Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do i have problems with my computer?


  • This topic is locked This topic is locked
1 reply to this topic

#1 charlie00

charlie00

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 26 October 2008 - 05:49 AM

ummm this is my first time to post here and i just want to know i have problems with my pc

here's my log

ComboFix 08-10-24.02 - charlie 2008-10-26 18:35:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.184 [GMT 8:00]
Running from: C:\Documents and Settings\charlie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\charlie\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\RECYCLER\ADAPT_Installer.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\ESET
2008-10-26 14:11 . 2008-10-26 14:11 <DIR> d-------- C:\Program Files\ESET
2008-10-26 14:11 . 2008-10-26 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\TransRender
2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\Temporary
2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\ConvertTemp
2008-10-26 13:34 . 2008-10-26 13:34 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\InstallShield
2008-10-26 13:33 . 2008-10-26 13:33 <DIR> d-------- C:\Documents and Settings\charlie\mapua
2008-10-21 00:41 . 2008-10-26 13:15 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-09 18:42 . 2008-10-09 18:42 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\Samsung
2008-10-09 17:57 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-10-09 17:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2008-10-09 17:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2008-10-09 17:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2008-10-09 17:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2008-10-09 17:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2008-10-09 17:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2008-10-09 17:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2008-10-09 17:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-10-09 17:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-10-09 17:55 . 2008-10-09 17:55 <DIR> d-------- C:\Program Files\Samsung
2008-10-06 18:50 . 2008-10-06 18:50 <DIR> d-------- C:\Program Files\Veoh Networks
2008-09-29 18:25 . 2008-10-26 13:21 <DIR> d-------- C:\Program Files\Packet Tracer 5.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 10:32 --------- d-----w C:\Documents and Settings\charlie\Application Data\uTorrent
2008-10-26 06:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-26 06:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-26 05:35 --------- d-----w C:\Program Files\DivX
2008-10-26 05:35 --------- d-----w C:\Program Files\Any Video Converter
2008-10-26 05:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-26 05:34 --------- d-----w C:\Program Files\NOS
2008-10-26 05:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-26 05:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-26 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-10-26 05:21 --------- d-----w C:\Program Files\Freecorder
2008-10-16 05:59 --------- d-----w C:\Documents and Settings\charlie\Application Data\Any Video Converter
2008-09-27 10:31 --------- d-----w C:\Documents and Settings\charlie\Application Data\Image Zone Express
2008-09-07 04:54 --------- d-----w C:\Program Files\NCH Software
2008-09-02 06:16 --------- d-----w C:\Program Files\PLDTPlay
2008-09-02 06:10 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-02 05:27 --------- d-----w C:\Program Files\CyberTime
2008-09-02 05:27 --------- d-----w C:\Documents and Settings\charlie\Application Data\LimeWire
2008-09-02 05:26 --------- d-----w C:\Program Files\Replay Music 3
2008-09-02 05:26 --------- d-----w C:\Program Files\Common Files\Stardock
2008-08-26 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CityPhotos
2008-08-26 10:26 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-26 05:11 --------- d-----w C:\Documents and Settings\charlie\Application Data\DivX
2008-08-21 08:52 139,264 ----a-w C:\WINDOWS\War3Unin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-04-16 11:06 1524760 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 1524760]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 1524760]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 4269296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"VeohPlugin"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-10-10 3502840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2006-08-03 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-08-30 C:\WINDOWS\system32\VTTrayp.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\PLDTPlay\\ServerScout\\ServerScout.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Warcraft III\\Garena\\Garena.exe"=
"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"C:\\Program Files\\Packet Tracer 5.0\\bin\\PacketTracer5.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [ ]
S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [ ]
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\charlie\Application Data\Mozilla\Firefox\Profiles\igysnclo.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF -: plugin - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 18:37:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-26 18:41:20
ComboFix-quarantined-files.txt 2008-10-26 10:40:17

Pre-Run: 44,922,716,160 bytes free
Post-Run: 44,913,070,080 bytes free

174 --- E O F --- 2008-07-10 06:53:57


THANKS!!

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:18 AM

Posted 26 October 2008 - 08:00 AM

Hello charlie00

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users