Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winspooler


  • Please log in to reply
28 replies to this topic

#1 Brother William

Brother William

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 09 December 2008 - 02:07 AM

I have downloaded at least 4 different things suggest to help get rid of it, at least one of which was one of those cruddy free scans that show you all the things wrong, but you have to pay to fix them. I have a HP laptop with Windows Vista and CA Security center that deletes Win32/Breaspea.C everytime I click OK on the pop up that gives that same winspooler message about the patch being applied successfully.

EDIT AT BOTTEM


In following the sticky here are my logs:



Logfile of random's system information tool 1.04 (written by random/random)
Run by Phyllis at 2008-12-09 01:54:53
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 104 GB (73%) free of 142 GB
Total RAM: 958 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:19 AM, on 12/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Vongo\VongoService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Internet Explorer\ieuser.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Vongo\Tray.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Phyllis\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Phyllis.exe
C:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fordf150.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14134 bytes

======Scheduled tasks folder======

C:\Windows\tasks\CAAntiSpywareScan_Daily as Phyllis at 5 53 AM.job
C:\Windows\tasks\User_Feed_Synchronization-{411030C0-F2D3-4C34-B6AF-8C299ECA3988}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-07-25 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-07-08 159744]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-05-18 181744]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-06-12 554552]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-16 71176]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-05-11 472632]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-07-25 77824]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2007-08-17 177416]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2007-12-27 14088]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2007-08-20 230664]
"cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-09-13 1193200]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-09-13 173296]
""= []
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-19 8462336]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-19 81920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\Windows\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
""=""
"C:\Program Files\Vongo\VongoService.exe"="C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService"

======List of files/folders created in the last 1 months======

2008-12-09 01:54:52 ----D---- C:\rsit
2008-12-09 01:19:19 ----D---- C:\Program Files\Trend Micro
2008-12-09 01:04:45 ----D---- C:\Users\Phyllis\AppData\Roaming\PC Tools
2008-12-09 01:04:45 ----D---- C:\Program Files\Spyware Doctor
2008-12-09 00:24:09 ----D---- C:\VundoFix Backups
2008-12-08 23:42:48 ----A---- C:\Windows\system32\WinSpooler.exe
2008-12-08 23:42:46 ----A---- C:\Windows\system32\rar.exe
2008-12-06 19:04:36 ----D---- C:\ProgramData\LightScribe
2008-12-03 19:18:33 ----A---- C:\Windows\system32\wups2.dll
2008-12-03 19:18:33 ----A---- C:\Windows\system32\wuauclt.exe
2008-12-03 19:18:32 ----A---- C:\Windows\system32\wucltux.dll
2008-12-03 19:18:32 ----A---- C:\Windows\system32\wuaueng.dll
2008-12-03 19:17:21 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-03 19:17:21 ----A---- C:\Windows\system32\wuapp.exe
2008-11-25 17:09:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 17:09:24 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 17:09:23 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 17:09:23 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 17:09:21 ----A---- C:\Windows\system32\connect.dll
2008-11-21 00:51:48 ----D---- C:\ProgramData\WindowsSearch
2008-11-21 00:48:10 ----D---- C:\ProgramData\Propellerhead Software
2008-11-21 00:48:10 ----A---- C:\Users\Phyllis\AppData\Roaming\REX Shared Library.dll
2008-11-21 00:48:09 ----D---- C:\Users\Phyllis\AppData\Roaming\Propellerhead Software
2008-11-21 00:48:09 ----A---- C:\Users\Phyllis\AppData\Roaming\Rewire.dll
2008-11-21 00:47:32 ----D---- C:\Program Files\Propellerhead
2008-11-11 18:19:10 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 18:19:06 ----A---- C:\Windows\system32\msxml6.dll
2008-11-11 04:29:11 ----D---- C:\Program Files\Common Files\Apple
2008-11-11 04:29:01 ----D---- C:\Program Files\QuickTime
2008-11-11 04:29:00 ----D---- C:\ProgramData\Apple Computer
2008-11-11 04:25:41 ----D---- C:\ProgramData\Apple
2008-11-11 04:25:41 ----D---- C:\Program Files\Apple Software Update

======List of files/folders modified in the last 1 months======

2008-12-09 01:54:47 ----D---- C:\Windows\Temp
2008-12-09 01:35:55 ----AD---- C:\ProgramData\TEMP
2008-12-09 01:35:34 ----SD---- C:\Windows\Downloaded Program Files
2008-12-09 01:35:34 ----D---- C:\Windows\System32
2008-12-09 01:19:19 ----RD---- C:\Program Files
2008-12-09 01:07:40 ----D---- C:\Windows\inf
2008-12-09 01:07:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-09 01:06:40 ----D---- C:\Windows\system32\drivers
2008-12-09 01:04:06 ----D---- C:\Windows\Prefetch
2008-12-09 00:57:51 ----D---- C:\Users\Phyllis\AppData\Roaming\LimeWire
2008-12-09 00:57:06 ----D---- C:\Program Files\Adobe
2008-12-09 00:56:39 ----D---- C:\Program Files\Common Files\Adobe
2008-12-09 00:54:51 ----SHD---- C:\System Volume Information
2008-12-09 00:53:53 ----D---- C:\ProgramData
2008-12-09 00:53:53 ----D---- C:\Program Files\Common Files
2008-12-09 00:18:00 ----D---- C:\Users\Phyllis\AppData\Roaming\Adobe
2008-12-09 00:17:49 ----D---- C:\ProgramData\Adobe
2008-12-09 00:17:35 ----D---- C:\Windows\rescache
2008-12-08 23:56:31 ----D---- C:\Windows\SMINST
2008-12-03 19:26:16 ----D---- C:\Windows\winsxs
2008-12-03 19:19:43 ----D---- C:\Windows\system32\catroot
2008-12-03 19:19:33 ----D---- C:\Windows\system32\en-US
2008-11-25 17:09:14 ----D---- C:\Windows\system32\catroot2
2008-11-24 19:42:22 ----SHD---- C:\Windows\Installer
2008-11-24 19:42:22 ----D---- C:\ProgramData\Microsoft Help
2008-11-24 19:42:13 ----D---- C:\ProgramData\CyberLink
2008-11-17 06:03:48 ----D---- C:\Windows
2008-11-10 06:14:43 ----D---- C:\Windows\Microsoft.NET
2008-11-10 06:14:10 ----RSD---- C:\Windows\assembly
2008-11-10 06:03:28 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 KmxAgent;KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFilter;HIPS Core Filter Driver; C:\Windows\system32\DRIVERS\KmxFilter.sys [2007-10-18 51728]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R1 VETEFILE;VET File Scan Engine; C:\Windows\system32\drivers\VETEFILE.sys [2008-09-13 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\Windows\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\Windows\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\Windows\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\Windows\system32\drivers\VET-REC.sys [2007-08-20 21128]
R2 KmxCF;KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [2008-06-24 138744]
R2 KmxSbx;KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-23 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-22 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-27 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-07-07 155136]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 80688]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 16560]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-06 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-06 207360]
R3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2008-08-25 40840]
R3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-08-25 66952]
R3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-08-25 81288]
R3 KmxCfg;KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-06 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-19 7563744]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-07-25 115000]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 VETEBOOT;VET Boot Scan Engine; C:\Windows\system32\drivers\VETEBOOT.sys [2008-09-13 108368]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-06 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-29 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-05-18 266339]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-05-18 106593]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-16 61440]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-04 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2007-08-20 242952]
R2 Vongo Service;Vongo Service; C:\Program Files\Vongo\VongoService.exe [2007-03-29 176128]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-27 386560]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2007-08-17 214280]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-17 189704]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]

