Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Popup asking to download stuff... [RESOLVED]

Started by need h3lp... , Apr 26 2008 07:30 AM

  • This topic is locked This topic is locked

#1
need h3lp...
Posted 26 April 2008 - 07:30 AM

need h3lp...

    Member

  • Member
  • PipPip
  • 16 posts
Hello,
I'm infected with a virus and I keep getting popups of things to download to help my pc get better. Also, my friend told me that when I was offline on MSN I kept sending links, that leed to similar product as the popup I've been getting, to everyone. I'm pretty sure it's due to the virus. My internet is running EXTREMELY slow. I'm running on a Windows PC and here is my Hijack This log, please help me :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:44 AM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\VSTASCAN\vsaccess.exe
C:\Documents and Settings\sebastien\My Documents\HiJackThis.exe

R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PiXPO] "C:\Program Files\ProPix Share\1.5\Pixpo.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [cmds] rundll32.exe C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\khfEWNec.dll,c (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\yomkwkmg.dll",run (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [BMdf1b4f4d] Rundll32.exe "C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\agiywwjn.dll",s (User 'sebastien')
O4 - S-1-5-21-1214440339-725345543-682003330-1004 Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Windows\My Documents\My Videos\LimeWire\LimeWire.exe (User 'sebastien')
O4 - S-1-5-21-1214440339-725345543-682003330-1004 User Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Windows\My Documents\My Videos\LimeWire\LimeWire.exe (User 'sebastien')
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe

--
End of file - 12099 bytes
  • 0

Advertisements

#2
Tigger93
Posted 26 April 2008 - 09:39 AM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome to Geekstogo. :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
need h3lp...
Posted 26 April 2008 - 02:01 PM

need h3lp...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello Tigger93,
Thanks for taking the time to help me !
Here's the Combo Fix log and the Hijack This log you asked for:


Combo fix:



ComboFix 08-04-24.1 - Windows 2008-04-26 15:44:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.96 [GMT -4:00]
Running from: C:\Documents and Settings\sebastien\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-26 09:03 . 2008-04-26 09:03 <DIR> d-------- C:\Documents and Settings\sebastien\Application Data\Grisoft
2008-04-25 22:59 . 2007-11-24 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-25 22:59 . 2008-04-25 22:59 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-25 22:59 . 2008-04-26 15:25 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-04-25 22:52 . 2008-04-25 22:52 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Grisoft
2008-04-25 22:52 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-25 22:51 . 2008-04-25 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-25 22:42 . 2008-04-25 22:42 <DIR> d-------- C:\Program Files\CCleaner
2008-04-23 18:25 . 2008-04-23 18:25 <DIR> d-------- C:\temp\zvebs14
2008-04-16 20:20 . 2008-04-16 20:20 <DIR> d-------- C:\temp\berDrv11

