.dll
2007-10-21 17:55	619,008	----a-w	C:\Windows\system32\drivers\dxgkrnl.sys
2007-10-21 17:55	61,952	----a-w	C:\Windows\system32\drivers\wanarp.sys
2007-10-21 17:55	52,736	----a-w	C:\Windows\System32\rasdiag.dll
2007-10-21 17:55	48,640	----a-w	C:\Windows\system32\drivers\ndproxy.sys
2007-10-21 17:55	384,000	----a-w	C:\Windows\System32\netcfgx.dll
2007-10-21 17:55	36,864	----a-w	C:\Windows\System32\cdd.dll
2007-10-21 17:55	33,280	----a-w	C:\Windows\System32\traffic.dll
2007-10-21 17:55	32,768	----a-w	C:\Windows\System32\rasmxs.dll
2007-10-21 17:55	286,208	----a-w	C:\Windows\System32\ipnathlp.dll
2007-10-21 17:55	22,016	----a-w	C:\Windows\System32\rasser.dll
2007-10-21 17:55	20,480	----a-w	C:\Windows\system32\drivers\ndistapi.sys
2007-10-21 17:55	15,360	----a-w	C:\Windows\System32\pacerprf.dll
2007-10-21 17:55	134,656	----a-w	C:\Windows\System32\dps.dll
2007-10-21 17:55	13,824	----a-w	C:\Windows\System32\wshqos.dll
2007-10-21 17:55	13,824	----a-w	C:\Windows\System32\icsunattend.exe
2007-10-21 17:52	8,147,968	----a-w	C:\Windows\System32\wmploc.DLL
2007-10-21 17:52	7,680	----a-w	C:\Windows\System32\spwmp.dll
2007-10-21 17:52	4,096	----a-w	C:\Windows\System32\dxmasf.dll
2007-10-21 17:52	356,864	----a-w	C:\Windows\System32\MediaMetadataHandler.dll
2007-10-21 17:50	1,191,936	----a-w	C:\Windows\System32\msxml3.dll
2007-10-21 17:49	82,432	----a-w	C:\Windows\system32\drivers\sdbus.sys
2007-10-21 17:49	56,320	----a-w	C:\Windows\System32\iesetup.dll
2007-10-21 17:49	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2007-10-21 17:49	26,624	----a-w	C:\Windows\System32\ieUnatt.exe
2007-10-21 17:48	57,856	----a-w	C:\Windows\System32\SLUINotify.dll
2007-10-21 17:48	566,784	----a-w	C:\Windows\System32\SLCommDlg.dll
2007-10-21 17:48	39,936	----a-w	C:\Windows\System32\slcinst.dll
2007-10-21 17:48	351,232	----a-w	C:\Windows\System32\SLUI.exe
2007-10-21 17:48	33,280	----a-w	C:\Windows\System32\slwmi.dll
2007-10-21 17:48	268,288	----a-w	C:\Windows\System32\mcbuilder.exe
2007-10-21 17:48	223,232	----a-w	C:\Windows\System32\SLC.dll
2007-10-21 17:48	2,605,568	----a-w	C:\Windows\System32\SLsvc.exe
2007-10-21 17:48	186,368	----a-w	C:\Windows\System32\SLLUA.exe
2007-10-21 17:48	1,335,296	----a-w	C:\Windows\System32\msxml6.dll
2007-10-21 17:47	88,576	----a-w	C:\Windows\System32\avifil32.dll
2007-10-21 17:47	84,480	----a-w	C:\Windows\System32\INETRES.dll
2007-10-21 17:47	82,944	----a-w	C:\Windows\System32\mciavi32.dll
2007-10-21 17:47	8,138,240	----a-w	C:\Windows\System32\ssBranded.scr
2007-10-21 17:47	737,792	----a-w	C:\Windows\System32\inetcomm.dll
2007-10-21 17:47	712,192	----a-w	C:\Windows\System32\WindowsCodecs.dll
2007-10-21 17:47	69,632	----a-w	C:\Windows\System32\sendmail.dll
2007-10-21 17:47	65,024	----a-w	C:\Windows\System32\avicap32.dll
2007-10-21 17:47	61,440	----a-w	C:\Windows\System32\ntprint.exe
2007-10-21 17:47	31,232	----a-w	C:\Windows\System32\msvidc32.dll
2007-10-21 17:47	269,824	----a-w	C:\Windows\System32\schannel.dll
2007-10-21 17:47	220,160	----a-w	C:\Windows\System32\ntprint.dll
2007-10-21 17:47	123,904	----a-w	C:\Windows\System32\msvfw32.dll
2007-10-21 17:47	120,320	----a-w	C:\Windows\System32\dhcpcsvc6.dll
2007-10-21 17:47	12,800	----a-w	C:\Windows\System32\msrle32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-10-21 11:35	66912	--a------	C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-10-21 13:13	116088	--a------	C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-10-21 11:35	267592	--a------	C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-10-21 11:35 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-10-21 11:35 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 07:35]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 15:26]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 17:23]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 04:45]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 20:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-04 20:55]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 22:36]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 20:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 13:38]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 03:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 02:01:50]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-12-03 11:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 13:54	50696	--a------	C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 01:11	49152	--a------	C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-08-04 22:24	77824	--a------	C:\Program Files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\Windows\system32\Drivers\SSFS0BB9.SYS