-----------------EOF-----------------




And the info.txt:


info.txt logfile of random's system information tool 1.04 2008-12-09 01:55:28

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -ISprVenza.INF
EA Link-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1033
ESU for Microsoft Vista-->MsiExec.exe /X{50681864-CDFD-4F11-9169-FD81A368E758}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\UIU32m.EXE -U -IwqcVenz.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{48903BD9-1C48-47BF-85CB-ED7514823992}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{755C609D-5792-4136-A0D8-0513E04D4EBE}
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP QuickTouch 1.00 C1-->MsiExec.exe /I{53933198-468C-437C-B8D8-1150B3102196}
HP Total Care Advisor-->MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0060-->MsiExec.exe /I{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}
HP Wireless Assistant-->MsiExec.exe /I{0289B18A-F99F-423F-B79F-1150D0F85492}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSCU for Microsoft Vista-->MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickPlay SlingPlayer 0.3.0-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Reason 3.0.4-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x9 anything
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
SlingPlayer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Sims™ Life Stories-->MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
VirtuaGirl HD-->C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
Virtual Engine Calculator Advanced-->MsiExec.exe /I{13FC7B28-A757-4E4B-A25B-9D0078518893}
Vongo-->MsiExec.exe /X{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}
WhiteCap-->C:\Program Files\SoundSpectrum\WhiteCap\Uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe

======Security center information======

AV: CA Anti-Virus
AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
FW: CA Personal Firewall
AS: Windows Defender
AS: CA Anti-Spyware
AS: Norton Internet Security (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"USERPART"=E:
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------


I need this thing off of here, help will be greatly appreciated or this computer is going to end up with a cracked and disconnected screen...please help me.


EDIT: I successfully changed one of the winspooler files to CA Security Center's .EWI file extension and I am no longer bother by popups, so the computer will remain in one peice, but winspooler and it's componants are still here.

Edited by Brother William, 09 December 2008 - 02:19 AM.


BC AdBot (Login to Remove)

 


#2 Brother William

Brother William
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 11 December 2008 - 01:25 PM

Since the forum here won't let me edit my revious post I guess it take longer for me to receive help. It wasn't a .EWI file that I change one of the winspooler files to, it was CA Security Center's .EFW file that makes things unreadab;e by the computer. BUt I still need winspooler gone.





I have downloaded at least 4 different things suggest to help get rid of it, at least one of which was one of those cruddy free scans that show you all the things wrong, but you have to pay to fix them. I have a HP laptop with Windows Vista and CA Security center that deletes Win32/Breaspea.C everytime I click OK on the pop up that gives that same winspooler message about the patch being applied successfully.

EDIT AT BOTTEM


In following the sticky here are my logs:



Logfile of random's system information tool 1.04 (written by random/random)
Run by Phyllis at 2008-12-09 01:54:53
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 104 GB (73%) free of 142 GB
Total RAM: 958 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:19 AM, on 12/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Vongo\VongoService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Internet Explorer\ieuser.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Vongo\Tray.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\System32\WinSpooler.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Phyllis\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Phyllis.exe
C:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fordf150.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14134 bytes

======Scheduled tasks folder======

C:\Windows\tasks\CAAntiSpywareScan_Daily as Phyllis at 5 53 AM.job
C:\Windows\tasks\User_Feed_Synchronization-{411030C0-F2D3-4C34-B6AF-8C299ECA3988}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-07-25 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-07-08 159744]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-05-18 181744]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-06-12 554552]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-16 71176]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-05-11 472632]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-07-25 77824]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2007-08-17 177416]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2007-12-27 14088]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2007-08-20 230664]
"cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-09-13 1193200]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-09-13 173296]
""= []
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-19 8462336]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-19 81920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\Windows\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
""=""
"C:\Program Files\Vongo\VongoService.exe"="C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService"

======List of files/folders created in the last 1 months======

2008-12-09 01:54:52 ----D---- C:\rsit
2008-12-09 01:19:19 ----D---- C:\Program Files\Trend Micro
2008-12-09 01:04:45 ----D---- C:\Users\Phyllis\AppData\Roaming\PC Tools
2008-12-09 01:04:45 ----D---- C:\Program Files\Spyware Doctor
2008-12-09 00:24:09 ----D---- C:\VundoFix Backups
2008-12-08 23:42:48 ----A---- C:\Windows\system32\WinSpooler.exe
2008-12-08 23:42:46 ----A---- C:\Windows\system32\rar.exe
2008-12-06 19:04:36 ----D---- C:\ProgramData\LightScribe
2008-12-03 19:18:33 ----A---- C:\Windows\system32\wups2.dll
2008-12-03 19:18:33 ----A---- C:\Windows\system32\wuauclt.exe
2008-12-03 19:18:32 ----A---- C:\Windows\system32\wucltux.dll
2008-12-03 19:18:32 ----A---- C:\Windows\system32\wuaueng.dll
2008-12-03 19:17:21 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-03 19:17:21 ----A---- C:\Windows\system32\wuapp.exe
2008-11-25 17:09:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 17:09:24 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 17:09:23 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 17:09:23 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 17:09:21 ----A---- C:\Windows\system32\connect.dll
2008-11-21 00:51:48 ----D---- C:\ProgramData\WindowsSearch
2008-11-21 00:48:10 ----D---- C:\ProgramData\Propellerhead Software
2008-11-21 00:48:10 ----A---- C:\Users\Phyllis\AppData\Roaming\REX Shared Library.dll
2008-11-21 00:48:09 ----D---- C:\Users\Phyllis\AppData\Roaming\Propellerhead Software
2008-11-21 00:48:09 ----A---- C:\Users\Phyllis\AppData\Roaming\Rewire.dll
2008-11-21 00:47:32 ----D---- C:\Program Files\Propellerhead
2008-11-11 18:19:10 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 18:19:06 ----A---- C:\Windows\system32\msxml6.dll
2008-11-11 04:29:11 ----D---- C:\Program Files\Common Files\Apple
2008-11-11 04:29:01 ----D---- C:\Program Files\QuickTime
2008-11-11 04:29:00 ----D---- C:\ProgramData\Apple Computer
2008-11-11 04:25:41 ----D---- C:\ProgramData\Apple
2008-11-11 04:25:41 ----D---- C:\Program Files\Apple Software Update