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 19:36 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-04-26 19:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-26 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-26 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-26 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-24 20:56 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-03-24 20:55 --------- d--h--w C:\Documents and Settings\Windows\Application Data\ijjigame
2008-03-24 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 20:41 --------- d-----w C:\Program Files\NHN USA
2008-03-24 20:24 --------- d-----w C:\Documents and Settings\sebastien\Application Data\InstallShield Installation Information
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 01:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-08 13:07 264,097 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4625.exe
2008-01-27 20:53 357 ----a-w C:\Documents and Settings\sebastien\.cb_layout.bin
2008-01-27 20:35 357 ----a-w C:\Documents and Settings\Windows\.cb_layout.bin
2007-06-18 15:52 939,520 ----a-w C:\Program Files\sftutor.dll
2007-06-18 15:52 1,512,960 ----a-w C:\Program Files\sfvstwrap.dll
2007-06-18 15:52 1,259,008 ----a-w C:\Program Files\sfs4rw.dll
2007-06-18 15:52 1,046,016 ----a-w C:\Program Files\sfpublish.dll
2007-06-18 15:51 9,261,056 ----a-w C:\Program Files\musicstudio70.exe
2007-06-18 15:51 398,848 ----a-w C:\Program Files\sfconfigmgr.dll
2007-06-18 15:51 3,632,128 ----a-w C:\Program Files\musicstudio70k.dll
2007-06-18 15:51 1,312,768 ----a-w C:\Program Files\sfmarket2.dll
2007-06-18 15:51 1,104,896 ----a-w C:\Program Files\sfnetmedia.dll
2007-06-18 15:38 29,513 ----a-w C:\Program Files\musicstudio70.zip
2007-06-18 15:23 695,808 ----a-w C:\Program Files\sfdvd.dll
2007-06-18 15:23 506,880 ----a-w C:\Program Files\sfld.ldd
2007-06-18 15:23 491,520 ----a-w C:\Program Files\sfcd.cdd
2007-06-18 15:23 399,872 ----a-w C:\Program Files\sfcdfs.dll
2007-06-18 15:23 28,672 ----a-w C:\Program Files\sfscsi.dll
2007-06-18 15:23 2,151,936 ----a-w C:\Program Files\sfcdix.dll
2007-06-18 15:23 165,376 ----a-w C:\Program Files\fargo.pdd
2007-06-18 15:23 163,840 ----a-w C:\Program Files\sfldsim.ldd
2007-06-18 15:23 161,792 ----a-w C:\Program Files\sfprnsim.pdd
2007-06-18 15:23 16,384 ----a-w C:\Program Files\sfcdsim.cdd
2007-06-18 15:22 363,008 ----a-w C:\Program Files\sfspti.dll
2007-06-18 15:22 20,480 ----a-w C:\Program Files\sfspti2.dll
2007-06-14 15:20 321,789 ----a-w C:\Program Files\musicstudio70.udat
2007-05-25 17:25 2,441,595 ----a-w C:\Program Files\musicstudio70jpn.tut
2007-05-25 17:25 2,439,189 ----a-w C:\Program Files\musicstudio70esp.tut
2007-05-25 17:25 2,430,353 ----a-w C:\Program Files\musicstudio70fra.tut
2007-05-25 17:25 2,429,247 ----a-w C:\Program Files\musicstudio70deu.tut
2007-05-25 17:25 2,428,854 ----a-w C:\Program Files\musicstudio70.tut
2007-05-17 16:38 16,266 ----a-w C:\Program Files\musicstudio_readme_fra.htm
2007-03-20 17:07 85,308 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO v2.mht
2007-03-20 17:07 74,270 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO.mht
2007-03-20 17:07 51,481 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttleXpress.mht
2007-03-20 17:07 12,004 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttleXpress.pref
2007-03-20 17:07 12,004 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO.pref
2007-03-20 17:07 12,004 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO v2.pref
2007-03-19 18:57 49,152 ----a-w C:\Program Files\OpcPcmImporter.dll
2007-03-15 19:17 6,537,890 ----a-r C:\Program Files\Wire.acd-zip
2007-02-26 21:10 185,764 ----a-w C:\Program Files\sfcdix.cfg
2007-02-26 21:10 18,865 ----a-w C:\Program Files\sfcdix.hlp
2007-02-26 21:09 360 ----a-w C:\Program Files\musicstudio70.oemdat
2007-02-26 21:09 2,414,197 ----a-w C:\Program Files\musicstudio70xp.tut
2006-11-11 21:55 4 ----a-w C:\Program Files\once.tmp
2006-10-09 02:03 598,016 ----a-w C:\Program Files\morpheustoolbar.exe
2006-10-09 02:03 4 ----a-w C:\Program Files\version.tmp
2006-10-09 02:02 950 ----a-w C:\Program Files\MorphConfig.ini
2006-10-09 02:02 169,599 ----a-w C:\Program Files\UninstMorpheus.exe
2006-09-21 00:29 724,480 ----a-w C:\Program Files\Morpheus.exe
2006-09-21 00:27 1,944,576 ----a-w C:\Program Files\M5Shell.dll
2006-09-21 00:25 1,021,153 ----a-w C:\Program Files\python23.zip
2006-09-19 19:09 53,248 ----a-w C:\Program Files\MorphShellExt.dll
2006-09-19 19:06 94,208 ----a-w C:\Program Files\_sre.pyd
2006-09-19 19:06 77,824 ----a-w C:\Program Files\select.pyd
2006-09-19 19:06 126,976 ----a-w C:\Program Files\_socket.pyd
2006-09-19 19:06 114,688 ----a-w C:\Program Files\zlib.pyd
2006-09-19 18:59 45,056 ----a-w C:\Program Files\MorphHelper.dll
2006-09-19 18:59 1,155,072 ----a-w C:\Program Files\python23.dll
2006-09-12 18:33 9,079 ----a-w C:\Program Files\MorphCache.net
2006-09-12 18:33 6,608 ----a-w C:\Program Files\chc0.cfg
2006-09-01 00:13 598,016 ----a-w C:\Program Files\mymorpheusToolbar.exe
2006-08-31 20:41 434 ----a-w C:\Program Files\WebCache.net
2006-04-13 00:34 25,214 ----a-w C:\Program Files\podcast_icon.ico
2005-11-09 02:17 1,309 ----a-w C:\Program Files\svc.conf
2005-05-03 20:24 22,486 ----a-w C:\Program Files\Folder_Morpheus.ico
2005-04-22 18:42 25,214 ----a-w C:\Program Files\Video.ico
2005-04-22 17:13 25,214 ----a-w C:\Program Files\Audio.ico
2005-03-10 03:34 25,214 ----a-w C:\Program Files\Torrent.ico
2005-03-04 00:41 126,976 ----a-w C:\Program Files\Proto.dll
2005-03-02 21:49 695 ----a-w C:\Program Files\NeoWebCache.net
2005-03-02 21:49 3,921 ----a-w C:\Program Files\MorphUltraCache.net
2005-03-02 21:49 185 ----a-w C:\Program Files\MorphConfigEx.ini
2005-03-02 21:49 13,471 ----a-w C:\Program Files\python_LICENSE.txt
2005-03-02 21:49 1,204 ----a-w C:\Program Files\bitTorrent_LICENSE.txt
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"PiXPO"="C:\Program Files\ProPix Share\1.5\Pixpo.exe" [2004-08-20 12:13 3985408]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 02:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 02:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 02:23 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 15:35 473928]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 12:20 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 12:39 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 10:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 10:34 851968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 16:55 45056]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 01:08 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 21:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"iPodConverterSuite_upgrade"="C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" [2007-11-29 04:22 819712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

