Find below the SDFix Report.
SDFix: Version 1.240 Run by COLLINS on Sun 03/01/2009 at 07:02 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-01 07:48:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:ipsec"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:ipsec"
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\IEPro\\MiniDM.exe:*:Enabled:MiniDM"
"C:\\Program Files\\WordPerfect Mail\\Programs\\bin\\WPMail.exe"="C:\\Program Files\\WordPerfect Mail\\Programs\\bin\\WPMail.exe:*:Enabled:WordPerfect MAIL for Windows"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe:*:Enabled:ipsec"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"G:\\MyDwnloadFile\\Creative LiveDrvUni-Pack(ENG) -SdBLASTERLIVEUPDATE - 12-07-05.exe"="G:\\MyDwnloadFile\\Creative LiveDrvUni-Pack(ENG) -SdBLASTERLIVEUPDATE - 12-07-05.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\system32\\wscntfy.exe"="C:\\WINDOWS\\system32\\wscntfy.exe:*:Enabled:ipsec"
"C:\\Program Files\\AVG\\AVG8\\avgui.exe"="C:\\Program Files\\AVG\\AVG8\\avgui.exe:*:Enabled:ipsec"
"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVDtray.exe"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVDtray.exe:*:Enabled:ipsec"
"C:\\Program Files\\AVG\\AVG8\\avgscanx.exe"="C:\\Program Files\\AVG\\AVG8\\avgscanx.exe:*:Enabled:ipsec"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE:*:Enabled:ipsec"
"C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe"="C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe:*:Enabled:ipsec"
"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DWTRIG20.EXE"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DWTRIG20.EXE:*:Enabled:ipsec"
"C:\\Program Files\\ASUS\\Asus Probe\\AsusProb.exe"="C:\\Program Files\\ASUS\\Asus Probe\\AsusProb.exe:*:Enabled:ipsec"
"C:\\PROGRA~1\\AVG\\AVG8\\avgupd.exe"="C:\\PROGRA~1\\AVG\\AVG8\\avgupd.exe:*:Enabled:ipsec"
"C:\\Program Files\\Logitech\\Video\\ISStart.exe"="C:\\Program Files\\Logitech\\Video\\ISStart.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\AGRSMMSG.exe"="C:\\WINDOWS\\AGRSMMSG.exe:*:Enabled:ipsec"
"C:\\Program Files\\Creative\\SBLive\\PlayCenter2\\CTNMRun.exe"="C:\\Program Files\\Creative\\SBLive\\PlayCenter2\\CTNMRun.exe:*:Enabled:ipsec"
"C:\\Program Files\\iTunes\\iTunesHelper.exe"="C:\\Program Files\\iTunes\\iTunesHelper.exe:*:Enabled:ipsec"
"C:\\PROGRA~1\\AVG\\AVG8\\avgnsx.exe"="C:\\PROGRA~1\\AVG\\AVG8\\avgnsx.exe:*:Enabled:ipsec"
"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe:*:Enabled:ipsec"
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:ipsec"
"C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
Files with Hidden Attributes :
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 14 Jun 2008 8 ..SHR --- "C:\WINDOWS\system32\07BCB660F9.sys"
Mon 17 Mar 2008 88 A.SHR --- "C:\WINDOWS\system32\E0E3AF777A.sys"
Sat 14 Jun 2008 9,862 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 19 Mar 2008 88 ..SHR --- "C:\Documents and Settings\All Users\Application Data\E0E3AF777A.sys"
Tue 20 Jan 2009 2,880 A.SH. --- "C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys"
Tue 29 Nov 2005 262,144 ...H. --- "C:\Program Files\Nero\Nero PhotoShow 4\data\DVDMPEG2Enc.dll"
Tue 29 Nov 2005 84,604 ...H. --- "C:\Program Files\Nero\Nero PhotoShow 4\data\movie_maker.exe"
Tue 29 Nov 2005 61,440 ...H. --- "C:\Program Files\Nero\Nero PhotoShow 4\data\NeASL.dll"
Tue 29 Nov 2005 95,892 ...H. --- "C:\Program Files\Nero\Nero PhotoShow 4\data\Nero PhotoShow Express.exe"
Sun 1 Mar 2009 8,129,896 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2064d652e93807b954225d9ba4a6b219\BIT3A.tmp"
Sun 1 Mar 2009 8,129,896 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2064d652e93807b954225d9ba4a6b219\BIT56.tmp"
Sun 1 Mar 2009 4,909,440 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\311b85005aa2bc8a145a290cf5a139f2\BITB.tmp"
Sun 1 Mar 2009 8,822,672 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\38f348c87f8c2315e0e711a1f264b063\BIT39.tmp"
Wed 25 Feb 2009 4,865,408 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3dc4dbb460c51f10af947c31d0b396de\BIT3E.tmp"
Sun 1 Mar 2009 4,865,408 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3dc4dbb460c51f10af947c31d0b396de\BIT64.tmp"
Sun 1 Mar 2009 7,669,009 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f48480c3bff7fa275c02353aba158bb\BIT3D.tmp"
Sun 1 Mar 2009 7,669,009 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f48480c3bff7fa275c02353aba158bb\BIT63.tmp"
Sat 28 Feb 2009 25,634,737 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\695c9577cb50850d8e388f3cadd1563d\BIT15.tmp"
Sat 28 Feb 2009 50,828,850 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6a50f5f0959a43a8e56a65919822bf2a\BIT19.tmp"
Sat 28 Feb 2009 42,740,760 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7b8c200714ca2ac002bccebc74daeb3e\BIT1A.tmp"
Sat 28 Feb 2009 37,038,096 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\828e78e94bef91c4ecbc3e1b0a1b35ed\BIT17.tmp"
Sun 1 Mar 2009 2,863,144 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\831bad3f3b8bd3511c8a4e905fa7f844\BIT3B.tmp"
Sun 1 Mar 2009 9,448,904 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d8a1db5b2c187dfff9360bceec5d807\BIT3C.tmp"
Sat 28 Feb 2009 3,030,568 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3e9e7327f38776a4eeeb084da3eff5a\BIT18.tmp"
Sun 1 Mar 2009 9,237,440 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b78797d4e2ea9a8dcbe3140f470c3736\BIT47.tmp"
Sun 1 Mar 2009 3,552,839 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bd64172cd2143fb5d6d9c864a6da8395\BIT38.tmp"
Sun 1 Mar 2009 9,249,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c583e569e1f1773d32894dc0975498a1\BIT18.tmp"
Sun 1 Mar 2009 9,249,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c583e569e1f1773d32894dc0975498a1\BIT37.tmp"
Sat 28 Feb 2009 113,491,064 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d9f6fad75dbdac35a8ef8c60acfcb1a4\BIT16.tmp"
Sun 1 Mar 2009 5,687,304 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\deb185b7c3743a27be869545db996079\BIT34.tmp"
Sun 1 Mar 2009 5,687,304 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\deb185b7c3743a27be869545db996079\BIT49.tmp"
Sun 1 Mar 2009 9,006,448 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f9a482c6548f5fe0d3c6095f8a2de4fc\BIT35.tmp"
Sat 7 Feb 2009 444 ...HR --- "C:\Documents and Settings\COLLINS\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 1 Mar 2009 36,016,335 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\download\BIT23.tmp"
Sun 1 Mar 2009 10,246,065 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fba53b5b7fa98bdc2fa6b2e0759b4674\download\BIT9.tmp"
Finished![attachment deleted by admin]