helpmerox
2008-09-09, 01:06
Sorry I didn't get back on in time to avoid having my previos thread archived. (Title:help, I've got virtumonde!) Here are the reports from hjt +SDFix. Thanks!
SDFix: Version 1.222
Run by Cody on Mon 09/08/2008 at 05:34 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Rootkit:
C:\WINDOWS\system32\drivers\WINHQ43.sys - Rootkit Pandex/Cutwail - Runtime3.sys
C:\WINDOWS\system32\drivers\WINXH65.sys - Rootkit Pandex/Cutwail - Runtime3.sys
Name :
WINHQ43
WINXH65
Path :
System32\Drivers\Winhq43.sys
System32\Drivers\Winxh65.sys
WINHQ43 - Deleted
WINXH65 - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Rebooting
Service WINHQ43 - Deleted
Service WINXH65 - Deleted
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\phcr6aj0ec0g.bmp - Deleted
C:\WINDOWS\antiv.exe - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted
C:\WINDOWS\system32\drivers\WINHQ43.sys - Deleted
C:\WINDOWS\system32\drivers\WINXH65.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 17:42:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 27 Mar 2008 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL0006.tmp"
Thu 27 Mar 2008 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL3932.tmp"
Sat 13 Jan 2007 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL0004.tmp"
Sat 13 Jan 2007 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL2395.tmp"
Thu 17 May 2007 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL0005.tmp"
Wed 19 Sep 2007 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL0003.tmp"
Wed 31 Oct 2007 20,480 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL3896.tmp"
Wed 31 Oct 2007 20,992 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL3331.tmp"
Wed 31 Oct 2007 20,992 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL1975.tmp"
Wed 24 Jan 2007 444 ...HR --- "C:\Documents and Settings\Jim\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 16 Aug 2008 0 A.SHR --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\Temp\71.tmp"
Sat 16 Aug 2008 0 A.SHR --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\Temp\81.tmp"
Sat 16 Aug 2008 0 A.SHR --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\Temp\D4.tmp"
Sat 16 Aug 2008 0 A.SHR --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\Temp\D5.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:04 PM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\AL-1000\engss.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: cTmesIzvAtAZ - {E096945D-4A3C-3EF7-DC2C-6E4AB9E14D00} - (no file)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management AppMgmtRpcLocator (AppMgmtRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service BITSLightScribeService (BITSLightScribeService) - Unknown owner - C:\WINDOWS\
O23 - Service: DNS Client DnscacheMSIServer (DnscacheMSIServer) - Unknown owner - C:\WINDOWS\
O23 - Service: DNS Client DnscacheMSIServer DnscacheMSIServerScsiAccessAcerMemUsageCheckService (DnscacheMSIServerScsiAccessAcerMemUsageCheckService) - Unknown owner - C:\WINDOWS\
O23 - Service: Error Reporting Service ERSvcFax (ERSvcFax) - Unknown owner - C:\WINDOWS\
O23 - Service: Event Log EventlogVSS (EventlogVSS) - Unknown owner - C:\WINDOWS\
O23 - Service: Fast User Switching Compatibility FastUserSwitchingCompatibilitySamSsScsiAccess (FastUserSwitchingCompatibilitySamSsScsiAccess) - Unknown owner - C:\WINDOWS\
O23 - Service: Fax FaxThemes (FaxThemes) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service ImapiServiceWebClient (ImapiServiceWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: IMAPI CD-Burning COM Service ImapiServiceWebClient ImapiServiceWebClientUMWdf (ImapiServiceWebClientUMWdf) - Unknown owner - C:\WINDOWS\
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TCP/IP NetBIOS Helper LmHostsProtectedStorage (LmHostsProtectedStorage) - Unknown owner - C:\WINDOWS\
O23 - Service: Media Center Extender Service McrdSvcRemoteRegistry (McrdSvcRemoteRegistry) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcMSDTC (mnmsrvcMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcSamSsEventlog (mnmsrvcSamSsEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcSamSsEventlog mnmsrvcSamSsEventlogSENS (mnmsrvcSamSsEventlogSENS) - Unknown owner - C:\WINDOWS\
O23 - Service: Norton AntiVirus Auto-Protect Service navapsvcLmHosts (navapsvcLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE NetDDE Mobile Device (NetDDE Mobile Device) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Access Auto Connection Manager RasAutoBITSLightScribeService (RasAutoBITSLightScribeService) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Registry RemoteRegistryRpcLocator (RemoteRegistryRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Security Accounts Manager SamSsEventlog (SamSsEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Security Accounts Manager SamSsScsiAccess (SamSsScsiAccess) - Unknown owner - C:\WINDOWS\
O23 - Service: Task Scheduler ScheduleImapiService (ScheduleImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ScsiAccess ScsiAccessAcerMemUsageCheckService (ScsiAccessAcerMemUsageCheckService) - Unknown owner - C:\WINDOWS\
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) SharedAccessBITS (SharedAccessBITS) - Unknown owner - C:\WINDOWS\
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) sprtsvc_ddoctorv2navapsvcLmHosts (sprtsvc_ddoctorv2navapsvcLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: Terminal Services TermServicemnmsrvc (TermServicemnmsrvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service TMBMServerEventlog (TMBMServerEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Trend Micro Proxy Service tmproxyTermServicemnmsrvc (tmproxyTermServicemnmsrvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Distributed Link Tracking Client TrkWksupnphost (TrkWksupnphost) - Unknown owner - C:\WINDOWS\
O23 - Service: Universal Plug and Play Device Host upnphostwuauserv (upnphostwuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Universal Plug and Play Device Host upnphostwuauserv upnphostwuauservehSched (upnphostwuauservehSched) - Unknown owner - C:\WINDOWS\
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WebClient WebClientupnphostwuauservehSched (WebClientupnphostwuauservehSched) - Unknown owner - C:\WINDOWS\
O23 - Service: WMI Performance Adapter WmiApSrvsprtsvc_ddoctorv2navapsvcLmHosts (WmiApSrvsprtsvc_ddoctorv2navapsvcLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservBITS (wuauservBITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservHidServ (wuauservHidServ) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservLmHosts (wuauservLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: Wireless Zero Configuration WZCSVCMHN (WZCSVCMHN) - Unknown owner - C:\WINDOWS\
--
End of file - 14643 bytes
SDFix: Version 1.222
Run by Cody on Mon 09/08/2008 at 05:34 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Rootkit:
C:\WINDOWS\system32\drivers\WINHQ43.sys - Rootkit Pandex/Cutwail - Runtime3.sys
C:\WINDOWS\system32\drivers\WINXH65.sys - Rootkit Pandex/Cutwail - Runtime3.sys
Name :
WINHQ43
WINXH65
Path :
System32\Drivers\Winhq43.sys
System32\Drivers\Winxh65.sys
WINHQ43 - Deleted
WINXH65 - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Rebooting
Service WINHQ43 - Deleted
Service WINXH65 - Deleted
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\phcr6aj0ec0g.bmp - Deleted
C:\WINDOWS\antiv.exe - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted
C:\WINDOWS\system32\drivers\WINHQ43.sys - Deleted
C:\WINDOWS\system32\drivers\WINXH65.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 17:42:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 27 Mar 2008 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL0006.tmp"
Thu 27 Mar 2008 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL3932.tmp"
Sat 13 Jan 2007 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL0004.tmp"
Sat 13 Jan 2007 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL2395.tmp"
Thu 17 May 2007 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL0005.tmp"
Wed 19 Sep 2007 19,456 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL0003.tmp"
Wed 31 Oct 2007 20,480 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL3896.tmp"
Wed 31 Oct 2007 20,992 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL3331.tmp"
Wed 31 Oct 2007 20,992 ...H. --- "C:\Documents and Settings\Cody\Application Data\Microsoft\Word\~WRL1975.tmp"
Wed 24 Jan 2007 444 ...HR --- "C:\Documents and Settings\Jim\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 16 Aug 2008 0 A.SHR --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\Temp\71.tmp"
Sat 16 Aug 2008 0 A.SHR --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\Temp\81.tmp"
Sat 16 Aug 2008 0 A.SHR --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\Temp\D4.tmp"