======List of files/folders modified in the last 1 months======

2008-12-09 01:54:47 ----D---- C:\Windows\Temp
2008-12-09 01:35:55 ----AD---- C:\ProgramData\TEMP
2008-12-09 01:35:34 ----SD---- C:\Windows\Downloaded Program Files
2008-12-09 01:35:34 ----D---- C:\Windows\System32
2008-12-09 01:19:19 ----RD---- C:\Program Files
2008-12-09 01:07:40 ----D---- C:\Windows\inf
2008-12-09 01:07:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-09 01:06:40 ----D---- C:\Windows\system32\drivers
2008-12-09 01:04:06 ----D---- C:\Windows\Prefetch
2008-12-09 00:57:51 ----D---- C:\Users\Phyllis\AppData\Roaming\LimeWire
2008-12-09 00:57:06 ----D---- C:\Program Files\Adobe
2008-12-09 00:56:39 ----D---- C:\Program Files\Common Files\Adobe
2008-12-09 00:54:51 ----SHD---- C:\System Volume Information
2008-12-09 00:53:53 ----D---- C:\ProgramData
2008-12-09 00:53:53 ----D---- C:\Program Files\Common Files
2008-12-09 00:18:00 ----D---- C:\Users\Phyllis\AppData\Roaming\Adobe
2008-12-09 00:17:49 ----D---- C:\ProgramData\Adobe
2008-12-09 00:17:35 ----D---- C:\Windows\rescache
2008-12-08 23:56:31 ----D---- C:\Windows\SMINST
2008-12-03 19:26:16 ----D---- C:\Windows\winsxs
2008-12-03 19:19:43 ----D---- C:\Windows\system32\catroot
2008-12-03 19:19:33 ----D---- C:\Windows\system32\en-US
2008-11-25 17:09:14 ----D---- C:\Windows\system32\catroot2
2008-11-24 19:42:22 ----SHD---- C:\Windows\Installer
2008-11-24 19:42:22 ----D---- C:\ProgramData\Microsoft Help
2008-11-24 19:42:13 ----D---- C:\ProgramData\CyberLink
2008-11-17 06:03:48 ----D---- C:\Windows
2008-11-10 06:14:43 ----D---- C:\Windows\Microsoft.NET
2008-11-10 06:14:10 ----RSD---- C:\Windows\assembly
2008-11-10 06:03:28 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 KmxAgent;KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFilter;HIPS Core Filter Driver; C:\Windows\system32\DRIVERS\KmxFilter.sys [2007-10-18 51728]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R1 VETEFILE;VET File Scan Engine; C:\Windows\system32\drivers\VETEFILE.sys [2008-09-13 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\Windows\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\Windows\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\Windows\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\Windows\system32\drivers\VET-REC.sys [2007-08-20 21128]
R2 KmxCF;KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [2008-06-24 138744]
R2 KmxSbx;KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-23 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-22 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-27 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-07-07 155136]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 80688]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 16560]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-06 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-06 207360]
R3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2008-08-25 40840]
R3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-08-25 66952]
R3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-08-25 81288]
R3 KmxCfg;KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-06 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-19 7563744]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-07-25 115000]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 VETEBOOT;VET Boot Scan Engine; C:\Windows\system32\drivers\VETEBOOT.sys [2008-09-13 108368]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-06 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-29 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-05-18 266339]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-05-18 106593]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-16 61440]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-04 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2007-08-20 242952]
R2 Vongo Service;Vongo Service; C:\Program Files\Vongo\VongoService.exe [2007-03-29 176128]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-27 386560]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2007-08-17 214280]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-17 189704]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]

-----------------EOF-----------------




And the info.txt:


info.txt logfile of random's system information tool 1.04 2008-12-09 01:55:28

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -ISprVenza.INF
EA Link-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1033
ESU for Microsoft Vista-->MsiExec.exe /X{50681864-CDFD-4F11-9169-FD81A368E758}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\UIU32m.EXE -U -IwqcVenz.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{48903BD9-1C48-47BF-85CB-ED7514823992}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{755C609D-5792-4136-A0D8-0513E04D4EBE}
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP QuickTouch 1.00 C1-->MsiExec.exe /I{53933198-468C-437C-B8D8-1150B3102196}
HP Total Care Advisor-->MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0060-->MsiExec.exe /I{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}
HP Wireless Assistant-->MsiExec.exe /I{0289B18A-F99F-423F-B79F-1150D0F85492}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSCU for Microsoft Vista-->MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickPlay SlingPlayer 0.3.0-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Reason 3.0.4-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x9 anything
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
SlingPlayer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Sims™ Life Stories-->MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
VirtuaGirl HD-->C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
Virtual Engine Calculator Advanced-->MsiExec.exe /I{13FC7B28-A757-4E4B-A25B-9D0078518893}
Vongo-->MsiExec.exe /X{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}
WhiteCap-->C:\Program Files\SoundSpectrum\WhiteCap\Uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe

======Security center information======

AV: CA Anti-Virus
AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
FW: CA Personal Firewall
AS: Windows Defender
AS: CA Anti-Spyware
AS: Norton Internet Security (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"USERPART"=E:
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------


I need this thing off of here, help will be greatly appreciated or this computer is going to end up with a cracked and disconnected screen...please help me.


EDIT: I successfully changed one of the winspooler files to CA Security Center's .EFW file extension and I am no longer bother by popups, so the computer will remain in one peice, but winspooler and it's componants are still here and I still need to get rid of it.

Edited by Brother William, 11 December 2008 - 01:31 PM.


#3 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:04:05 AM

Posted 16 December 2008 - 10:14 PM

Greetings Brother William...Welcome to the Forums, and thanks for your patience.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please post back the following on your next reply:

C:\ComboFix.txt
New HijackThis log.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#4 Brother William

Brother William
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 18 December 2008 - 02:29 AM

I almost completely forgot about this.

I will do everything this afternoon and repost with a new hijack log, but I don't have XP, I have VISTA and it says to use the Windows DVD which I do not have.

Edited by Brother William, 18 December 2008 - 02:44 AM.


#5 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:04:05 AM

Posted 18 December 2008 - 11:56 AM

You can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#6 Brother William

Brother William
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 18 December 2008 - 02:16 PM

C:\ComboFix.txt
New HijackThis log.




When I ran ComboFix, it completed a Stage 32A and went to Stage 50 instead of 41(instructions say it's normal I believe?). then it said that it couldn't run creg.??? it flashed to quickly for me to see it all. When it was finnished, before it gave me the log, there was a window that popped up saying "Find string (QGREP) Utility has stopped working." and it never reformatted my clock back to normal.


But here are the logs


ComboFix Log

ComboFix 08-12-17.01 - Phyllis 2008-12-18 13:49:15.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.200 [GMT -5:00]
Running from: c:\users\Phyllis\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.

2008-12-18 13:16 . 2008-12-18 13:16 6,736 --a------ c:\windows\System32\drivers\PROCEXP90.SYS
2008-12-17 17:00 . 2008-12-17 17:00 <DIR> d-------- c:\users\Phyllis\AppData\Roaming\InstallShield
2008-12-15 03:05 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-14 01:22 . 2008-12-17 13:46 <DIR> d-------- c:\users\All Users\Google Updater
2008-12-14 01:22 . 2008-12-17 13:46 <DIR> d-------- c:\programdata\Google Updater
2008-12-14 01:22 . 2008-12-14 01:25 <DIR> d-------- c:\program files\Google
2008-12-11 20:42 . 2008-10-31 20:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 20:42 . 2008-10-15 23:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 20:42 . 2008-10-21 00:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 20:42 . 2008-10-31 22:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 20:41 . 2008-10-29 01:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 20:41 . 2008-06-22 20:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 20:41 . 2008-10-15 21:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-11 20:41 . 2008-06-22 20:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 20:41 . 2008-06-22 20:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 01:54 . 2008-12-09 01:55 <DIR> d-------- C:\rsit
2008-12-09 01:19 . 2008-12-09 01:19 <DIR> d-------- c:\program files\Trend Micro
2008-12-09 01:04 . 2008-12-09 01:04 <DIR> d-------- c:\users\Phyllis\AppData\Roaming\PC Tools
2008-12-09 01:04 . 2008-12-09 01:13 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-09 01:04 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-12-09 01:04 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-12-09 01:04 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-12-09 01:04 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-12-09 00:24 . 2008-12-09 00:24 <DIR> d-------- C:\VundoFix Backups
2008-12-08 23:42 . 2008-12-08 23:53 37,888 --a------ c:\windows\System32\rar.exe
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\users\All Users\LightScribe
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\programdata\LightScribe
2008-12-03 19:18 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 19:18 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 19:18 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 19:18 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 19:17 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 19:17 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 19:17 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 19:17 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 19:17 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-25 17:09 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 17:09 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 17:09 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 17:09 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 17:09 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-21 00:51 . 2008-11-21 00:51 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-21 00:51 . 2008-11-21 00:51 <DIR> d-------- c:\programdata\WindowsSearch
2008-11-21 00:48 . 2008-11-21 01:20 <DIR> d-------- c:\users\Phyllis\AppData\Roaming\Propellerhead Software
2008-11-21 00:48 . 2008-11-21 00:48 <DIR> d-------- c:\users\All Users\Propellerhead Software
2008-11-21 00:48 . 2008-11-21 00:48 <DIR> d-------- c:\programdata\Propellerhead Software
2008-11-21 00:48 . 2008-11-21 00:48 233,472 --a------ c:\users\Phyllis\AppData\Roaming\REX Shared Library.dll
2008-11-21 00:48 . 2008-11-21 00:48 225,280 --a------ c:\users\Phyllis\AppData\Roaming\Rewire.dll
2008-11-21 00:47 . 2008-11-21 00:47 <DIR> d-------- c:\program files\Propellerhead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 07:00 54,527 ----a-w c:\users\Phyllis\AppData\Roaming\nvModes.dat
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-12-16 05:01 167,690 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-12-16 00:15 --------- d-----w c:\users\Phyllis\AppData\Roaming\LimeWire
2008-12-15 08:16 --------- d-----w c:\program files\Windows Mail
2008-12-09 07:16 --------- d---a-w c:\programdata\TEMP
2008-12-09 05:56 --------- d-----w c:\program files\Common Files\Adobe
2008-11-25 00:42 --------- d-----w c:\programdata\Microsoft Help
2008-11-25 00:42 --------- d-----w c:\programdata\CyberLink
2008-11-11 09:30 --------- d-----w c:\program files\QuickTime
2008-11-11 09:29 --------- d-----w c:\programdata\Apple Computer
2008-11-11 09:29 --------- d-----w c:\program files\Common Files\Apple
2008-11-11 09:25 --------- d-----w c:\programdata\Apple
2008-11-11 09:25 --------- d-----w c:\program files\Apple Software Update
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-23 03:09 --------- d-----w c:\programdata\WildTangent
2008-10-22 20:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2008-10-12 23:13 152,920 ----a-w c:\windows\System32\vghd.scr
2008-10-06 15:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-22 18:03 174 --sha-w c:\program files\desktop.ini
2008-09-20 20:08 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-20 20:08 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-03-04 21:14 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-04 21:14 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-04 21:14 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-05-18 181744]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-06-12 554552]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-07-25 77824]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-17 177416]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-12-27 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-13 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-13 173296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-19 8462336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-19 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-07-25 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 17:30 79368 c:\windows\System32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{36891B2F-5C11-4905-AADE-21B3967AD26D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADF6C260-7712-48A5-A01E-268F87B58425}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27AB2FCC-ECCE-4EDB-A911-6EB057F565D4}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{F2C27B35-909D-4904-80C7-52AD20DF8B5E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8470189F-6F70-42D9-8ACD-BC6AE5B4E95F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4BD43095-B682-4288-8CDC-3D67CBEB816D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{54051A4B-5A08-42B6-AC17-D8245F94F131}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E946F12E-C43A-488A-B21E-613CF6F903DF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1EDD8845-D07C-4514-9FA3-884F8B771BFE}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7AD59B55-E581-425C-AC65-4BB58662909B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{17EEE207-E92A-422B-AD84-0DE90522F605}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{EA85972B-FB40-423D-9963-91A08C4EC56E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{F87BA8CB-E373-43DC-9DBD-CD47CCFC2349}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1D557A9B-18CB-495B-B9E4-3466FF8CDB7E}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{E651EBF2-DB30-46BF-BACC-DCCB9055D783}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{0D76F11C-1F9E-4B5A-9D81-BB16EDE6391F}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{C351F1EB-7045-4655-AC87-78E01D47341F}c:\\program files\\wyzo\\wyzo.exe"= UDP:c:\program files\wyzo\wyzo.exe:Wyzo
"UDP Query User{8EFA976B-D4FA-4C64-BC0F-9608B176E66A}c:\\program files\\wyzo\\wyzo.exe"= TCP:c:\program files\wyzo\wyzo.exe:Wyzo
"{E1039FED-745D-4CEC-A416-7C56F9408E08}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{04403DC7-A51E-44E5-876F-D0EC8336A477}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 103952]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [2007-10-18 51728]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 138744]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-04 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2008-06-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-17 189704]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-09 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2007-12-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Phyllis at 5 53 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 00:10]

2008-12-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 01:22]

2008-12-18 c:\windows\Tasks\User_Feed_Synchronization-{411030C0-F2D3-4C34-B6AF-8C299ECA3988}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-<NO NAME> - (no file)


.
------- File Associations -------
.
regedit=regedit.exe "%1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 13:52:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2008-12-18 13:59:57
ComboFix-quarantined-files.txt 2008-12-18 18:59:52

Pre-Run: 89,834,819,584 bytes free
Post-Run: 89,804,017,664 bytes free

244 --- E O F --- 2008-12-18 18:02:23







HijackThis Log





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10, on 2008-12-18
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fordf150.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11308 bytes

Edited by Brother William, 18 December 2008 - 02:17 PM.


#7 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:04:05 AM

Posted 18 December 2008 - 10:40 PM

Make sure these are disabled:
Spyware Doctor
Windows Defender
CA Internet Security


Uninstall the following software:
LimeWire
Adobe Reader 8.0
(Out of date...download the latest version Here).
Wyzo
Symantec
Live Update
Norton Antivirus


Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

File::
c:\windows\System32\vghd.scr


Folder::
c:\users\Phyllis\AppData\Roaming\LimeWire
c:\program files\limewire
c:\program files\wyzo


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{17EEE207-E92A-422B-AD84-0DE90522F605}c:\program files\limewire\limewire.exe"=-
User{EA85972B-FB40-423D-9963-91A08C4EC56E}c:\program files\limewire\limewire.exe"=-
"TCP Query User{C351F1EB-7045-4655-AC87-78E01D47341F}c:\program files\wyzo\wyzo.exe"=- User{8EFA976B-D4FA-4C64-BC0F-9608B176E66A}c:\program files\wyzo\wyzo.exe"=-

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#8 Brother William

Brother William
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 18 December 2008 - 10:47 PM

I disabled the windows firewall and CA firewall and snoozed CA antivirus for 2 hours. Have tried to uninstall Wyzo but it said that I don't have the right tom just like trying to rename the winspooler files. My account type is the only one on the computer and I am the admin.

#9 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:04:05 AM

Posted 19 December 2008 - 08:39 AM

OK...can you continue with the rest of the instruction?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#10 Brother William

Brother William
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 20 December 2008 - 07:26 PM

The creg is a dat file. Creg.dat It now says at the end of the section scan that the file doesn't exist and still gives me the messege about the utility before I get the log. Windows Defender doesn't seem to be able to be disabled as it is a scan. I told it not to automaticly scan and the firewalls were off while CompFix was running. Cannot find anything in regards to Norton Anitvirus on this computer and to my knowledge it has never had it. The Wyzo folder doesn't exist according to the search (I copied and pasted it into the copmuter browser and I got a messege saying it doesn't exist). Symantec Live Updater was uninstaller before I ran it this time.

The new log.


7:15 PM 12/20/08ComboFix 08-12-17.01 - Phyllis 2008-12-20 18:55:18.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.232 [GMT -5:00]
Running from: c:\users\Phyllis\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-18 13:16 . 2008-12-18 13:16 6,736 --a------ c:\windows\System32\drivers\PROCEXP90.SYS
2008-12-17 17:00 . 2008-12-17 17:00 <DIR> d-------- c:\users\Phyllis\AppData\Roaming\InstallShield
2008-12-15 03:05 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-14 01:22 . 2008-12-20 17:28 <DIR> d-------- c:\users\All Users\Google Updater
2008-12-14 01:22 . 2008-12-20 17:28 <DIR> d-------- c:\programdata\Google Updater
2008-12-14 01:22 . 2008-12-14 01:25 <DIR> d-------- c:\program files\Google
2008-12-11 20:42 . 2008-10-31 20:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 20:42 . 2008-10-15 23:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 20:42 . 2008-10-21 00:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 20:42 . 2008-10-31 22:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 20:41 . 2008-10-29 01:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 20:41 . 2008-06-22 20:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 20:41 . 2008-10-15 21:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-11 20:41 . 2008-06-22 20:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 20:41 . 2008-06-22 20:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 01:54 . 2008-12-09 01:55 <DIR> d-------- C:\rsit
2008-12-09 01:19 . 2008-12-09 01:19 <DIR> d-------- c:\program files\Trend Micro
2008-12-09 01:04 . 2008-12-09 01:04 <DIR> d-------- c:\users\Phyllis\AppData\Roaming\PC Tools
2008-12-09 01:04 . 2008-12-09 01:13 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-09 01:04 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-12-09 01:04 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-12-09 01:04 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-12-09 01:04 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-12-09 00:24 . 2008-12-09 00:24 <DIR> d-------- C:\VundoFix Backups
2008-12-08 23:42 . 2008-12-08 23:53 37,888 --a------ c:\windows\System32\rar.exe
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\users\All Users\LightScribe
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\programdata\LightScribe
2008-12-03 19:18 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 19:18 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 19:18 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 19:18 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 19:17 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 19:17 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 19:17 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 19:17 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 19:17 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-25 17:09 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 17:09 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 17:09 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 17:09 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 17:09 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-21 00:51 . 2008-11-21 00:51 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-21 00:51 . 2008-11-21 00:51 <DIR> d-------- c:\programdata\WindowsSearch
2008-11-21 00:48 . 2008-11-21 01:20 <DIR> d-------- c:\users\Phyllis\AppData\Roaming\Propellerhead Software
2008-11-21 00:48 . 2008-11-21 00:48 <DIR> d-------- c:\users\All Users\Propellerhead Software
2008-11-21 00:48 . 2008-11-21 00:48 <DIR> d-------- c:\programdata\Propellerhead Software
2008-11-21 00:48 . 2008-11-21 00:48 233,472 --a------ c:\users\Phyllis\AppData\Roaming\REX Shared Library.dll
2008-11-21 00:48 . 2008-11-21 00:48 225,280 --a------ c:\users\Phyllis\AppData\Roaming\Rewire.dll
2008-11-21 00:47 . 2008-11-21 00:47 <DIR> d-------- c:\program files\Propellerhead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 22:29 --------- d-----w c:\program files\vghd
2008-12-20 22:28 54,527 ----a-w c:\users\Phyllis\AppData\Roaming\nvModes.dat
2008-12-20 22:24 --------- d-----w c:\program files\Symantec
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-12-16 05:01 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-12-16 05:01 167,690 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-12-16 00:15 --------- d-----w c:\users\Phyllis\AppData\Roaming\LimeWire
2008-12-15 08:16 --------- d-----w c:\program files\Windows Mail
2008-12-09 07:16 --------- d---a-w c:\programdata\TEMP
2008-12-09 05:56 --------- d-----w c:\program files\Common Files\Adobe
2008-11-25 00:42 --------- d-----w c:\programdata\Microsoft Help
2008-11-25 00:42 --------- d-----w c:\programdata\CyberLink
2008-11-11 09:30 --------- d-----w c:\program files\QuickTime
2008-11-11 09:29 --------- d-----w c:\programdata\Apple Computer
2008-11-11 09:29 --------- d-----w c:\program files\Common Files\Apple
2008-11-11 09:25 --------- d-----w c:\programdata\Apple
2008-11-11 09:25 --------- d-----w c:\program files\Apple Software Update
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-23 03:09 --------- d-----w c:\programdata\WildTangent
2008-10-22 20:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2008-10-12 23:13 152,920 ----a-w c:\windows\System32\vghd.scr
2008-10-06 15:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-22 18:03 174 --sha-w c:\program files\desktop.ini
2008-09-20 20:08 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-20 20:08 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-03-04 21:14 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-04 21:14 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-04 21:14 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-18_13.28.49.97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-16 05:02:37 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-20 22:28:14 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-16 05:02:37 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-20 22:28:14 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-16 05:02:37 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-20 22:28:14 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-18 17:57:33 300,614 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-20 22:11:03 301,506 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-05-18 181744]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-06-12 554552]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-07-25 77824]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-17 177416]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-12-27 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-13 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-13 173296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-19 8462336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-19 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-07-25 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 17:30 79368 c:\windows\System32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{36891B2F-5C11-4905-AADE-21B3967AD26D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADF6C260-7712-48A5-A01E-268F87B58425}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27AB2FCC-ECCE-4EDB-A911-6EB057F565D4}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{F2C27B35-909D-4904-80C7-52AD20DF8B5E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8470189F-6F70-42D9-8ACD-BC6AE5B4E95F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4BD43095-B682-4288-8CDC-3D67CBEB816D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{54051A4B-5A08-42B6-AC17-D8245F94F131}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E946F12E-C43A-488A-B21E-613CF6F903DF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1EDD8845-D07C-4514-9FA3-884F8B771BFE}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7AD59B55-E581-425C-AC65-4BB58662909B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{17EEE207-E92A-422B-AD84-0DE90522F605}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{EA85972B-FB40-423D-9963-91A08C4EC56E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{F87BA8CB-E373-43DC-9DBD-CD47CCFC2349}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1D557A9B-18CB-495B-B9E4-3466FF8CDB7E}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{E651EBF2-DB30-46BF-BACC-DCCB9055D783}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{0D76F11C-1F9E-4B5A-9D81-BB16EDE6391F}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{C351F1EB-7045-4655-AC87-78E01D47341F}c:\\program files\\wyzo\\wyzo.exe"= UDP:c:\program files\wyzo\wyzo.exe:Wyzo
"UDP Query User{8EFA976B-D4FA-4C64-BC0F-9608B176E66A}c:\\program files\\wyzo\\wyzo.exe"= TCP:c:\program files\wyzo\wyzo.exe:Wyzo
"{E1039FED-745D-4CEC-A416-7C56F9408E08}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{04403DC7-A51E-44E5-876F-D0EC8336A477}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 103952]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [2007-10-18 51728]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 138744]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-04 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2008-06-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-17 189704]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-09 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2007-12-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Phyllis at 5 53 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 00:10]

2008-12-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 01:22]

2008-12-20 c:\windows\Tasks\User_Feed_Synchronization-{411030C0-F2D3-4C34-B6AF-8C299ECA3988}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-<NO NAME> - (no file)


.
------- File Associations -------
.
regedit=regedit.exe "%1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 19:06:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'Explorer.exe'(3596)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2008-12-20 19:14:45
ComboFix-quarantined-files.txt 2008-12-21 00:14:12
ComboFix2.txt 2008-12-18 18:59:59

Pre-Run: 90,561,155,072 bytes free
Post-Run: 90,530,467,840 bytes free

256 --- E O F --- 2008-12-18 18:02:23

#11 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:04:05 AM

Posted 20 December 2008 - 11:48 PM

Uninstall windows defender. We can reinstall it when the system is cleaned.

In Windows Vista, your account is limited...often, utilities need to run as "Administrator" in order to elevate the privilege needed to perform the intended function. Combofix is one of these. Think of the combofix.exe on your desktop as a "shortcut". All shortcuts in Windows Vista have a special property that you can set that will allow the application to run as Administrator.

To set this property, just right-click on any shortcut (specifically in this case, "Combofix.exe"), and click the Advanced button on the Shortcut page to get to the Advanced Properties dialog. You'll see a dialog with a checkbox for "Run as administrator"...check that box and click "Apply" and "OK". From now on, the application will always run as administrator if you use the shortcut to launch it. (You'll be prompted by UAC if you have it enabled).

Next, please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

File::
c:\windows\System32\vghd.scr


Folder::
c:\users\Phyllis\AppData\Roaming\LimeWire
c:\program files\limewire
c:\program files\wyzo
c:\program files\vghd
c:\program files\Symantec
c:\program files\Common Files\Symantec Shared


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{17EEE207-E92A-422B-AD84-0DE90522F605}c:\program files\limewire\limewire.exe"=-
User{EA85972B-FB40-423D-9963-91A08C4EC56E}c:\program files\limewire\limewire.exe"=-
"TCP Query User{C351F1EB-7045-4655-AC87-78E01D47341F}c:\program files\wyzo\wyzo.exe"=- User{8EFA976B-D4FA-4C64-BC0F-9608B176E66A}c:\program files\wyzo\wyzo.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#12 Brother William

Brother William
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 22 December 2008 - 10:31 AM

Looks like I completely missed that somehow. I will retern results by tomorrow.

#13 Brother William

Brother William
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 23 December 2008 - 04:31 PM

Could not find anything to uninstall Windows Defender.

Still gave me the "Utility has stopped working" messege.

NOT really happy about all my music being deleted............

The first time I ran it this time around, the computer decided to turn the screen off. I have it set to NEVER turn the screen off while plugged in...and it was plugged in, so ComboFix froze that time. The second time, after it gave me the log report it didn't restore my clock because the entire toolbar and all desktop icon were gone and they didn't return until I restarted the computer.



LOG


ComboFix 08-12-17.01 - Phyllis 2008-12-23 15:51:46.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.230 [GMT -5:00]
Running from: c:\users\Phyllis\Desktop\ComboFix.exe
Command switches used :: c:\users\Phyllis\Desktop\CFScript.txt

FILE ::
c:\windows\System32\vghd.scr
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppPlg32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppReg32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppSch32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppSet32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppTrc32.dll
c:\program files\Common Files\Symantec Shared\ccALEng.dll
c:\program files\Common Files\Symantec Shared\ccAlert.dll
c:\program files\Common Files\Symantec Shared\ccApp.exe
c:\program files\Common Files\Symantec Shared\ccEmlPxy.dll
c:\program files\Common Files\Symantec Shared\ccErrDsp.dll
c:\program files\Common Files\Symantec Shared\ccEvtCli.dll
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtPlg.dll
c:\program files\Common Files\Symantec Shared\ccInst.dll
c:\program files\Common Files\Symantec Shared\ccL60.dll
c:\program files\Common Files\Symantec Shared\ccL60U.dll
c:\program files\Common Files\Symantec Shared\ccLgView.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\ccProd.dll
c:\program files\Common Files\Symantec Shared\ccProSub.dll
c:\program files\Common Files\Symantec Shared\ccScanW.dll
c:\program files\Common Files\Symantec Shared\ccSet.dll
c:\program files\Common Files\Symantec Shared\ccSetEvt.dll
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetPlg.dll
c:\program files\Common Files\Symantec Shared\ccSvc.dll
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\ccVrTrst.dll
c:\program files\Common Files\Symantec Shared\ccWebWnd.dll
c:\program files\Common Files\Symantec Shared\dec_abi.dll
c:\program files\Common Files\Symantec Shared\DefUtDCD.dll
c:\program files\Common Files\Symantec Shared\ecmldr32.DLL
c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM
c:\program files\Common Files\Symantec Shared\IDS\DefUTDCD.dll
c:\program files\Common Files\Symantec Shared\IDS\IDSAux.dll
c:\program files\Common Files\Symantec Shared\IDS\IdsInst.exe
c:\program files\Common Files\Symantec Shared\IDS\IPSPlug.dll
c:\program files\Common Files\Symantec Shared\IDS\Patch25.dll
c:\program files\Common Files\Symantec Shared\MSL\msl.dll
c:\program files\Common Files\Symantec Shared\rcAlert.dll
c:\program files\Common Files\Symantec Shared\rcApp.dll
c:\program files\Common Files\Symantec Shared\rcEmlPxy.dll
c:\program files\Common Files\Symantec Shared\rcErrDsp.dll
c:\program files\Common Files\Symantec Shared\rcLgView.dll
c:\program files\Common Files\Symantec Shared\rcSvcHst.dll
c:\program files\Common Files\Symantec Shared\SEVINST.EXE
c:\program files\Common Files\Symantec Shared\SNDSvc.dll
c:\program files\Common Files\Symantec Shared\SNDunin.dll
c:\program files\Common Files\Symantec Shared\SPManifests\AppCore.grd
c:\program files\Common Files\Symantec Shared\SPManifests\AppCore.sig
c:\program files\Common Files\Symantec Shared\SPManifests\AppCore.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ccCmn62.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ccCmn62.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ccCmn62.spm
c:\program files\Common Files\Symantec Shared\SPManifests\CIDS.GRD
c:\program files\Common Files\Symantec Shared\SPManifests\CIDS.SIG
c:\program files\Common Files\Symantec Shared\SPManifests\CIDS.SPM
c:\program files\Common Files\Symantec Shared\SPManifests\dec_abi.grd
c:\program files\Common Files\Symantec Shared\SPManifests\dec_abi.sig
c:\program files\Common Files\Symantec Shared\SPManifests\dec_abi.spm
c:\program files\Common Files\Symantec Shared\SPManifests\MSLight.grd
c:\program files\Common Files\Symantec Shared\SPManifests\MSLight.sig
c:\program files\Common Files\Symantec Shared\SPManifests\MSLight.spm
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.grd
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.sig
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.spm
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
c:\program files\Common Files\Symantec Shared\SymNeti.dll
c:\program files\Common Files\Symantec Shared\SymRedir.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.loc
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\ccL60U.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\msvcp71.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\msvcr71.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\Setup\Setup\APP\isRes.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\Support\Reporter\Reporter.exe
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\Support\Reporter\Reporter.loc
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\SymHTML.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\SymTheme.dll
c:\program files\limewire
c:\program files\limewire\.NetworkShare\LimeWireWin4.18.6.exe
c:\program files\limewire\Buy LimeWire PRO.url
c:\program files\limewire\COPYING
c:\program files\limewire\data.ser
c:\program files\limewire\inspection.props
c:\program files\limewire\install.log
c:\program files\limewire\language.prop
c:\program files\limewire\lib\aopalliance.jar
c:\program files\limewire\lib\clink.jar
c:\program files\limewire\lib\commons-codec-1.3.jar
c:\program files\limewire\lib\commons-logging.jar
c:\program files\limewire\lib\commons-net.jar
c:\program files\limewire\lib\daap.jar
c:\program files\limewire\lib\dnsjava.jar
c:\program files\limewire\lib\forms.jar
c:\program files\limewire\lib\foxtrot.jar
c:\program files\limewire\lib\gettext-commons.jar
c:\program files\limewire\lib\guice-1.0.jar
c:\program files\limewire\lib\hashes
c:\program files\limewire\lib\hsqldb.jar
c:\program files\limewire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\limewire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\limewire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\limewire\lib\icu4j.jar
c:\program files\limewire\lib\jaudiotagger.jar
c:\program files\limewire\lib\jcraft.jar
c:\program files\limewire\lib\jdic.dll
c:\program files\limewire\lib\jdic.jar
c:\program files\limewire\lib\jdic_stub.jar
c:\program files\limewire\lib\jflac.jar
c:\program files\limewire\lib\jl.jar
c:\program files\limewire\lib\jmdns.jar
c:\program files\limewire\lib\jogg.jar
c:\program files\limewire\lib\jorbis.jar
c:\program files\limewire\lib\LimeWire.ico
c:\program files\limewire\lib\LimeWire.jar
c:\program files\limewire\lib\log4j.jar
c:\program files\limewire\lib\log4j.properties
c:\program files\limewire\lib\looks.jar
c:\program files\limewire\lib\messages.jar
c:\program files\limewire\lib\mp3spi.jar
c:\program files\limewire\lib\onion-common.jar
c:\program files\limewire\lib\onion-fec.jar
c:\program files\limewire\lib\ProgressTabs.jar
c:\program files\limewire\lib\swt.jar
c:\program files\limewire\lib\SystemUtilities.dll
c:\program files\limewire\lib\SystemUtilitiesA.dll
c:\program files\limewire\lib\themes.jar
c:\program files\limewire\lib\tray.dll
c:\program files\limewire\lib\tritonus.jar
c:\program files\limewire\lib\vorbisspi.jar
c:\program files\limewire\LimeWire On Startup.lnk
c:\program files\limewire\LimeWire.exe
c:\program files\limewire\LimeWire.ico
c:\program files\limewire\pmf.ico
c:\program files\limewire\root\magnet10\badge.img
c:\program files\limewire\root\magnet10\canHandle.img
c:\program files\limewire\root\magnet10\limewire.gif
c:\program files\limewire\root\magnet10\options.js
c:\program files\limewire\root\magnet10\silentdetect.js
c:\program files\limewire\SOURCE
c:\program files\limewire\spacer.gif
c:\program files\limewire\uninstall.exe
c:\program files\limewire\unpack.log
c:\program files\Symantec
c:\program files\Symantec\S32EVNT1.DLL
c:\users\Phyllis\AppData\Roaming\LimeWire
c:\users\Phyllis\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Phyllis\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Phyllis\AppData\Roaming\LimeWire\downloads.dat
c:\users\Phyllis\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Phyllis\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Phyllis\AppData\Roaming\LimeWire\filters.props
c:\users\Phyllis\AppData\Roaming\LimeWire\gnutella.net
c:\users\Phyllis\AppData\Roaming\LimeWire\installation.props
c:\users\Phyllis\AppData\Roaming\LimeWire\library.dat
c:\users\Phyllis\AppData\Roaming\LimeWire\limewire.props
c:\users\Phyllis\AppData\Roaming\LimeWire\mojito.props
c:\users\Phyllis\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Phyllis\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Phyllis\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Phyllis\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Phyllis\AppData\Roaming\LimeWire\questions.props
c:\users\Phyllis\AppData\Roaming\LimeWire\responses.cache
c:\users\Phyllis\AppData\Roaming\LimeWire\simpp.xml
c:\users\Phyllis\AppData\Roaming\LimeWire\spam.dat
c:\users\Phyllis\AppData\Roaming\LimeWire\tables.props
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\01_star.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\02_star.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\03_star.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\04_star.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\05_star.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
c:\users\Phyllis\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
c:\users\Phyllis\AppData\Roaming\LimeWire\ttrees.cache
c:\users\Phyllis\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Phyllis\AppData\Roaming\LimeWire\version.xml
c:\users\Phyllis\AppData\Roaming\LimeWire\versions.props
c:\users\Phyllis\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Phyllis\AppData\Roaming\LimeWire\xml\data\video.sxml2
c:\windows\System32\vghd.scr