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20071204.001\IDSvix86.sys
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe -k netsvcs
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe -k LocalService
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe -k netsvcs
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe -k netsvcs
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe -k netsvcs
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe -k LocalService
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe -k netsvcs
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe -k netsvcs
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe -k LocalService
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
S2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe -k netsvcs
S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe
S3 dot3svc;Wired AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService
S3 mr97310c;CIF Dual-Mode Camera;C:\Windows\system32\DRIVERS\mr97310c.sys
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe -k netsvcs
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe -k LocalService
S3 QWAVEdrv;QWAVE driver;C:\Windows\system32\drivers\qwavedrv.sys
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe -k netsvcs
S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe -k SDRSVC
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe -k netsvcs
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys
S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe -k LocalService
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalService
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe -k LocalService
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalService
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe -k wcssvc
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k wdisvc
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe -k NetworkService
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe -k LocalService
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys
S4 arc;arc;C:\Windows\system32\drivers\arc.sys
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe -k LocalService
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys
S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService	REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted	REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted	REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork	REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
NetworkService	REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup	REG_MULTI_SZ wersvc
swprv	REG_MULTI_SZ swprv
LocalServiceNetworkRestricted	REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc	REG_MULTI_SZ RemoteRegistry
wcssvc	REG_MULTI_SZ WcsPlugInService
DcomLaunch	REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc	REG_MULTI_SZ WdiServiceHost
sdrsvc	REG_MULTI_SZ sdrsvc
secsvcs	REG_MULTI_SZ WinDefend


----------



## cr2115 (Dec 9, 2007)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc

*Newly Created Service* - CATCHME 
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 00:34:48 C:\Windows\Tasks\HPCeeScheduleForOwner.job"
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
"2007-11-06 01:58:27 C:\Windows\Tasks\Norton AntiVirus TechCenter Edition - Run Full System Scan - Owner.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
"2007-12-11 02:31:03 C:\Windows\Tasks\User_Feed_Synchronization-{C2A3E578-EC01-47E1-A5C2-4D8FADD74940}.job"
- C:\Windows\system32\msfeedssync.exe
"2007-12-10 03:28:18 C:\Windows\Tasks\wrSpySweeper_L07DA8262CA0B498FA8725AF1526A94DF.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L07DA8262CA0B498FA8725AF1526A94DF
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 22:44:29
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 22:45:41
C:\ComboFix2.txt ... 2007-12-10 22:29
.
--- E O F ---

HJT post
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48, on 2007-12-10
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{C2A3E578-EC01-47E1-A5C2-4D8FADD74940}
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9542 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Download the Trial version of *Superantispyware Pro (SAS)*: 
http://www.superantispyware.com/superantispyware.html?rid=3132

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new Hijack This log.


----------

