Hi oldman,
Here are the SDFix results:
SDFix: Version 1.162
Run by TAM on 26/03/2008 at 16:35
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name:
HMP37
Path:
System32\Drivers\Hmp37.sys
HMP37 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Service HMP37 - Deleted after Reboot
Checking Files :
Trojan Files Found:
C:\Program Files\JavaCore\UnInstall.exe - Deleted
C:\Program Files\nvcoi\mst.stt - Deleted
C:\Program Files\Temporary\InsiDERInst.exe - Deleted
C:\WINDOWS\b155.exe - Deleted
C:\WINDOWS\b152.exe - Deleted
C:\WINDOWS\b154.exe - Deleted
C:\Program Files\Setup.exe - Deleted
C:\WINDOWS\svchost.ini - Deleted
C:\WINDOWS\system32\Isass.exe - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\drivers\HMP37.sys - Deleted
Folder C:\Program Files\JavaCore - Removed
Folder C:\Program Files\nvcoi - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files
ADS Check :
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 16:39:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden services …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Hexacto\Kasparov Chessmate\KasparovChess.exe”="C:\Program Files\Hexacto\Kasparov Chessmate\KasparovChess.exe::Disabled:KasparovChess”
“%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\PPStream\PPStream.exe”="C:\Program Files\PPStream\PPStream.exe::Enabled:PPStream”
“C:\Program Files\MSN Messenger\msnmsgr.exe”=“C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1"
“C:\Program Files\MSN Messenger\livecall.exe”="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)”
“C:\Program Files\Qianhong\Qianhong.exe”=“C:\Program Files\Qianhong\Qianhong.exe::Disabled:Qianhong Application"
“C:\Program Files\Tencent\QQ\QQ.exe”="C:\Program Files\Tencent\QQ\QQ.exe::Disabled:QQ”
“C:\Program Files\TVAnts\Tvants.exe”=“C:\Program Files\TVAnts\Tvants.exe::Enabled:TVAnts"
“C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe”="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe::Enabled:AOL TopSpeed”
“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe”=“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Enabled:AOL Connectivity Service Dialer"
“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe”="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL Connectivity Service”
“C:\Program Files\Common Files\AOL\Loader\aolload.exe”=“C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Loader"
“C:\Program Files\Common Files\AOL\1177552405\ee\aolsoftware.exe”="C:\Program Files\Common Files\AOL\1177552405\ee\aolsoftware.exe::Enabled:AOL Services”
“C:\Program Files\Common Files\AOL\1177552405\ee\AOLOpenRide.exe”=“C:\Program Files\Common Files\AOL\1177552405\ee\AOLOpenRide.exe::Enabled:AOL OpenRide"
“C:\Program Files\Tencent\Foxmail\Foxmail.exe”="C:\Program Files\Tencent\Foxmail\Foxmail.exe::Enabled:Internet Mail Client”
“C:\Program Files\Messenger\MSMSGS.EXE”=“C:\Program Files\Messenger\MSMSGS.EXE::Enabled:Windows Messenger"
“C:\Program Files\PPLive\PPLive.exe”="C:\Program Files\PPLive\PPLive.exe::Enabled:PPLive”
“D:\LeapFTP-v2.76\LeapFTP.exe”=“D:\LeapFTP-v2.76\LeapFTP.exe::Enabled:FTP 客户端工具"
“C:\Program Files\Common Files\AOL\1201394859\ee\aolsoftware.exe”="C:\Program Files\Common Files\AOL\1201394859\ee\aolsoftware.exe::Enabled:AOL Services”
“C:\Program Files\Common Files\AOL\1201394859\ee\AOLOpenRide.exe”=“C:\Program Files\Common Files\AOL\1201394859\ee\AOLOpenRide.exe::Enabled:AOL OpenRide"
“C:\Program Files\Mozilla Firefox\firefox.exe”="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox”
“C:\Program Files\Internet Explorer\iexplore.exe”=“C:\Program Files\Internet Explorer\iexplore.exe::Enabled:Internet Explorer"
“D:\website\uploadtool\HA_LeapFTP2.7.6.613_yfy\LeapFTP.exe”="D:\website\uploadtool\HA_LeapFTP2.7.6.613_yfy\LeapFTP.exe::Enabled:FTP 客户端工具”
“C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe”=“C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe::Enabled:Shareaza"
“C:\Program Files\Real\RealPlayer\RealPlay.exe”="C:\Program Files\Real\RealPlayer\RealPlay.exe::Enabled:RealPlayer”
“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype"
“C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe”="C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe::Enabled:Thunder”
“C:\WINDOWS\system32\Isass.exe”=“C:\WINDOWS\system32\Isass.exe::Enabled:Local Security Authority Service"
“C:\WINDOWS\system32\qmgh.exe”="C:\WINDOWS\system32\qmgh.exe::Enabled:@xpsp2res.dll,-22005”
“C:\WINDOWS\system32\hrldtbda.exe”=“C:\WINDOWS\system32\hrldtbda.exe::Enabled:@xpsp2res.dll,-22005"
“C:\WINDOWS\system32\awhrndin.exe”="C:\WINDOWS\system32\awhrndin.exe::Enabled:@xpsp2res.dll,-22005”
“C:\WINDOWS\system32\mqftx.exe”=“C:\WINDOWS\system32\mqftx.exe::Enabled:@xpsp2res.dll,-22005"
“C:\WINDOWS\system32\txkoiuku.exe”="C:\WINDOWS\system32\txkoiuku.exe::Enabled:@xpsp2res.dll,-22005”
“C:\WINDOWS\system32\bhsfb.exe”=“C:\WINDOWS\system32\bhsfb.exe::Enabled:@xpsp2res.dll,-22005"
“C:\WINDOWS\system32\nysd.exe”="C:\WINDOWS\system32\nysd.exe::Enabled:@xpsp2res.dll,-22005”
“C:\WINDOWS\system32\baxdhb.exe”=“C:\WINDOWS\system32\baxdhb.exe::Enabled:@xpsp2res.dll,-22005"
“C:\WINDOWS\system32\nwymdv.exe”="C:\WINDOWS\system32\nwymdv.exe::Enabled:@xpsp2res.dll,-22005”
“C:\WINDOWS\system32\wstmp.exe”=“C:\WINDOWS\system32\wstmp.exe::Enabled:@xpsp2res.dll,-22005"
“C:\WINDOWS\system32\tsynlelf.exe”="C:\WINDOWS\system32\tsynlelf.exe::Enabled:@xpsp2res.dll,-22005”
“C:\WINDOWS\system32\bxopb.exe”=“C:\WINDOWS\system32\bxopb.exe::Enabled:@xpsp2res.dll,-22005"
“C:\WINDOWS\system32\bxix.exe”="C:\WINDOWS\system32\bxix.exe::Enabled:@xpsp2res.dll,-22005”
“C:\WINDOWS\system32\czorq.exe”=“C:\WINDOWS\system32\czorq.exe::Enabled:@xpsp2res.dll,-22005"
“C:\Program Files\eMule\emule.exe”="C:\Program Files\eMule\emule.exe::Disabled:eMule”
“C:\Program Files\Tencent\Foxmail\FoxHot.exe”=“C:\Program Files\Tencent\Foxmail\FoxHot.exe:*:Disabled:Foxmail-Hotmail Proxy Application”
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000”
“C:\Program Files\MSN Messenger\msnmsgr.exe”=“C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1"
“C:\Program Files\MSN Messenger\livecall.exe”="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)”
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip