hello gringo
Here is the SDFix log:SDFix: Version 1.119
Run by B h a r a t on Mon 12/24/2007 at 01:15 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
f0ufzatyeit
Path:
C:\WINDOWS\system32\mhjixiocbtxu.exe /service
f0ufzatyeit - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
Could Not Remove C:\autorun.inf
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-24 13:19:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\eLitecore\\Cyberoam Client for 24Online\\CyberoamClient.exe"="C:\\Program Files\\eLitecore\\Cyberoam Client for 24Online\\CyberoamClient.exe:*:Enabled:24Online Client"
"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"="C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
C:\autorun.inf Found
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 11 Dec 2007 123,551 ..SHR --- "C:\WINDOWS\system32\amvo.exe"
Mon 24 Dec 2007 45,421 ..SHR --- "C:\WINDOWS\system32\amvo0.dll"
Wed 12 Dec 2007 77,312 ...H. --- "C:\Documents and Settings\B h a r a t\My Documents\~WRL0002.tmp"
Fri 21 Dec 2007 341,796 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\284ed1b6481414bca757a979275d63e5\BIT7F.tmp"
Thu 13 Dec 2007 1,123,880 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9ef9933da35bdbcb8d9cd93868ba3092\BIT100.tmp"
Tue 18 Dec 2007 54,807,786 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ff1abc45bb4b51f55d5dd49be852a17a\BIT1.tmp"
Mon 10 Dec 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Mon 10 Dec 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Mon 10 Dec 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Mon 10 Dec 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Mon 10 Dec 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Mon 10 Dec 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"
Finished!
--------------------------------------------------------------------------------------------------------------------
Here is the combofix log:ComboFix 07-12-24.8 - B h a r a t 2007-12-24 13:26:06.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.212 [GMT -8:00]
Running from: C:\Documents and Settings\B h a r a t\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\B h a r a t\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\AniGIF.ocx
C:\WINDOWS\system32\mhjixiocbtxu.exe
C:\WINDOWS\system32\wbhelp2.dll
C:\WINDOWS\system32\wbocx.ocx
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\AniGIF.ocx
C:\WINDOWS\system32\wbhelp2.dll
C:\WINDOWS\system32\wbocx.ocx
.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.
2007-12-24 13:13 . 2007-12-24 13:14 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-23 13:40 . 2007-12-23 13:40 <DIR> d-------- C:\Documents and Settings\B h a r a t\Shared
2007-12-23 13:40 . 2007-12-23 14:17 <DIR> d-------- C:\Documents and Settings\B h a r a t\Incomplete
2007-12-23 13:39 . 2007-12-23 13:39 <DIR> d-------- C:\Program Files\LimeWire
2007-12-23 13:39 . 2007-12-23 14:17 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\LimeWire
2007-12-22 01:48 . 2007-12-22 01:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-22 01:46 . 2007-12-22 01:48 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Nokia
2007-12-22 01:46 . 2007-12-22 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Nokia
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-12-22 01:45 . 2007-12-22 08:12 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\PC Suite
2007-12-22 01:45 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-22 01:45 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-22 01:45 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-22 01:45 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-22 01:45 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-22 01:45 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-12-22 01:44 . 2007-12-22 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-12-21 03:25 . 2007-12-21 03:26 <DIR> d-------- C:\TALLYNL
2007-12-20 02:34 . 2007-12-20 02:34 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Camfrog
2007-12-20 02:32 . 2007-12-20 02:44 <DIR> d-------- C:\Program Files\Camfrog
2007-12-19 14:12 . 2007-12-19 14:12 <DIR> d-------- C:\WINDOWS\Sun
2007-12-19 04:08 . 2007-12-23 16:00 <DIR> d-------- C:\Program Files\WebcamMax
2007-12-19 03:17 . 2007-12-22 03:58 230,424 --a------ C:\DC6810xp-001.raw
2007-12-18 05:31 . 2007-12-18 05:31 <DIR> d-------- C:\Program Files\LeechGet 2007
2007-12-16 04:58 . 2007-12-16 04:58 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-16 01:48 . 2007-12-24 01:44 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-16 00:28 . 2007-12-16 00:28 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-16 00:28 . 2007-12-16 00:28 <DIR> d-------- C:\Program Files\Ahead
2007-12-16 00:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-16 00:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-16 00:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-16 00:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-16 00:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-16 00:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-16 00:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-16 00:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-14 14:15 . 2004-08-03 10:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-14 14:14 . 2006-09-16 03:02 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-14 03:01 . 2007-12-14 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-13 12:40 . 2007-12-13 12:48 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-13 10:15 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-13 10:14 . 2007-12-13 10:15 <DIR> d-------- C:\Program Files\Java
2007-12-13 08:46 . 2007-12-13 08:46 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-12 08:51 . 2007-07-12 15:31 765,952 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-12-12 04:48 . 2007-12-12 04:48 <DIR> d--hs---- C:\INCINERATE
2007-12-12 04:44 . 2007-12-14 22:35 <DIR> d-------- C:\Program Files\iolo
2007-12-12 04:44 . 2007-12-12 04:44 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-12-11 12:10 . 2007-12-14 14:15 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-11 09:56 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-11 09:56 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-11 09:56 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-11 08:51 . 2007-12-11 08:51 25 --a------ C:\WINDOWS\cdplayer.ini
2007-12-11 08:49 . 2007-12-11 08:49 <DIR> d-------- C:\Program Files\Real
2007-12-11 08:49 . 2007-12-11 08:49 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-11 08:49 . 2007-12-11 08:49 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-11 07:03 . 2007-12-11 07:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-10 22:51 . 2007-03-30 19:58 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-10 10:30 . 2007-12-10 10:30 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-10 07:50 . 2007-12-11 06:28 <DIR> d-------- C:\Program Files\Windows Live
2007-12-10 07:50 . 2007-12-10 10:20 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-10 07:49 . 2007-12-11 06:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-10 06:14 . 2007-12-10 06:16 <DIR> d-------- C:\Program Files\Microsoft LifeCam
2007-12-10 06:08 . 2007-12-17 23:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-10 05:44 . 2007-12-10 05:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 05:07 . 2005-07-04 16:03 1,650,688 --a------ C:\WINDOWS\system32\qdiagdwc.ocx
2007-12-10 05:07 . 2005-02-09 13:08 7,168 --a------ C:\WINDOWS\system32\DLPT64.sys
2007-12-10 05:07 . 2005-02-08 13:04 5,632 --a------ C:\WINDOWS\system32\GPCIEn64.sys
2007-12-10 05:07 . 2005-02-08 15:46 5,120 --a------ C:\WINDOWS\system32\GTKCMO64.sys
2007-12-10 05:07 . 2005-02-07 19:07 4,608 --a------ C:\WINDOWS\system32\DDMI64.sys
2007-12-10 04:43 . 2007-12-10 04:43 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2007-12-10 04:43 . 2006-04-26 14:59 217,185 --a------ C:\WINDOWS\system32\GTDownDE_130.ocx
2007-12-10 04:42 . 2007-12-10 04:42 <DIR> d-------- C:\Program Files\Dell Support
2007-12-10 04:42 . 2007-12-10 04:43 <DIR> d--h----- C:\Documents and Settings\B h a r a t\Application Data\GTek
2007-12-10 04:42 . 2007-12-10 04:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GTek
2007-12-10 04:05 . 2007-12-23 13:52 <DIR> d-------- C:\Documents and Settings\B h a r a t\Contacts
2007-12-10 03:56 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-10 03:56 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-10 03:56 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-10 03:56 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-10 03:44 . 2007-12-10 03:44 <DIR> d-------- C:\Program Files\eLitecore
2007-12-10 03:44 . 2004-01-06 11:12 128,000 --a------ C:\WINDOWS\UnGins.exe
2007-12-10 03:40 . 2007-12-10 03:40 <DIR> d-------- C:\Program Files\Broadcom
2007-12-10 03:40 . 2006-11-21 04:25 45,568 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2007-12-10 02:34 . 2007-12-10 02:34 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-10 02:34 . 2007-12-11 09:36 16 --a------ C:\WINDOWS\system32\coh.cache
2007-12-10 02:27 . 2007-12-11 10:03 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-12-10 02:26 . 2007-12-11 09:27 <DIR> d-------- C:\Program Files\Symantec
2007-12-10 02:26 . 2007-12-11 09:27 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-10 02:26 . 2007-12-11 09:27 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-10 02:26 . 2007-12-11 09:27 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-10 02:26 . 2007-12-11 09:27 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-10 02:15 . 2007-12-12 10:08 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-10 02:14 . 2007-12-10 02:14 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-10 02:13 . 2007-12-10 02:14 <DIR> d-------- C:\WINDOWS\ShellNew
2007-12-10 02:00 . 2001-08-17 12:11 26,568 --a------ C:\WINDOWS\system32\drivers\BCM4E5.SYS
2007-12-10 02:00 . 2001-08-17 12:11 26,568 --a--c--- C:\WINDOWS\system32\dllcache\bcm4e5.sys
2007-12-10 01:57 . 2001-08-17 12:11 54,271 --a------ C:\WINDOWS\system32\drivers\bcm42xx5.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 21:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-10 08:48 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-10 08:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-10 08:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 08:41 --------- d-----w C:\Program Files\Microsoft PowerToys
2007-12-10 08:41 --------- d-----w C:\Program Files\HashTab Shell Extension
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 17:20 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-10-31 03:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 03:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-31 03:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-31 03:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-31 03:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-31 03:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-31 03:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-31 03:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-31 03:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-31 03:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-31 03:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 19:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 10:26]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57]
"amva"="C:\WINDOWS\system32\amvo.exe" []
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 C:\WINDOWS\stsystra.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 10:29]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 11:41]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-06-29 15:55]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 15:54]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 20:00]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 19:59]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-11 08:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\CAMTHINS.exe" [2006-07-20 05:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []
R0 ENO;ENO;C:\WINDOWS\system32\drivers\ENO.sys [2003-10-22 12:57]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2006-07-02 22:39]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-29 15:54]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 12:11]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 12:11]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-06-29 15:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4109f6e7-ae24-11dc-b696-0015c51718f5}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com
.
Contents of the 'Scheduled Tasks' folder
"2007-12-10 10:32:46 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - B h a r a t.job"
- C:\Program Files\Norton AntiVirus\Navw32.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-24 13:27:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-24 13:27:58
.
2007-12-15 11:06:04 --- E O F ---
----------------------------------------------------------------------------------------------------------------------------------
Here is Hijackthis log:Logfile of HijackThis v1.99.1
Scan saved at 1:29:16 PM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\B h a r a t\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O8 - Extra context menu item: Download using LeechGet -
file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard -
file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet -
file://C:\Program Files\LeechGet 2007\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se4009.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{19DB0E94-8303-44EF-9AC2-B5F4ACDC45A3}: NameServer = 172.16.77.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe