Run by Owner on Thu 07/08/2008 at 04:36 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\Owner\Local Settings\Temp\tem169.tmp.exe - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll - Deleted
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
Folder C:\WINDOWS\system32\wsnpoem - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 16:44:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="5B69929D141D7D7559DADD494869C082C196B2611D6DA51D3FBB6ACD118DD53FF9FAEECD6A6
A20830FB7E6F9B65CEA4C95F2F29257D0B8B8BA067422A26C3872DF33686C0E7BE9C0D7FBD432F1BB
CDF6AAD5403C546C2BA6EB9EBC41C7B75FADA1EF05125A63C38ABB33FEBC9E127BECC74CFEBC9E127
BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980
AC7933FEBC9E127BECC74CA6171C11EC38DE3D9DB7CE019D40AA5C47E1DFC568F92647DD3EAF5FC8C
5824FC17C08A5F39A1D6A285D8D77D2A43B587A93DBE38BE181DEEEF5F161EAFA62DB3880B0CD4DE9
A9B8BAA36C4429768F24D7E684C21C7962224CD4991E137C3AE116C146C57497C16F7256F15A6B358
AAF63F52B0E3514752951E91ADE0520A7A730E37C14F51F14A13BCE339C0FA18C7641F0652653546C
7F7C58A9206812CE65FD9EC874C14ED4D1287987A16C4F796CBC180BA05A347CA1F0D7C214C74D554
51AC06753AC493BFB6D580CB642A5BBF64343BAC40F00E005F4B2A221932666E8C6A757D3EE06838A
6300A05A30613FF0E6DB558F1ED7D48F74C84CDF1EC0B0E366C8DCCC254F6DDF8899E8BFBD90F3275
D5FFE3294321D1C7D0E051F9F95663E81AB7DC8D044BB507B63CD4FD298CF5CFEE12110E4567CFA43
09D75D33F53DF3C3EE0586D356372502AE7A23BD304AC64D0969C1E461BDED9C551354D980F1F4FCB
F82F777CEAA1C05DEDF8D2F64E00F670E499450C4AE2D8521C7E9F3ADC22521E449C4E946E56592EF
B10F3C1414D493C0F409C4C3A1E11BB14C3E4B45F05DC735F04639AC3C26D96D68E05F72682A3C82E
6D2C4F96AAC225CBCA08965C468AE9DD30BDB4486F731783FED76096594EEC95A5CB65164A0FE0EF3
18407F8707B29E91D628239FE68FC7385641B1990D5DA052BFE48B6C433FC317DC60DA09ED594B0D9
E5CB6E67494A2966C659D15035FA593CEFE3EE31110148A5E438F9BC3CB4E6C8D97BA4096FD68E1B8
ECCF6B58EB0C268D955131794523F8BDA38C952653E09D035E4314B4B3096777459F3762A318D7B51
F81BDDC552E50CEA093D0A2E1554D901A374CAC3D0AB51740B914EBC5A4B932F75F77155B83C29C3E
B9AEBF0A8E6F7C96D15BCFC705A2BA911F21B23AA122245CD1CEEB1687C7E363E90EF305863BC1042
031E2A327C43A552106688A0FA8E0700F3A21E7B017975BDF592DAD48AC8FF607491E4631792285E7
E83363852BEFB8A3B4E6D989B1DBD5AEF74904F30147E7BB9C2F48F9613107F0782D182D4B0E21F2B
9641432D60AE5BC5B1D2C3FBB8034C92BB7E6E8DE5A1D0A63E49EC4ECACF7AFCBB4E65E0FAF8343F3
71EE71A6051A107A4C82FB9A45F0D8DFDB109FB9EE6EE2F067C4D4231089CF3981B6E54A533F408FF
520C381CE11D3A5882A241FAD1C6A"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"="C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe:*:Enabled:mobile Phone Software"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Friendly Software\\Golf Game\\AboutGolf.com World Tours\\Golf Game.exe"="C:\\Program Files\\Friendly Software\\Golf Game\\AboutGolf.com World Tours\\Golf Game.exe:*:Enabled:AboutGolf.com World Tours"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 1 Mar 2006 507,904 A..H. --- "C:\My Games\Aqua Pearls\pearls.exe"
Fri 4 May 2007 2,283,088 A..H. --- "C:\WINDOWS\NabnGrab\Nab-n-Grab.exe"
Tue 21 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 21 Feb 2006 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Fri 18 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 21 Feb 2006 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Wed 7 Jun 2006 401 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Tue 31 Jan 2006 312 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 4 Aug 2008 47,207,310 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\download\BIT20.tmp"
Finished!