Topic: PLEASE HELP!!! (Adaware, popups, etc.) Moved from XP by Murray
View Single Post
  #11  
Old October 28th, 2008, 12:47 PM
RubyQT RubyQT is offline
Member
  
Join Date: May 2004
Posts: 51
Re:
SDFix: Version 1.238
Run by DELLA on Tue 10/28/2008 at 01:47 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\Documents and Settings\DELLA\Application Data\Install.dat - Deleted
C:\WINDOWS\system32\17D.tmp - Deleted
C:\WINDOWS\system32\1EE.tmp - Deleted
C:\WINDOWS\system32\1F7.tmp - Deleted


Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 01:59:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yah oo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"="C:\\ WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe:*isabled: TrueVector Service"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1147821277\\ee\\aolsoftware.exe"="C:\\ Program Files\\Common Files\\AOL\\1147821277\\ee\\aolsoftware.exe:*:Enab led:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1147821277\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1147821277\\ee\\aim6.exe:*:Enabled:AIM "
"C:\\Program Files\\Common Files\\AOL\\1149719952\\ee\\aolsoftware.exe"="C:\\ Program Files\\Common Files\\AOL\\1149719952\\ee\\aolsoftware.exe:*:Enab led:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1149719952\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1149719952\\ee\\aim6.exe:*:Enabled:AIM "
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe" ="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe: *:Enabled:VoipBuster"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\DELLA\\Desktop\\Install_Messenger.exe"=" C:\\Documents and Settings\\DELLA\\Desktop\\Install_Messenger.exe:*: Disabled:Install_Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*isabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*isabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax "
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:Tur boTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe:*:Enabled:Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe:*:Enabled:Logitech Desktop Messenger"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\10.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\130.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\140.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\154.tmp"
Tue 21 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\16C.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\176.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\17B.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\17E.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\183.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\189.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\19C.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\1BC.tmp"
Tue 21 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\1BF.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\1C5.tmp"
Tue 21 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\1C9.tmp"
Tue 21 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\1CA.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\1DE.tmp"
Tue 21 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\1DF.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\1EF.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\1F2.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\1FB.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\201.tmp"
Tue 21 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\209.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\20A.tmp"
Tue 21 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\20E.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\20F.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\210.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\211.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\212.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\213.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\215.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\21C.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\226.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\22E.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\233.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\234.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\235.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\23F.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\24E.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\266.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\27.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\278.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\279.tmp"
Sun 26 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\27A.tmp"
Sat 25 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\28.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\295.tmp"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\5.tmp"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\6.tmp"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\7.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\8.tmp"
Wed 22 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\9.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\A.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\B.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\C.tmp"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\D.tmp"
Tue 28 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\E.tmp"
Fri 24 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\SYSTEM32\F.tmp"
Wed 6 Jun 2007 13 ...H. --- "C:\Documents and Settings\All Users\Application Data\~113.>sys"
Mon 9 May 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 31 Jan 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Mon 31 Jul 2006 24,576 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0001.tmp"
Tue 1 Aug 2006 22,016 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0002.tmp"
Wed 28 Mar 2007 117,248 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0003.tmp"
Wed 28 Mar 2007 117,760 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0005.tmp"
Mon 7 Aug 2006 24,064 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0122.tmp"
Tue 9 Jan 2007 118,784 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0150.tmp"
Tue 3 Apr 2007 49,152 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0173.tmp"
Tue 3 Apr 2007 49,152 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0186.tmp"
Tue 3 Apr 2007 44,544 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0359.tmp"
Mon 7 Aug 2006 24,064 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0361.tmp"
Tue 3 Apr 2007 46,080 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0443.tmp"
Tue 3 Apr 2007 49,152 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0474.tmp"
Tue 8 Aug 2006 24,576 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0504.tmp"
Mon 7 Aug 2006 22,528 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0587.tmp"
Tue 3 Apr 2007 47,616 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0603.tmp"
Tue 9 Jan 2007 119,296 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0677.tmp"
Thu 27 Jul 2006 69,632 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0744.tmp"
Tue 27 Mar 2007 390,144 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0751.tmp"
Fri 27 Oct 2006 84,480 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0824.tmp"
Thu 25 Jan 2007 316,416 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0870.tmp"
Tue 27 Mar 2007 391,680 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0885.tmp"
Tue 3 Apr 2007 48,640 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0942.tmp"
Tue 8 Aug 2006 25,600 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL0951.tmp"
Tue 27 Mar 2007 388,096 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1004.tmp"
Thu 25 Jan 2007 316,416 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1020.tmp"
Thu 25 Jan 2007 317,440 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1021.tmp"
Tue 3 Apr 2007 45,568 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1244.tmp"
Tue 9 Jan 2007 119,808 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1318.tmp"
Tue 27 Mar 2007 388,096 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1361.tmp"
Tue 3 Apr 2007 46,592 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1405.tmp"
Wed 21 Dec 2005 40,448 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1423.tmp"
Mon 26 Mar 2007 386,560 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1427.tmp"
Tue 9 Jan 2007 120,832 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1446.tmp"
Tue 8 Aug 2006 25,600 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1539.tmp"
Tue 27 Mar 2007 388,608 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1642.tmp"
Tue 23 Jan 2007 316,416 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1648.tmp"
Tue 3 Apr 2007 45,568 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1652.tmp"
Wed 21 Dec 2005 38,912 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1664.tmp"
Tue 9 Jan 2007 120,832 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1758.tmp"
Tue 3 Apr 2007 48,640 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1769.tmp"
Tue 27 Mar 2007 391,680 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1873.tmp"
Mon 7 Aug 2006 23,552 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1963.tmp"
Tue 9 Jan 2007 120,320 ...H. --- "C:\Documents and Settings\DELLA\Desktop\~WRL1966.tmp"
Wed 28 Mar 2007 119,808 ...H. --- "C:\Documents and
Reply With Quote