DaveForner Posted October 31, 2008 Report Share Posted October 31, 2008 Logfile of HijackThis v1.99.1Scan saved at 10:55:20 AM, on 31/10/2008Platform: Unknown Windows (WinNT 6.00.1905 SP1)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Running processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Hewlett-Packard\Shared\HpqToaster.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\conime.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Users\Rebecca\Documents\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: (no name) - {0A43AB64-3AB7-46C5-9FF5-5F718367B9E3} - C:\Windows\system32\pmnoLefC.dll (file missing)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: (no name) - {4C0DC6B2-37ED-422E-97FE-E3C58E9D595F} - C:\Windows\system32\tuvsSlmN.dll (file missing)O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {D89F0CA9-B1FB-4266-8AFF-5A066D26F4AC} - C:\Windows\system32\yayvWppO.dll (file missing)O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeO4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnoLefC.dll,#1O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Rebecca\AppData\Local\Temp\byXPJAqn.dll,#1O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dllO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dllO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - AppInit_DLLs: avgrsstx.dllO20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exeO23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exeO23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exeO23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exeO23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe Link to post Share on other sites
jpshortstuff Posted November 3, 2008 Report Share Posted November 3, 2008 Hi, and Welcome to BestTechie My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.Before we begin, you are using an old version of HijackThis that doesn't support Vista. Please remove HijackThis from your computer and download the latest:HijackThis version 2.0.2Download ComboFix by sUBs from here or hereNote: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.**Save it to your desktop**We need to disable one or more of your security programs so that they do not interfere with ComboFix.Please open the AVG Control Center program (if you still have AVG) -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.When you need to enable the AVG Resident Shield, ( I'll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT logNotes:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.I need to see another log from HijackThis. Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post.Thanks. Link to post Share on other sites
DaveForner Posted November 4, 2008 Author Report Share Posted November 4, 2008 (edited) ComboFix LogComboFix 08-11-03.06 - Rebecca 2008-11-04 10:09:09.1 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1711 [GMT -4:00]Running from: c:\users\Rebecca\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\acqvcurf.inic:\windows\System32\CbJPoWFe.inic:\windows\System32\CbJPoWFe.ini2c:\windows\system32\cfqdwgvp.inic:\windows\System32\eNTCfPXx.inic:\windows\System32\eNTCfPXx.ini2c:\windows\system32\KBL.LOGc:\windows\system32\mrtxrwdg.inic:\windows\system32\nfsqhrid.inic:\windows\System32\NmlSsvut.inic:\windows\System32\NmlSsvut.ini2c:\windows\system32\OppWvyay.inic:\windows\System32\OppWvyay.ini2c:\windows\system32\pvgwdqfc.dllc:\windows\System32\Qtsuwyay.inic:\windows\System32\Qtsuwyay.ini2c:\windows\system32\ujnhhxaf.ini.((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))))).2008-10-29 12:07 . 2008-08-11 23:39 443,392 --a------ c:\windows\System32\win32spl.dll2008-10-29 12:07 . 2008-09-18 00:56 147,456 --a------ c:\windows\System32\Faultrep.dll2008-10-29 12:07 . 2008-09-18 00:56 125,952 --a------ c:\windows\System32\wersvc.dll2008-10-26 19:56 . 2008-10-26 19:56 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf2008-10-23 09:04 . 2008-08-05 05:49 428,544 --a------ c:\windows\System32\EncDec.dll2008-10-23 09:04 . 2008-08-05 05:49 293,376 --a------ c:\windows\System32\psisdecd.dll2008-10-23 09:04 . 2008-08-05 05:48 217,088 --a------ c:\windows\System32\psisrndr.ax2008-10-23 09:04 . 2008-08-05 05:48 177,664 --a------ c:\windows\System32\mpg2splt.ax2008-10-23 09:04 . 2008-08-05 05:48 80,896 --a------ c:\windows\System32\MSNP.ax2008-10-20 10:12 . 2008-10-29 16:01 <DIR> d--h----- C:\$AVG8.VAULT$2008-10-20 10:04 . 2008-11-03 20:15 <DIR> d-------- c:\windows\System32\drivers\Avg2008-10-20 10:04 . 2008-10-20 10:04 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys2008-10-20 10:04 . 2008-10-20 10:04 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys2008-10-20 10:04 . 