[b]SDFix: Version 1.180 [/b] Run by badman420 on Thu 05/08/2008 at 08:48 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default Desktop Wallpaper Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\Documents and Settings\badman420\Application Data\Deskbar_{8EAF05CC-14F6-4643-95D1-77ED26A40204}\local.xml - Deleted C:\Documents and Settings\badman420\Application Data\Deskbar_{8EAF05CC-14F6-4643-95D1-77ED26A40204}\log.txt - Deleted C:\Documents and Settings\badman420\Application Data\Deskbar_{8EAF05CC-14F6-4643-95D1-77ED26A40204}\version.ini - Deleted C:\Documents and Settings\badman420\Application Data\Deskbar_{8EAF05CC-14F6-4643-95D1-77ED26A40204}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml - Deleted C:\Documents and Settings\badman420\Local Settings\Temp\tem10.tmp.exe - Deleted C:\Documents and Settings\badman420\Local Settings\Temp\tem8.tmp.exe - Deleted C:\Documents and Settings\badman420\Local Settings\Temp\temC.tmp.exe - Deleted C:\Documents and Settings\badman420\Local Settings\Temp\upd14.tmp.exe - Deleted C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted C:\Documents and Settings\Anne Rutledge\Desktop\Error Cleaner.url - Deleted C:\Documents and Settings\Anne Rutledge\Favorites\Error Cleaner.url - Deleted C:\Documents and Settings\badman420\Favorites\Error Cleaner.url - Deleted C:\Documents and Settings\Anne Rutledge\Desktop\Privacy Protector.url - Deleted C:\Documents and Settings\Anne Rutledge\Favorites\Privacy Protector.url - Deleted C:\Documents and Settings\badman420\Favorites\Privacy Protector.url - Deleted C:\Documents and Settings\Anne Rutledge\Desktop\Spyware&Malware Protection.url - Deleted C:\Documents and Settings\Anne Rutledge\Favorites\Spyware&Malware Protection.url - Deleted C:\Documents and Settings\badman420\Favorites\Spyware&Malware Protection.url - Deleted C:\Temp\1cb\syscheck.log - Deleted C:\Temp\maxsv15\rLCubd.log - Deleted C:\WINDOWS\mslagent\2_mslagent.dll - Deleted C:\WINDOWS\mslagent\mslagent.exe - Deleted C:\WINDOWS\mslagent\uninstall.exe - Deleted C:\WINDOWS\privacy_danger\index.htm - Deleted C:\WINDOWS\privacy_danger\images\capt.gif - Deleted C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted C:\WINDOWS\privacy_danger\images\down.gif - Deleted C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted C:\WINDOWS\system32\bkEur05\bkEur051080.exe - Deleted C:\WINDOWS\system32\smp\msrc.exe - Deleted C:\Program Files\akl\akl.dll - Deleted C:\Program Files\akl\akl.exe - Deleted C:\Program Files\akl\uninstall.exe - Deleted C:\Program Files\akl\unsetup.exe - Deleted C:\Program Files\dbar\basis.xml - Deleted C:\Program Files\dbar\channel.tmpl - Deleted C:\Program Files\dbar\content.tmpl - Deleted C:\Program Files\dbar\date.tmpl - Deleted C:\Program Files\dbar\dbaruninst.exe - Deleted C:\Program Files\dbar\deskbar.crc - Deleted C:\Program Files\dbar\deskbar.dll - Deleted C:\Program Files\dbar\deskbar.inf - Deleted C:\Program Files\dbar\edit_rss.tmpl - Deleted C:\Program Files\dbar\local.xml - Deleted C:\Program Files\dbar\nav1.bmp - Deleted C:\Program Files\dbar\nav2.bmp - Deleted C:\Program Files\dbar\new_alert.tmpl - Deleted C:\Program Files\dbar\version.ini - Deleted C:\Program Files\dbar\version.txt - Deleted C:\Program Files\Inet Delivery\inetdl.exe - Deleted C:\Program Files\Inet Delivery\intdel.exe - Deleted C:\Program Files\VirusIsolator\zlib.dll - Deleted C:\Program Files\winvi\Uninst.exe - Deleted C:\Program Files\winvi\version.ini - Deleted C:\Program Files\winvi\wupda.exe - Deleted C:\Program Files\winvi\dsktp\AC_RunActiveContent.js - Deleted C:\Program Files\winvi\dsktp\desktop.html - Deleted C:\Program Files\winvi\dsktp\internetDetection.swf - Deleted C:\Program Files\winvi\dsktp\settings.sol - Deleted C:\Program Files\winvi\icons\bufferthis.ico - Deleted C:\Program Files\winvi\icons\flashfunpages.ico - Deleted C:\Program Files\winvi\icons\funnies.ico - Deleted C:\Program Files\winvi\icons\funnyfunpages.ico - Deleted C:\Program Files\winvi\icons\goodcleanvideos.ico - Deleted C:\Program Files\winvi\icons\newfunpages.ico - Deleted C:\Program Files\winvi\icons\positivethoughts.ico - Deleted C:\Program Files\winvi\icons\removespyware.ico - Deleted C:\Program Files\winvi\icons\thissiterocks.ico - Deleted C:\Program Files\winvi\temp\version.ini - Deleted C:\WINDOWS\mrofinu1188.exe.tmp - Deleted C:\Program Files\Network Monitor\netmon.exe - Deleted C:\Documents and Settings\badman420\Start Menu\Programs\Startup\Deewoo.lnk - Deleted C:\smp.bat - Deleted C:\WINDOWS\a.bat - Deleted C:\WINDOWS\base64.tmp - Deleted C:\WINDOWS\bdn.com - Deleted C:\WINDOWS\FVProtect.exe - Deleted C:\WINDOWS\iTunesMusic.exe - Deleted C:\WINDOWS\mssecu.exe - Deleted C:\WINDOWS\rs.txt - Deleted C:\WINDOWS\system32\akttzn.exe - Deleted C:\WINDOWS\system32\anticipator.dll - Deleted C:\WINDOWS\system32\atmtd.dll - Deleted C:\WINDOWS\system32\atmtd.dll._ - Deleted C:\WINDOWS\system32\awtoolb.dll - Deleted C:\WINDOWS\system32\bdn.com - Deleted C:\WINDOWS\system32\bsva-egihsg52.exe - Deleted C:\WINDOWS\system32\dpcproxy.exe - Deleted C:\WINDOWS\system32\emesx.dll - Deleted C:\WINDOWS\system32\h@tkeysh@@k.dll - Deleted C:\WINDOWS\system32\hoproxy.dll - Deleted C:\WINDOWS\system32\hxiwlgpm.dat - Deleted C:\WINDOWS\system32\hxiwlgpm.exe - Deleted C:\WINDOWS\system32\medup012.dll - Deleted C:\WINDOWS\system32\medup020.dll - Deleted C:\WINDOWS\system32\msgp.exe - Deleted C:\WINDOWS\system32\msnav32.ax - Deleted C:\WINDOWS\system32\msnbho.dll - Deleted C:\WINDOWS\system32\mssecu.exe - Deleted C:\WINDOWS\system32\msvchost.exe - Deleted C:\WINDOWS\system32\mtr2.exe - Deleted C:\WINDOWS\system32\mwin32.exe - Deleted C:\WINDOWS\system32\netode.exe - Deleted C:\WINDOWS\system32\newsd32.exe - Deleted C:\WINDOWS\system32\pac.txt - Deleted C:\WINDOWS\system32\ps1.exe - Deleted C:\WINDOWS\system32\psof1.exe - Deleted C:\WINDOWS\system32\psoft1.exe - Deleted C:\WINDOWS\system32\regc64.dll - Deleted C:\WINDOWS\system32\regm64.dll - Deleted C:\WINDOWS\system32\Rundl1.exe - Deleted C:\WINDOWS\system32\sncntr.exe - Deleted C:\WINDOWS\system32\ssurf022.dll - Deleted C:\WINDOWS\system32\ssvchost.com - Deleted C:\WINDOWS\system32\ssvchost.exe - Deleted C:\WINDOWS\system32\sysreq.exe - Deleted C:\WINDOWS\system32\taack.dat - Deleted C:\WINDOWS\system32\taack.exe - Deleted C:\WINDOWS\system32\temp#01.exe - Deleted C:\WINDOWS\system32\thun.dll - Deleted C:\WINDOWS\system32\thun32.dll - Deleted C:\WINDOWS\system32\VBIEWER.OCX - Deleted C:\WINDOWS\system32\vbsys2.dll - Deleted C:\WINDOWS\system32\vcatchpi.dll - Deleted C:\WINDOWS\system32\winlogonpc.exe - Deleted C:\WINDOWS\system32\winsystem.exe - Deleted C:\WINDOWS\system32\WINWGPX.EXE - Deleted C:\WINDOWS\system32\zxdnt3d.cfg - Deleted C:\WINDOWS\uninstall_nmon.vbs - Deleted C:\WINDOWS\userconfig9x.dll - Deleted C:\WINDOWS\winsystem.exe - Deleted C:\WINDOWS\zip1.tmp - Deleted C:\WINDOWS\zip2.tmp - Deleted C:\WINDOWS\zip3.tmp - Deleted C:\WINDOWS\zipped.tmp - Deleted Folder C:\Documents and Settings\badman420\Application Data\Deskbar_{8EAF05CC-14F6-4643-95D1-77ED26A40204} - Removed Folder C:\Program Files\akl - Removed Folder C:\Program Files\dbar - Removed Folder C:\Program Files\Inet Delivery - Removed Folder C:\Program Files\Network Monitor - Removed Folder C:\Program Files\NetProject - Removed Folder C:\Program Files\VirusIsolator - Removed Folder C:\Program Files\winvi - Removed Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed Folder C:\Temp\1cb - Removed Folder C:\Temp\maxsv15 - Removed Folder C:\WINDOWS\mslagent - Removed Folder C:\WINDOWS\privacy_danger - Removed Folder C:\WINDOWS\system32\215651 - Removed Folder C:\WINDOWS\system32\375013 - Removed Folder C:\WINDOWS\system32\bkEur05 - Removed Folder C:\WINDOWS\system32\smp - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-08 22:18:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Defender Pro\\Defender Pro Internet Security 6.0\\avp.exe"="C:\\Program Files\\Defender Pro\\Defender Pro Internet Security 6.0\\avp.exe:*:Enabled:Defender Pro" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Mon 7 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT7.tmp" [b]Finished![/b]