here are the SDfix report.txt and HJT hijackthis.log:
SDFix: Version 1.204 Run by pc03962 on 07/11/2008 Fri at 03:49 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\TEMP\3\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\PC0396~1.PCL\LOCALS~1\Temp\lprn32.exe.bat - Deleted
C:\DOCUME~1\PC0396~1.PCL\LOCALS~1\Temp\media.php.bat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-11 04:06:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\apps\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:47,36,ff,91,87,c6,ff,7d,30,5f,f4,79,cb,11,de,0e,7b,7c,7c,1f,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,11,ca,f7,7e,9e,af,cb,01,31,04,7a,52,8f,5d,f1,e4,b7,..
"khjeh"=hex:af,d5,ef,9c,05,7f,63,40,37,2e,6e,d4,74,ba,6e,46,92,0b,3a,10,81,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:36,99,22,a7,0a,e5,97,6e,74,88,52,72,2e,95,94,7a,d9,8b,03,cc,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:36,3e,75,7a,b4,f4,6d,71,d3,d6,53,a2,5d,b7,3f,50,58,b2,09,4c,a1,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c9,07,0e,32,f0,be,d1,36,6d,e6,c0,60,bd,89,d3,87,e2,68,9c,30,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a7,70,6e,a1,47,43,21,26,5e,61,e9,df,2c,5f,e6,27,69,96,a9,c3,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\apps\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:47,36,ff,91,87,c6,ff,7d,30,5f,f4,79,cb,11,de,0e,7b,7c,7c,1f,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,11,ca,f7,7e,9e,af,cb,01,31,04,7a,52,8f,5d,f1,e4,b7,..
"khjeh"=hex:af,d5,ef,9c,05,7f,63,40,37,2e,6e,d4,74,ba,6e,46,92,0b,3a,10,81,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:80,cb,e0,06,bf,8f,97,35,c3,02,f1,38,c8,9d,57,8e,74,65,1b,6f,22,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:bd,af,ad,fb,0b,0f,d7,73,63,c6,54,33,64,ec,f1,62,8f,d6,69,64,c0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c9,07,0e,32,f0,be,d1,36,6d,e6,c0,60,bd,89,d3,87,e2,68,9c,30,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a7,70,6e,a1,47,43,21,26,5e,61,e9,df,2c,5f,e6,27,69,96,a9,c3,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\apps\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:47,36,ff,91,87,c6,ff,7d,30,5f,f4,79,cb,11,de,0e,7b,7c,7c,1f,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,11,ca,f7,7e,9e,af,cb,01,31,04,7a,52,8f,5d,f1,e4,b7,..
"khjeh"=hex:af,d5,ef,9c,05,7f,63,40,37,2e,6e,d4,74,ba,6e,46,92,0b,3a,10,81,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:36,99,22,a7,0a,e5,97,6e,74,88,52,72,2e,95,94,7a,d9,8b,03,cc,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:36,3e,75,7a,b4,f4,6d,71,d3,d6,53,a2,5d,b7,3f,50,58,b2,09,4c,a1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c9,07,0e,32,f0,be,d1,36,6d,e6,c0,60,bd,89,d3,87,e2,68,9c,30,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a7,70,6e,a1,47,43,21,26,5e,61,e9,df,2c,5f,e6,27,69,96,a9,c3,8e,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER ]
"DisplayName"="SUPER ?Version 2008.bld.25 (Feb 5, 2008)"
"UninstallString"="C:\apps\ERIGHT~1\SUPER\Setup.exe /remove /q0"
"InstallDate"="2008-02-20 18:51:22"
"InstallLocation"="C:\apps\eRightSoft\SUPER"
"InstallSource"="C:\TEMP"
"DisplayIcon"="C:\apps\eRightSoft\SUPER\SUPER.exe"
"DisplayVersion"="Version 2008.bld.25 (Feb 5, 2008)"
"VersionMajor"=dword:00000000
"VersionMinor"=dword:00000000
"Publisher"="eRightSoft"
"HelpLink"="
http://www.eRightSoft.com""URLInfoAbout"="
http://www.eRightSoft.com""URLUpdateInfo"="
http://www.eRightSoft.com""Contact"="
[email protected]"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Messenger"
"C:\\Team17\\Worms2\\Frontend.exe"="C:\\Team17\\Worms2\\Frontend.exe:*:Disabled:Worms 2 Frontend"
"C:\\Program Files\\Nortel Networks\\Extranet.exe"="C:\\Program Files\\Nortel Networks\\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\\Program Files\\Raize\\CS2\\Bin\\CSDispatcher.exe"="C:\\Program Files\\Raize\\CS2\\Bin\\CSDispatcher.exe:*:Enabled:CodeSite Dispatcher"
"C:\\Program Files\\Hummingbird\\Connectivity\\7.10\\Exceed\\exceed.exe"="C:\\Program Files\\Hummingbird\\Connectivity\\7.10\\Exceed\\exceed.exe:*:Enabled:X server for Win32"
"C:\\Program Files\\VERITAS\\NetBackup\\bin\\NBConsole.EXE"="C:\\Program Files\\VERITAS\\NetBackup\\bin\\NBConsole.EXE:*:Enabled:NBConsole"
"C:\\Program Files\\CommonTime\\mNotes\\Cadenza.exe"="C:\\Program Files\\CommonTime\\mNotes\\Cadenza.exe:*:Enabled:mNotes Server"
"C:\\hp_clj2600n_Printing_System\\SETUP.EXE"="C:\\hp_clj2600n_Printing_System\\SETUP.EXE:*:Enabled:Setup"
"C:\\Program Files\\websm\\_jvm\\bin\\java.exe"="C:\\Program Files\\websm\\_jvm\\bin\\java.exe:*:Enabled:Java launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Apps\\Gizmo5\\mDNSResponder.exe"="C:\\Apps\\Gizmo5\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Apps\\Gizmo5\\Gizmo5.exe"="C:\\Apps\\Gizmo5\\Gizmo5.exe:*:Enabled:Gizmo5"
