Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD on new PC


  • This topic is locked This topic is locked
2 replies to this topic

#1 JCIM

JCIM

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 06 August 2010 - 08:11 AM

I have a new pc that keeps getting BSOD. The PC only has Microsoft office and Norton Antivirus 2010 installed.

Below is a combofix log. Not sure is this will help.

ComboFix 10-08-05.06 - persons 08/06/2010 8:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1418 [GMT -4:00]
Running from: c:\documents and settings\persons\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\WINDOWS
c:\windows\WINDOWS\SYSTEM32\LexFiles.log
c:\windows\WINDOWS\SYSTEM32\lexlog.dlL
c:\windows\WINDOWS\SYSTEM32\LMAAB1BJ.DLL
c:\windows\WINDOWS\SYSTEM32\LMAAB1TH.HLP
c:\windows\WINDOWS\SYSTEM32\Monitor.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-07-23 14:58 . 2010-07-23 14:58 -------- d-----w- c:\documents and settings\persons\Local Settings\Application Data\ICS
2010-07-23 14:11 . 2010-07-23 14:11 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-23 14:10 . 2010-07-23 14:11 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-23 14:10 . 2010-07-23 14:10 -------- d-----w- c:\windows\system32\LogFiles
2010-07-23 13:07 . 2010-07-23 13:07 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-07-23 11:26 . 2010-07-23 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-21 14:03 . 2010-07-23 11:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-21 14:03 . 2010-07-21 14:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-21 14:03 . 2010-07-21 14:03 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-21 14:03 . 2010-07-21 14:03 -------- d-----w- c:\program files\Symantec
2010-07-21 14:02 . 2010-07-21 14:02 -------- d-----w- c:\program files\Norton AntiVirus
2010-07-21 13:31 . 2008-04-14 09:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-07-21 13:31 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-07-21 13:31 . 2008-04-14 09:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-07-21 13:31 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-07-21 13:31 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-07-21 13:29 . 2001-08-17 17:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-07-21 13:28 . 2001-08-18 02:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2010-07-21 13:27 . 2001-08-17 17:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-07-21 13:26 . 2001-07-21 18:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-07-21 13:25 . 2001-08-17 16:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2010-07-21 13:24 . 2001-08-17 16:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2010-07-21 13:23 . 2008-04-14 04:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-07-21 13:22 . 2001-08-17 16:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2010-07-21 13:21 . 2001-08-18 02:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-07-21 13:20 . 2001-08-18 02:36 101376 -c--a-w- c:\windows\system32\dllcache\hpgt34.dll
2010-07-21 13:19 . 2001-08-18 02:36 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2010-07-21 13:18 . 2001-08-17 16:19 3072 -c--a-w- c:\windows\system32\dllcache\cwbmidi.sys
2010-07-21 13:17 . 2008-04-14 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0412.dll
2010-07-21 13:13 . 2010-07-21 13:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-07-19 10:30 . 2010-07-19 10:30 -------- d-----w- c:\documents and settings\persons\Application Data\Tific
2010-07-19 10:30 . 2010-07-19 10:30 -------- d-----w- c:\documents and settings\persons\Local Settings\Application Data\Symantec
2010-07-14 14:14 . 2010-07-21 14:02 -------- d-----w- c:\program files\NortonInstaller
2010-07-14 12:07 . 2009-08-07 22:20 67072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMACHL4C.DLL
2010-07-13 17:32 . 2010-07-13 17:32 45056 ----a-r- c:\documents and settings\persons\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2010-07-13 17:32 . 2010-07-13 17:32 10134 ----a-r- c:\documents and settings\persons\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2010-07-13 17:32 . 2010-07-13 17:32 -------- d-----w- c:\windows\system32\vmm32
2010-07-13 15:56 . 2010-07-13 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-09 17:29 . 2010-07-09 17:29 -------- d-sh--w- c:\documents and settings\persons\IECompatCache
2010-07-09 17:29 . 2010-07-09 17:29 -------- d-sh--w- c:\documents and settings\persons\PrivacIE
2010-07-09 17:23 . 2010-07-09 17:23 -------- d-----w- c:\program files\RealVNC
2010-07-09 16:50 . 2010-07-09 16:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-09 16:50 . 2010-07-09 16:50 -------- d-sh--w- c:\documents and settings\persons\IETldCache
2010-07-09 16:47 . 2010-07-12 10:04 -------- d-----w- c:\windows\ie8updates
2010-07-09 16:46 . 2010-07-09 16:47 -------- dc-h--w- c:\windows\ie8
2010-07-09 16:44 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-09 16:44 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-09 16:44 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-09 16:44 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-09 16:44 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-09 16:44 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-07-09 16:44 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-07-09 16:41 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-09 16:07 . 2010-07-09 16:07 -------- d-sh--w- c:\documents and settings\persons\UserData
2010-07-09 16:06 . 2010-07-09 16:06 -------- d-----w- c:\documents and settings\persons\Application Data\Windows Search
2010-07-09 16:05 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-09 16:05 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-09 16:04 . 2007-03-12 09:40 1179699 ----a-w- c:\windows\system32\cwbzzodb.dll
2010-07-09 16:04 . 2007-03-12 09:40 548914 ----a-w- c:\windows\system32\cwbodbc.dll
2010-07-09 16:04 . 2007-03-12 09:40 671795 ----a-w- c:\windows\system32\cwbtfutl.dll
