Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 not default browser after running Combofix


  • This topic is locked This topic is locked
4 replies to this topic

#1 Shipsrus

Shipsrus

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 27 January 2010 - 08:59 PM

I ran Combofix and have a log file which I would like someone to review. I know nothing about this stuff. When combofix finished I went on the Internet and I got a message telling me that IE was not my default browser and asked if I wanted IE8 to be the default browser and I checked yes.

Does anyone want to comment or look at my log, as it is greek to me........Thank You for reading this........Shipsrus

ComboFix 10-01-27.03 - Stewart 01/27/2010 17:17:23.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2530 [GMT -8:00]
Running from: c:\documents and settings\Stewart\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-27 22:10 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSvix86.sys
2010-01-27 22:10 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSXpx86.sys
2010-01-27 22:10 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\Scxpx86.dll
2010-01-27 22:10 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSxpx86.dll
2010-01-27 22:10 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSviA64.sys
2010-01-27 22:09 . 2009-12-29 17:59 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100127.005\CCERASER.DLL
2010-01-27 22:09 . 2009-12-29 17:59 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100127.005\ECMSVR32.DLL
2010-01-27 22:09 . 2009-08-29 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100127.005\NAVENG.SYS
2010-01-27 22:09 . 2009-08-29 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100127.005\EECTRL.SYS
2010-01-27 22:09 . 2009-08-29 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100127.005\NAVENG32.DLL
2010-01-27 22:09 . 2009-08-29 09:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100127.005\NAVEX32A.DLL
2010-01-27 22:09 . 2009-08-29 09:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100127.005\NAVEX15.SYS
2010-01-27 22:09 . 2009-08-29 09:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100127.005\ERASER.SYS
2010-01-26 01:02 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-26 01:02 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-26 00:06 . 2010-01-26 00:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-26 00:06 . 2010-01-28 00:07 -------- d-----w- c:\documents and settings\Stewart\Application Data\skypePM
2010-01-25 12:25 . 2010-01-28 01:11 -------- d-----w- c:\documents and settings\Stewart\Application Data\Skype
2010-01-25 12:24 . 2010-01-25 12:24 -------- d-----w- c:\program files\Common Files\Skype
2010-01-25 12:24 . 2010-01-25 12:25 -------- d-----r- c:\program files\Skype
2010-01-25 12:24 . 2010-01-25 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-19 23:23 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\Scxpx86.dll
2010-01-19 23:23 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSvix86.sys
2010-01-19 23:23 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSXpx86.sys
2010-01-19 23:23 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSxpx86.dll
2010-01-19 23:23 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSviA64.sys
2010-01-19 01:41 . 2010-01-19 06:43 -------- d-----w- c:\documents and settings\Stewart\Application Data\gtk-2.0
2010-01-18 06:52 . 2010-01-18 06:52 -------- d-----w- c:\program files\MSXML 4.0
2010-01-17 03:58 . 2010-01-17 03:58 -------- d-----w- c:\documents and settings\Stewart\.thumbnails
2010-01-17 03:55 . 2010-01-19 06:43 -------- d-----w- c:\documents and settings\Stewart\.gimp-2.6
2010-01-17 03:55 . 2010-01-17 03:55 -------- d-----w- c:\program files\GIMP-2.0
2010-01-17 02:36 . 2010-01-28 00:56 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-17 01:49 . 2010-01-17 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-17 01:49 . 2010-01-17 01:49 -------- d-----w- c:\documents and settings\Stewart\Application Data\Corel
2010-01-17 01:49 . 2010-01-17 01:49 -------- d-----w- c:\program files\Common Files\Corel
2010-01-17 01:49 . 2010-01-17 01:49 -------- d-----w- c:\program files\Corel
2010-01-16 19:20 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100116.002\IDSvix86.sys
2010-01-16 19:20 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100116.002\IDSXpx86.sys
2010-01-16 19:20 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100116.002\Scxpx86.dll
2010-01-16 19:20 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100116.002\IDSxpx86.dll
2010-01-16 19:20 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100116.002\IDSviA64.sys
2010-01-14 02:17 . 2010-01-14 02:17 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2010-01-14 02:12 . 2004-10-08 02:44 156672 ----a-w- c:\windows\system32\RTLCPAPI.dll
2010-01-14 01:59 . 2004-10-27 23:47 40960 ------w- c:\windows\system32\ChCfg.exe
2010-01-14 01:59 . 2010-01-14 02:12 -------- d-----w- c:\program files\Realtek
2010-01-14 01:59 . 2005-04-17 06:20 487424 ------w- c:\windows\RtlExUpd.dll
2010-01-13 02:45 . 2010-01-13 02:45 -------- d-----w- c:\documents and settings\Stewart\Application Data\Windows Search
2010-01-12 06:36 . 2010-01-12 07:13 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-12 06:35 . 2010-01-12 07:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-12 06:35 . 2010-01-12 21:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-12 05:40 . 2010-01-12 05:40 864256 ----a-w- c:\documents and settings\Stewart\Application Data\NVIDIA\SHIMGen_JAU.dll
2010-01-12 05:40 . 2010-01-12 05:40 1116672 ----a-w- c:\documents and settings\Stewart\Application Data\NVIDIA\SHIMGen_JAU64.dll
2010-01-12 05:40 . 2010-01-12 05:40 -------- d-----w- c:\documents and settings\Stewart\Application Data\NVIDIA
2010-01-12 05:40 . 2010-01-12 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-01-12 05:40 . 2010-01-12 05:40 -------- d-----w- c:\windows\Sun
2010-01-12 05:39 . 2010-01-12 05:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-12 05:39 . 2010-01-12 05:39 -------- d-----w- c:\program files\Java
2010-01-12 05:38 . 2010-01-12 05:38 152576 ----a-w- c:\documents and settings\Stewart\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-12 05:38 . 2010-01-12 05:38 79488 ----a-w- c:\documents and settings\Stewart\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-12 03:57 . 2010-01-12 06:35 -------- d-----w- c:\windows\nview
2010-01-12 03:57 . 2010-01-12 04:03 -------- d-----w- c:\windows\NV36801732.TMP
2010-01-12 03:57 . 2009-11-21 02:34 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 03:57 . 2009-11-20 05:42 592488 ----a-w- c:\windows\system32\nvuninst.exe
2010-01-11 21:15 . 2004-11-02 16:58 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-01-10 21:36 . 2010-01-10 21:36 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 06:57 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-10 06:57 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-10 06:57 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-10 06:57 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-10 06:57 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-08 01:22 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-06 11:55 . 2010-01-06 11:55 -------- d-----w- c:\documents and settings\Stewart\Application Data\InstallShield
2010-01-06 10:15 . 2010-01-06 10:15 -------- d-----w- C:\HJT
2010-01-06 09:27 . 2010-01-06 09:27 -------- d-----w- c:\documents and settings\Stewart\Local Settings\Application Data\Help
2010-01-06 09:27 . 2010-01-26 10:26 -------- d-----w- c:\program files\RegVac Registry Cleaner
2010-01-06 09:06 . 2010-01-06 09:06 1956072 ----a-w- c:\documents and settings\Stewart\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-06 08:57 . 2010-01-06 08:57 -------- d-----w- c:\program files\CCleaner
2010-01-06 08:43 . 2010-01-06 08:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-06 08:32 . 2010-01-13 23:31 -------- d-----w- c:\program files\HyCam2
2010-01-06 07:36 . 2010-01-06 07:36 -------- d-----w- c:\documents and settings\Stewart\Application Data\Malwarebytes
2010-01-06 07:36 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 07:36 . 2010-01-10 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 07:36 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 07:36 . 2010-01-06 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-06 07:22 . 2010-01-06 07:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-06 07:22 . 2010-01-06 07:22 -------- d-----w- c:\program files\Eraser
2010-01-06 07:22 . 2009-06-10 13:22 83344 ----a-w- c:\windows\system32\Erasext.dll
2010-01-06 07:22 . 2009-06-10 13:22 307088 ----a-w- c:\windows\system32\Eraser.dll
2010-01-06 07:22 . 2009-06-10 13:22 73104 ----a-w- c:\windows\system32\Eraserl.exe
2010-01-06 07:19 . 2010-01-06 07:19 -------- d-----w- c:\documents and settings\Stewart\Application Data\URSoft
2010-01-06 07:19 . 2010-01-14 02:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-06 07:18 . 2010-01-06 07:21 -------- d-----w- c:\program files\Your Uninstaller
2009-12-30 00:46 . 2009-12-30 01:18 -------- d-----w- c:\documents and settings\Stewart\Local Settings\Application Data\ApplicationHistory
2009-12-30 00:20 . 2009-12-30 00:20 -------- d-----w- c:\documents and settings\Stewart\Application Data\Windows Desktop Search
2009-12-30 00:19 . 2009-12-30 00:47 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-30 00:19 . 2009-12-30 00:19 -------- d-----w- c:\windows\system32\GroupPolicy
2009-12-30 00:18 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-12-30 00:18 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-12-30 00:18 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-12-30 00:17 . 2009-12-30 00:17 -------- d-----w- c:\windows\system32\URTTEMP
2009-12-29 23:31 . 2009-12-29 23:31 -------- d-----w- c:\documents and settings\Stewart\Local Settings\Application Data\PCHealth
2009-12-29 23:28 . 2009-12-29 23:28 -------- d-----w- c:\documents and settings\Stewart\Local Settings\Application Data\Eraser 6
2009-12-29 23:17 . 2009-12-29 23:17 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-29 23:17 . 2009-12-29 23:17 -------- d-----w- c:\program files\MSBuild
2009-12-29 23:17 . 2009-12-29 23:17 -------- d-----w- c:\program files\Reference Assemblies
2009-12-29 23:17 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-29 23:16 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-29 23:16 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-29 23:16 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-29 23:16 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-29 23:16 . 2009-12-29 23:17 -------- d-----w- C:\d02d7467b89d88a723
2009-12-29 23:16 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-29 23:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-29 23:16 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-29 23:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-29 17:58 . 2009-12-03 06:09 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-12-29 17:57 . 2009-12-10 03:16 784752 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2009-12-29 17:57 . 2009-08-30 00:16 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2009-12-29 17:57 . 2009-12-29 18:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-29 17:57 . 2009-12-29 17:57 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-29 17:57 . 2009-12-29 17:57 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-29 17:57 . 2009-12-29 17:57 -------- d-----w- c:\program files\Symantec