"C:\\Apps\\TurboTax\\Premier 2007\\32bit\\ttax.exe"="C:\\Apps\\TurboTax\\Premier 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Apps\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe"="C:\\Apps\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Apps\\TurboTax\\Business 2007\\32bit\\ttax.exe"="C:\\Apps\\TurboTax\\Business 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Apps\\TurboTax\\Business 2007\\32bit\\updatemgr.exe"="C:\\Apps\\TurboTax\\Business 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\apps\\uusee\\UUSeePlayer.exe"="C:\\Apps\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\HotComm.exe"="C:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\HotComm.exe:*:Enabled:hotComm CL"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\1E\\SMSWakeUp50\\SMSWUagent.exe"="C:\\Program Files\\1E\\SMSWakeUp50\\SMSWUagent.exe:*:Enabled:SMSWakeUp Agent"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:bittorrent"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\HotComm.exe"="C:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\HotComm.exe:*:Enabled:hotComm CL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:HP Networked Printer Installer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\TEMP\3\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 9 Feb 2008 43,616 ...H. --- "C:\j2 Messenger 4.2\J2GPlus.exe-BarState"
Thu 9 Aug 2007 24 ..SH. --- "C:\WINDOWS\S6EED9CA6.tmp"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Apps\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Apps\Spybot - Search & Destroy\SpybotSD.exe"
Tue 1 Jul 2008 43,650 ...H. --- "C:\Program Files\j2 Messenger 4.2\J2GPlus.exe-BarState"
Wed 3 May 2006 163,328 A.SH. --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 A.SH. --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 A.SH. --- "C:\WINDOWS\system32\Smab0.dll"
Mon 4 Feb 2008 151,040 A.SH. --- "C:\WINDOWS\system32\VistaUltm.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Apps\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Apps\eRightSoft\SUPER\cygz.dll"
Wed 20 Feb 2008 72,704 ..SHR --- "C:\Apps\eRightSoft\SUPER\Setup.exe"
Tue 5 Jun 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 16 Oct 2006 14,848 ...H. --- "C:\Program Files\Brocade\SAN Health Professional\Interop.WODCRYPTCOMLib.dll"
Wed 8 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 28 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c909c63b4fa217757574b9dcdd658c3\BIT5.tmp"
Sat 28 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7779524ce1b472c62f1b0f1a192676ad\BIT6.tmp"
Sat 28 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9664ff6405d9e0e32778ca8618d4be26\BIT4.tmp"
Sat 28 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\97de84be36b27af6e66a0586433cda52\BIT2.tmp"
Sat 28 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9ec3943a72ea4aa7fb7b808e2b7554c8\BIT3.tmp"
Sat 28 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT1.tmp"
Wed 9 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5ceb6274f4d7fd206d6adab3df8e834\BIT4.tmp"
Sat 28 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb1cc7c8ed3868a5a32ffb677fe0fde8\BIT7.tmp"
Fri 27 Jun 2008 2,013 A.SH. --- "C:\Documents and Settings\pc03962.PRINCESSCRUISES\Application Data\Roxio\Dragon\DiscInfoCache\HL-DT-ST_RW_DVD_GCC-4246N_0X05_300_DICV016_DRGV200A2.TMP"
Finished!================================================================================
=========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:47 AM, on 7/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\apps\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ntvdm.exe
O1 - Hosts: 172.29.5.89 phmc1.princesscruises.poprincess.com phmc1
O1 - Hosts: 172.29.52.115 drhmc1.princesscruises.poprincess.com drhmc1
O1 - Hosts: 172.29.52.109 drbrocade1
O1 - Hosts: 172.29.52.110 drbrocade2
O1 - Hosts: 172.29.52.111 drbrocade3
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [vmware-tray] C:\apps\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SDFix] C:\TEMP\3\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [SDFix] C:\TEMP\3\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Startup: PowerWord 2002.lnk = %SystemDrive%\apps\Kingsoft\XDict\xdict.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Apps\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Apps\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Apps\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 使用UUSee下载 - C:\apps\uusee\geturltodown.htm
O8 - Extra context menu item: 使用UUSee加速播放 - C:\apps\uusee\geturltoplay.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone:
http://*.update.microsoft.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitd...can8/oscan8.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://ca.com/us/sec...nfo/webscan.cabO16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...334/mcfscan.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = princesscruises.poprincess.com
O17 - HKLM\Software\..\Telephony: DomainName = princesscruises.poprincess.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = princesscruises.poprincess.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = princesscruises.poprincess.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = princesscruises.poprincess.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\apps\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\apps\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\apps\Gizmo5\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FreeSSHDService - Unknown owner - C:\apps\freeSSHd\FreeSSHDService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\APPs\VMware\VMware Converter\vmware-ufad.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\apps\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\apps\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 8185 bytes