TechSpot

Google search virus

By Tabalt
Apr 17, 2009
  1. Hi I was reading some posts to a similar problem I was having and was hoping you could help. Here is the instructions I followed so far:


    The problem still exists and I am not sure what to do next. Please help! Here is the report it gave me:

    SDFix: Version 1.240
    Run by Owner on Fri 04/17/2009 at 12:33 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
    Rootkit scan 2009-04-17 00:37:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    disk error: C:\WINDOWS\system32\config\system, 0
    scanning hidden registry entries ...

    disk error: C:\WINDOWS\system32\config\software, 0
    disk error: C:\Documents and Settings\Owner\ntuser.dat, 0
    scanning hidden files ...

    disk error: C:\WINDOWS\

    please note that you need administrator rights to perform deep scan

    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\blahoo\\Messenger\\YahooMessenger.exe"="C:\\blahoo\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
    "C:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
    "C:\\Valve\\Condition Zero\\czero.exe"="C:\\Valve\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"
    "C:\\Westwood\\SUN\\game.exe"="C:\\Westwood\\SUN\\game.exe:*:Enabled:Main executable for Tiberian Sun"
    "C:\\nes\\nestc042\\NESTCL95.EXE"="C:\\nes\\nestc042\\NESTCL95.EXE:*:Enabled:NESTCL95"
    "C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe:*:Disabled:bfvietnam"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhdlc.exe"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhdlc.exe:*:Enabled:dfbhdlc"
    "C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe:*:Disabled:dfbhd"
    "C:\\Program Files\\Groove Games\\Land Of The Dead\\System\\LOTD.exe"="C:\\Program Files\\Groove Games\\Land Of The Dead\\System\\LOTD.exe:*:Enabled:Land Of The Dead"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    Remaining Files :



    Files with Hidden Attributes :

    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Mon 22 Sep 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 22 Sep 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
    Mon 20 Oct 2008 24,576 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0253.tmp"
    Mon 20 Oct 2008 23,040 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3204.tmp"
    Sun 21 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
    Fri 19 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
    Fri 19 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
    Tue 20 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
    Tue 23 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
    Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
    Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
    Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
    Mon 2 Dec 2002 431,616 ...HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
    Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
    Sat 24 Jan 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Tue 18 Nov 2008 28,160 ...H. --- "C:\Documents and Settings\Owner\Desktop\jobs\info\~WRL0001.tmp"

    Finished!
     
  2. touch

    touch TS Rookie Posts: 978

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...