View Full Version : :spider:virtumonde:spider:
yep... I got something and virtumonde seems to reapear every spybot scan.
I also have a "browsit" application that do somme weird stuff... play audio adds and I alwais hear a click sound when I'm on the Internet... like every 10-15 secondes.
I'ev end that process of "bowseit" so maybe it won't appear in this log... tell me if you need to see more :bigthumb:
Here is my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:25, on 2009-08-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Ben\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [scis32] C:\WINDOWS\system32\scis32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: fortePivot.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9125 bytes
Since I have Avast it was good... but now my Windows tell me that my antivirus is turned off... but Avast is still working... how can I be sure ?
Thanks
Hi Dsijion
Please post next spybot report :)
application:broseit
Process: Scis32.exe
found "virtumonde.sdn"
Spybot report:
--- Search result list ---
Virtumonde.sdn: [SBI $E2595BE9] Réglages Autorun (12CFG515-K641-55SF-N66P) (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-448539723-1844237615-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12CFG515-K641-55SF-N66P
Virtumonde.sdn: [SBI $E2595BE9] Fichier de programme (Fichier, nothing done)
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
Properties.size=39936
Properties.md5=F04E5D1515CA156DD094752E9DC18A3A
Properties.filedate=1251329429
Properties.filedatetext=2009-08-26 19:30:29
Virtumonde.sdn: [SBI $E2595BE9] Réglages Autorun (12CFG214-K641-12SF-N85P) (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-448539723-1844237615-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12CFG214-K641-12SF-N85P
Virtumonde.sdn: [SBI $E2595BE9] Fichier de programme (Fichier, nothing done)
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
Properties.size=33280
Properties.md5=E663DA90131CF724C752F2642799B588
Properties.filedate=1251329428
Properties.filedatetext=2009-08-26 19:30:28
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-01-28 SDWinSec.exe (1.0.0.11)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-27 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-08-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-08-25 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-25 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi (*)
2009-08-26 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
--- Startup entries list ---
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 4EADA484E5F7E04CDEEF95030DA4B05C
Located: HK_LM:Run, BDRegion
command: C:\Program Files\Cyberlink\Shared Files\brs.exe
file: C:\Program Files\Cyberlink\Shared Files\brs.exe
size: 75048
MD5: 7AAB66583AECBED4FCA3B7BAD13FAEF1
Located: HK_LM:Run, CLMLServer
command: "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
file: C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
size: 104936
MD5: 74EF10CD035DE51171C98E60E53AE221
Located: HK_LM:Run, IntelliPoint
command: "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
file: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
size: 1406024
MD5: 7CEB241A5A11F4B49C7C3F3B68E31228
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
size: 196608
MD5: 81061E94950A18093E0FFD0841896F22
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 69632
MD5: 872B3D5F6F9F9BDFD6A83EE8AA5824B4
Located: HK_LM:Run, itype
command: "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
file: C:\Program Files\Microsoft IntelliType Pro\itype.exe
size: 1442888
MD5: 60F3CCC045AE48B2736D042714DF445E
Located: HK_LM:Run, LanguageShortcut
command: "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
file: C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
size: 62760
MD5: 2A48ECB680F8A0277613D74848322A70
Located: HK_LM:Run, LGODDFU
command: "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
file: C:\Program Files\lg_fwupdate\fwupdate.exe
size: 249856
MD5: 9A8D8FFA0F9B295182F93382B19FAFF3
Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13758464
MD5: AD28AFF3F09D123EDCAF5A4120713A80
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 86016
MD5: A1DE6200EE8EB2E11EE1C981341224C7
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1657376
MD5: C8A7D0956F59098BE74119AAE51B3F25
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 87336
MD5: 43FA06944853B3495D8A2E7C62E8FE93
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16862720
MD5: 013A269E7AF8B01FF20B384FEEBFFDA5
Located: HK_LM:Run, scis32
command: C:\WINDOWS\system32\scis32.exe
file: C:\WINDOWS\system32\scis32.exe
size: 40324
MD5: 0D657DE13DF648EC04858B7A510A82E5
Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
file: c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: D5BC63D2822B8E244E53D2FF8078CC6B
Located: HK_LM:Run, Six Engine
command: "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
file: C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
size: 5964800
MD5: 35B236D0A5973CC913990B7E86FF266B
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
Located: HK_LM:Run, UpdateLBPShortCut
command: "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
file: C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 61391327B06E201273AC5537BE2FDDB0
Located: HK_LM:Run, UpdateP2GoShortCut
command: "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
file: C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
size: 210216
MD5: 601D77C0AA637A99073210894554B6BA
Located: HK_LM:Run, UpdatePDRShortCut
command: "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
file: C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe
size: 210216
MD5: 601D77C0AA637A99073210894554B6BA
Located: HK_LM:Run, UpdatePPShortCut
command: "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
file: C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
size: 210216
MD5: 601D77C0AA637A99073210894554B6BA
Located: HK_LM:Run, WD Button Manager
command: WDBtnMgr.exe
file: C:\WINDOWS\system32\WDBtnMgr.exe
size: 364544
MD5: E71FEAE76F0A1131C1A63495C363F8A0
Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:RunOnce, RunNarrator
where: .DEFAULT...
command: Narrator.exe
file: C:\WINDOWS\system32\Narrator.exe
size: 53760
MD5: 797B56BB7F031926FC540D8F6CFFAD50
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, 12CFG214-K641-12SF-N85P
where: S-1-5-21-448539723-1844237615-725345543-1003...
command: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
file: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
size: 33280
MD5: E663DA90131CF724C752F2642799B588
Located: HK_CU:Run, 12CFG515-K641-55SF-N66P
where: S-1-5-21-448539723-1844237615-725345543-1003...
command: C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
file: C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
size: 39936
MD5: F04E5D1515CA156DD094752E9DC18A3A
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-448539723-1844237615-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-448539723-1844237615-725345543-1003...
command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-448539723-1844237615-725345543-1003...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1667584
MD5: B53343FE60A33EE765C2476D50D27B26
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:RunOnce, RunNarrator
where: S-1-5-18...
command: Narrator.exe
file: C:\WINDOWS\system32\Narrator.exe
size: 53760
MD5: 797B56BB7F031926FC540D8F6CFFAD50
Located: Démarrage (tous utilisateurs), Acrobat Assistant.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
file: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78BFE3201ADA2FE02D1E35D2488E5F55
Located: Démarrage (tous utilisateurs), Adobe Gamma Loader.exe.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: Démarrage (tous utilisateurs), fortePivot.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
file: C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
size: 65536
MD5: 4B0AF6AB40EFB77D35EDC287C5EE4A18
Located: Démarrage (utilisateur), Adobe Gamma.lnk
where: C:\Documents and Settings\Ben\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 2003-05-15 01:47:54
Date (last access): 2009-03-04 16:08:20
Date (last write): 2003-05-15 01:47:54
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878
{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 2003-05-15 02:03:46
Date (last access): 2009-03-04 16:08:20
Date (last write): 2003-05-15 02:03:46
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 2009-03-03 00:42:58
Date (last access): 2073-03-09 05:20:00
Date (last write): 2009-03-09 05:18:50
Filesize: 35840
Attributes: archive
MD5: 96A225C7F5346A9E81FC3DFA89A900C0
CRC32: BAD5D2EF
Version: 6.0.130.3
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 2009-03-03 00:43:00
Date (last access): 2009-03-09 05:20:02
Date (last write): 2009-03-09 05:18:52
Filesize: 73728
Attributes: archive
MD5: 53F8B53918C839F76367B7E612B742B1
CRC32: 735F7F91
Version: 6.0.130.3
--- ActiveX list ---
{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control)
DPF name:
CLSID name: AcDcToday Control
Installer:
Codebase: file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
description:
classification: Legitimate
known filename: ACDCTO~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: AcDcToday.ocx
Short name: ACDCTO~1.OCX
Date (created): 2001-04-23 02:59:22
Date (last access): 2009-05-20 20:48:24
Date (last write): 2001-04-23 02:59:22
Filesize: 54896
Attributes: archive
MD5: 3D950983CBFAC3A1AA35696810C2E9BF
CRC32: 7558B815
Version: 15.0.6.30
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 2009-03-09 02:53:24
Date (last access): 2073-03-09 05:20:10
Date (last write): 2009-03-09 05:19:10
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3
{AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR)
DPF name:
CLSID name: NOXLATE-BANR
Installer:
Codebase: file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
description:
classification: Legitimate
known filename: INSTBANR.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: InstBanr.ocx
Short name:
Date (created): 2001-04-23 02:59:24
Date (last access): 2009-05-20 20:48:26
Date (last write): 2001-04-23 02:59:24
Filesize: 108088
Attributes: archive
MD5: 7F9441FAF5865B07DAC75EDB1DEFF408
CRC32: 645B9684
Version: 1.0.0.15
{C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred)
DPF name:
CLSID name: InstaFred
Installer:
Codebase: file://C:\Program Files\AutoCAD 2002\InstFred.ocx
description:
classification: Legitimate
known filename: INSTFRED.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: InstFred.ocx
Short name:
Date (created): 2001-04-23 02:59:24
Date (last access): 2009-05-20 20:48:24
Date (last write): 2001-04-23 02:59:24
Filesize: 276024
Attributes: archive
MD5: 7277DB945E523480C7B23DC718B192C3
CRC32: 657F1C03
Version: 1.0.3.12
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 2009-03-09 02:53:24
Date (last access): 2073-03-09 05:20:10
Date (last write): 2009-03-09 05:19:10
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 2009-03-09 02:53:24
Date (last access): 2073-03-09 05:20:10
Date (last write): 2009-03-09 05:19:10
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3
{F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control)
DPF name:
CLSID name: AcPreview Control
Installer:
Codebase: file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
description:
classification: Legitimate
known filename: ACPREV~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: AcPreview.ocx
Short name: ACPREV~1.OCX
Date (created): 2001-04-23 02:59:14
Date (last access): 2009-05-20 20:48:20
Date (last write): 2001-04-23 02:59:14
Filesize: 120440
Attributes: archive
MD5: E24D3B63BC9AA3FC9C0ED1871B7B4FE7
CRC32: E96AB8EA
Version: 15.0.6.30
--- Process list ---
PID: 0 ( 0) [System]
PID: 484 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 764 ( 484) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 796 ( 484) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 840 ( 796) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 852 ( 796) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1020 ( 840) C:\WINDOWS\system32\nvsvc32.exe
size: 168004
MD5: CE8CCE2B9F96ACA02E5DED4298A7796D
PID: 1052 ( 840) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1120 ( 840) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1216 ( 840) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1340 ( 840) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1412 ( 840) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1484 ( 840) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 18752
MD5: 5E692B54EC3D9C586417F9C5822CBEC9
PID: 1592 ( 840) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 138680
MD5: 72C4BB55413D2D621BCC1DBF4074EB5D
PID: 1796 (1752) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1884 (1796) C:\WINDOWS\RTHDCPL.EXE
size: 16862720
MD5: 013A269E7AF8B01FF20B384FEEBFFDA5
PID: 1900 (1796) C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
size: 5964800
MD5: 35B236D0A5973CC913990B7E86FF266B
PID: 1936 (1796) C:\WINDOWS\system32\WDBtnMgr.exe
size: 364544
MD5: E71FEAE76F0A1131C1A63495C363F8A0
PID: 1948 (1796) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 4EADA484E5F7E04CDEEF95030DA4B05C
PID: 1972 (1796) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: D5BC63D2822B8E244E53D2FF8078CC6B
PID: 2016 (1796) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
PID: 184 (1796) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 69632
MD5: 872B3D5F6F9F9BDFD6A83EE8AA5824B4
PID: 196 (1052) c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
size: 77824
MD5: 59380D1808A83AA4150F550F45BEE3A9
PID: 276 (1796) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
size: 104936
MD5: 74EF10CD035DE51171C98E60E53AE221
PID: 616 (1796) C:\Program Files\lg_fwupdate\fwupdate.exe
size: 249856
MD5: 9A8D8FFA0F9B295182F93382B19FAFF3
PID: 684 ( 840) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 768 (1796) C:\Program Files\Cyberlink\Shared Files\brs.exe
size: 75048
MD5: 7AAB66583AECBED4FCA3B7BAD13FAEF1
PID: 920 (1796) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 87336
MD5: 43FA06944853B3495D8A2E7C62E8FE93
PID: 1244 (1796) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 1300 (1796) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1324 (1796) C:\Program Files\Messenger\msmsgs.exe
size: 1667584
MD5: B53343FE60A33EE765C2476D50D27B26
PID: 992 (1796) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78BFE3201ADA2FE02D1E35D2488E5F55
PID: 1464 (1796) C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
size: 65536
MD5: 4B0AF6AB40EFB77D35EDC287C5EE4A18
PID: 636 ( 840) C:\Program Files\Bonjour\mDNSResponder.exe
size: 229376
MD5: 73686FE0B2E0469F89FD2075BE724704
PID: 1780 ( 840) C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
size: 32256
MD5: 42C77C40B230E51BE2952F943B1513E7
PID: 1456 ( 840) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 890369AED0DDE1A98F09F7DC239CA2BD
PID: 2052 ( 840) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2208 ( 840) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 2504 ( 840) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 254040
MD5: AEF50B1CEA979739EDE53C68556B95E5
PID: 2600 ( 840) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 352920
MD5: A62A0418BE5A5B8B0ECF3D8F73325113
PID: 2896 (1216) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 3132 ( 840) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 1444 (1216) C:\WINDOWS\system32\wuauclt.exe
size: 111104
MD5: 4126D27CECE4471E00E425411F7306B5
PID: 2596 (1796) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307704
MD5: 457441B04089CF16784D698B4B4EA8AF
PID: 3796 (1796) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3008 (1052) C:\WINDOWS\System32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 3500 (2016) C:\Program Files\Java\jre6\bin\jucheck.exe
size: 386480
MD5: 9EEC15C2B29CCA11389D2CDC3FE8598D
PID: 3720 (1544) C:\WINDOWS\system32\scis32.exe
size: 40324
MD5: 0D657DE13DF648EC04858B7A510A82E5
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2009-08-26 19:46:39
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.canoe.qc.ca
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2468756A-915A-4DC1-B748-913D1D2DA5F5}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2468756A-915A-4DC1-B748-913D1D2DA5F5}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{862F6FE6-F437-41EA-9437-DD251B091B94}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{862F6FE6-F437-41EA-9437-DD251B091B94}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FE876F87-069A-440E-A252-0E72C7F2AD72}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FE876F87-069A-440E-A252-0E72C7F2AD72}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{92293F31-68A1-44A3-96D7-16DA1B13A822}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{92293F31-68A1-44A3-96D7-16DA1B13A822}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D21CD935-9200-4801-9A09-2998F6BB0EC6}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D21CD935-9200-4801-9A09-2998F6BB0EC6}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A23EE69E-418B-40D0-9D3D-9347E1C6F289}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A23EE69E-418B-40D0-9D3D-9347E1C6F289}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F884CDD4-8E25-49F8-8384-07BCD7CD1475}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F884CDD4-8E25-49F8-8384-07BCD7CD1475}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
HijackThis report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:00, on 2009-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Ben\Desktop\HiJackThis.exe
C:\WINDOWS\system32\scis32.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [scis32] C:\WINDOWS\system32\scis32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: fortePivot.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9011 bytes
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
ComboFix 09-08-26.05 - Ben 2009-08-27 1:15.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2047.1596 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ben\Application Data\Dossier de téléchargement Share-to-Web
c:\documents and settings\Ben\Application Data\inst.exe
c:\documents and settings\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Antivirus.lnk
c:\documents and settings\Ben\Desktop\ Beautiful music - 106 songs!.torrent
