Hello.. I've seen various posts of people infected with that annoying New Win32 virus.. So if you all could help me out I would appreciate it!! I did a run with the SD Fix and this is what it came up with..
SDFix: Version 1.112
Run by Jason MacKay on Sun 10/28/2007 at 08:34 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\JASONM~1\Desktop\c\sdfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\Yserver.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Verizon Yahoo! Music Engine"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Files with Hidden Attributes:
Thu 4 May 2006 88 A.SHR --- "C:\i386\ADAA994E9C.sys"
Thu 4 May 2006 3,766 A.SH. --- "C:\i386\KGyGaAvL.sys"
Mon 15 Oct 2007 104 ..SHR --- "C:\WINDOWS\system32\9C4E99AAAD.sys"
Fri 19 Oct 2007 10,752 ..SHR --- "C:\WINDOWS\system32\accwizl.exe"
Thu 16 Aug 2007 88 ..SHR --- "C:\WINDOWS\system32\ADAA994E9C.sys"
Mon 15 Oct 2007 8,456 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 15 Jul 2007 8 A..H. --- "C:\Documents and Settings\Jason MacKay\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 16 Jul 2007 8 A..H. --- "C:\Documents and Settings\Jason MacKay\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 16 Jul 2007 8 A..H. --- "C:\Documents and Settings\Jason MacKay\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 16 Jul 2007 8 A..H. --- "C:\Documents and Settings\Jason MacKay\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Tue 31 Jul 2007 8 A..H. --- "C:\Documents and Settings\Jason MacKay\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Finished!