2009-12-29 17:56 . 2009-08-26 22:13 900464 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2009-12-29 17:56 . 2008-05-23 08:13 288104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CPDOEM\CPDOEM.dll
2009-12-29 17:56 . 2009-09-01 08:36 893296 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CLT\cltLMSx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 17:57 . 2009-12-29 17:57 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-29 17:57 . 2009-12-29 17:57 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-29 15:27 . 2009-12-29 15:27 -------- d-----w- c:\program files\Common Files\CANON
2009-12-29 11:18 . 2009-12-29 08:07 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-29 08:32 . 2009-12-29 08:32 25214 ----a-r- c:\documents and settings\Stewart\Application Data\Microsoft\Installer\{F898E900-B515-47F8-9451-C2B29F036A53}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-12-29 08:32 . 2009-12-29 08:32 25214 ----a-r- c:\documents and settings\Stewart\Application Data\Microsoft\Installer\{F898E900-B515-47F8-9451-C2B29F036A53}\PHDM2009S_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-12-29 08:32 . 2009-12-29 08:32 10134 ----a-r- c:\documents and settings\Stewart\Application Data\Microsoft\Installer\{F898E900-B515-47F8-9451-C2B29F036A53}\ARPPRODUCTICON.exe
2009-12-29 08:32 . 2009-12-29 08:32 -------- d-----w- c:\program files\Paragon Software
2009-12-29 08:08 . 2009-12-29 08:08 -------- d-----w- c:\program files\microsoft frontpage
2009-12-29 08:05 . 2009-12-29 08:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-26 02:50 . 2005-09-22 00:29 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-26 02:49 . 2005-09-07 18:40 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-21 19:14 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-05 04:54 . 2009-12-05 04:54 529456 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys
2009-12-05 04:54 . 2009-12-05 04:54 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHRules.dll
2009-12-05 04:54 . 2009-12-05 04:54 1405840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHEngine.dll
2009-12-05 04:54 . 2009-12-05 04:54 668720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys
2009-12-05 04:54 . 2009-12-05 04:54 610704 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\bbRGen.dll
2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 04:32 . 2009-11-21 04:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-21 04:32 . 2009-11-21 04:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-21 04:32 . 2009-11-21 04:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-21 04:32 . 2009-11-21 04:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 04:32 . 2009-11-21 04:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-21 04:32 . 2009-11-21 04:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-21 02:34 . 2009-03-28 08:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2008-07-27 05:18 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2008-07-27 05:18 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2008-07-27 05:18 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2008-07-27 05:18 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2008-07-27 05:18 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2004-08-04 07:56 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2004-08-04 05:29 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"SoundMan"="SOUNDMAN.EXE" [2005-04-07 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-07 2805248]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-27 757248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 16:59 126976 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
2003-09-04 02:33 106496 ------w- c:\program files\Lexmark 3100 Series\lxbrbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
2003-06-13 22:57 294912 ----a-w- c:\progra~1\LEXMAR~1\lxbrksk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-12 05:39 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2009-06-27 01:21 757248 ----a-w- c:\windows\vVX1000.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [12/29/2009 12:32 AM 40496]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\symds.sys [1/21/2010 1:49 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\symefa.sys [1/21/2010 1:49 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [12/4/2009 8:54 PM 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.07F\cchpx86.sys [1/21/2010 1:49 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F\ironx86.sys [1/21/2010 1:49 PM 116272]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [1/21/2010 1:49 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/29/2009 9:59 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSXpx86.sys [1/27/2010 2:10 PM 329592]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [9/15/2009 1:59 PM 38248]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\Stewart\Application Data\NVIDIA\HWAccess.sys --> c:\documents and settings\Stewart\Application Data\NVIDIA\HWAccess.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: {AF7C5547-0288-4063-BEBB-F4FE53464CA6} = 24.113.0.31,24.113.32.30
DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} - hxxp://187.221.149.242/img/LinksysMLViewer.cab
DPF: {D2F7A5D7-651D-4044-A3C6-3F818B2052C5} - hxxp://187.221.149.242/adm/LinksysMLAlertCfg.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Stewart\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 17:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2608)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-27 17:23:36
ComboFix-quarantined-files.txt 2010-01-28 01:23

Pre-Run: 65,895,137,280 bytes free
Post-Run: 66,547,937,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - C573D340C80E3DF184DBA5A2E9D20495

Edited by Shipsrus, 28 January 2010 - 08:28 AM.


BC AdBot (Login to Remove)

 


#2 Shipsrus

Shipsrus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 28 January 2010 - 07:11 AM

At the completion of stage 2 I get the standard windows message that "PEV.cfxxe needs to close". after it closes only then will the scan continue.............IS THIS NORMAL? I can not find any good information on Google about this file...... Is it a part of COMBOFIX??? What is this file............IS IT A VIRUS...............please help me.
I even searched this site and found no explanation as to what this file is.
Thank You...........Shipsrus.

PS: Is this catchme attatchment which I found in the quarantine folder part of what Combofix caught?, or is this a nasty???

Attached Files


Edited by Shipsrus, 28 January 2010 - 08:36 AM.


#3 Shipsrus

Shipsrus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 28 January 2010 - 07:32 AM

Three times tonite I ran combofix. I uninstalled combofix after each usage and restarted it fresh for the next use.
After each scan, I got the notification that IE was not my default browser. Any help is appreciated.........Is this normal or indicative of a deeper problem.........

Merged 3 topics. ~ OB

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 28 January 2010 - 10:05 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:24 PM

Posted 04 February 2010 - 09:41 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log

Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.


Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:24 PM

Posted 12 February 2010 - 02:58 PM

Due to lack of feedback this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users