[b]SDFix: Version 1.187 [/b] Run by Roxy on 2008-06-03 at 16:26 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default IE HomePage Restoring Default Desktop Wallpaper Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\system32\vntiho06\vntiho061083.exe - Deleted C:\WINDOWS\accesss.exe - Deleted C:\WINDOWS\astctl32.ocx - Deleted C:\WINDOWS\avpcc.dll - Deleted C:\WINDOWS\clrssn.exe - Deleted C:\WINDOWS\cpan.dll - Deleted C:\WINDOWS\ctfmon32.exe - Deleted C:\WINDOWS\ctrlpan.dll - Deleted C:\WINDOWS\directx32.exe - Deleted C:\WINDOWS\dnsrelay.dll - Deleted C:\WINDOWS\editpad.exe - Deleted C:\WINDOWS\explorer32.exe - Deleted C:\WINDOWS\funniest.exe - Deleted C:\WINDOWS\funny.exe - Deleted C:\WINDOWS\gfmnaaa.dll - Deleted C:\WINDOWS\helpcvs.exe - Deleted C:\WINDOWS\iedll.exe - Deleted C:\WINDOWS\inetinf.exe - Deleted C:\WINDOWS\internet.exe - Deleted C:\WINDOWS\loader.exe - Deleted C:\WINDOWS\msconfd.dll - Deleted C:\WINDOWS\msspi.dll - Deleted C:\WINDOWS\mssys.exe - Deleted C:\WINDOWS\msupdate.exe - Deleted C:\WINDOWS\mswsc10.dll - Deleted C:\WINDOWS\mswsc20.dll - Deleted C:\WINDOWS\mtwirl32.dll - Deleted C:\WINDOWS\notepad32.exe - Deleted C:\WINDOWS\olehelp.exe - Deleted C:\WINDOWS\qttasks.exe - Deleted C:\WINDOWS\quicken.exe - Deleted C:\WINDOWS\rundll16.exe - Deleted C:\WINDOWS\rundll32.vbe - Deleted C:\WINDOWS\searchword.dll - Deleted C:\WINDOWS\sistem.exe - Deleted C:\WINDOWS\svchost32.exe - Deleted C:\WINDOWS\svcinit.exe - Deleted C:\WINDOWS\systeem.exe - Deleted C:\WINDOWS\systemcritical.exe - Deleted C:\WINDOWS\system32\CID - Deleted C:\WINDOWS\system32\hljwugsf.bin - Deleted C:\WINDOWS\system32\spywarewarning2.mht - Deleted C:\WINDOWS\system32\SvcNm - Deleted C:\WINDOWS\system32\upds.log - Deleted C:\WINDOWS\system32\url1 - Deleted C:\WINDOWS\system32\url2 - Deleted C:\WINDOWS\system32\url3 - Deleted C:\WINDOWS\time.exe - Deleted C:\WINDOWS\users32.exe - Deleted C:\WINDOWS\waol.exe - Deleted C:\WINDOWS\win32e.exe - Deleted C:\WINDOWS\win64.exe - Deleted C:\WINDOWS\winajbm.dll - Deleted C:\WINDOWS\window.exe - Deleted C:\WINDOWS\winmgnt.exe - Deleted C:\WINDOWS\xplugin.dll - Deleted C:\WINDOWS\xxxvideo.hta - Deleted Folder C:\WINDOWS\system32\vntiho06 - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-03 16:33:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed" "C:\\Program Files\\Common Files\\AOL\\1170264049\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1170264049\\EE\\AOLServiceHost.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Documents and Settings\\Owner.YOUR-9167397A84\\My Documents\\My Music\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Owner.YOUR-9167397A84\\My Documents\\My Music\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:ęTorrent" "C:\\Documents and Settings\\Roxy\\Desktop\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Roxy\\Desktop\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\WINDOWS\\system32\\lxczcoms.exe"="C:\\WINDOWS\\system32\\lxczcoms.exe:*:Enabled:Lexmark Communications System" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Sun 1 Jun 2008 96,768 ..SHR --- "C:\WINDOWS\system32\1028s.exe" Tue 3 Apr 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 23 Jun 2005 54,872 A..H. --- "C:\My Backup -- 07-01-31 0848AM\Program Files\America Online 9.0\AOLphx.exe" Thu 23 Jun 2005 31,832 A..H. --- "C:\My Backup -- 07-01-31 0848AM\Program Files\America Online 9.0\rbm.exe" Thu 19 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT3.tmp" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT3.tmp" [b]Finished![/b]