.
((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-23 15:48 . 2008-12-23 15:48 6,736 --a------ c:\windows\System32\drivers\PROCEXP90.SYS
2008-12-17 17:00 . 2008-12-17 17:00 <DIR> d-------- c:\users\Phyllis\AppData\Roaming\InstallShield
2008-12-15 03:05 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-14 01:22 . 2008-12-23 00:50 <DIR> d-------- c:\users\All Users\Google Updater
2008-12-14 01:22 . 2008-12-23 00:50 <DIR> d-------- c:\programdata\Google Updater
2008-12-14 01:22 . 2008-12-14 01:25 <DIR> d-------- c:\program files\Google
2008-12-11 20:42 . 2008-10-31 20:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 20:42 . 2008-10-15 23:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 20:42 . 2008-10-21 00:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 20:42 . 2008-10-31 22:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 20:41 . 2008-10-29 01:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 20:41 . 2008-06-22 20:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 20:41 . 2008-06-22 20:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 20:41 . 2008-06-22 20:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 01:54 . 2008-12-09 01:55 <DIR> d-------- C:\rsit
2008-12-09 01:19 . 2008-12-09 01:19 <DIR> d-------- c:\program files\Trend Micro
2008-12-09 01:04 . 2008-12-09 01:04 <DIR> d-------- c:\users\Phyllis\AppData\Roaming\PC Tools
2008-12-09 01:04 . 2008-12-09 01:13 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-09 01:04 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-12-09 01:04 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-12-09 01:04 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-12-09 01:04 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-12-09 00:24 . 2008-12-09 00:24 <DIR> d-------- C:\VundoFix Backups
2008-12-08 23:42 . 2008-12-08 23:53 37,888 --a------ c:\windows\System32\rar.exe
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\users\All Users\LightScribe
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\programdata\LightScribe
2008-12-03 19:18 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 19:18 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 19:18 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 19:18 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 19:17 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 19:17 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 19:17 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 19:17 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 19:17 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-25 17:09 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 17:09 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 17:09 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 17:09 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 17:09 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 20:34 69,135 ----a-w c:\users\Phyllis\AppData\Roaming\nvModes.dat
2008-12-23 20:10 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-12-23 20:10 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-12-23 20:10 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-12-23 20:10 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-12-23 20:10 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-12-23 20:10 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-12-23 20:10 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-12-23 20:10 167,690 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-12-15 08:16 --------- d-----w c:\program files\Windows Mail
2008-12-09 07:16 --------- d---a-w c:\programdata\TEMP
2008-12-09 05:56 --------- d-----w c:\program files\Common Files\Adobe
2008-11-25 00:42 --------- d-----w c:\programdata\Microsoft Help
2008-11-25 00:42 --------- d-----w c:\programdata\CyberLink
2008-11-21 06:20 --------- d-----w c:\users\Phyllis\AppData\Roaming\Propellerhead Software
2008-11-21 05:51 --------- d-----w c:\programdata\WindowsSearch
2008-11-21 05:48 233,472 ----a-w c:\users\Phyllis\AppData\Roaming\REX Shared Library.dll
2008-11-21 05:48 225,280 ----a-w c:\users\Phyllis\AppData\Roaming\Rewire.dll
2008-11-21 05:48 --------- d-----w c:\programdata\Propellerhead Software
2008-11-21 05:47 --------- d-----w c:\program files\Propellerhead
2008-11-11 09:30 --------- d-----w c:\program files\QuickTime
2008-11-11 09:29 --------- d-----w c:\programdata\Apple Computer
2008-11-11 09:29 --------- d-----w c:\program files\Common Files\Apple
2008-11-11 09:25 --------- d-----w c:\programdata\Apple
2008-11-11 09:25 --------- d-----w c:\program files\Apple Software Update
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-23 03:09 --------- d-----w c:\programdata\WildTangent
2008-10-22 20:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2008-10-06 15:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-22 18:03 174 --sha-w c:\program files\desktop.ini
2008-03-04 21:14 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-04 21:14 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-04 21:14 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-18_13.28.49.97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-16 05:02:36 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-23 20:36:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-16 05:02:36 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-23 20:36:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-18 18:27:14 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-23 20:37:00 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-18 18:27:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-23 20:38:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-12-16 05:02:37 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-23 20:36:30 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-16 05:02:37 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-23 20:36:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-16 05:02:37 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-23 20:36:30 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-16 04:47:30 3,578,880 ----a-w c:\windows\System32\mshtml.dll
+ 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\System32\mshtml.dll
- 2008-12-16 05:07:58 101,350 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-23 20:41:47 101,350 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-16 05:07:58 595,684 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-23 20:41:47 595,684 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-16 05:01:28 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-12-22 08:11:57 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-12-14 05:32:24 7,868 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4071685419-3697908242-3108088393-1000_UserData.bin
+ 2008-12-23 20:38:33 8,010 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4071685419-3697908242-3108088393-1000_UserData.bin
- 2008-12-14 05:32:24 66,640 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-23 20:38:32 66,790 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-15 08:17:42 5,184 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-12-22 08:11:24 5,184 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-12-10 01:32:13 44,824 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-23 20:32:35 45,250 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-12-18 17:57:33 300,614 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-23 18:10:37 302,178 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-12-15 08:06:19 146,330,376 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-22 08:03:34 148,300,825 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-12 05:45:18 3,593,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16788_none_110e58cc253c9192\mshtml.dll
+ 2008-12-12 05:40:02 3,594,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20973_none_119dc5f73e5693df\mshtml.dll
+ 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18183_none_12ef96002267a3d0\mshtml.dll
+ 2008-12-12 05:47:44 3,579,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22328_none_13bf15ab3b5017ce\mshtml.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-05-18 181744]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-06-12 554552]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-07-25 77824]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-17 177416]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-12-27 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-13 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-13 173296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-19 8462336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-19 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-07-25 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 17:30 79368 c:\windows\System32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{36891B2F-5C11-4905-AADE-21B3967AD26D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADF6C260-7712-48A5-A01E-268F87B58425}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27AB2FCC-ECCE-4EDB-A911-6EB057F565D4}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{F2C27B35-909D-4904-80C7-52AD20DF8B5E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8470189F-6F70-42D9-8ACD-BC6AE5B4E95F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4BD43095-B682-4288-8CDC-3D67CBEB816D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{54051A4B-5A08-42B6-AC17-D8245F94F131}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E946F12E-C43A-488A-B21E-613CF6F903DF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1EDD8845-D07C-4514-9FA3-884F8B771BFE}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7AD59B55-E581-425C-AC65-4BB58662909B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{17EEE207-E92A-422B-AD84-0DE90522F605}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{EA85972B-FB40-423D-9963-91A08C4EC56E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{F87BA8CB-E373-43DC-9DBD-CD47CCFC2349}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1D557A9B-18CB-495B-B9E4-3466FF8CDB7E}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{E651EBF2-DB30-46BF-BACC-DCCB9055D783}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{0D76F11C-1F9E-4B5A-9D81-BB16EDE6391F}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{C351F1EB-7045-4655-AC87-78E01D47341F}c:\\program files\\wyzo\\wyzo.exe"= UDP:c:\program files\wyzo\wyzo.exe:Wyzo
"UDP Query User{8EFA976B-D4FA-4C64-BC0F-9608B176E66A}c:\\program files\\wyzo\\wyzo.exe"= TCP:c:\program files\wyzo\wyzo.exe:Wyzo
"{E1039FED-745D-4CEC-A416-7C56F9408E08}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{04403DC7-A51E-44E5-876F-D0EC8336A477}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 103952]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [2007-10-18 51728]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 138744]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-04 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2008-06-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-17 189704]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-09 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2007-12-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Phyllis at 5 53 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 00:10]

2008-12-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 01:22]

2008-12-23 c:\windows\Tasks\User_Feed_Synchronization-{411030C0-F2D3-4C34-B6AF-8C299ECA3988}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 16:05:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1564)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2008-12-23 16:13:06
ComboFix-quarantined-files.txt 2008-12-23 21:12:47
ComboFix2.txt 2008-12-21 00:14:50
ComboFix3.txt 2008-12-18 18:59:59

Pre-Run: 88,548,327,424 bytes free
Post-Run: 88,562,454,528 bytes free

478 --- E O F --- 2008-12-23 05:48:34

#14 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:04:05 AM

Posted 24 December 2008 - 10:47 AM

Things look much better. Your system should be performing better for you too. One more run should do it.

NOT really happy about all my music being deleted............

Uhmmm...we didn't delete any music. We only deleted these folders and the files they contained:
c:\users\Phyllis\AppData\Roaming\LimeWire
c:\program files\limewire
c:\program files\wyzo
c:\program files\vghd
c:\program files\Symantec
c:\program files\Common Files\Symantec Shared

If your music was stored in the LimeWire folder then yes...it's gone. Did you pay for that music? If so, you should be able to re-download the songs for which you have a license. We could restore anything we have done so far but in so doing, you run the risk of putting the problems back onto your hard disk.

You should consider that these recent issues are a direct result from having used the LimeWire file sharing software. If you downloaded them from LimeWire, it's best to leave things be as they are now and go elsewhere to download your music otherwise, you may one day find that someone else is in control of your computer and will only allow you to use it when they want to relinquish control of it.

Click here for information regarding the risks of using File Sharing software.

Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

Folder::
c:\program files\limewire
c:\program files\wyzo


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{17EEE207-E92A-422B-AD84-0DE90522F605}c:\program files\limewire\limewire.exe"=-
"UDP Query User{EA85972B-FB40-423D-9963-91A08C4EC56E}c:\program files\limewire\limewire.exe"=-
"TCP Query User{C351F1EB-7045-4655-AC87-78E01D47341F}c:\program files\wyzo\wyzo.exe"=-
"UDP Query User{8EFA976B-D4FA-4C64-BC0F-9608B176E66A}c:\program files\wyzo\wyzo.exe"=-

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#15 Brother William

Brother William
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 25 December 2008 - 11:59 PM

Will do and post back.

I more often sent artists about $5 and bypass the label and points sytem for everyone involved, artists get between $0.40 to $0.80 from every album sold because everyone gets their cut before the folks who made it possible. I know it's not the greatest or best way to go about things, but I'm a musician too and it bugs me that people mooch off the artist so much.

BTW, thanks for the help, I really appreciate it, and Merry Christmas!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users