------------------------------------------------------------------------------------------------------------------------------------
SDFix: Version 1.240
Run by bob thomas on Fri 12/12/2008 at 12:39 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 13:08:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe:*:Enabled:Device Monitor"
"C:\\Documents and Settings\\bob thomas\\Local Settings\\Temp\\lxdi\\wireless\\ENGLISH\\lxdiwpss.exe"="C:\\Documents and Settings\\bob thomas\\Local Settings\\Temp\\lxdi\\wireless\\ENGLISH\\lxdiwpss.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe:*:Enabled:Printer Status Window Interface"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe:*:Enabled:Job Status Window Interface"
"C:\\WINDOWS\\system32\\lxdicoms.exe"="C:\\WINDOWS\\system32\\lxdicoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"="C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe:*:Enabled:ABBYY FineReader"
"C:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"="C:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe:*:Enabled:Fax software"
"C:\\WINDOWS\\system32\\lxdicfg.exe"="C:\\WINDOWS\\system32\\lxdicfg.exe:*:Enabled:Printer Communication System"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\\Program Files\\AVG\\AVG8\\avgam.exe"="C:\\Program Files\\AVG\\AVG8\\avgam.exe:*:Enabled:avgam.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Lexmark 3500-4500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 20 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 19 Mar 2007 28,160 A..H. --- "C:\Documents and Settings\bob thomas\My Documents\webpages\btseo\support\~WRL0464.tmp"
Mon 19 Mar 2007 27,648 A..H. --- "C:\Documents and Settings\bob thomas\My Documents\webpages\btseo\support\~WRL0917.tmp"
Mon 19 Mar 2007 27,648 A..H. --- "C:\Documents and Settings\bob thomas\My Documents\webpages\btseo\support\~WRL3286.tmp"
Tue 28 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Tue 28 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Tue 28 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Tue 28 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Tue 28 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Tue 28 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"
Finished!
------------------------------------------------------------------------------------------------------------------------------------
Process Explorer.EXE killed successfully!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8041E642-8CFC-4720-BC9D-D2DB8904286F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FaxCenterServer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Desktop Search deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DellSupport deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\mgmrwmrv.exe scheduled to be deleted on reboot.
File C:\WINDOWS\system32\mgmrwmrv.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\mgmrwmrv.exe deleted successfully.
File C:\WINDOWS\system32\mgmrwmrv.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command\\ deleted successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ic32pp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBCA9F81-8F4F-11D2-90FF-0080C83D3571}\ deleted successfully.
[Files/Folders - Created Within 90 Days]
C:\Documents and Settings\bob thomas\Desktop\GooredFix.exe moved successfully.
C:\Documents and Settings\bob thomas\Desktop\HiJackThis.exe moved successfully.
[File - Lop Check]
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
[File - Purity Scan]
File C:\WINDOWS\?ymantec not found!
File C:\WINDOWS\?ymantec\?ymantec not found!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7a0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.3.1 fix logfile created on 12122008_132134
Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_7a0.dat not found!
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\mgmrwmrv.exe scheduled to be deleted on reboot.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Ok, now what is next?
this took a long time to complete