View Full Version : a few bugs
Randyp00
2007-11-27, 20:47
well there are probably others seeing as how i read all the other people's threads with these. i ran s&d and it came up with these two numerous times. i try and fix the problem and it says 1 file cannot be fixed and asks to reboot and rescan. i do this and they reappear. well now due to the viruses i have my connection isnt working. AIM doesnt logon and i cant surf on firefox. however my computer is still recieving a connection from my host computer which can do these things. i cannot get logs because i am at the library and cannot simply c&p them here. is there anyway i can temporarily reconnect my computer? also there is a .exe in my hardrive named onoes and i delete it and empty the bin and it comes back.
Randyp00
2007-11-27, 21:06
well i have to go to work i hope to come back to some advice. see ya later
Randyp00
2007-11-28, 08:17
combo fix log
ComboFix 07-11-19.4 - Randy 2 2007-11-28 2:03:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.249 [GMT -5:00]
Running from: C:\Documents and Settings\Randy 2\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Randy 2\Application Data\ICROSO~1
C:\Documents and Settings\Randy 2\Application Data\ICROSO~1\?ttrib.exe
C:\Documents and Settings\Randy 2\Application Data\WinTouch
C:\Documents and Settings\Randy 2\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Randy 2\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Randy 2\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Randy 2\My Documents\CROSOF~1
C:\Documents and Settings\Randy 2\My Documents\CROSOF~1\??crosoft\
C:\Documents and Settings\Randy 2\My Documents\CROSOF~1\javaw.exe
C:\onoes.exe
C:\Program Files\outlook
C:\Program Files\outlook\outlook.exe
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\v.tmp
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\c1
C:\WINDOWS\system32\c1\baslook11.exe
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\d1
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\j2
C:\WINDOWS\system32\j2\ppjup83122.exe
C:\WINDOWS\system32\m8
C:\WINDOWS\system32\m8\nsts2dll1.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\pruvw.ini
C:\WINDOWS\system32\pruvw.ini2
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\uarixydh.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wapiit.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wvurp.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\LEGACY_NPF
-------\core
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.
2007-11-28 02:04 <DIR> d-------- C:\VundoFix Backups
2007-11-28 01:53 128 --a------ C:\Documents and Settings\Randy 2\services.exe
2007-11-27 18:16 <DIR> d-------- C:\Temp\abW9
2007-11-27 18:16 <DIR> d-------- C:\Temp
2007-11-27 18:16 172,032 --a------ C:\winlogon.exe
2007-11-27 18:16 256 --a------ C:\z.dat
2007-11-27 18:16 134 --a------ C:\n.bat
2007-11-27 18:16 0 --a------ C:\x.dat
2007-11-27 06:44 40,960 --a------ C:\Documents and Settings\Randy 2\f.exe
2007-11-26 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-26 19:30 <DIR> d-------- C:\Documents and Settings\Randy 2\Application Data\Azureus
2007-11-26 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-26 19:29 <DIR> d-------- C:\Program Files\Azureus
2007-11-25 16:06 <DIR> d-------- C:\Documents and Settings\Randy 2\Application Data\AdobeUM
2007-11-25 15:59 <DIR> d-------- C:\Documents and Settings\Randy 2\Shared
2007-11-25 15:59 <DIR> d-------- C:\Documents and Settings\Randy 2\Incomplete
2007-11-25 15:58 <DIR> d-------- C:\Documents and Settings\Randy 2\Application Data\LimeWire
2007-11-11 18:09 <DIR> d-------- C:\Program Files\StealthBot
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 04:16 --------- d-----w C:\Program Files\Diablo II
2007-11-27 14:41 --------- d-----w C:\Program Files\Diablo 2
2007-11-27 13:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-25 21:52 --------- d-----w C:\Program Files\Java
2007-11-25 21:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-13 15:30 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-13 15:30 --------- d-----w C:\Program Files\Hero Editor
2007-11-13 15:29 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-30 21:52 --------- d-----w C:\Program Files\AIM6
2007-10-30 21:51 --------- d-----w C:\Program Files\Viewpoint
2007-10-30 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-30 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-30 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-20 01:13 --------- d-----w C:\Program Files\Warcraft III
2007-10-14 21:22 --------- d-----w C:\Documents and Settings\Randy 2\Application Data\OpenOffice.org2
2007-10-03 06:06 --------- d-----w C:\Program Files\AutoIt3
2007-09-24 18:14 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-08-07 20:30 163,840 ----a-w C:\Program Files\Common Files\pocyt77798.exe
2007-01-10 17:15 290,818 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-01-10 17:15 290,817 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-01-10 17:15 290,817 --sh--w C:\WINDOWS\Fonts\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A589AA6-EDDD-4552-AB9A-4EDFF5CDD7DE}]
2007-11-27 06:43 36864 --a------ C:\WINDOWS\system32\gebayvw.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB4344"="command /c del C:\WINDOWS\system32\drivers\core.sys" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 15:10]
"P17Helper"="Rundll32 P17.dll" []
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-03-19 06:15 C:\WINDOWS\system32\nwiz.exe]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" []
"WWYD Agent"="C:\WINDOWS\system32\28463\WWYD.exe" []
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1A589AA6-EDDD-4552-AB9A-4EDFF5CDD7DE}"= C:\WINDOWS\system32\gebayvw.dll [2007-11-27 06:43 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayvw]
gebayvw.dll 2007-11-27 06:43 36864 C:\WINDOWS\system32\gebayvw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvurp.dll
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
S3 PsSdk30;PsSdk30;\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 02:14:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-28 2:16:48 - machine was rebooted
.
--- E O F ---
Randyp00
2007-11-28, 08:28
Hijackthis report
C:\Documents and Settings\Randy 2\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A589AA6-EDDD-4552-AB9A-4EDFF5CDD7DE} - C:\WINDOWS\system32\gebayvw.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {77CE82B3-7E3C-4C77-9883-6BF008DFB266} - C:\WINDOWS\system32\xxwwx.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [WWYD Agent] C:\WINDOWS\system32\28463\WWYD.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4344] command /c del "C:\WINDOWS\system32\drivers\core.sys"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182095302266
O20 - Winlogon Notify: gebayvw - C:\WINDOWS\SYSTEM32\gebayvw.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 4510 bytes
Randyp00
2007-11-28, 08:50
new log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:27:37 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Randy 2\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A589AA6-EDDD-4552-AB9A-4EDFF5CDD7DE} - C:\WINDOWS\system32\gebayvw.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {77CE82B3-7E3C-4C77-9883-6BF008DFB266} - C:\WINDOWS\system32\xxwwx.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [WWYD Agent] C:\WINDOWS\system32\28463\WWYD.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4344] command /c del "C:\WINDOWS\system32\drivers\core.sys"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182095302266
O20 - Winlogon Notify: gebayvw - C:\WINDOWS\SYSTEM32\gebayvw.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 4510 bytes
Hello and welcome to the forums
I have merged your topics as you only need one thread
Now to your problem.
Do you use your computer for any online banking or purchasing ?
You appear to have a keylogger/password stealer present
SD Fix
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log