c:\documents and settings\Ben\Desktop\ Beautiful music - 106 songs!.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere CS4 Installer+Keygen.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere CS4 Installer+Keygen.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 (ZWT) KeyGen Only.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 (ZWT) KeyGen Only.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe PREMIERE Pro CS3 [KEYGEN + Activator + CRACK!].torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe PREMIERE Pro CS3 [KEYGEN + Activator + CRACK!].torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 Keygen-943153.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 Keygen-943153.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 Keygen &amp; Phone Activator (Updated).torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 Keygen &amp; Phone Activator (Updated).torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 Keygen.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 Keygen.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 Multi-language + Crack + VTC Tutorials.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 Multi-language + Crack + VTC Tutorials.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 Multi-language Incl Crack.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 Multi-language Incl Crack.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 MultiLang Incl Crack.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS3 MultiLang Incl Crack.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS4-NoPE 4456746 TPB.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS4-NoPE 4456746 TPB.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS4-NoPE.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Adobe Premiere Pro CS4-NoPE.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Greek Mega Mix 8-2CD-2007.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Greek Mega Mix 8-2CD-2007.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Half Life 2 + Counter Strike Source Non Steam www cp4ever org.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Half Life 2 + Counter Strike Source Non Steam www cp4ever org.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Johnny Cash - Collection Edition JPG Pictures zip.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Johnny Cash - Collection Edition JPG Pictures zip.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Norton Ghost 14 0 + Serial.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Norton Ghost 14 0 + Serial.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Norton Ghost v14 0 1 24977 +Patch and Serial.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Norton Ghost v14 0 1 24977 +Patch and Serial.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Norton Ghost v14 0 3 28361 +Patch and Serial.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Norton Ghost v14 0 3 28361 +Patch and Serial.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Pink Floyd ULTIMATE Collection (www softzone org).torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Pink Floyd ULTIMATE Collection (www softzone org).torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Symantec Norton Ghost 14 0 1 24977 incl Serial.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - Symantec Norton Ghost 14 0 1 24977 incl Serial.torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - VA - The Most Relaxing New Age Music in the Universe [2CDs][New Age][2008][www pctrecords com].torrent
c:\documents and settings\Ben\Desktop\[TorrentReactor.to] - VA - The Most Relaxing New Age Music in the Universe [2CDs][New Age][2008][www pctrecords com].torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - 2008 RIP Asian Parade XXX Porn Small Japanese Babes Hardcore Anal 69 Doggystyle.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - 2008 RIP Asian Parade XXX Porn Small Japanese Babes Hardcore Anal 69 Doggystyle.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - 65 Days Of Static.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - 65 Days Of Static.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Adobe Creative Suite 3 Master Collection Fr [TRACKERSURFER french].torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Adobe Creative Suite 3 Master Collection Fr [TRACKERSURFER french].torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Adobe Master Collection CS4 Pro (EN - DE - FR) [TRACKERSURFER french](2).torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Adobe Master Collection CS4 Pro (EN - DE - FR) [TRACKERSURFER french](2).torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Adobe Master Collection CS4 Pro (EN - DE - FR) [TRACKERSURFER french].torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Adobe Master Collection CS4 Pro (EN - DE - FR) [TRACKERSURFER french].torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Adobe Premiere Pro Plugins Magic Bullet Editors 1 5 by chris rar.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Adobe Premiere Pro Plugins Magic Bullet Editors 1 5 by chris rar.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Amateur German anal Sex With Teen Tight Ass German Girl Who Wants To Save Her Hymen.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Amateur German anal Sex With Teen Tight Ass German Girl Who Wants To Save Her Hymen.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Amazing All American Girl Sophia Cries And Begs To Have Her Ass Filled Boobs Anal POV.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Amazing All American Girl Sophia Cries And Begs To Have Her Ass Filled Boobs Anal POV.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Blonde Chick Gets 1st anal.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Blonde Chick Gets 1st anal.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - DVD To Avi (Rips To XviD+DivX)+Crack -Korn Rulz.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - DVD To Avi (Rips To XviD+DivX)+Crack -Korn Rulz.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Fantastic Call Girl Jackie Moore Tries Out Cocks In Her Back Door Anal Threesome Porn.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Fantastic Call Girl Jackie Moore Tries Out Cocks In Her Back Door Anal Threesome Porn.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - German Blonde Anal Fucked.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - German Blonde Anal Fucked.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Hailey Page And Her Apprentice Blonde Get Screwed In Piledriver Position Anal Threesome Porn.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Hailey Page And Her Apprentice Blonde Get Screwed In Piledriver Position Anal Threesome Porn.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Hardcore anal twins blowjob boots big tits dp group milf blonde zip.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Hardcore anal twins blowjob boots big tits dp group milf blonde zip.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - HOME fr mp4 - yann arthus-bertrand - ().torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - HOME fr mp4 - yann arthus-bertrand - ().torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Hot blonde Allison Pierce anal 74369320.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Hot blonde Allison Pierce anal 74369320.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Hot Brazilian girl - Barbarella and Coreena anal wmv.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Hot Brazilian girl - Barbarella and Coreena anal wmv.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Hot Sexy Oriental Girl Photos.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Hot Sexy Oriental Girl Photos.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Mortal Kombat 4 - PC Game.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Mortal Kombat 4 - PC Game.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Mortal Kombat 4 Full PC-GAME.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Mortal Kombat 4 Full PC-GAME.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - MUST SEE - 2 Hot Blonde Gets Awesome Fuck And Double Pussy And Anal Fisting.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - MUST SEE - 2 Hot Blonde Gets Awesome Fuck And Double Pussy And Anal Fisting.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Perfect Blonde Teenager in the park - Hardcore and anal 89738706.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Perfect Blonde Teenager in the park - Hardcore and anal 89738706.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Red Giant Magic Bullet Looks v1 1.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Red Giant Magic Bullet Looks v1 1.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Sia - Colour The Small One.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Sia - Colour The Small One.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Sia - Some People Have Real Problems (2007).torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Sia - Some People Have Real Problems (2007).torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Sia - The Girl You Lost to Cocaine Incl Sander Van Doorn Remix-(DOORN003)-WEB-2008-FUCKWEB[TheSurg.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Sia - The Girl You Lost to Cocaine Incl Sander Van Doorn Remix-(DOORN003)-WEB-2008-FUCKWEB[TheSurg.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Stunning Pornstar Jasmine Gets Her Ass Pumped In A Hurry And Silently Orgasms Anal Sex Porn avi.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Stunning Pornstar Jasmine Gets Her Ass Pumped In A Hurry And Silently Orgasms Anal Sex Porn avi.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Stunning Pornstar Veronica Jett Gets Her Ass Rammed Hard XXX Anal Porn wmv.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - Stunning Pornstar Veronica Jett Gets Her Ass Rammed Hard XXX Anal Porn wmv.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - The Crystal Method - all significant albums.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - The Crystal Method - all significant albums.torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - The Crystal Method - Vegas - (Deluxe Edition 2007).torrent
c:\documents and settings\Ben\Desktop\[Torrentsworld.net] - The Crystal Method - Vegas - (Deluxe Edition 2007).torrent
C:\Documents
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1859
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-2046168022-4743849289-586124448-8931
c:\recycler\S-1-5-21-2074853686-8810259272-301212615-6698
c:\recycler\S-1-5-21-3449042557-6688122435-944153813-8665
c:\recycler\S-1-5-21-3449042557-6688122435-944153813-8665\Desktop.ini
c:\recycler\S-1-5-21-3449042557-6688122435-944153813-8665\winmap.exe
c:\recycler\S-1-5-21-3608623617-2993156023-252456114-9026
c:\recycler\S-1-5-21-4564207095-5823798205-282589935-1173
c:\recycler\S-1-5-21-5123754139-3069941572-174992209-2901
c:\recycler\S-1-5-21-5912527767-6695827463-772598958-8801
c:\recycler\S-1-5-21-5924240705-3956685145-270941880-8268
c:\recycler\S-1-5-21-6722044427-6028303137-558971647-9913
c:\recycler\S-1-5-21-8691786186-8958380478-307601115-4791
c:\recycler\S-1-5-21-8731485020-4276007650-504755358-2605
c:\windows\Fonts\ZWAdobeF.TTF
c:\windows\Installer\57431.msi
c:\windows\Installer\5f1fc.msi
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\nerocheck.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.
