Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Limewire keeps on popping up and prompting to install


  • Please log in to reply

#1
fluffypuff

fluffypuff

    New Member

  • Member
  • Pip
  • 1 posts
Hi can anybody help me with this and what the next step i'm suppose to do? Since i have install SDFix and do it. Below are the report i got after it finished running.


SDFix: Version 1.240
Run by Personal on 17/04/2009 at 00:55

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp15.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp16.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp1F.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp21.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp23.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp27.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp2E.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp34.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp4E.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp8F.tmp - Deleted
C:\WINDOWS\lcass.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 01:13:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Tudou\?Tudou\TudouVa.exe??"="C:\Program Files\Tudou\\xb7伤賂udou\TudouVa.exe:*:Enabled:?Tudou"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Tudou\?Tudou\TudouVa.exe??"="C:\Program Files\Tudou\\xb7伤賂udou\TudouVa.exe:*:Enabled:?Tudou"

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\POKxON Simulator]
"Order"=hex:08,00,00,00,02,00,00,00,46,02,00,00,01,00,00,00,04,00,00,00,8c,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PPSA扴

"Order"=hex:08,00,00,00,02,00,00,00,f4,02,00,00,01,00,00,00,06,00,00,00,78,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe"="C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\WIZET\\MapleStory\\Patcher.exe"="C:\\Program Files\\WIZET\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\National Instruments\\LabVIEW 7.1\\LabVIEW.exe"="C:\\Program Files\\National Instruments\\LabVIEW 7.1\\LabVIEW.exe:*:Enabled:LabVIEW 7.1 Development System"
"C:\\Program Files\\WIZET\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\WIZET\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\National Instruments\\MAX\\NIMax.exe"="C:\\Program Files\\National Instruments\\MAX\\NIMax.exe:*:Enabled:NIMax"
"C:\\WINDOWS\\system32\\skcbgm.exe"="C:\\WINDOWS\\system32\\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS网络电视"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"
"C:\\Program Files\\Tudou\\·é?łTudou\\TudouVa.exe"="C:\\Program Files\\Tudou\\·é?łTudou\\TudouVa.exe:*:Enabled:飞速Tudou"
"E:\\My Received Files\\SopCast\\SopCast.exe"="E:\\My Received Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"E:\\My Received Files\\SopCast\\adv\\SopAdver.exe"="E:\\My Received Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Documents and Settings\\Personal\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"="C:\\Documents and Settings\\Personal\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE:*:Enabled:Microsoft Office Excel"
"C:\\Program Files\\Pilot Group Ltd\\Newsletter 2008\\apache\\Apache.exe"="C:\\Program Files\\Pilot Group Ltd\\Newsletter 2008\\apache\\Apache.exe:*:Enabled:Apache"
"C:\\Program Files\\Tudou\\Tudou\\TudouVa.exe"="C:\\Program Files\\Tudou\\Tudou\\TudouVa.exe:*:Enabled:飞速土豆1.12"
"C:\\Program Files\\Tudou\\飞速Tudou\\TudouVa.exe"="C:\\Program Files\\Tudou\\飞速Tudou\\TudouVa.exe:*:Enabled:飞速土豆1.12"
"C:\\DOCUME~1\\Personal\\LOCALS~1\\Temp\\ppsdown\\ppsdown.exe"="C:\\DOCUME~1\\Personal\\LOCALS~1\\Temp\\ppsdown\\ppsdown.exe:*:Enabled:HttpDownLoad Application"
"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"="C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 30 Nov 2008 960 A.SH. --- "C:\tl13o04v.sys"
Fri 2 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 12 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Personal\Application Data\U3\temp\Launchpad Removal.exe"
Thu 17 Apr 2008 54,520 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\VisualStudio\7.1\vs000223.tmp"
Fri 11 Jan 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Personal\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Personal\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Personal\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Thu 19 Apr 2007 8 A..H. --- "C:\Documents and Settings\Personal\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Fri 7 Sep 2007 8 A..H. --- "C:\Documents and Settings\Personal\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"

Finished!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP