| tstalhood67 |
| (new user) |
| Sun May 11 2008 01:52 PM |
Re: major problems
|
SDFix: Version 1.181
Run by Administrator on Sun 05/11/2008 at 08:32 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Killing PID 768 'wmsdkns.exe'
Killing PID 768 'wmsdkns.exe'
Killing PID 768 'wmsdkns.exe'
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\8JXUO5.SYZ - Deleted
C:\Program Files\ISM\ism.exe - Deleted
C:\Program Files\ISM\Uninstall.exe - Deleted
C:\Program Files\QdrDrive\qdrloader.exe - Deleted
C:\Program Files\QdrPack\dicts.gz - Deleted
C:\Program Files\QdrPack\QdrPack15.exe - Deleted
C:\Program Files\QdrPack\trgts.gz - Deleted
C:\Program Files\QdrModule\dicy.gz - Deleted
C:\Program Files\QdrModule\kwdy.gz - Deleted
C:\Program Files\QdrModule\pckr.dat - Deleted
C:\Program Files\QdrModule\QdrModule15.exe - Deleted
C:\WINDOWS\system32\000060.exe - Deleted
C:\WINDOWS\system32\000080.exe - Deleted
C:\WINDOWS\system32\000090.exe - Deleted
C:\WINDOWS\123messenger.per - Deleted
C:\WINDOWS\2020search.dll - Deleted
C:\WINDOWS\2020search2.dll - Deleted
C:\WINDOWS\apphelp32.dll - Deleted
C:\WINDOWS\asferror32.dll - Deleted
C:\WINDOWS\asycfilt32.dll - Deleted
C:\WINDOWS\athprxy32.dll - Deleted
C:\WINDOWS\ati2dvaa32.dll - Deleted
C:\WINDOWS\ati2dvag32.dll - Deleted
C:\WINDOWS\audiosrv32.dll - Deleted
C:\WINDOWS\autodisc32.dll - Deleted
C:\WINDOWS\avifile32.dll - Deleted
C:\WINDOWS\avisynthex32.dll - Deleted
C:\WINDOWS\aviwrap32.dll - Deleted
C:\WINDOWS\bjam.dll - Deleted
C:\WINDOWS\bokja.exe - Deleted
C:\WINDOWS\browserad.dll - Deleted
C:\WINDOWS\cdsm32.dll - Deleted
C:\WINDOWS\changeurl_30.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\didduid.ini - Deleted
C:\WINDOWS\index.html - Deleted
C:\WINDOWS\licencia.txt - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\msa64chk.dll - Deleted
C:\WINDOWS\msapasrc.dll - Deleted
C:\WINDOWS\mspphe.dll - Deleted
C:\WINDOWS\mssvr.exe - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\ntnut.exe - Deleted
C:\WINDOWS\saiemod.dll - Deleted
C:\WINDOWS\shdocpe.dll - Deleted
C:\WINDOWS\shdocpl.dll - Deleted
C:\WINDOWS\stcloader.exe - Deleted
C:\WINDOWS\swin32.dll - Deleted
C:\WINDOWS\system32\sockins32.dll - Deleted
C:\WINDOWS\system32\winfrun32.bin - Deleted
C:\WINDOWS\system32\wmsdkns.exe - Deleted
C:\WINDOWS\telefonos.txt - Deleted
C:\WINDOWS\textos.txt - Deleted
C:\WINDOWS\voiceip.dll - Deleted
C:\WINDOWS\winsb.dll - Deleted
Folder C:\Program Files\ISM - Removed
Folder C:\Program Files\QdrDrive - Removed
Folder C:\Program Files\QdrPack - Removed
Folder C:\Program Files\QdrModule - Removed
Folder C:\WINDOWS\system32\527631 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 08:43:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 11 Jul 2007 1,949,519 A.SH. --- "C:\!KillBox\llkkj.tmp"
Sun 3 Feb 2008 24 ..SH. --- "C:\WINDOWS\S4A05DB1F.tmp"
Wed 30 Jun 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 30 Jun 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 30 Jun 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Wed 11 Jul 2007 6,369 ..SH. --- "C:\WINDOWS\system32\llkkj.bak1"
Wed 11 Jul 2007 1,102,959 ..SH. --- "C:\WINDOWS\system32\voxdtbdo.tmp"
Tue 3 Apr 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 20 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 19 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT3.tmp"
Sun 8 Jul 2007 2,217,857 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\MTVN\Downloads\05EB88CE(2)\BIT21A.tmp"
Finished!