2009-08-24 00:36 . 2009-08-24 00:36 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Google
2009-08-18 21:33 . 2009-08-18 21:34 -------- d-----w- c:\documents and settings\Ben\Application Data\YouSendIt
2009-08-18 21:33 . 2009-08-18 21:33 -------- d-----w- c:\program files\YouSendIt
2009-08-18 19:32 . 2009-08-18 19:32 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Identities
2009-08-03 00:02 . 2009-08-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 05:22 . 2009-07-01 19:24 -------- d-----w- c:\program files\lg_fwupdate
2009-08-27 05:22 . 2009-08-27 05:22 -------- d-----w- c:\documents and settings\Ben\Application Data\Dossier de téléchargement Share-to-Web
2009-08-26 14:15 . 2009-03-03 04:43 -------- d-----w- c:\documents and settings\Ben\Application Data\LimeWire
2009-08-24 00:39 . 2009-06-25 19:56 -------- d-----w- c:\program files\Neodivx
2009-08-24 00:37 . 2009-02-26 03:15 -------- d-----w- c:\program files\MagicISO
2009-08-24 00:35 . 2009-02-25 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-24 00:34 . 2009-02-26 22:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-23 23:24 . 2009-02-26 02:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 16:10 . 2009-02-26 00:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-26 00:10 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-26 00:10 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-26 00:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-26 00:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-26 00:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-02-26 00:11 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-26 00:10 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-26 00:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-03 14:44 . 2009-02-26 02:21 -------- d-----w- c:\documents and settings\Ben\Application Data\uTorrent
2009-08-03 00:51 . 2009-02-26 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-02 07:30 . 2009-03-03 04:42 -------- d-----w- c:\program files\LimeWire
2009-07-25 18:25 . 2009-07-25 18:25 1915520 ----a-w- c:\documents and settings\Ben\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-13 03:24 . 2009-06-01 22:24 -------- d-----w- c:\program files\Autodesk VIZ 4
2009-07-07 00:43 . 2009-07-07 00:42 -------- d-----w- c:\program files\QuickTime
2009-07-07 00:42 . 2009-07-07 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-07 00:41 . 2009-07-07 00:41 -------- d-----w- c:\program files\Apple Software Update
2009-07-07 00:41 . 2009-07-07 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-06 20:10 . 2009-07-06 17:05 -------- d-----w- c:\documents and settings\Ben\Application Data\U3
2009-07-06 17:20 . 2009-07-06 17:20 -------- d-----w- c:\documents and settings\Ben\Application Data\MPEG Streamclip
2009-07-03 22:15 . 2009-07-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-03 20:12 . 2009-05-01 17:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-03 20:02 . 2009-02-25 21:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-03 20:02 . 2009-02-25 21:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-03 19:59 . 2009-07-03 19:59 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-03 19:59 . 2009-07-03 19:59 -------- d-----w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-03 14:57 . 2009-07-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-03 14:56 . 2009-07-03 14:57 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2009-07-03 14:32 . 2009-07-01 19:14 -------- d-----w- c:\program files\CyberLink
2009-07-03 14:27 . 2009-07-01 19:18 -------- d-----w- c:\documents and settings\Ben\Application Data\CyberLink
2009-07-02 15:59 . 2009-02-25 21:21 91304 ----a-w- c:\documents and settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:49 . 2009-07-01 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-07-01 19:26 . 2009-07-01 19:26 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2009-07-01 19:22 . 2009-07-01 19:22 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
2009-07-01 19:18 . 2009-07-01 19:18 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-07-01 19:16 . 2009-07-01 19:16 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2009-07-01 19:12 . 2009-07-01 19:13 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-06-30 14:37 . 2009-02-25 22:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-27 14:06 . 2009-06-27 14:06 503808 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\msvcp71.dll
2009-06-27 14:06 . 2009-06-27 14:06 499712 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\jmc.dll
2009-06-27 14:06 . 2009-06-27 14:06 348160 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\msvcr71.dll
2009-06-27 14:05 . 2009-06-27 14:05 152576 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-26 21:43 . 2009-06-26 21:43 47360 ----a-w- c:\documents and settings\Ben\Application Data\pcouffin.sys
2009-06-26 21:43 . 2009-06-26 21:43 47360 ----a-w- c:\documents and settings\Ben\Application Data\pcouffin.sys
2009-06-26 21:43 . 2009-06-26 21:43 47360 ------w- c:\windows\system32\drivers\pcouffin.sys
2009-06-25 19:42 . 2009-06-25 19:31 1 ------w- c:\windows\system32\SysDVDtoavi.dat
2009-06-21 12:46 . 2009-02-25 21:42 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 06:45 . 2009-06-16 06:45 552 ------w- c:\windows\system32\d3d8caps.dat
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 10:03 . 2009-02-25 21:43 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:03 . 2009-02-25 21:14 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2009-02-25 21:14 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 10:03 . 2008-12-26 05:08 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2008-12-26 05:08 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2008-12-26 05:08 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2008-12-26 05:08 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2008-12-26 05:08 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-22 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"UpdatePDRShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2008-09-16 210216]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-04-16 75048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-16 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-04-16 62760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2009-02-25 364544]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]
c:\documents and settings\Ben\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
fortePivot.lnk - c:\program files\LG Soft India\fortePivot\bin\fortePivot.exe [2009-5-1 65536]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [2009-07-01 10368]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-23 150568]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-25 20560]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [2009-07-01 183552]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-02-25 36864]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKLM-Run-NeroCheck - c:\windows\system32\NeroCheck.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.canoe.qc.ca
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\z5wsloxx.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 01:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:3b,26,49,1b,3f,f6,b7,36,26,0b,2e,4a,b9,06,7a,36,36,40,d9,d5,3d,
4f,8d,0d,fb,18,1d,23,1b,52,56,94,56,fa,ea,a3,59,9b,17,89,b2,26,9a,c9,f9,6a,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:3b,26,49,1b,3f,f6,b7,36,26,0b,2e,4a,b9,06,7a,36,36,40,d9,d5,3d,
4f,8d,0d,fb,18,1d,23,1b,52,56,94,56,fa,ea,a3,59,9b,17,89,b2,26,9a,c9,f9,6a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3024)
c:\program files\LG Soft India\fortePivot\bin\MSGHOOK.dll
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\notepad.exe
.
**************************************************************************
.
Completion time: 2009-08-27 1:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-27 05:27
Pre-Run: 35*776*397*312 bytes free
Post-Run: 36*386*271*232 bytes free
356
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:29:01, on 2009-08-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: fortePivot.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8736 bytes
this is a lot of text....
you guys are crazy !!!
haha
Thanks
for you time.
Please see link I gave you how to install recovery console manually.
After that, please rerun combofix and post back a fresh combofix log.
sorry...
here it is:
ComboFix 09-08-26.05 - Ben 2009-08-27 9:58.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2047.1605 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ben\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: avast! antivirus 4.8.1351 [VPS 090826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.
