Annmarie
brain cooties
Premium,Mod
join:2000-11-11
Ronkonkoma, NY
clubs:
 ·Optimum Online
Host:
Electronics
| reply to Annmarie
Re: HJT Log - fake alerts
Combofix log:
ComboFix 08-09-03.02 - STravis 2008-09-03 22:58:17.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\STravis\My Documents\ComboFix.exe
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.
2008-09-03 21:44 . 2008-09-03 21:44 86,016 --a------ C:\WINDOWS\system32\ujyhuhgd.exe
2008-09-03 20:21 . 2008-09-03 20:21 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 20:21 . 2008-09-03 20:21 d-------- C:\Documents and Settings\STravis\Application Data\Malwarebytes
2008-09-03 20:21 . 2008-09-03 20:21 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-03 20:21 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-03 20:21 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 19:52 . 2008-09-03 19:54 d-------- C:\Program Files\EsetOnlineScanner
2008-09-03 11:44 . 2008-09-03 15:05 127 --a------ C:\WINDOWS\wininit.ini
2008-09-02 23:20 . 2008-09-02 23:20 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-02 23:06 . 2008-09-02 23:06 d-------- C:\Documents and Settings\All Users\Application Data\zehchwhk
2008-09-02 23:06 . 2008-09-02 23:06 81,920 --a------ C:\WINDOWS\system32\fozixwjc.exe
2008-08-18 16:25 . 2008-08-18 16:25 d-------- C:\WINDOWS\system32\scripting
2008-08-18 16:25 . 2008-08-18 16:25 d-------- C:\WINDOWS\system32\en
2008-08-18 16:25 . 2008-08-18 21:18 d-------- C:\WINDOWS\system32\bits
2008-08-18 16:25 . 2008-08-18 16:25 d-------- C:\WINDOWS\l2schemas
2008-08-18 16:17 . 2007-08-10 20:46 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-08-18 16:12 . 2007-02-28 05:53 2,137,600 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-08-18 15:54 . 2008-04-13 20:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-08-18 15:52 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\[u]0[/u]02942_.tmp
2008-08-17 23:17 . 2008-08-19 21:27 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-14 22:10 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 02:53 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-09-04 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-03 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-03 16:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-03 03:20 --------- d-----w C:\Program Files\Lavasoft
2008-09-03 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-11 19:36 --------- d-----w C:\Documents and Settings\STravis\Application Data\Audacity
2008-08-01 11:46 --------- d-----w C:\Program Files\Google
2007-03-05 14:02 24,192 ----a-w C:\Documents and Settings\STravis\usbsermptxp.sys
2007-03-05 14:02 22,768 ----a-w C:\Documents and Settings\STravis\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 176,128 2005-10-07 04:13:38 C:\Program Files\Apoint\bak\Apoint.exe
----a-w 153,136 2007-03-09 22:53:56 C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe
----a-w 153,136 2007-03-12 17:49:26 C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe
----a-w 52,896 2006-07-20 00:26:04 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 52,896 2006-07-20 00:26:04 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
----a-w 49,152 2005-12-10 01:29:52 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe
----a-w 389,120 2006-07-17 02:29:54 C:\Program Files\Dell Support\bak\DSAgnt.exe
----a-w 132,496 2007-09-25 05:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe
----a-w 8,720,384 2007-12-19 01:47:24 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe
----a-w 282,624 2006-09-01 19:57:48 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 125,168 2006-09-28 01:33:44 C:\Program Files\Symantec AntiVirus\bak\VPTray.exe
----a-w 125,168 2006-09-28 01:33:44 C:\Program Files\Symantec AntiVirus\VPTray.exe
----a-w 166,304 2007-11-07 00:09:54 C:\Program Files\Zune\bak\ZuneLauncher.exe
----a-w 158,624 2008-04-29 23:56:20 C:\Program Files\Zune\ZuneLauncher.exe
----a-w 15,360 2004-08-04 10:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 10:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 77,824 2005-12-13 07:41:08 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 118,784 2005-12-13 07:45:00 C:\WINDOWS\system32\bak\igfxpers.exe
----a-w 98,304 2005-12-13 07:44:18 C:\WINDOWS\system32\bak\igfxtray.exe
----a-w 1,347,584 2005-12-19 13:08:42 C:\WINDOWS\system32\bak\WLTRAY.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ApiSrv"="C:\WINDOWS\system32\fozixwjc.exe" [2008-09-02 81920]
"cmdinfo"="C:\WINDOWS\system32\ujyhuhgd.exe" [2008-09-03 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"iQkkP4fm85"="C:\Documents and Settings\All Users\Application Data\zehchwhk\lyhshubi.exe" [2008-09-02 65536]
C:\Documents and Settings\STravis\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-01-29 951640]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-06 24576]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 40704]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 61856]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 245664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9e35fbb-fdda-11dc-934f-0016cf72068b}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.dell.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.dell.com/
O8 -: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 -: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 -: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 -: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 -: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 -: {CF38E898-0A6B-11D6-83C6-0080AD7D6076} - hxxp://24.46.98.45:8888/common/NPRemvu.cab
C:\WINDOWS\Downloaded Program Files\NPRemvu.inf
C:\WINDOWS\NPRemvu.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-09-03 23:21:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-09-03 23:30:39 - machine was rebooted [STravis]
ComboFix-quarantined-files.txt 2008-09-04 03:29:35
Pre-Run: 37,850,038,272 bytes free
Post-Run: 37,776,023,552 bytes free
152 --- E O F --- 2008-09-03 19:06:11 |
