Thread: VAV and friends
View Single Post
Old 08-04-2008, 12:59 PM   #3 (permalink)
dsd_uk
Registered User
 
Join Date: Feb 2008
Posts: 11
OS: XP


Re: VAV and friends
Hi, thanks for getting back to me. Right I've followed the said instructions, I don't know if this is normal but whilst running SDFix the following messages appeared in the dos style box:

'Findstr: cannot open %>!->> -?>!!-'

and was later followed by this message:

'The system cannot find the file Foundsvc.txt'

After SDfix I set up the windows recovery console and then I double click on Combofix, a little loading bar opens up over the icon then a blue window opens up very quickly for a split second and then thats it, nothing else happens! See below my report for SDfix and also attached my latest hijackthis log.

Thanks again for helping me out with this.


SDFix: Version 1.212
Run by Dan on 04/08/2008 at 18:12

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\nvrsul32.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 18:30:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Dan\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Dan\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe:*:Disabled:Football Manager 2007"
"C:\\Program Files\\Common Files\\AOL\\1171496591\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1171496591\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\\Program Files\\SopCast\\sopvod.exe"="C:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 26 Jan 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Wed 26 Jan 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Wed 26 Jan 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 15 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 12 Jun 2008 21,504 ...H. --- "C:\Documents and Settings\Dan\My Documents\~WRL3799.tmp"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sat 24 Jan 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sun 30 Dec 2007 561 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiC2.tmp"
Sun 20 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 19 Dec 2007 28,672 ...H. --- "C:\Documents and Settings\Dan\Desktop\Jobs for 2008\~WRL2519.tmp"
Tue 27 Mar 2007 461,824 ...H. --- "C:\Documents and Settings\Dan\My Documents\Travel Log\~WRL0750.tmp"
Thu 11 Jan 2007 33,280 ...H. --- "C:\Documents and Settings\Dan\My Documents\Travel Log\~WRL0881.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT5D.tmp"
Sun 24 Feb 2008 616,448 A.SH. --- "C:\Deckard\System Scanner\20080504122303\backup\WINDOWS\temp\0jnxl805.TMP"
Fri 17 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\Dan\Local Settings\Application Data\Macromedia\Macromedia FlashPaper\OfficeTemplates\~WRL0001.tmp"
Fri 17 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\Dan\Local Settings\Application Data\Macromedia\Macromedia FlashPaper\OfficeTemplates\~WRL0002.tmp"
Fri 17 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\Dan\Local Settings\Application Data\Macromedia\Macromedia FlashPaper\OfficeTemplates\~WRL0003.tmp"
Fri 17 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\Dan\Local Settings\Application Data\Macromedia\Macromedia FlashPaper\OfficeTemplates\~WRL0004.tmp"
Fri 17 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\Dan\Local Settings\Application Data\Macromedia\Macromedia FlashPaper\OfficeTemplates\~WRL0005.tmp"
Fri 17 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\Dan\Local Settings\Application Data\Macromedia\Macromedia FlashPaper\OfficeTemplates\~WRL0006.tmp"
Fri 17 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\Dan\Local Settings\Application Data\Macromedia\Macromedia FlashPaper\OfficeTemplates\~WRL0007.tmp"
Fri 17 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\Dan\Local Settings\Application Data\Macromedia\Macromedia FlashPaper\OfficeTemplates\~WRL0008.tmp"
Fri 17 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\Dan\Local Settings\Application Data\Macromedia\Macromedia FlashPaper\OfficeTemplates\~WRL0009.tmp"
Thu 18 Aug 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!
Attached Files
File Type: doc HijackThislog.doc (38.5 KB, 1 views)
dsd_uk is offline