C:\Documents and Settings\Windows\Start Menu\Programs\Startup\
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2005-07-30 11:58:17 158208]

C:\Documents and Settings\sebastien\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Documents and Settings\Windows\My Documents\My Videos\LimeWire\LimeWire.exe [2006-08-22 11:45:55 159744]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-02-05 13:27:29 819200]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 17:51:52 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"=
"C:\\Documents and Settings\\sebastien\\My Documents\\My Games\\Warcraft III\\Warcraft III.exe"=
"C:\\Documents and Settings\\Windows\\My Documents\\My Videos\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\stephanie\\My Documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R2 PPCLASS;PPCLASS;C:\WINDOWS\system32\drivers\PPCLASS.sys [1997-04-09 16:08]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN.sys [1999-02-10 21:38]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 01:50:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 00:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Windows.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 15:52:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-26 15:57:30
ComboFix-quarantined-files.txt 2008-04-26 19:57:23

Pre-Run: 33,666,441,216 bytes free
Post-Run: 33,667,477,504 bytes free

212 --- E O F --- 2008-04-12 07:09:39







Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:06 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\sebastien\My Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PiXPO] "C:\Program Files\ProPix Share\1.5\Pixpo.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe

--
End of file - 11198 bytes
  • 0

#4
Tigger93
Posted 26 April 2008 - 02:31 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi again.

Open HijackThis and put a check next to these:
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL

O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL

Click Fix Checked and close HJT.

Then go Start > Control Panel > Add/Remove Programs and uninstall MorpheusBar.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Program Files\MorphUltraCache.net
C:\Program Files\once.tmp
C:\Program Files\morpheustoolbar.exe
C:\Program Files\version.tmp
C:\Program Files\UninstMorpheus.exe
C:\Program Files\Morpheus.exe
C:\Program Files\MorphShellExt.dll
C:\Program Files\MorphHelper.dll
C:\Program Files\MorphCache.net
C:\Program Files\chc0.cfg
C:\Program Files\mymorpheusToolbar.exe
C:\Program Files\podcast_icon.ico
C:\Program Files\svc.conf
C:\Program Files\Folder_Morpheus.ico
C:\Program Files\Video.ico
C:\Program Files\Audio.ico
C:\Program Files\Torrent.ico
C:\Program Files\Proto.dll
C:\Program Files\NeoWebCache.net
C:\Program Files\MorphConfigEx.ini
C:\Program Files\python_LICENSE.txt
C:\Program Files\bitTorrent_LICENSE.txt

Folder::
C:\temp\zvebs14\
C:\temp\berDrv11\
C:\Documents and Settings\Windows\Application Data\ijjigame\
C:\Program Files\NeoWebCache.net\
C:\Program Files\MorphUltraCache.net\



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by Tigger93, 26 April 2008 - 02:33 PM.

  • 0

#5
need h3lp...
Posted 26 April 2008 - 08:39 PM

need h3lp...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks Again ! My computer already seems to be working a lot better !
Anyway, here are the logs you asked for:

Combo Fix


ComboFix 08-04-24.1 - Windows 2008-04-26 22:30:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.150 [GMT -4:00]
Running from: C:\Documents and Settings\sebastien\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\sebastien\My Documents\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Audio.ico
C:\Program Files\bitTorrent_LICENSE.txt
C:\Program Files\chc0.cfg
C:\Program Files\Folder_Morpheus.ico
C:\Program Files\MorphCache.net
C:\Program Files\MorphConfigEx.ini
C:\Program Files\Morpheus.exe
C:\Program Files\morpheustoolbar.exe
C:\Program Files\MorphHelper.dll
C:\Program Files\MorphShellExt.dll
C:\Program Files\MorphUltraCache.net
C:\Program Files\mymorpheusToolbar.exe
C:\Program Files\NeoWebCache.net
C:\Program Files\once.tmp
C:\Program Files\podcast_icon.ico
C:\Program Files\Proto.dll
C:\Program Files\python_LICENSE.txt
C:\Program Files\svc.conf
C:\Program Files\Torrent.ico
C:\Program Files\UninstMorpheus.exe
C:\Program Files\version.tmp
C:\Program Files\Video.ico
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Windows\Application Data\ijjigame\
C:\Documents and Settings\Windows\Application Data\ijjigame\\HUL\gamekind.ini
C:\Documents and Settings\Windows\Application Data\ijjigame\\HUL\u_sf_launcher.hul
C:\Documents and Settings\Windows\Application Data\ijjigame\\ijjistarter2.exe
C:\Program Files\Audio.ico
C:\Program Files\bitTorrent_LICENSE.txt
C:\Program Files\chc0.cfg
C:\Program Files\Folder_Morpheus.ico
C:\Program Files\MorphCache.net
C:\Program Files\MorphConfigEx.ini
C:\Program Files\Morpheus.exe
C:\Program Files\morpheustoolbar.exe
C:\Program Files\MorphHelper.dll
C:\Program Files\MorphShellExt.dll
C:\Program Files\MorphUltraCache.net
C:\Program Files\mymorpheusToolbar.exe
C:\Program Files\NeoWebCache.net
C:\Program Files\once.tmp
C:\Program Files\podcast_icon.ico
C:\Program Files\Proto.dll
C:\Program Files\python_LICENSE.txt
C:\Program Files\svc.conf
C:\Program Files\Torrent.ico
C:\Program Files\UninstMorpheus.exe
C:\Program Files\version.tmp
C:\Program Files\Video.ico
C:\temp\berDrv11\
C:\temp\zvebs14\

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-26 22:28 . 2006-10-08 22:03 237,568 --a------ C:\Program Files\Uninstall Morpheus Toolbar.dll
2008-04-26 09:03 . 2008-04-26 09:03 <DIR> d-------- C:\Documents and Settings\sebastien\Application Data\Grisoft
2008-04-25 22:59 . 2007-11-24 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-25 22:59 . 2008-04-25 22:59 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-25 22:59 . 2008-04-26 15:25 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-04-25 22:52 . 2008-04-25 22:52 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Grisoft
2008-04-25 22:52 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-25 22:51 . 2008-04-25 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-25 22:42 . 2008-04-25 22:42 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 02:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-27 02:20 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-04-26 19:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-26 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-26 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-24 20:56 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-03-24 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 20:41 --------- d-----w C:\Program Files\NHN USA
2008-03-24 20:24 --------- d-----w C:\Documents and Settings\sebastien\Application Data\InstallShield Installation Information
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 01:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-08 13:07 264,097 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4625.exe
2008-01-27 20:53 357 ----a-w C:\Documents and Settings\sebastien\.cb_layout.bin
2008-01-27 20:35 357 ----a-w C:\Documents and Settings\Windows\.cb_layout.bin
2007-06-18 15:52 939,520 ----a-w C:\Program Files\sftutor.dll
2007-06-18 15:52 1,512,960 ----a-w C:\Program Files\sfvstwrap.dll
2007-06-18 15:52 1,259,008 ----a-w C:\Program Files\sfs4rw.dll
2007-06-18 15:52 1,046,016 ----a-w C:\Program Files\sfpublish.dll
2007-06-18 15:51 9,261,056 ----a-w C:\Program Files\musicstudio70.exe
2007-06-18 15:51 398,848 ----a-w C:\Program Files\sfconfigmgr.dll
2007-06-18 15:51 3,632,128 ----a-w C:\Program Files\musicstudio70k.dll
2007-06-18 15:51 1,312,768 ----a-w C:\Program Files\sfmarket2.dll
2007-06-18 15:51 1,104,896 ----a-w C:\Program Files\sfnetmedia.dll
2007-06-18 15:38 29,513 ----a-w C:\Program Files\musicstudio70.zip
2007-06-18 15:23 695,808 ----a-w C:\Program Files\sfdvd.dll
2007-06-18 15:23 506,880 ----a-w C:\Program Files\sfld.ldd
2007-06-18 15:23 491,520 ----a-w C:\Program Files\sfcd.cdd
2007-06-18 15:23 399,872 ----a-w C:\Program Files\sfcdfs.dll
2007-06-18 15:23 28,672 ----a-w C:\Program Files\sfscsi.dll
2007-06-18 15:23 2,151,936 ----a-w C:\Program Files\sfcdix.dll
2007-06-18 15:23 165,376 ----a-w C:\Program Files\fargo.pdd
2007-06-18 15:23 163,840 ----a-w C:\Program Files\sfldsim.ldd
2007-06-18 15:23 161,792 ----a-w C:\Program Files\sfprnsim.pdd
2007-06-18 15:23 16,384 ----a-w C:\Program Files\sfcdsim.cdd
2007-06-18 15:22 363,008 ----a-w C:\Program Files\sfspti.dll
2007-06-18 15:22 20,480 ----a-w C:\Program Files\sfspti2.dll
2007-06-14 15:20 321,789 ----a-w C:\Program Files\musicstudio70.udat
2007-05-25 17:25 2,441,595 ----a-w C:\Program Files\musicstudio70jpn.tut
2007-05-25 17:25 2,439,189 ----a-w C:\Program Files\musicstudio70esp.tut
2007-05-25 17:25 2,430,353 ----a-w C:\Program Files\musicstudio70fra.tut
2007-05-25 17:25 2,429,247 ----a-w C:\Program Files\musicstudio70deu.tut
2007-05-25 17:25 2,428,854 ----a-w C:\Program Files\musicstudio70.tut
2007-05-17 16:38 16,266 ----a-w C:\Program Files\musicstudio_readme_fra.htm
2007-03-20 17:07 85,308 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO v2.mht
2007-03-20 17:07 74,270 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO.mht
2007-03-20 17:07 51,481 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttleXpress.mht
2007-03-20 17:07 12,004 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttleXpress.pref
2007-03-20 17:07 12,004 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO.pref
2007-03-20 17:07 12,004 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO v2.pref
2007-03-19 18:57 49,152 ----a-w C:\Program Files\OpcPcmImporter.dll
2007-03-15 19:17 6,537,890 ----a-r C:\Program Files\Wire.acd-zip
2007-02-26 21:10 185,764 ----a-w C:\Program Files\sfcdix.cfg
2007-02-26 21:10 18,865 ----a-w C:\Program Files\sfcdix.hlp
2007-02-26 21:09 360 ----a-w C:\Program Files\musicstudio70.oemdat
2007-02-26 21:09 2,414,197 ----a-w C:\Program Files\musicstudio70xp.tut
2006-10-09 02:02 950 ----a-w C:\Program Files\MorphConfig.ini
2006-09-21 00:27 1,944,576 ----a-w C:\Program Files\M5Shell.dll
2006-09-21 00:25 1,021,153 ----a-w C:\Program Files\python23.zip
2006-09-19 19:06 94,208 ----a-w C:\Program Files\_sre.pyd
2006-09-19 19:06 77,824 ----a-w C:\Program Files\select.pyd
2006-09-19 19:06 126,976 ----a-w C:\Program Files\_socket.pyd
2006-09-19 19:06 114,688 ----a-w C:\Program Files\zlib.pyd
2006-09-19 18:59 1,155,072 ----a-w C:\Program Files\python23.dll
2006-08-31 20:41 434 ----a-w C:\Program Files\WebCache.net
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"PiXPO"="C:\Program Files\ProPix Share\1.5\Pixpo.exe" [2004-08-20 12:13 3985408]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 02:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 02:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 02:23 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 15:35 473928]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 12:20 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 12:39 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 10:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 10:34 851968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 16:55 45056]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 01:08 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 21:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"iPodConverterSuite_upgrade"="C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" [2007-11-29 04:22 819712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

C:\Documents and Settings\Windows\Start Menu\Programs\Startup\
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2005-07-30 11:58:17 158208]

C:\Documents and Settings\sebastien\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Documents and Settings\Windows\My Documents\My Videos\LimeWire\LimeWire.exe [2006-08-22 11:45:55 159744]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-02-05 13:27:29 819200]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 17:51:52 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"=
"C:\\Documents and Settings\\sebastien\\My Documents\\My Games\\Warcraft III\\Warcraft III.exe"=
"C:\\Documents and Settings\\Windows\\My Documents\\My Videos\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\stephanie\\My Documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R2 PPCLASS;PPCLASS;C:\WINDOWS\system32\drivers\PPCLASS.sys [1997-04-09 16:08]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN.sys [1999-02-10 21:38]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 01:50:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 00:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Windows.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 22:33:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-26 22:36:42
ComboFix-quarantined-files.txt 2008-04-27 02:36:38
ComboFix2.txt 2008-04-26 19:57:31

Pre-Run: 34,742,681,600 bytes free
Post-Run: 34,728,718,336 bytes free

238 --- E O F --- 2008-04-12 07:09:39





HiJack This


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:41 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\MDM.EXE
C:\Documents and Settings\sebastien\My Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PiXPO] "C:\Program Files\ProPix Share\1.5\Pixpo.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe

--
End of file - 10355 bytes
  • 0

#6
Tigger93
Posted 27 April 2008 - 10:31 AM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Program Files\Uninstall Morpheus Toolbar.dll



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
need h3lp...
Posted 27 April 2008 - 01:00 PM

need h3lp...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here's the ComboFix:

ComboFix 08-04-24.1 - Windows 2008-04-27 14:50:06.4 - NTFSx86
Running from: C:\Documents and Settings\sebastien\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\sebastien\My Documents\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Uninstall Morpheus Toolbar.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Uninstall Morpheus Toolbar.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-26 09:03 . 2008-04-26 09:03 <DIR> d-------- C:\Documents and Settings\sebastien\Application Data\Grisoft
2008-04-25 22:59 . 2007-11-24 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-25 22:59 . 2008-04-25 22:59 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-25 22:59 . 2008-04-26 23:13 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-04-25 22:52 . 2008-04-25 22:52 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Grisoft
2008-04-25 22:52 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-25 22:51 . 2008-04-25 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-25 22:42 . 2008-04-25 22:42 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-27 18:40 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-04-27 15:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-26 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-26 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-24 20:56 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-03-24 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 20:41 --------- d-----w C:\Program Files\NHN USA
2008-03-24 20:24 --------- d-----w C:\Documents and Settings\sebastien\Application Data\InstallShield Installation Information
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 01:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-08 13:07 264,097 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4625.exe
2008-01-27 20:53 357 ----a-w C:\Documents and Settings\sebastien\.cb_layout.bin
2008-01-27 20:35 357 ----a-w C:\Documents and Settings\Windows\.cb_layout.bin
2007-06-18 15:52 939,520 ----a-w C:\Program Files\sftutor.dll
2007-06-18 15:52 1,512,960 ----a-w C:\Program Files\sfvstwrap.dll
2007-06-18 15:52 1,259,008 ----a-w C:\Program Files\sfs4rw.dll
2007-06-18 15:52 1,046,016 ----a-w C:\Program Files\sfpublish.dll
2007-06-18 15:51 9,261,056 ----a-w C:\Program Files\musicstudio70.exe
2007-06-18 15:51 398,848 ----a-w C:\Program Files\sfconfigmgr.dll
2007-06-18 15:51 3,632,128 ----a-w C:\Program Files\musicstudio70k.dll
2007-06-18 15:51 1,312,768 ----a-w C:\Program Files\sfmarket2.dll
2007-06-18 15:51 1,104,896 ----a-w C:\Program Files\sfnetmedia.dll
2007-06-18 15:38 29,513 ----a-w C:\Program Files\musicstudio70.zip
2007-06-18 15:23 695,808 ----a-w C:\Program Files\sfdvd.dll
2007-06-18 15:23 506,880 ----a-w C:\Program Files\sfld.ldd
2007-06-18 15:23 491,520 ----a-w C:\Program Files\sfcd.cdd
2007-06-18 15:23 399,872 ----a-w C:\Program Files\sfcdfs.dll
2007-06-18 15:23 28,672 ----a-w C:\Program Files\sfscsi.dll
2007-06-18 15:23 2,151,936 ----a-w C:\Program Files\sfcdix.dll
2007-06-18 15:23 165,376 ----a-w C:\Program Files\fargo.pdd
2007-06-18 15:23 163,840 ----a-w C:\Program Files\sfldsim.ldd
2007-06-18 15:23 161,792 ----a-w C:\Program Files\sfprnsim.pdd
2007-06-18 15:23 16,384 ----a-w C:\Program Files\sfcdsim.cdd
2007-06-18 15:22 363,008 ----a-w C:\Program Files\sfspti.dll
2007-06-18 15:22 20,480 ----a-w C:\Program Files\sfspti2.dll
2007-06-14 15:20 321,789 ----a-w C:\Program Files\musicstudio70.udat
2007-05-25 17:25 2,441,595 ----a-w C:\Program Files\musicstudio70jpn.tut
2007-05-25 17:25 2,439,189 ----a-w C:\Program Files\musicstudio70esp.tut
2007-05-25 17:25 2,430,353 ----a-w C:\Program Files\musicstudio70fra.tut
2007-05-25 17:25 2,429,247 ----a-w C:\Program Files\musicstudio70deu.tut
2007-05-25 17:25 2,428,854 ----a-w C:\Program Files\musicstudio70.tut
2007-05-17 16:38 16,266 ----a-w C:\Program Files\musicstudio_readme_fra.htm
2007-03-20 17:07 85,308 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO v2.mht
2007-03-20 17:07 74,270 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO.mht
2007-03-20 17:07 51,481 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttleXpress.mht
2007-03-20 17:07 12,004 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttleXpress.pref
2007-03-20 17:07 12,004 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO.pref
2007-03-20 17:07 12,004 ----a-w C:\Program Files\Sony ACID Music Studio 7 - ShuttlePRO v2.pref
2007-03-19 18:57 49,152 ----a-w C:\Program Files\OpcPcmImporter.dll
2007-03-15 19:17 6,537,890 ----a-r C:\Program Files\Wire.acd-zip
2007-02-26 21:10 185,764 ----a-w C:\Program Files\sfcdix.cfg
2007-02-26 21:10 18,865 ----a-w C:\Program Files\sfcdix.hlp
2007-02-26 21:09 360 ----a-w C:\Program Files\musicstudio70.oemdat
2007-02-26 21:09 2,414,197 ----a-w C:\Program Files\musicstudio70xp.tut
2006-10-09 02:02 950 ----a-w C:\Program Files\MorphConfig.ini
2006-09-21 00:27 1,944,576 ----a-w C:\Program Files\M5Shell.dll
2006-09-21 00:25 1,021,153 ----a-w C:\Program Files\python23.zip
2006-09-19 19:06 94,208 ----a-w C:\Program Files\_sre.pyd
2006-09-19 19:06 77,824 ----a-w C:\Program Files\select.pyd
2006-09-19 19:06 126,976 ----a-w C:\Program Files\_socket.pyd
2006-09-19 19:06 114,688 ----a-w C:\Program Files\zlib.pyd
2006-09-19 18:59 1,155,072 ----a-w C:\Program Files\python23.dll
2006-08-31 20:41 434 ----a-w C:\Program Files\WebCache.net
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"PiXPO"="C:\Program Files\ProPix Share\1.5\Pixpo.exe" [2004-08-20 12:13 3985408]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 02:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 02:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 02:23 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 15:35 473928]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 12:20 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 12:39 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 10:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 10:34 851968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 16:55 45056]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 01:08 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 21:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"iPodConverterSuite_upgrade"="C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" [2007-11-29 04:22 819712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

C:\Documents and Settings\Windows\Start Menu\Programs\Startup\
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2005-07-30 11:58:17 158208]

C:\Documents and Settings\sebastien\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Documents and Settings\Windows\My Documents\My Videos\LimeWire\LimeWire.exe [2006-08-22 11:45:55 159744]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-02-05 13:27:29 819200]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 17:51:52 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"=
"C:\\Documents and Settings\\sebastien\\My Documents\\My Games\\Warcraft III\\Warcraft III.exe"=
"C:\\Documents and Settings\\Windows\\My Documents\\My Videos\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\stephanie\\My Documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R2 PPCLASS;PPCLASS;C:\WINDOWS\system32\drivers\PPCLASS.sys [1997-04-09 16:08]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN.sys [1999-02-10 21:38]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 01:50:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 00:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Windows.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 14:55:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 14:59:09
ComboFix-quarantined-files.txt 2008-04-27 18:59:04
ComboFix2.txt 2008-04-27 02:36:43
ComboFix3.txt 2008-04-26 19:57:31

Pre-Run: 34,512,486,400 bytes free
Post-Run: 34,660,569,088 bytes free

189 --- E O F --- 2008-04-12 07:09:39





And here's HiJack This:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:51 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\VSTASCAN\vsaccess.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\MDM.EXE
C:\Documents and Settings\sebastien\My Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PiXPO] "C:\Program Files\ProPix Share\1.5\Pixpo.exe" /startup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\yomkwkmg.dll",run (User 'sebastien')
O4 - HKUS\S-1-5-21-1214440339-725345543-682003330-1004\..\Run: [BMdf1b4f4d] Rundll32.exe "C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\agiywwjn.dll",s (User 'sebastien')
O4 - S-1-5-21-1214440339-725345543-682003330-1004 Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Windows\My Documents\My Videos\LimeWire\LimeWire.exe (User 'sebastien')
O4 - S-1-5-21-1214440339-725345543-682003330-1004 User Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Windows\My Documents\My Videos\LimeWire\LimeWire.exe (User 'sebastien')
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Documents and Settings\sebastien\My Documents\My Videos\Veoh\VeohClientService.exe

--
End of file - 11624 bytes
  • 0

#8
Tigger93
Posted 27 April 2008 - 03:30 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Everything looks good now. :) Still having any problems?
  • 0

#9
need h3lp...
Posted 29 April 2008 - 03:24 PM

need h3lp...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Nop ! Everything looks fine ! Sorry if I took my time to answer, I just wanted to make sure that I wasn't still having popups. Thanks alot !
  • 0

#10
Tigger93
Posted 30 April 2008 - 05:22 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP