Hello
I have run the programme that you suggested and I have attached the following log.
Looks like it has worked.
Many thanks for your help
Catherine
SDFix: Version 1.216 Run by Administrator on 17/08/2008 at 13:15
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Administrator\Desktop\SDFix
Checking Services :
Name :
sysrest.sys
Path :
\??\C:\Windows\system32\sysrest.sys
sysrest.sys - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value
Rebooting
Checking Files :
Trojan Files Found:
C:\Windows\system32\pphc37gj0eelc.exe - Deleted
C:\Program Files\rhc77gj0eelc\database.dat - Deleted
C:\Program Files\rhc77gj0eelc\license.txt - Deleted
C:\Program Files\rhc77gj0eelc\MFC71.dll - Deleted
C:\Program Files\rhc77gj0eelc\MFC71ENU.DLL - Deleted
C:\Program Files\rhc77gj0eelc\msvcp71.dll - Deleted
C:\Program Files\rhc77gj0eelc\msvcr71.dll - Deleted
C:\Program Files\rhc77gj0eelc\rhc77gj0eelc.exe.local - Deleted
C:\Program Files\rhc77gj0eelc\Uninstall.exe - Deleted
C:\WINDOWS\SYSTEM32\PPHC37~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\PHC37G~1.BMP - Deleted
C:\Windows\system32\blphc37gj0eelc.scr - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\971706~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\977081~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\977343~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\984945~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\988878~1.EXE - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt10.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt11.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt12.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1C7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt20.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt21.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt22.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt23.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt24.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt25.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt26.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt27.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt28.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2FD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt30.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt32.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt325.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt33.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt34.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt35.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt36.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt37.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt38.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt40.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt42.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt43.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt44.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt45.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt46.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt47.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt48.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4A8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4EC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt50.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt52.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt53.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt54.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt55.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt56.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt57.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt586.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt589.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt590.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt593.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt595.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt598.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt60.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt61.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt63.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt64.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt65.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt66.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt68.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt69.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt70.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt72.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt73.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt74.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt76.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt77.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt78.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt80.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt81.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt82.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt83.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt84.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt85.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt86.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt88.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt89.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt90.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt91.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt92.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt93.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt95.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt96.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt97.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt99.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA4.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA6.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAE.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB4.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB6.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBE.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC4.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEA.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEE.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF2.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted
C:\Windows\system32\14.tmp - Deleted
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk - Deleted
C:\Windows\system32\WinCtrl32.dll - Deleted
Folder C:\Program Files\rhc77gj0eelc - Removed
Folder C:\Documents and Settings\Administrator\Application Data\rhc77gj0eelc - Removed
Folder C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-17 13:26:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027282875f]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027282875f]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Common Files\\AOL\\1170918074\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1170918074\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"="C:\\Program Files\\AOL 9.0 VR\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 22 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 22 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 22 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Tue 22 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0a\aolphx.exe"
Tue 22 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0a\aoltray.exe"
Tue 22 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0a\RBM.exe"
Mon 22 Jan 2007 46,640 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphx.exe"
Fri 10 Nov 2006 54,832 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphxex.exe"
Fri 10 Nov 2006 33,328 A..H. --- "C:\Program Files\AOL 9.0 VR\rbm.exe"
Tue 28 Mar 2006 236,032 A..H. --- "C:\temp\aol\curl.exe"
Wed 29 Dec 2004 61,440 A..H. --- "C:\temp\aol\modemconfig.exe"
Wed 23 Apr 2008 25,088 ...H. --- "C:\Documents and Settings\Administrator\My Documents\~WRL0004.tmp"
Sat 26 Jul 2008 154 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1FB9.tmp"
Wed 7 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 21 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1BF.tmp"
Sun 12 Sep 2004 190,464 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL2350.tmp"
Thu 13 Oct 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!
You do not have the required permissions to view the files attached to this post.