2008-10-20 10:04 10,520 --a------ c:\windows\System32\avgrsstx.dll2008-10-20 10:03 . 2008-10-20 10:03 <DIR> d-------- c:\users\All Users\avg82008-10-20 10:03 . 2008-10-20 10:03 <DIR> d-------- c:\programdata\avg82008-10-20 10:03 . 2008-10-20 10:03 <DIR> d-------- c:\program files\AVG2008-10-20 10:00 . 2008-10-20 10:01 50,689,960 --a------ c:\users\Rebecca\avg_free_stf_en_8_173a1373.exe2008-10-16 21:44 . 2007-09-13 11:09 172,032 --a------ c:\windows\System32\igfxres.dll2008-10-14 19:48 . 2008-10-01 21:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb2008-10-14 19:48 . 2008-10-01 23:49 827,392 --a------ c:\windows\System32\wininet.dll2008-10-14 19:47 . 2008-09-18 01:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe2008-10-14 19:47 . 2008-09-18 01:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe2008-10-14 19:47 . 2008-09-17 22:16 2,032,640 --a------ c:\windows\System32\win32k.sys2008-10-14 19:47 . 2008-08-26 21:06 288,768 --a------ c:\windows\System32\drivers\srv.sys2008-10-13 19:05 . 2008-10-13 19:05 <DIR> d-------- c:\program files\SP393732008-10-13 19:03 . 2008-10-13 19:03 <DIR> d-------- c:\program files\SP388862008-10-06 18:08 . 2008-10-06 18:09 229,337,703 --a------ c:\windows\MEMORY.DMP.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-31 13:30 --------- d-----w c:\users\Rebecca\AppData\Roaming\LimeWire2008-10-29 00:26 --------- d-----w c:\users\Rebecca\AppData\Roaming\CyberLink2008-10-29 00:26 --------- d-----w c:\programdata\CyberLink2008-10-21 00:31 --------- d-----w c:\program files\Common Files\Symantec Shared2008-10-21 00:28 --------- d-----w c:\programdata\Symantec2008-10-20 16:08 --------- d--h--w c:\program files\InstallShield Installation Information2008-10-20 16:07 --------- d-----w c:\program files\CyberLink2008-10-20 13:32 --------- d-----w c:\program files\Yahoo!2008-10-20 13:32 --------- d-----w c:\program files\Google2008-10-20 13:27 --------- d-----w c:\programdata\AOL2008-10-20 03:00 --------- d-----w c:\users\Rebecca\AppData\Roaming\U32008-10-16 01:13 --------- d-----w c:\program files\Windows Mail2008-10-15 16:12 --------- d-----w c:\programdata\Microsoft Help2008-10-13 23:07 --------- d-----w c:\users\Rebecca\AppData\Roaming\Hewlett-Packard2008-10-13 23:07 --------- d-----w c:\program files\Hewlett-Packard2008-10-02 02:10 --------- d-----w c:\programdata\AOL OCP2008-09-19 21:21 --------- d-----w c:\users\Rebecca\AppData\Roaming\Apple Computer2008-09-13 18:19 --------- d-----w c:\program files\LimeWire2008-09-13 18:18 4,898,704 ----a-w c:\users\Rebecca\LimeWireWin.exe2008-09-10 01:24 --------- d-----w c:\program files\Advanced JPEG Compressor2008-09-05 22:54 --------- d-----w c:\program files\HP2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 129560]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-20 1234712]c:\users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll[HKLM\~\startupfolder\C:^Users^Rebecca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]path=c:\users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnkbackup=c:\windows\pss\LimeWire On Startup.lnk.StartupbackupExtension=.Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]--a------ 2007-10-01 20:10 1783136 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]--a------ 2007-07-25 03:02 174616 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]--a------ 2007-08-23 16:36 455968 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]--a------ 2008-01-20 22:23 1008184 c:\program files\Windows Defender\MSASCui.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{62E64F65-CC1C-4315-A093-5784883BF622}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector"{A11347D1-2D3E-4A36-9FFE-52D26F549169}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play"{FF5D3241-EAA1-4A34-AEBE-5F282CD7F962}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program"{3ABA1E9F-A15E-43B5-9369-39AC8034224B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader"{E076D2CC-680C-4E5F-8C96-A8811DC9F5F2}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader"{0E7BF746-227B-449E-ADFC-97FC9E37E914}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{B6181AA4-432A-4120-9388-D522DAD7814F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{1E9C5837-040C-4B46-A85C-9C82AAB94AE5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)"{792B556B-697B-424A-B68E-726BACDC4170}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour"{5CD59B4D-D426-46B0-B04A-17AB8C79096E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour"{5D7B2686-8EF5-44C3-9094-BD2F1888E1DD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes"{2BBD0238-182B-4676-83BE-88B01716C33D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes"{F03FC6C4-050A-4166-A493-A520D990F06E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire"{CF56D402-8E68-49FB-96CC-9583E14B6539}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire"{CB90AFA9-F4D8-4A29-BE97-1918538FFC4A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire"{D96AED88-1C8A-4F2D-96B5-70EED3C84FA2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire"{CC2FCFCC-1DBB-44F0-9E07-C2AE10FC0DAA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe"{53AB45BC-08FB-46B0-B27B-AB0CCEB548C9}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exeR1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-20 