2
Contributors
4
Replies
5
Views
9 Years
Discussion Span
Last Post by crunchie
0

sir this is the report.txt file......
pls read this...........


SDFix: Version 1.116

Run by Administrator on Wed 12/05/2007 at 07:14 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\DOCUME~1\ADMINI~1\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

D:\WINDOWS\system\svchost.exe - Deleted
D:\WINDOWS\system32\setting.ini - Deleted


Removing Temp Files...

ADS Check:

D:\WINDOWS
No streams found.

D:\WINDOWS\system32
No streams found.

D:\WINDOWS\system32\svchost.exe
No streams found.

D:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 19:21:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="D:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"D:\\Program Files\\BitLord\\BitLord.exe"="D:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"D:\\Program Files\\Google\\Google Talk\\googletalk.exe"="D:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Program Files\\Orbitdownloader\\orbitdm.exe"="D:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"D:\\Program Files\\Orbitdownloader\\orbitnet.exe"="D:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"="D:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe:*:Disabled:Age of Empires II"
"D:\\Program Files\\Rediff Bol\\RediffMessenger.exe"="D:\\Program Files\\Rediff Bol\\RediffMessenger.exe:*:Enabled:Rediff Bol 8.0 "
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="D:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - D:\DOCUME~1\ADMINI~1\Desktop\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 9 Nov 2007 2,668 A..H. --- "D:\Program Files\SuperGOO\MetaImage.dll"
Sun 27 Apr 2008 106,496 A.SHR --- "D:\WINDOWS\system\_sv_CMD_\_U_.exe"
Wed 28 Nov 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\0d4a7c846fe5e74c3056c3e240c1ffeb\BITB.tmp"
Sat 22 Sep 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\dcfb65ff18fcfdf3d0086d241818e7bc\BIT3B.tmp"
Sat 22 Sep 2007 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 23 Sep 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\download\BITB.tmp"

Finished!

finallly, pls suggest me any good spyware and antivirus?

0

Sir thank you very much for ur advice........

Ill post other symptoms i faced before doin ur fix ......

1. when i opened my usb drive.... it did not open saying that user has no permission.....

2. i used folders pane and opened the drive..... i found that there was another folder created within the existing folder using the same name..... but it was not a folder.......it was a exe file with folder icon.....

After the fix
1. I am able to open the drive now. but i am still getting a warning from my spyware doctor anti spyware that a malicious action action has been blocked......

The msg reads
Malicious action blocked

Spyware Doctor has blocked an appln INFO.exe that is trying to access a file.....

Path: D:\windows\system\svchost.exe....

pls help me solve this

0

I have moved your posts to your own thread. Please do not piggy back other members posts in the hijackthis forum :).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.