Sat 16 Aug 2008 0 A.SHR --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\Temp\D5.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:04 PM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\AL-1000\engss.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: cTmesIzvAtAZ - {E096945D-4A3C-3EF7-DC2C-6E4AB9E14D00} - (no file)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management AppMgmtRpcLocator (AppMgmtRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service BITSLightScribeService (BITSLightScribeService) - Unknown owner - C:\WINDOWS\
O23 - Service: DNS Client DnscacheMSIServer (DnscacheMSIServer) - Unknown owner - C:\WINDOWS\
O23 - Service: DNS Client DnscacheMSIServer DnscacheMSIServerScsiAccessAcerMemUsageCheckService (DnscacheMSIServerScsiAccessAcerMemUsageCheckService) - Unknown owner - C:\WINDOWS\
O23 - Service: Error Reporting Service ERSvcFax (ERSvcFax) - Unknown owner - C:\WINDOWS\
O23 - Service: Event Log EventlogVSS (EventlogVSS) - Unknown owner - C:\WINDOWS\
O23 - Service: Fast User Switching Compatibility FastUserSwitchingCompatibilitySamSsScsiAccess (FastUserSwitchingCompatibilitySamSsScsiAccess) - Unknown owner - C:\WINDOWS\
O23 - Service: Fax FaxThemes (FaxThemes) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service ImapiServiceWebClient (ImapiServiceWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: IMAPI CD-Burning COM Service ImapiServiceWebClient ImapiServiceWebClientUMWdf (ImapiServiceWebClientUMWdf) - Unknown owner - C:\WINDOWS\
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TCP/IP NetBIOS Helper LmHostsProtectedStorage (LmHostsProtectedStorage) - Unknown owner - C:\WINDOWS\
O23 - Service: Media Center Extender Service McrdSvcRemoteRegistry (McrdSvcRemoteRegistry) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcMSDTC (mnmsrvcMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcSamSsEventlog (mnmsrvcSamSsEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcSamSsEventlog mnmsrvcSamSsEventlogSENS (mnmsrvcSamSsEventlogSENS) - Unknown owner - C:\WINDOWS\
O23 - Service: Norton AntiVirus Auto-Protect Service navapsvcLmHosts (navapsvcLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE NetDDE Mobile Device (NetDDE Mobile Device) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Access Auto Connection Manager RasAutoBITSLightScribeService (RasAutoBITSLightScribeService) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Registry RemoteRegistryRpcLocator (RemoteRegistryRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Security Accounts Manager SamSsEventlog (SamSsEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Security Accounts Manager SamSsScsiAccess (SamSsScsiAccess) - Unknown owner - C:\WINDOWS\
O23 - Service: Task Scheduler ScheduleImapiService (ScheduleImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ScsiAccess ScsiAccessAcerMemUsageCheckService (ScsiAccessAcerMemUsageCheckService) - Unknown owner - C:\WINDOWS\
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) SharedAccessBITS (SharedAccessBITS) - Unknown owner - C:\WINDOWS\
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) sprtsvc_ddoctorv2navapsvcLmHosts (sprtsvc_ddoctorv2navapsvcLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: Terminal Services TermServicemnmsrvc (TermServicemnmsrvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service TMBMServerEventlog (TMBMServerEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Trend Micro Proxy Service tmproxyTermServicemnmsrvc (tmproxyTermServicemnmsrvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Distributed Link Tracking Client TrkWksupnphost (TrkWksupnphost) - Unknown owner - C:\WINDOWS\
O23 - Service: Universal Plug and Play Device Host upnphostwuauserv (upnphostwuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Universal Plug and Play Device Host upnphostwuauserv upnphostwuauservehSched (upnphostwuauservehSched) - Unknown owner - C:\WINDOWS\
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WebClient WebClientupnphostwuauservehSched (WebClientupnphostwuauservehSched) - Unknown owner - C:\WINDOWS\
O23 - Service: WMI Performance Adapter WmiApSrvsprtsvc_ddoctorv2navapsvcLmHosts (WmiApSrvsprtsvc_ddoctorv2navapsvcLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservBITS (wuauservBITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservHidServ (wuauservHidServ) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservLmHosts (wuauservLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: Wireless Zero Configuration WZCSVCMHN (WZCSVCMHN) - Unknown owner - C:\WINDOWS\
--
End of file - 14643 bytes