97928]R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-20 875288]R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-20 231704]R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]R2 QPSched;QuickPlay Task Scheduler (QTS);c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-10-20 69128]R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]R3 HpqRemHid;HP Remote Control HID Device;c:\windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2007-08-15 278528]S3 GameConsoleService;GameConsoleService;c:\program files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-20 6656]S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-20 386616][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb1008f-42f2-11dd-99f6-001d724e33ac}]\shell\AutoRun\command - F:\LaunchU3.exe -a[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe".- - - - ORPHANS REMOVED - - - -BHO-{0A43AB64-3AB7-46C5-9FF5-5F718367B9E3} - c:\windows\system32\pmnoLefC.dllBHO-{4C0DC6B2-37ED-422E-97FE-E3C58E9D595F} - c:\windows\system32\tuvsSlmN.dllBHO-{D89F0CA9-B1FB-4266-8AFF-5A066D26F4AC} - c:\windows\system32\yayvWppO.dllHKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeHKLM-Run-MSServer - c:\windows\system32\pmnoLefC.dllShellExecuteHooks-{0A43AB64-3AB7-46C5-9FF5-5F718367B9E3} - c:\windows\system32\pmnoLefC.dllMSConfigStartUp-7ce83d0f - c:\windows\system32\pvgwdqfc.dllMSConfigStartUp-OrderReminder - c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe.------- Supplementary Scan -------.R0 -: HKCU-Main,Start Page = hxxp://www.facebook.com/R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptopR1 -: HKCU-Internet Settings,ProxyOverride = *.localO8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-11-04 10:15:28Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... **************************************************************************.------------------------ Other Running Processes ------------------------.c:\windows\System32\audiodg.exec:\windows\System32\wlanext.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\CyberLink\Shared Files\RichVideo.exec:\windows\System32\drivers\XAudio.exec:\program files\Hewlett-Packard\Shared\hpqWmiEx.exec:\progra~1\AVG\AVG8\avgrsx.exec:\windows\System32\conime.exec:\program files\AVG\AVG8\avgtray.exec:\windows\ehome\ehmsas.exec:\program files\Windows Media Player\wmpnetwk.exec:\program files\Apoint2K\ApMsgFwd.exec:\program files\Hewlett-Packard\Shared\HpqToaster.exec:\program files\Apoint2K\ApntEx.exec:\windows\System32\igfxsrvc.exec:\program files\iPod\bin\iPodService.exec:\windows\System32\wbem\unsecapp.exec:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe.**************************************************************************.Completion time: 2008-11-04 10:22:03 - machine was rebootedComboFix-quarantined-files.txt 2008-11-04 14:20:43Pre-Run: 167,959,941,120 bytes freePost-Run: 168,128,225,280 bytes free225 --- E O F --- 2008-10-31 20:33:04HiJackThis LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:26:13 AM, on 04/11/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Hewlett-Packard\Shared\HpqToaster.exeC:\Program Files\Apoint2K\Apntex.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\Explorer.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\AVG\AVG8\avgui.exeC:\Users\Rebecca\Documents\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeO4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exeO23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exeO23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exeO23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 7983 bytesSavelist2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)Activation Assistant for the 2007 Microsoft Office suitesAdobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)Adobe Flash Player 10 ActiveXAdobe Reader 8.1.2Adobe Shockwave PlayerApple Mobile Device SupportApple Software UpdateAVG Free 8.0BonjourBroadcom 802.11 Wireless LAN AdapterCompatibility Pack for the 2007 Office systemConexant HD AudioCyberLink YouCamDVD SuiteEA LinkHauppauge MCE XP/Vista Software Encoder (2.0.25149)HDAUDIO Soft Data Fax Modem with SmartCPHewlett-Packard Active CheckHewlett-Packard Asset Agent for Health CheckHP Customer Experience EnhancementsHP Doc ViewerHP Easy Setup - FrontendHP Help and SupportHP OrderReminderHP Photosmart Essential 2.5HP Quick Launch Buttons 6.30 E1HP QuickPlay 3.6HP QuickTouch 1.00 C4HP Total Care AdvisorHP UpdateHP User Guides 0090HP Wireless AssistantHPNetworkAssistantIntel® Graphics Media Accelerator DriveriTunesJava 6 Update 2Java 6 Update 7LabelPrintLaserJet 1018LimeWire 4.18.6Marvell Miniport DriverMicrosoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Visual C++ 2005 RedistributableMicrosoft WorksMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)muvee autoProducer 6.1My HP GamesNetWaitingPowerDirectorQuickPlay SlingPlayer 0.4.6QuickTimeRICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02Security Update for 2007 Microsoft Office System (KB951944)Security Update for 2007 Microsoft Office System (KB955936)Security Update for Microsoft Office Excel 2007 (KB955470)Security Update for Microsoft Office OneNote 2007 (KB950130)Security Update for Microsoft Office PowerPoint 2007 (KB951338)Security Update for Microsoft Office system 2007 (KB951808)Security Update for Microsoft Office system 2007 (KB954326)Security Update for Microsoft Office Word 2007 (KB950113)The Sims™ Life StoriesTouch Pad DriverUpdate for Office 2007 (KB946691)Viewpoint Media PlayerWeatherBug GadgetWindows Live installerWindows Live MailWindows Live MessengerWindows Live Sign-in Assistant Edited November 4, 2008 by DaveForner Link to post Share on other sites
jpshortstuff Posted November 5, 2008 Report Share Posted November 5, 2008 Hi LimeWireYou have LimeWire, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.References for the risk of these programs can be found in these links:http://www.microsoft.com/windows/ie/commun...protection.mspxhttp://www.techweb.com/wire/160500554http://www.internetworldstats.com/articles/art053.htmSee Clean/Infected P2P Programs here I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Uninstall Programs.If you wish to keep it, please do not use it until your computer is cleaned.Viewpoint Media Player is often installed without the users permission. If you didn't install it, or if you did but you no longer use it, I recommend you get rid of it.Please click Start >> Control Panel >> Uninstall Programs.Find the item below on the list and click Remove.Viewpoint Media PlayerLet me know how it goes.You appear to have Weatherbug installed. It is considered adware as it displays pop-ups and is used to install My Search Toolbar. A safe alternative to WeatherBug is Weatherpulse. I recommend you uninstall WeatherBug for the above reasons. You can do this by clicking Start >> Control Panel >> Uninstall Programs and clicking remove by the WeatherBug entry.While you are in the Uninstall Programs area, you can also remove this old version of Java since you already have the latest:Javaâ„¢ 6 Update 2Open HijackThis. Hit Do A System Scan Only. Place a check next to the following items (if present):O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)Close all browsers and windows except for HijackThis and click Fix Checked.Please download DirLook by jpshortstuff from one of the following mirrors:Link 1Link 2Link 3Double-click DirLook.exe to run it.Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.Copy the content of the following codebox into the main textfield:c:\program files\SP39373 /sc:\program files\SP38886 /sClick the DirLook button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)Note: Scanning may take longer for large folders.Please right click Internet Explorer on your desktop and then select "Run As Administrator". Next, go to Kaspersky website and perform an online antivirus scan.NOTE: Internet Explorer will temporarily have administrator privileges, this is required for the scan but dangerous for normal surfing so do NOT open any other websites in IE until after the scan has finished and this window has been closed.Read through the requirements and privacy statement and click on Accept button.It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.When the downloads have finished, click on Settings.Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programsArchivesMail databases[*]Click on My Computer under Scan.[*]Once the scan is complete, it will display the results. Click on View Scan Report.[*]You will see a list of infected items there. Click on Save Report As....[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.[*]Please post this log in your next reply, along with a fresh HijackThis log.Also, please give a detailed description of how your computer is running and behaving at the moment, listing any remaining problems.Thanks. Link to post Share on other sites
Recommended Posts