SDFix: Version 1.100 Run by Owner on Tue 08/28/2007 at 08:19 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\OWNER~1.BAS\MYDOCU~1\MYCOMP~1\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\aol.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ [COLOR=RED][B]Rootkit Srizbi/Agent.EA Registry Value Detected, Use a Rootkit scanner ![/COLOR][/B] Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Westwood\\RA2\\game.exe"="C:\\Westwood\\RA2\\game.exe:*:Enabled:Main executable for Red Alert 2" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"="C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat:*:Enabled:game" "C:\\Westwood\\RA2\\mph.exe"="C:\\Westwood\\RA2\\mph.exe:*:Enabled:mph" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\DOCUME~1\OWNER~1.BAS\MYDOCU~1\MYCOMP~1\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\Owner.BASEMENT\Application Data\IBP\Projects\Tripod.com\Ranking\dbisam.lck C:\Documents and Settings\Owner.BASEMENT\NetHood\myhome.freeonlinegames4you.com\Desktop.ini C:\Program Files\Replay Converter\cygz.dll C:\Program Files\America Online 9.0\AOLphx.exe C:\Program Files\America Online 9.0\rbm.exe C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe C:\WINDOWS\WSYS049.SYS C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp C:\Documents and Settings\Owner.BASEMENT\Application Data\Microsoft\Templates\~WRL0001.tmp C:\WINDOWS\system32\gjjlm.tmp C:\WINDOWS\system32\jjllm.tmp C:\WINDOWS\system32\rqstv.tmp C:\WINDOWS\system32\rrqss.tmp Finished