2009-08-27 05:22 . 2009-08-27 05:22 -------- d-----w- c:\documents and settings\Ben\Application Data\Dossier de téléchargement Share-to-Web
2009-08-24 00:36 . 2009-08-24 00:36 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Google
2009-08-18 21:33 . 2009-08-18 21:34 -------- d-----w- c:\documents and settings\Ben\Application Data\YouSendIt
2009-08-18 21:33 . 2009-08-18 21:33 -------- d-----w- c:\program files\YouSendIt
2009-08-18 19:32 . 2009-08-18 19:32 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Identities
2009-08-03 00:02 . 2009-08-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 13:45 . 2009-07-01 19:24 -------- d-----w- c:\program files\lg_fwupdate
2009-08-26 14:15 . 2009-03-03 04:43 -------- d-----w- c:\documents and settings\Ben\Application Data\LimeWire
2009-08-24 00:39 . 2009-06-25 19:56 -------- d-----w- c:\program files\Neodivx
2009-08-24 00:37 . 2009-02-26 03:15 -------- d-----w- c:\program files\MagicISO
2009-08-24 00:35 . 2009-02-25 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-24 00:34 . 2009-02-26 22:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-23 23:24 . 2009-02-26 02:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 16:10 . 2009-02-26 00:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-26 00:10 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-26 00:10 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-26 00:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-26 00:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-26 00:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-02-26 00:11 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-26 00:10 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-26 00:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-03 14:44 . 2009-02-26 02:21 -------- d-----w- c:\documents and settings\Ben\Application Data\uTorrent
2009-08-03 00:51 . 2009-02-26 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-02 07:30 . 2009-03-03 04:42 -------- d-----w- c:\program files\LimeWire
2009-07-25 18:25 . 2009-07-25 18:25 1915520 ----a-w- c:\documents and settings\Ben\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-13 03:24 . 2009-06-01 22:24 -------- d-----w- c:\program files\Autodesk VIZ 4
2009-07-07 00:43 . 2009-07-07 00:42 -------- d-----w- c:\program files\QuickTime
2009-07-07 00:42 . 2009-07-07 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-07 00:41 . 2009-07-07 00:41 -------- d-----w- c:\program files\Apple Software Update
2009-07-07 00:41 . 2009-07-07 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-06 20:10 . 2009-07-06 17:05 -------- d-----w- c:\documents and settings\Ben\Application Data\U3
2009-07-06 17:20 . 2009-07-06 17:20 -------- d-----w- c:\documents and settings\Ben\Application Data\MPEG Streamclip
2009-07-03 22:15 . 2009-07-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-03 20:12 . 2009-05-01 17:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-03 20:02 . 2009-02-25 21:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-03 20:02 . 2009-02-25 21:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-03 19:59 . 2009-07-03 19:59 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-03 19:59 . 2009-07-03 19:59 -------- d-----w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-03 14:57 . 2009-07-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-03 14:56 . 2009-07-03 14:57 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2009-07-03 14:32 . 2009-07-01 19:14 -------- d-----w- c:\program files\CyberLink
2009-07-03 14:27 . 2009-07-01 19:18 -------- d-----w- c:\documents and settings\Ben\Application Data\CyberLink
2009-07-02 15:59 . 2009-02-25 21:21 91304 ----a-w- c:\documents and settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:49 . 2009-07-01 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-07-01 19:26 . 2009-07-01 19:26 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2009-07-01 19:22 . 2009-07-01 19:22 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
2009-07-01 19:18 . 2009-07-01 19:18 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-07-01 19:16 . 2009-07-01 19:16 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2009-07-01 19:12 . 2009-07-01 19:13 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-06-30 14:37 . 2009-02-25 22:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-27 14:06 . 2009-06-27 14:06 503808 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\msvcp71.dll
2009-06-27 14:06 . 2009-06-27 14:06 499712 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\jmc.dll
2009-06-27 14:06 . 2009-06-27 14:06 348160 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\msvcr71.dll
2009-06-27 14:05 . 2009-06-27 14:05 152576 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-26 21:43 . 2009-06-26 21:43 47360 ----a-w- c:\documents and settings\Ben\Application Data\pcouffin.sys
2009-06-26 21:43 . 2009-06-26 21:43 47360 ----a-w- c:\documents and settings\Ben\Application Data\pcouffin.sys
2009-06-26 21:43 . 2009-06-26 21:43 47360 ------w- c:\windows\system32\drivers\pcouffin.sys
2009-06-25 19:42 . 2009-06-25 19:31 1 ------w- c:\windows\system32\SysDVDtoavi.dat
2009-06-21 12:46 . 2009-02-25 21:42 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 06:45 . 2009-06-16 06:45 552 ------w- c:\windows\system32\d3d8caps.dat
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 10:03 . 2009-02-25 21:43 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:03 . 2009-02-25 21:14 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2009-02-25 21:14 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 10:03 . 2008-12-26 05:08 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2008-12-26 05:08 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2008-12-26 05:08 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2008-12-26 05:08 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2008-12-26 05:08 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-27_05.22.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-27 13:44 . 2009-08-27 13:44 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
+ 2001-08-23 12:00 . 2009-08-27 13:49 59576 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-08-27 03:57 59576 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-08-27 13:49 395336 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-08-27 03:57 395336 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-22 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"UpdatePDRShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2008-09-16 210216]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-04-16 75048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-16 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-04-16 62760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2009-02-25 364544]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]
c:\documents and settings\Ben\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
fortePivot.lnk - c:\program files\LG Soft India\fortePivot\bin\fortePivot.exe [2009-5-1 65536]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [2009-07-01 10368]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-23 150568]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-25 20560]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [2009-07-01 183552]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-02-25 36864]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.canoe.qc.ca
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\z5wsloxx.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 10:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:3b,26,49,1b,3f,f6,b7,36,26,0b,2e,4a,b9,06,7a,36,36,40,d9,d5,3d,
4f,8d,0d,fb,18,1d,23,1b,52,56,94,56,fa,ea,a3,59,9b,17,89,b2,26,9a,c9,f9,6a,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:3b,26,49,1b,3f,f6,b7,36,26,0b,2e,4a,b9,06,7a,36,36,40,d9,d5,3d,
4f,8d,0d,fb,18,1d,23,1b,52,56,94,56,fa,ea,a3,59,9b,17,89,b2,26,9a,c9,f9,6a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3808)
c:\program files\LG Soft India\fortePivot\bin\MSGHOOK.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-08-27 10:02
ComboFix-quarantined-files.txt 2009-08-27 14:02
ComboFix2.txt 2009-08-27 05:27
Pre-Run: 36*361*814*016 bytes free
Post-Run: 36*312*092*672 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
217
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:55, on 2009-08-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: fortePivot.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8469 bytes
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
haha
here it is...
Acez Mp3 Wav Converter v3.0
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Common File Installer
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore DVD 2.0
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Ahead Nero Burning ROM
AnswerWorks Runtime
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Audacity 1.2.6
AutoCAD 2002
Autodesk® VIZ 4
avast! Antivirus
C-Dilla Licence Management System
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink MediaShow
CyberLink MediaShow
CyberLink Power2Go
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDVD
CyberLink PowerProducer
CyberLink PowerProducer
Data Lifeguard Diagnostic for Windows
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Drive Speed Checker
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
EPU-6 Engine
fortePivot
Free M4a to MP3 Converter 5.9
Free WMA to MP3 Converter 1.16
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HP Photo and Imaging 2.2 - Scanjet 3970 Series
ImpôtRapide 2008
Java(TM) 6 Update 13
K-Lite Mega Codec Pack 4.7.0
LG ODD Auto Firmware Update
LimeWire 5.2.13
Magic Bullet Editors Premiere
Magic Bullet Looks PPro
marvell 61xx
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.13)
Norton PartitionMagic 8.0
NVIDIA Drivers
NVIDIA PhysX
Photoshop Camera Raw
QuickTime
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Suite Shared Configuration CS4
System Requirements Lab
UDF Reader 5.0
VC80CRTRedist - 8.0.50727.762
VirtualDubMOD 1.5.10.3 Fr
Volo View Express
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Service Pack 2
WinRAR archiver
YouSendIt Express
YouSendIt Express
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
uTorrent
LimeWire 5.2.13
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please run a new uninstall list scan when finished and post the log back here.
