This is the SDFix report.
SDFix: Version 1.240 Run by Marco on Wed 03/11/2009 at 08:18 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp16.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp17.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp18.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp19.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp1A.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp1B.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp1C.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp21.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp22.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp23.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp24.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp25.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp26.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp27.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp28.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp29.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp2A.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp2B.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp2D.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp2E.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp2F.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp32.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp33.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp34.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp35.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp36.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp37.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp38.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp39.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp6C.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp6D.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp92.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp95.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp96.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp97.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp98.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp99.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp9E.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmp9F.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpA4.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpA5.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpA7.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpA8.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpB4.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpB5.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpB6.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpB7.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpEF.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpF0.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpF3.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpF4.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpF5.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpF6.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpF7.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpFA.tmp - Deleted
C:\DOCUME~1\MARCO~1.ARR\LOCALS~1\Temp\tmpFB.tmp - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-11 20:27:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Marco.ARROWSHOP\ntuser.dat, 0
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"="C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe:*:Disabled:SketchUp Application"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"="C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe:*:Enabled:Sprite PC Service"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\Nexon\\Combat Arms\\NMService.exe"="C:\\Program Files\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\y45uoe4.dll"
Thu 31 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sat 28 Feb 2009 20,688 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Sat 28 Feb 2009 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Thu 31 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Marco.ARROWSHOP\Application Data\U3\temp\Launchpad Removal.exe"
Finished!