Hello

"when something is quarantined does that mean you're okay" - files in quarantine don´t do any harm more

Let´s see what´s running on Your computer -

 

I see that I do not have the recovery console installed...whatever that means ! ;)

 

 

 

 

ComboFix 08-02-22 - RM 2008-02-23  9:22:15.2 - NTFSx86
Running from: C:\Documents and Settings\RM\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\jupiw89104.dll
C:\WINDOWS\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
C:\WINDOWS\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\p9\liopud89104.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\w11\hiba3133.exe
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\yayxyyy.dll
.
---- Previous Run -------
.
C:\Program Files\Common Files\jupiw89104.dll
C:\Program Files\sembly~1
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
C:\WINDOWS\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\p9
C:\WINDOWS\system32\p9\liopud89104.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\w11
C:\WINDOWS\system32\w11\hiba3133.exe
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\yayxyyy.dll
C:\WINDOWS\ymante~1

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR

 

(((((((((((((((((((((((((   Files Created from 2008-01-23 to 2008-02-23  )))))))))))))))))))))))))))))))
.

2008-02-23 03:00 . 2008-02-23 03:00 <DIR> d----c--- C:\WINDOWS\LastGood.Tmp
2008-02-21 17:24 . 2008-02-21 17:24 <DIR> d----c--- C:\sUBs
2008-02-21 16:32 . 2008-02-22 18:28 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-02-21 16:32 . 2008-02-21 16:32 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-02-21 16:24 . 2008-02-21 16:24 <DIR> d----c--- C:\Documents and Settings\RM\Application Data\Bitdefender
2008-02-21 14:57 . 2008-02-23 09:38 81,984 --a--c--- C:\WINDOWS\system32\bdod.bin
2008-02-21 14:54 . 2008-02-21 14:54 <DIR> d----c--- C:\Program Files\Softwin
2008-02-21 14:54 . 2008-02-21 14:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-21 14:52 . 2008-02-21 14:55 <DIR> d----c--- C:\Program Files\Common Files\Softwin
2008-02-21 12:39 . 2008-02-21 12:39 <DIR> d----c--- C:\Documents and Settings\RM\Application Data\Roxio
2008-02-20 22:30 . 2008-02-22 02:51 <DIR> d----c--- C:\VundoFix Backups
2008-02-19 15:37 . 2008-02-20 12:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-19 15:32 . 2008-02-19 16:14 <DIR> d----c--- C:\WINDOWS\system32\dv6
2008-02-19 15:32 . 2008-02-19 15:32 36,864 --a--c--- C:\WINDOWS\mrofinu572.exe.tmp
2008-02-11 15:11 . 2008-02-11 15:13 <DIR> d----c--- C:\Documents and Settings\RM\Application Data\VideoEgg