Acez Mp3 Wav Converter v3.0
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Common File Installer
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore DVD 2.0
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Ahead Nero Burning ROM
AnswerWorks Runtime
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Audacity 1.2.6
AutoCAD 2002
Autodesk® VIZ 4
avast! Antivirus
C-Dilla Licence Management System
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink MediaShow
CyberLink MediaShow
CyberLink Power2Go
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDVD
CyberLink PowerProducer
CyberLink PowerProducer
Data Lifeguard Diagnostic for Windows
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Drive Speed Checker
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
EPU-6 Engine
fortePivot
Free M4a to MP3 Converter 5.9
Free WMA to MP3 Converter 1.16
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HP Photo and Imaging 2.2 - Scanjet 3970 Series
ImpôtRapide 2008
Java(TM) 6 Update 13
K-Lite Mega Codec Pack 4.7.0
LG ODD Auto Firmware Update
Magic Bullet Editors Premiere
Magic Bullet Looks PPro
marvell 61xx
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.13)
Norton PartitionMagic 8.0
NVIDIA Drivers
NVIDIA PhysX
Photoshop Camera Raw
QuickTime
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Suite Shared Configuration CS4
System Requirements Lab
UDF Reader 5.0
VC80CRTRedist - 8.0.50727.762
VirtualDubMOD 1.5.10.3 Fr
Volo View Express
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Service Pack 2
WinRAR archiver
YouSendIt Express
YouSendIt Express
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:23, on 2009-08-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Adobe\dynamiclink\processcoordinationserver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\dynamiclink\dynamiclinkmanager.exe
C:\Program Files\Adobe\Adobe Media Encoder CS4\Adobe Media Encoder.exe
C:\Program Files\Adobe\Adobe Media Encoder CS4\PhotoshopServer.exe
C:\Documents and Settings\Ben\Desktop\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: fortePivot.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8852 bytes
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Folder::
c:\documents and settings\Ben\Application Data\LimeWire
c:\documents and settings\Ben\Application Data\uTorrent
c:\program files\LimeWire
c:\Program Files\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ComboFix 09-08-27.03 - Ben 2009-08-28 0:22.3.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2047.1549 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090827-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-27 05:22 . 2009-08-27 05:22 -------- d-----w- c:\documents and settings\Ben\Application Data\Dossier de téléchargement Share-to-Web
2009-08-24 00:36 . 2009-08-24 00:36 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Google
2009-08-18 21:33 . 2009-08-18 21:34 -------- d-----w- c:\documents and settings\Ben\Application Data\YouSendIt
2009-08-18 21:33 . 2009-08-18 21:33 -------- d-----w- c:\program files\YouSendIt
2009-08-18 19:32 . 2009-08-18 19:32 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Identities
2009-08-03 00:02 . 2009-08-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 00:42 . 2009-07-01 19:24 -------- d-----w- c:\program files\lg_fwupdate
2009-08-26 14:15 . 2009-03-03 04:43 -------- d-----w- c:\documents and settings\Ben\Application Data\LimeWire
2009-08-24 00:39 . 2009-06-25 19:56 -------- d-----w- c:\program files\Neodivx
2009-08-24 00:37 . 2009-02-26 03:15 -------- d-----w- c:\program files\MagicISO
2009-08-24 00:35 . 2009-02-25 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-24 00:34 . 2009-02-26 22:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-23 23:24 . 2009-02-26 02:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 16:10 . 2009-02-26 00:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-26 00:10 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-26 00:10 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-26 00:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-26 00:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-26 00:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-02-26 00:11 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-26 00:10 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-26 00:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-03 14:44 . 2009-02-26 02:21 -------- d-----w- c:\documents and settings\Ben\Application Data\uTorrent
2009-08-03 00:51 . 2009-02-26 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-07-25 18:25 . 2009-07-25 18:25 1915520 ----a-w- c:\documents and settings\Ben\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-13 03:24 . 2009-06-01 22:24 -------- d-----w- c:\program files\Autodesk VIZ 4
2009-07-07 00:43 . 2009-07-07 00:42 -------- d-----w- c:\program files\QuickTime
2009-07-07 00:42 . 2009-07-07 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-07 00:41 . 2009-07-07 00:41 -------- d-----w- c:\program files\Apple Software Update
2009-07-07 00:41 . 2009-07-07 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-06 20:10 . 2009-07-06 17:05 -------- d-----w- c:\documents and settings\Ben\Application Data\U3
2009-07-06 17:20 . 2009-07-06 17:20 -------- d-----w- c:\documents and settings\Ben\Application Data\MPEG Streamclip
2009-07-03 22:15 . 2009-07-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-03 20:12 . 2009-05-01 17:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-03 20:02 . 2009-02-25 21:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-03 20:02 . 2009-02-25 21:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-03 19:59 . 2009-07-03 19:59 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-03 19:59 . 2009-07-03 19:59 -------- d-----w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-03 14:57 . 2009-07-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-03 14:56 . 2009-07-03 14:57 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2009-07-03 14:32 . 2009-07-01 19:14 -------- d-----w- c:\program files\CyberLink
2009-07-03 14:27 . 2009-07-01 19:18 -------- d-----w- c:\documents and settings\Ben\Application Data\CyberLink
2009-07-02 15:59 . 2009-02-25 21:21 91304 ----a-w- c:\documents and settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:49 . 2009-07-01 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-07-01 19:26 . 2009-07-01 19:26 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2009-07-01 19:22 . 2009-07-01 19:22 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
2009-07-01 19:18 . 2009-07-01 19:18 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-07-01 19:16 . 2009-07-01 19:16 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2009-07-01 19:12 . 2009-07-01 19:13 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-06-30 14:37 . 2009-02-25 22:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-27 14:06 . 2009-06-27 14:06 503808 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\msvcp71.dll
2009-06-27 14:06 . 2009-06-27 14:06 499712 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\jmc.dll
2009-06-27 14:06 . 2009-06-27 14:06 348160 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\msvcr71.dll
2009-06-27 14:05 . 2009-06-27 14:05 152576 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-26 21:43 . 2009-06-26 21:43 47360 ----a-w- c:\documents and settings\Ben\Application Data\pcouffin.sys
2009-06-26 21:43 . 2009-06-26 21:43 47360 ----a-w- c:\documents and settings\Ben\Application Data\pcouffin.sys
2009-06-26 21:43 . 2009-06-26 21:43 47360 ------w- c:\windows\system32\drivers\pcouffin.sys
2009-06-25 19:42 . 2009-06-25 19:31 1 ------w- c:\windows\system32\SysDVDtoavi.dat
2009-06-21 12:46 . 2009-02-25 21:42 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 06:45 . 2009-06-16 06:45 552 ------w- c:\windows\system32\d3d8caps.dat
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 10:03 . 2009-02-25 21:43 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:03 . 2009-02-25 21:14 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2009-02-25 21:14 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 10:03 . 2008-12-26 05:08 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2008-12-26 05:08 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2008-12-26 05:08 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2008-12-26 05:08 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2008-12-26 05:08 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-27_05.22.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 00:42 . 2009-08-28 00:42 16384 c:\windows\Temp\Perflib_Perfdata_640.dat
+ 2001-08-23 12:00 . 2009-08-28 00:46 59576 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-08-27 03:57 59576 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-08-28 00:46 395336 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-08-27 03:57 395336 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-22 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"UpdatePDRShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2008-09-16 210216]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-04-16 75048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-16 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-04-16 62760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2009-02-25 364544]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]
c:\documents and settings\Ben\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
fortePivot.lnk - c:\program files\LG Soft India\fortePivot\bin\fortePivot.exe [2009-5-1 65536]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [2009-07-01 10368]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-23 150568]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-25 20560]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [2009-07-01 183552]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-02-25 36864]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.canoe.qc.ca
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\z5wsloxx.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 00:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:3b,26,49,1b,3f,f6,b7,36,26,0b,2e,4a,b9,06,7a,36,36,40,d9,d5,3d,
4f,8d,0d,fb,18,1d,23,1b,52,56,94,56,fa,ea,a3,59,9b,17,89,b2,26,9a,c9,f9,6a,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:3b,26,49,1b,3f,f6,b7,36,26,0b,2e,4a,b9,06,7a,36,36,40,d9,d5,3d,
4f,8d,0d,fb,18,1d,23,1b,52,56,94,56,fa,ea,a3,59,9b,17,89,b2,26,9a,c9,f9,6a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(720)
c:\program files\LG Soft India\fortePivot\bin\MSGHOOK.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-08-28 0:28
ComboFix-quarantined-files.txt 2009-08-28 04:28
ComboFix2.txt 2009-08-27 14:02
ComboFix3.txt 2009-08-27 05:27
Pre-Run: 36*022*718*464 bytes free
Post-Run: 35*973*865*472 bytes free
207
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:34:32, on 2009-08-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: fortePivot.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8436 bytes
Please follow my previous instructions exactly, word by word and then try again :)
You will need to copy everything in codebox to CFScript.txt.
It's weird... maybe because I've just started notepad... instead of doing run/notepad... but my text was different.
I'm doing it in couples of minutes... let's finish an exportation :)
ComboFix 09-08-27.06 - Ben 2009-08-28 3:54.4.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2047.1628 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090827-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ben\Application Data\LimeWire
c:\documents and settings\Ben\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Ben\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Ben\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Ben\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Ben\Application Data\LimeWire\downloads.dat
c:\documents and settings\Ben\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Ben\Application Data\LimeWire\gnutella.net
c:\documents and settings\Ben\Application Data\LimeWire\installation.props
c:\documents and settings\Ben\Application Data\LimeWire\library.dat
c:\documents and settings\Ben\Application Data\LimeWire\library5.dat
c:\documents and settings\Ben\Application Data\LimeWire\limewire.props
c:\documents and settings\Ben\Application Data\LimeWire\lock
c:\documents and settings\Ben\Application Data\LimeWire\mojito.props
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\30B5DE57d01
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\4C4B6535d01
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\B7E8F4C3d01
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A89d01
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Ben\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Ben\Application Data\LimeWire\player.props
c:\documents and settings\Ben\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Ben\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Ben\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Ben\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Ben\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Ben\Application Data\LimeWire\questions.props
c:\documents and settings\Ben\Application Data\LimeWire\responses.cache
c:\documents and settings\Ben\Application Data\LimeWire\simpp.xml
c:\documents and settings\Ben\Application Data\LimeWire\spam.dat
c:\documents and settings\Ben\Application Data\LimeWire\tables.props
c:\documents and settings\Ben\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Ben\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Ben\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Ben\Application Data\LimeWire\version.xml
c:\documents and settings\Ben\Application Data\LimeWire\versions.props
c:\documents and settings\Ben\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Ben\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\Ben\Application Data\uTorrent
c:\documents and settings\Ben\Application Data\uTorrent\.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\.torrent
c:\documents and settings\Ben\Application Data\uTorrent\65 Days Of Static.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Creative Suite 3 Master Collection Fr + Activation... MS.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Creative Suite 4 Master Collection.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Creative Suite 4 Master Collection.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe CS4 All In One Collection + KeyGen.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe CS4 Master Collection Keygen.rar.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe CS4 Master Collection Windows.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Premiere Pro CS3 (ZWT) KeyGen Only.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe PREMIERE Pro CS3 [KEYGEN + Activator + CRACK!].1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe PREMIERE Pro CS3 [KEYGEN + Activator + CRACK!].torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Premiere Pro CS3 Incl Crack MultiLang.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Premiere Pro CS3 Keygen.exe.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Premiere Pro CS3 Keygen.exe.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Premiere Pro CS3 Multi-language Incl Crack.rar.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Adobe Premiere Pro Plugins Magic Bullet Editors 1.5 by chris.rar.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Amateur German anal Sex With Teen Tight Ass German Girl Who Wants To Save Her Hymen.wmv.torrent
c:\documents and settings\Ben\Application Data\uTorrent\amazinghottie.mpg.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Ambient-Sleep Mk. II [MP3].torrent
c:\documents and settings\Ben\Application Data\uTorrent\Ass_Intake_Anal_Porn_Groupsex.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Assassins Creed Saved Games Complete.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Autodesk.AutoCAD.LT.2010.English.Win32.DVD.REPACK-NoPE.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Blonde Chick Gets 1st anal.zip.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Crystal Method, The.torrent
c:\documents and settings\Ben\Application Data\uTorrent\CS4.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Cum_in_My_Gaping_Butthole_2_Scene_3_dvd.wmv.torrent
c:\documents and settings\Ben\Application Data\uTorrent\dht.dat
c:\documents and settings\Ben\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Ben\Application Data\uTorrent\DVD-To-Avi+Crack.rar.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Fuck_My_Ass_POV_Anal_Sex.torrent
c:\documents and settings\Ben\Application Data\uTorrent\German Blonde Anal Fucked.wmv.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Greek Mega Mix 8-2CD-2007.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Hailey Page And Her Apprentice Blonde Get Screwed In Piledriver Position Anal Threesome Porn.wmv.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Half Life 2 + Counter Strike Source.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Half Life 2 + Counter Strike Source.2.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Half Life 2 + Counter Strike Source.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Hans_Zimmer-Pirates_Of_The_Caribbean_(Dead_Man_S_Chest)-OST-2006-COCMP3.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Hans_Zimmer-Pirates_Of_The_Caribbean_(Dead_Man_S_Chest)-OST-2006-COCMP3.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Hardcore anal twins blowjob boots big tits dp group milf blonde.zip.torrent
c:\documents and settings\Ben\Application Data\uTorrent\home fr.mp4.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Hot College Latina blows thick cock ass anal sex porno.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Hot Sexy Oriental Girl Photos.zip.torrent
c:\documents and settings\Ben\Application Data\uTorrent\iggys dream7unes.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\iggys dream7unes.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Johnny Cash - Collection Edition.JPG.Pictures.zip.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Mortal Kombat 4.zip.torrent
c:\documents and settings\Ben\Application Data\uTorrent\MortalKombat4.rar.torrent
c:\documents and settings\Ben\Application Data\uTorrent\MUST.SEE - 2.Hot.Blonde.Gets.Awesome.Fuck.And.Double.Pussy.And.Anal.Fisting.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Norton Ghost v12 KeyGen Included.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Norton Ghost v12 KeyGen Included.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Norton Ghost v14 Incl Patch.rar.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Norton Ghost v14.0.0 24815 Eng.rar.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Norton Ghost v14.0.1.24977 +Patch and Serial.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Norton_Ghost_14.0.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Pink Floyd.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Pink Floyd.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Pirates of the Caribbean-At World's End Soundtrack.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Red.Giant.Magic.Bullet.Looks.v1.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\relax.oriental.[www.todocvcd.com].by.maat.torrent
c:\documents and settings\Ben\Application Data\uTorrent\resume.dat
c:\documents and settings\Ben\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Ben\Application Data\uTorrent\rss.dat
c:\documents and settings\Ben\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Ben\Application Data\uTorrent\settings.dat
c:\documents and settings\Ben\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Ben\Application Data\uTorrent\Sia - Colour The Small One.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Sia - Some People Have Real Problems (2007).torrent
c:\documents and settings\Ben\Application Data\uTorrent\Sia_-_The_Girl_You_Lost_to_Cocaine._Incl._Sander_Van_Doorn_Remix-(DOORN003)-WEB-2008-FUCKWEB.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Stunning Pornstar Jasmine Gets Her Ass Pumped In A Hurry And Silently Orgasms Anal Sex Porn.avi.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Stunning Pornstar Veronica Jett Gets Her Ass Rammed Hard XXX Anal Porn.wmv.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Symantec Norton Ghost 14.0.1.24977 incl.Serial.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Symantec Norton Ghost v14.0 Incl Keygen.rar.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Symantec Norton Ghost v14.0+Keygen.rar.1.torrent
c:\documents and settings\Ben\Application Data\uTorrent\Symantec Norton Ghost v14.0+Keygen.rar.torrent
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-27 05:22 . 2009-08-27 05:22 -------- d-----w- c:\documents and settings\Ben\Application Data\Dossier de téléchargement Share-to-Web
2009-08-24 00:36 . 2009-08-24 00:36 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Google
2009-08-18 21:33 . 2009-08-18 21:34 -------- d-----w- c:\documents and settings\Ben\Application Data\YouSendIt
2009-08-18 21:33 . 2009-08-18 21:33 -------- d-----w- c:\program files\YouSendIt
2009-08-18 19:32 . 2009-08-18 19:32 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Identities
2009-08-03 00:02 . 2009-08-03 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 00:42 . 2009-07-01 19:24 -------- d-----w- c:\program files\lg_fwupdate
2009-08-24 00:39 . 2009-06-25 19:56 -------- d-----w- c:\program files\Neodivx
2009-08-24 00:37 . 2009-02-26 03:15 -------- d-----w- c:\program files\MagicISO
2009-08-24 00:35 . 2009-02-25 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-24 00:34 . 2009-02-26 22:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-23 23:24 . 2009-02-26 02:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 16:10 . 2009-02-26 00:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-26 00:10 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-26 00:10 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-26 00:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-26 00:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-26 00:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-02-26 00:11 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-26 00:10 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-26 00:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-03 00:51 . 2009-02-26 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-07-25 18:25 . 2009-07-25 18:25 1915520 ----a-w- c:\documents and settings\Ben\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-13 03:24 . 2009-06-01 22:24 -------- d-----w- c:\program files\Autodesk VIZ 4
2009-07-07 00:43 . 2009-07-07 00:42 -------- d-----w- c:\program files\QuickTime
2009-07-07 00:42 . 2009-07-07 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-07 00:41 . 2009-07-07 00:41 -------- d-----w- c:\program files\Apple Software Update
2009-07-07 00:41 . 2009-07-07 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-06 20:10 . 2009-07-06 17:05 -------- d-----w- c:\documents and settings\Ben\Application Data\U3
2009-07-06 17:20 . 2009-07-06 17:20 -------- d-----w- c:\documents and settings\Ben\Application Data\MPEG Streamclip
2009-07-03 22:15 . 2009-07-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-03 20:12 . 2009-05-01 17:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-03 20:02 . 2009-02-25 21:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-03 20:02 . 2009-02-25 21:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-03 19:59 . 2009-07-03 19:59 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-03 19:59 . 2009-07-03 19:59 -------- d-----w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-03 19:59 . 2009-07-03 19:59 290816 ----a-w- c:\documents and settings\Ben\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-03 14:57 . 2009-07-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-03 14:56 . 2009-07-03 14:57 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2009-07-03 14:32 . 2009-07-01 19:14 -------- d-----w- c:\program files\CyberLink
2009-07-03 14:27 . 2009-07-01 19:18 -------- d-----w- c:\documents and settings\Ben\Application Data\CyberLink
2009-07-02 15:59 . 2009-02-25 21:21 91304 ----a-w- c:\documents and settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:49 . 2009-07-01 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-07-01 19:26 . 2009-07-01 19:26 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2009-07-01 19:22 . 2009-07-01 19:22 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
2009-07-01 19:18 . 2009-07-01 19:18 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-07-01 19:16 . 2009-07-01 19:16 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2009-07-01 19:12 . 2009-07-01 19:13 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-06-30 14:37 . 2009-02-25 22:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-27 14:06 . 2009-06-27 14:06 503808 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\msvcp71.dll
2009-06-27 14:06 . 2009-06-27 14:06 499712 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\jmc.dll
2009-06-27 14:06 . 2009-06-27 14:06 348160 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-2861ad95-n\msvcr71.dll
2009-06-27 14:05 . 2009-06-27 14:05 152576 ----a-w- c:\documents and settings\Ben\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-26 21:43 . 2009-06-26 21:43 47360 ----a-w- c:\documents and settings\Ben\Application Data\pcouffin.sys
2009-06-26 21:43 . 2009-06-26 21:43 47360 ----a-w- c:\documents and settings\Ben\Application Data\pcouffin.sys
2009-06-26 21:43 . 2009-06-26 21:43 47360 ------w- c:\windows\system32\drivers\pcouffin.sys
2009-06-25 19:42 . 2009-06-25 19:31 1 ------w- c:\windows\system32\SysDVDtoavi.dat
2009-06-21 12:46 . 2009-02-25 21:42 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 06:45 . 2009-06-16 06:45 552 ------w- c:\windows\system32\d3d8caps.dat
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 10:03 . 2009-02-25 21:43 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:03 . 2009-02-25 21:14 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2009-02-25 21:14 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 10:03 . 2008-12-26 05:08 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2008-12-26 05:08 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2008-12-26 05:08 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2008-12-26 05:08 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2008-12-26 05:08 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-27_05.22.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 00:42 . 2009-08-28 00:42 16384 c:\windows\Temp\Perflib_Perfdata_640.dat
+ 2001-08-23 12:00 . 2009-08-28 00:46 59576 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-08-27 03:57 59576 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-08-28 00:46 395336 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-08-27 03:57 395336 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-22 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"UpdatePDRShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2008-09-16 210216]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-04-16 75048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-16 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-04-16 62760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2009-02-25 364544]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]
c:\documents and settings\Ben\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
fortePivot.lnk - c:\program files\LG Soft India\fortePivot\bin\fortePivot.exe [2009-5-1 65536]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [2009-07-01 10368]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-23 150568]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-25 20560]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [2009-07-01 183552]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-02-25 36864]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.canoe.qc.ca
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\z5wsloxx.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 04:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:3b,26,49,1b,3f,f6,b7,36,26,0b,2e,4a,b9,06,7a,36,36,40,d9,d5,3d,
4f,8d,0d,fb,18,1d,23,1b,52,56,94,56,fa,ea,a3,59,9b,17,89,b2,26,9a,c9,f9,6a,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:3b,26,49,1b,3f,f6,b7,36,26,0b,2e,4a,b9,06,7a,36,36,40,d9,d5,3d,
4f,8d,0d,fb,18,1d,23,1b,52,56,94,56,fa,ea,a3,59,9b,17,89,b2,26,9a,c9,f9,6a,\
.
Completion time: 2009-08-28 4:02
ComboFix-quarantined-files.txt 2009-08-28 08:01
ComboFix2.txt 2009-08-28 04:28
ComboFix3.txt 2009-08-27 14:02
ComboFix4.txt 2009-08-27 05:27
Pre-Run: 35*960*815*616 bytes free
Post-Run: 35*916*726*272 bytes free
642
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:07:33, on 2009-08-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: fortePivot.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8435 bytes
since the first step I have no problem...
you think it's fine now ??
no one out of me will touch this computer in the future !!
No, it isn't.
You appear to have illegal software installed and they need to be uninstalled next.
Uninstall these:
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Common File Installer
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore DVD 2.0
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Setup
Adobe Setup
Adobe Stock Photos 1.0
Adobe SVG Viewer
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AutoCAD 2002
Autodesk® VIZ 4
Post back a fresh uninstall list afterwards and we will continue.
this is adobe cs4
I'm using it as a passion and I kinda need it. :sad:
I understand your point, but I will never buy Adobe CS4 suite because I'm not rich. I'm not a company, I'm not a designer, not an achitect... just an artist and I love Photoshop products.
If one day I start a buisness because I learned Photoshop enough to start something I'll have no choice to buy it and I will.
I can uninstall Autodesk Viz and AutoCAD. - I needed it for only a little thing.
If you can't continu to help me I can understand.
I guess you won't help me anymore so just let me tell you that you guys do an amazing job.