I'm trying to get rid of gomyhit.com spyware. I found in the forums that others have had the same problem and have tried to resolve the problem on my own. I've done the SDFix.exe and restarted my computer in safe mode. I have the Report.txt. The next part of the instructions says to use Combofix but it says to use only if instructed. I don't want to proceed unless I really need to. Here is my report.txt. Can someone help me with the next safe steps to follow?
SDFix: Version 1.159
Run by Me on Wed 03/26/2008 at 02:04 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Program Files\outlook\p.zip - Deleted
Folder C:\WINDOWS\system32\wsnpoem - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 14:17:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"
"C:\\WINDOWS\\system32\\aendguwi.exe"="C:\\WINDOWS\\system32\\aen"
"C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"="C:\\Program Files\\Ares Ultra\\Ares Ultra.exe:*:Enabled:Ares Ultra p2p for windows"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe"="C:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe:*:Enabled:Maya"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"="C:\\Program Files\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\backburner\\server.exe"="C:\\Program Files\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay AV 8\cygz.dll"
Sat 6 Oct 2007 1,501,753 A.SH. --- "C:\WINDOWS\system32\loqss.tmp"
Wed 5 Sep 2007 1,916,553 A.SH. --- "C:\WINDOWS\system32\loqss.bak1"
Fri 5 Oct 2007 1,524,883 A.SH. --- "C:\WINDOWS\system32\loqss.bak2"
Tue 26 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 17 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1A.tmp"
Tue 21 Aug 2007 4,102 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Sun 30 Sep 2007 24,064 A..H. --- "C:\Documents and Settings\Me\My Documents\Art Institute Online\Advanced Life Drawing for Animation\~WRL0005.tmp"
Sun 30 Sep 2007 25,088 A..H. --- "C:\Documents and Settings\Me\My Documents\Art Institute Online\Advanced Life Drawing for Animation\~WRL0270.tmp"
Sun 30 Sep 2007 25,600 A..H. --- "C:\Documents and Settings\Me\My Documents\Art Institute Online\Advanced Life Drawing for Animation\~WRL0432.tmp"
Sun 30 Sep 2007 24,576 A..H. --- "C:\Documents and Settings\Me\My Documents\Art Institute Online\Advanced Life Drawing for Animation\~WRL3619.tmp"
Sun 26 Aug 2007 24,576 A..H. --- "C:\Documents and Settings\Me\My Documents\Art Institute Online\Digital Audio & Video GAD221 XA\~WRL0940.tmp"
Sun 26 Aug 2007 25,600 A..H. --- "C:\Documents and Settings\Me\My Documents\Art Institute Online\Digital Audio & Video GAD221 XA\~WRL1388.tmp"
Sun 26 Aug 2007 25,600 A..H. --- "C:\Documents and Settings\Me\My Documents\Art Institute Online\Digital Audio & Video GAD221 XA\~WRL1724.tmp"
Sun 26 Aug 2007 24,576 A..H. --- "C:\Documents and Settings\Me\My Documents\Art Institute Online\Digital Audio & Video GAD221 XA\~WRL1916.tmp"
Sun 26 Aug 2007 24,576 A..H. --- "C:\Documents and Settings\Me\My Documents\Art Institute Online\Digital Audio & Video GAD221 XA\~WRL3259.tmp"
Sun 26 Aug 2007 24,064 A..H. --- "C:\Documents and Settings\Me\My Documents\Art Institute Online\Digital Audio & Video GAD221 XA\~WRL3733.tmp"
Thu 6 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch1\lock.tmp"
Thu 6 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\lock.tmp"
Thu 6 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\lock.tmp"
Thu 6 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch4\lock.tmp"
Fri 7 Mar 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\lock.tmp"
Finished!