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 05:13 --------- dc----w C:\Program Files\OFFICE11
2008-02-23 05:13 --------- dc----w C:\Program Files\EPSON
2008-02-22 16:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-22 16:51 --------- dc----w C:\Program Files\Office12
2008-02-22 16:51 --------- dc----w C:\Program Files\Document Themes 12
2008-02-22 16:50 --------- dc----w C:\Program Files\Microsoft Works
2008-02-22 01:34 --------- dc----w C:\Program Files\quickenw
2008-02-21 06:23 --------- dc----w C:\Program Files\SpywareBlaster
2008-02-20 00:16 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-02-02 07:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-30 20:00 --------- dc----w C:\Documents and Settings\RM\Application Data\AdobeUM
2008-01-18 23:48 --------- dc----w C:\Program Files\Sony
2008-01-15 17:54 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 13:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 19:04 --------- dc----w C:\Program Files\Microsoft Money Plus
2008-01-13 02:32 23,904 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-07 04:59 --------- dc----w C:\Program Files\microsoft frontpage
2008-01-04 20:31 --------- dc----w C:\Program Files\Microsoft Money
2008-01-04 08:31 57,344 -c--a-w C:\WINDOWS\uneng.exe
2008-01-04 08:31 30,662 -c--a-w C:\WINDOWS\system32\drivers\Mmc_2k.sys
2008-01-04 08:31 25,930 -c--a-w C:\WINDOWS\system32\drivers\Dvd_2k.sys
2008-01-04 08:31 241,280 -c--a-w C:\WINDOWS\system32\drivers\cdudf_xp.sys
2008-01-04 08:31 206,464 -c--a-w C:\WINDOWS\system32\drivers\udfreadr_xp.sys
2008-01-04 08:31 144,250 -c--a-w C:\WINDOWS\system32\drivers\pwd_2K.sys
2008-01-04 08:31 --------- dc----w C:\Program Files\Common Files\Adaptec Shared
2008-01-04 08:31 --------- dc----w C:\Program Files\Adaptec
2008-01-04 08:11 --------- dc----w C:\Program Files\Ashampoo
2008-01-04 08:07 --------- dc----w C:\Program Files\DivX
2008-01-04 07:01 --------- dc----w C:\Documents and Settings\RM\Application Data\DVD Flick
2008-01-04 05:54 167 -c--a-w C:\Program Files\INSTALL.LOG
2008-01-03 19:21 --------- dc----w C:\Documents and Settings\RM\Application Data\Pegasys Inc
2008-01-02 19:27 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 06:17 13,531,608 -c--a-w C:\Program Files\videoeditmagic.exe
2008-01-01 19:53 --------- dc----w C:\Documents and Settings\RM\Application Data\OfficeUpdate12
2007-12-26 18:27 --------- dc----w C:\Program Files\Ableton
2007-12-26 18:01 --------- dc----w C:\Program Files\NCH Swift Sound
2007-12-26 17:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-26 17:31 --------- dc----w C:\Documents and Settings\RM\Application Data\Fisher-Price
2007-12-26 17:28 --------- dc----w C:\Program Files\Fisher-Price
2007-12-14 23:34 286,720 -c--a-w C:\WINDOWS\iun506.exe
2007-10-27 22:25 30,167,512 -c--a-w C:\Program Files\cdarchitect52c_enu.exe
2007-10-27 22:25 1,818,232 -c--a-w C:\Program Files\cdarchitect52_manual.exe
2007-10-27 22:23 6,730,272 -c--a-w C:\Program Files\masteringeffectsbundle_soundforge_setup.exe
2007-10-27 22:21 6,178,453 -c--a-w C:\Program Files\soundforge90_manual.exe
2007-10-27 22:19 72,924,904 -c--a-w C:\Program Files\soundforge90c_enu.exe
2007-09-18 03:58 751,768 -c--a-w C:\Program Files\db-directx.exe
2007-09-16 06:23 71,283,560 -c--a-w C:\Program Files\soundforge90a_enu.exe
2007-08-27 23:36 1,287,784 -c--a-w C:\Program Files\AudibleDM_iTunesSetup.exe
2007-07-26 19:01 192,614 -c--a-w C:\Program Files\TBFDropZoneInstaller.exe
2006-12-28 21:21 36,808,256 -c--a-w C:\Program Files\iTunesSetup.exe
2006-11-26 18:53 5,900,416 -c--a-w C:\Program Files\Firefox Setup 2.0.exe
2006-11-26 18:49 19,203,280 -c--a-w C:\Program Files\nsb-install-8-1-2.exe
2006-08-06 01:16 5,279,254 -c--a-w C:\Program Files\BackupDVD.exe
2006-05-20 01:45 14,650,070 -c--a-w C:\Program Files\StuffItStandard9.exe
2006-05-07 20:16 243,512 -c--a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
2006-05-06 21:01 47,633,576 -c--a-w C:\Program Files\iPodSetup.exe
2006-01-22 23:59 11,817,800 -c--a-w C:\Program Files\GoogleEarth.exe
2005-07-12 20:51 160 -c--a-w C:\Program Files\WS_FTP.LOG
2005-03-27 04:12 5,629,711 -c--a-w C:\Program Files\Chess Winboard.exe
2005-02-17 21:19 36,009,360 -c--a-w C:\Program Files\1201bandinaboxprowin.exe
2005-01-09 20:17 84,137 -c--a-w C:\Program Files\quickenw.QIF
2003-12-04 19:43 9,134,648 -c--a-w C:\Program Files\AdbeRdr60_enu.exe
2003-11-22 01:03 2,226,304 -c--a-w C:\Program Files\microsoft download 112103.exe
2002-05-18 18:25 5,617,948 -c--a-w C:\Program Files\STUFFIT7.EXE
2002-05-13 21:50 1,597,440 -c--a-w C:\Program Files\xerces-c_1_6.dll
2002-05-13 21:49 196,608 -c--a-w C:\Program Files\MMxpt.dll
2002-05-13 21:49 18,192 -c--a-w C:\Program Files\PSAPI.DLL
2002-05-13 21:49 14,848 -c--a-w C:\Program Files\MM.ASPNetDesignerMgr.dll
1999-06-25 18:55 149,504 -c--a-w C:\Program Files\UNWISE.EXE
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66A12149-C2D5-4E22-A21A-D98ABC89D1E9}]
   C:\WINDOWS\system32\pmnno.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2DA4664-3FCA-4AF9-BC91-210A33AF8138}]
   C:\Program Files\MSN\lazup888.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c411c572-ccfb-4397-bff0-af572d1092dc}]
   C:\WINDOWS\system32\mrburgah.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]
"Google Update"="C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe" [2008-02-15 11:45 21488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-08-15 10:50 28672]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2001-09-26 08:30 131072]
"Smapp"="rem  Smtray.exe" []
"WorksFUD"="" []
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 12:00 311350]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 13:34 36864]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-01-04 00:31 684032]
"Splash Screen"="rem  E:\SplashScreen\SplashScreen.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-16 19:45 180269]
"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 12:51 57344]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 11:30 98304]
"UserFaultCheck"="rem  C:\WINDOWS\system32\dumprep 0 -u" [ ]
"QAGENT"="C:\Program Files\quickenw\QAGENT.EXE" [2001-08-01 12:30 94208]
"NvCplDaemon"="NvQTwk" []
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2001-10-16 10:10 258118]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 06:51 442455]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-13 23:11 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"e4b94219"="C:\WINDOWS\system32\fwcplcxs.dll" [ ]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]

C:\Documents and Settings\RM\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-19 12:39:17 344064]
YouTube Uploader.lnk - C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-07-24 16:49:58 217088]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-06-15 10:23:35 127488]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 10:42]
R3 pae_1394;pae_1394;C:\WINDOWS\system32\Drivers\pae_1394.sys [2005-06-09 15:35]
R3 pae_avs;pae_avs;C:\WINDOWS\system32\Drivers\pae_avs.sys [2005-06-09 15:35]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 05:28]
R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-15 00:42]
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S3 Gcr432;Gcr432;C:\WINDOWS\system32\Drivers\gcr432.sys [2001-05-10 12:54]
S3 MA763010;M-Audio Fast Track;C:\WINDOWS\system32\drivers\MA763010.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caadcfc-9a93-11db-88f3-0060b3bdec3e}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 04:13:31 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - RM.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2001-12-27 20:04:33 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2001-12-27 20:04:33 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2001-12-27 20:04:34 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-02-23 17:53:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 09:42:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2008-02-23  9:54:58 - machine was rebooted [RM]
ComboFix-quarantined-files.txt  2008-02-23 17:54:51
.
2008-02-23 11:03:05 --- E O F --- 

 

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:02 AM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\quickenw\QAGENT.EXE
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\RM\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huffingtonpost.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {66A12149-C2D5-4E22-A21A-D98ABC89D1E9} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: 0 - {A2DA4664-3FCA-4AF9-BC91-210A33AF8138} - C:\Program Files\MSN\lazup888.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: {cd2901d2-75fa-0ffb-7934-bfcc275c114c} - {c411c572-ccfb-4397-bff0-af572d1092dc} - C:\WINDOWS\system32\mrburgah.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] rem  Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Splash Screen] rem  E:\SplashScreen\SplashScreen.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [UserFaultCheck] rem  %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [e4b94219] rundll32.exe "C:\WINDOWS\system32\fwcplcxs.dll",b
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {5DE92616-77D2-40A9-BA35-B095FD211534} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.amaena.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://pc-photo.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 15041 bytes

 

 

---