2010-07-09 16:04 . 2007-03-12 09:40 360499 ----a-w- c:\windows\system32\cwbtfcrt.dll
2010-07-09 16:04 . 2007-03-12 09:40 225331 ----a-w- c:\windows\system32\cwbtfdlg.dll
2010-07-09 16:03 . 2005-10-19 09:40 40960 ----a-w- c:\windows\system32\pcmfcenu.dll
2010-07-09 16:02 . 2007-03-12 09:40 94259 ----a-w- c:\windows\system32\cwbunvba.dll
2010-07-09 16:02 . 2007-03-12 09:40 94259 ----a-w- c:\windows\system32\cwbunapi.dll
2010-07-09 16:02 . 2007-03-12 09:40 159795 ----a-w- c:\windows\system32\cwbsogld.dll
2010-07-09 16:02 . 2007-03-12 09:40 110643 ----a-w- c:\windows\system32\cwbuncob.dll
2010-07-09 16:02 . 2007-03-12 09:40 65585 ----a-w- c:\windows\cwbrxd.exe
2010-07-09 16:00 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-09 15:53 . 2010-07-09 15:53 503808 ----a-w- c:\documents and settings\persons\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3da3b1e4-n\msvcp71.dll
2010-07-09 15:53 . 2010-07-09 15:53 499712 ----a-w- c:\documents and settings\persons\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3da3b1e4-n\jmc.dll
2010-07-09 15:53 . 2010-07-09 15:53 348160 ----a-w- c:\documents and settings\persons\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3da3b1e4-n\msvcr71.dll
2010-07-09 15:50 . 2010-07-21 19:53 -------- d-----w- c:\windows\system32\drivers\NAV
2010-07-09 15:50 . 2010-07-09 15:50 -------- d-----w- c:\program files\Windows Sidebar
2010-07-09 15:50 . 2010-07-21 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-09 15:50 . 2010-07-13 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 14:16 . 2010-04-09 16:23 -------- d-----w- c:\program files\Microsoft.NET
2010-07-23 14:13 . 2010-04-09 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-21 14:03 . 2010-07-21 14:03 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-21 14:03 . 2010-07-21 14:03 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-13 17:23 . 2010-07-09 15:45 0 ----a-w- c:\documents and settings\persons\Local Settings\Application Data\WavXMapDrive.bat
2010-07-13 15:08 . 2010-04-09 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-13 10:18 . 2010-04-09 16:16 42320 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-13 10:18 . 2010-04-09 16:27 42320 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 11:00 . 2010-07-12 11:00 -------- d-----w- c:\program files\Lexmark_HostCD
2010-07-12 11:00 . 2010-07-12 10:57 -------- d-----w- c:\program files\Lexmark
2010-07-10 12:21 . 2010-04-09 16:23 -------- d-----w- c:\program files\Microsoft Works
2010-07-09 16:01 . 2010-07-09 16:01 -------- d-----w- c:\program files\IBM
2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-11 23:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-11 23:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2009-10-07 582312]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 03:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 07:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2009-06-03 18:07 184320 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Service]
2007-03-12 09:40 24627 ----a-w- c:\program files\IBM\Client Access\cwbsvstr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
2009-06-12 02:46 656384 ----a-w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-07-28 10:18 173592 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-07-28 10:18 141336 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMab1err]
2009-10-07 04:19 582312 ----a-w- c:\program files\Lexmark\ErrorApp\lmab1err.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-07-28 10:18 142872 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-08-26 14:49 2691072 ----a-w- c:\windows\RTDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-04-09 16:16 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USCService]
2009-07-05 21:56 15872 ----a-w- c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2009-05-18 13:36 145920 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
"TdmService"=2 (0x2)
"tcsd_win32.exe"=2 (0x2)
"stllssvr"=3 (0x3)
"SecureStorageService"=3 (0x3)
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NAV"=2 (0x2)
"lmab_device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Cwbrxd"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\lmabcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [7/21/2010 1:29 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [7/21/2010 1:29 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100719.001\BHDrvx86.sys [7/19/2010 7:28 PM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [7/21/2010 1:29 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [7/21/2010 1:29 PM 116784]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [7/21/2010 1:29 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/21/2010 10:08 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100805.004\IDSXpx86.sys [8/6/2010 7:54 AM 331640]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [4/9/2010 2:58 PM 209960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-08-06 c:\windows\Tasks\User_Feed_Synchronization-{8E869DE4-3842-48AD-990F-5641F0B866E4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C786A353-8925-40E2-893D-85E629A81692} = 206.231.8.2,206.231.8.3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 08:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-06 08:47:31
ComboFix-quarantined-files.txt 2010-08-06 12:47

Pre-Run: 231,104,970,752 bytes free
Post-Run: 231,390,437,376 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F818FD967F1AA8C12833C72BDDFC8672

Attached Files

  • Attached File  log.txt   20.05KB   3 downloads

Edited by hamluis, 06 August 2010 - 09:11 AM.
Moved from XP forum to more appropriate Malware Removal Logs forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:49 AM

Posted 14 August 2010 - 07:53 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:49 AM

Posted 18 August 2010 - 06:26 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users