Thread: "Antivirus XP" turns to system shutdown, unable to dl, blocking websites?
View Single Post
Join Date: Aug 2008
Posts: 10
Reputation: agent rotary is an unknown quantity at this point 
Solved Threads: 0
agent rotary agent rotary is offline Offline
Newbie Poster

Re: "Antivirus XP" turns to system shutdown, unable to dl, blocking websites?

 
0
  #4
Aug 29th, 2008
After that fix, my computer forced a reboot through the "Service and Controller app" problem reboot through system32/services. exe, error 1073741819. Then it ran again and it said this:

SDFix: Version 1.220 
Run by Madame Rotary on Fri 08/29/2008 at 09:58 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Madame Rotary\Desktop\SDFix\SDFix

Checking Services :

Name : 
sysrest.sys

Path :
\??\C:\WINDOWS\system32\sysrest.sys 

sysrest.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper  

Rebooting


Checking Files : 

Trojan Files Found:

C:\WINDOWS\system32\phcr6mj0ej59.bmp - Deleted
C:\Documents and Settings\Madame Rotary\xrt_cyjy.exe - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt168E.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1692.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt16C3.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1712.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1759.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1770.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1779.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1783.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1786.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt178B.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt178D.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt178F.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1791.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1797.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt179D.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17A0.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17A2.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17A8.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17AA.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17AC.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17AF.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17B1.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17B3.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17B5.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17B7.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17B9.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17BC.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17BE.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17C0.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17C2.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17C4.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17C6.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17C9.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17CB.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17CD.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17CF.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17D1.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17D3.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17D6.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17D8.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17DA.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17DC.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17DE.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17E0.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17E6.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17E8.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17EA.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17EC.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17EE.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17F0.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17F3.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17F5.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17F8.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17FA.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17FC.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt17FF.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1802.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1805.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1807.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt180B.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt180D.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt180F.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1812.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1818.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt182D.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1836.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1845.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1878.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1893.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt18AA.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt18BB.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt18F1.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1909.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt190F.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1915.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1918.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt191A.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1925.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1946.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt195D.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1985.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt198A.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1993.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt19A9.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CAD.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CB4.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CD0.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CD9.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CDF.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CE5.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CEB.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CF1.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CF9.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CFF.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D06.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D0C.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D12.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D18.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D1E.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D24.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D2A.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D30.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D36.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D3C.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D42.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D48.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D4E.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D54.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D5A.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D60.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D66.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D6C.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D72.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D78.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D7E.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D84.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D8A.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D90.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D96.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1D9C.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DA2.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DA8.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DAE.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DB4.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DBA.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DC0.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DC8.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DCE.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DD4.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DDA.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DE0.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DE6.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DEC.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DF2.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DF8.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1DFF.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1E05.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1E0B.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1E11.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1E17.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1E1D.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1E23.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1E29.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1E2F.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1E4D.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1E6E.tmp - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt168E.tmp.vbs - Deleted
C:\DOCUME~1\MADAME~1\LOCALS~1\Temp\.tt1CAD.tmp.vbs - Deleted
C:\WINDOWS\system32\drivers\tdssserv.sys  - Deleted
C:\WINDOWS\system32\sysrest.sys  - Deleted
C:\WINDOWS\system32\tdssadw.dll  - Deleted
C:\WINDOWS\system32\tdssinit.dll  - Deleted
C:\WINDOWS\system32\tdssl.dll  - Deleted
C:\WINDOWS\system32\tdsslog.dll  - Deleted
C:\WINDOWS\system32\tdssmain.dll  - Deleted
C:\WINDOWS\system32\tdssservers.dat  - Deleted





Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 12:02:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5d,d3,6f,da,74,01,fa,a4,8a,e4,f0,2e,35,15,dc,47,2d,a6,dc,d1,f4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:62,bf,56,f0,8d,c1,a2,f4,db,41,f3,07,b5,dd,19,fb,ea,7d,7b,c4,94,..
"d0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:05,67,bc,98,d7,34,64,ae,7a,d9,30,18,ac,9d,c9,4c,30,a2,60,0b,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5d,d3,6f,da,74,01,fa,a4,8a,e4,f0,2e,35,15,dc,47,2d,a6,dc,d1,f4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:62,bf,56,f0,8d,c1,a2,f4,db,41,f3,07,b5,dd,19,fb,ea,7d,7b,c4,94,..
"d0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:05,67,bc,98,d7,34,64,ae,7a,d9,30,18,ac,9d,c9,4c,30,a2,60,0b,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\utorrent.exe"="C:\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Documents and Settings\\Madame Rotary\\My Documents\\my games\\Nintendo Games\\EMULATOR1 - NESTICLE.exe"="C:\\Documents and Settings\\Madame Rotary\\My Documents\\my games\\Nintendo Games\\EMULATOR1 - NESTICLE.exe:*:Disabled:EMULATOR1 - NESTICLE"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*:Disabled:a"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\DOCUME~1\MADAME~1\Desktop\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 16 Mar 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 17 May 2007           399 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti43.tmp"
Wed 17 Nov 2004        94,458 A..H. --- "C:\Program Files\Nero\data\Nero PhotoShow Express.exe"

Finished!

Firefox also stopped working, so I uninstalled that, but this startup is an issue, I'm actually racing against time to post now, so I'm not sure if fixing the problem caused more problem or if this is now an entirely different issue.
Reply With Quote