[b]SDFix: Version 1.240 [/b] Run by Administrator on 02/01/2009 at 17:40 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-02 17:56:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qteirzvao] "DisplayName"="Windows Universal" "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Description"="Monitors system security settings and configurations." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qteirzvao\Parameters] "ServiceDll"=str(2):"C:\WINDOWS\system32\ieumfgro.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\qteirzvao] "DisplayName"="Windows Universal" "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Description"="Monitors system security settings and configurations." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\qteirzvao\Parameters] "ServiceDll"=str(2):"C:\WINDOWS\system32\ieumfgro.dll" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000149 "TracesSuccessful"=dword:0000000b scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler " "C:\\WINDOWS\\system32\\mstsc.exe"="C:\\WINDOWS\\system32\\mstsc.exe:*:Enabled:Remote Desktop Connection" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\Axis Communications\\AXIS Camera Station\\AcsService.exe"="C:\\Program Files\\Axis Communications\\AXIS Camera Station\\AcsService.exe:*:Enabled:AXIS Camera Station" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe:*:Enabled:Ad-Aware" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll" Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll" Tue 1 Jul 2008 56 A.SH. --- "C:\WINDOWS\SMINST\hpboot.sys" Wed 4 Aug 2004 166,240 A.SHR --- "C:\WINDOWS\system32\ieumfgro.dll" Thu 20 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 19 Aug 2008 65,536 A..H. --- "C:\Documents and Settings\t_brown\My Documents\~Vessels A to F.pst.tmp" Tue 19 Aug 2008 65,536 A..H. --- "C:\Documents and Settings\t_brown\My Documents\~Vessels G to M.pst.tmp" Tue 19 Aug 2008 65,536 A..H. --- "C:\Documents and Settings\t_brown\My Documents\~Vessels Thome to Z.pst.tmp" Thu 20 Mar 2008 4,348 ...H. --- "C:\Documents and Settings\t_brown\My Documents\My Music\License Backup\drmv1key.bak" Sat 27 Dec 2008 20 A..H. --- "C:\Documents and Settings\t_brown\My Documents\My Music\License Backup\drmv1lic.bak" Thu 20 Mar 2008 400 A.SH. --- "C:\Documents and Settings\t_brown\My Documents\My Music\License Backup\drmv2key.bak" [b]Finished![/b]