Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDR and GMER logs. Please Analyse them


  • This topic is locked This topic is locked
7 replies to this topic

#1 Reethu

Reethu

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 23 May 2012 - 10:32 AM

Please analyze by DDR and GMER logs. I created this new thread as directed from this thread
http://www.bleepingcomputer.com/forums/topic454279.html



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2011 4:25:03 PM
System Uptime: 5/23/2012 8:31:44 AM (1 hours ago)
.
Motherboard: ELITEGROUP | | RC410-M
Processor: Intel® Celeron® D CPU 3.20GHz | CPU 1 | 3200/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 92.632 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.915 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP157: 2/24/2012 3:55:26 AM - Software Distribution Service 3.0
RP158: 2/25/2012 8:02:07 AM - Software Distribution Service 3.0
RP159: 2/26/2012 8:53:42 AM - Software Distribution Service 3.0
RP160: 2/27/2012 12:48:32 PM - System Checkpoint
RP161: 2/28/2012 3:10:55 PM - Software Distribution Service 3.0
RP162: 2/29/2012 3:26:27 PM - Software Distribution Service 3.0
RP163: 3/1/2012 10:49:44 PM - Software Distribution Service 3.0
RP164: 3/2/2012 11:11:21 PM - Software Distribution Service 3.0
RP165: 3/3/2012 11:41:02 PM - Software Distribution Service 3.0
RP166: 3/4/2012 9:18:36 AM - Software Distribution Service 3.0
RP167: 3/5/2012 9:23:39 AM - System Checkpoint
RP168: 3/5/2012 1:59:35 PM - Software Distribution Service 3.0
RP169: 3/6/2012 2:52:44 PM - Software Distribution Service 3.0
RP170: 3/7/2012 3:55:24 PM - System Checkpoint
RP171: 3/8/2012 6:38:51 AM - Software Distribution Service 3.0
RP172: 3/9/2012 8:28:45 AM - Software Distribution Service 3.0
RP173: 3/10/2012 1:24:04 PM - Software Distribution Service 3.0
RP174: 3/11/2012 3:38:04 PM - Software Distribution Service 3.0
RP175: 3/12/2012 6:07:50 PM - Software Distribution Service 3.0
RP176: 3/15/2012 3:54:14 AM - Software Distribution Service 3.0
RP177: 3/15/2012 4:47:52 AM - Software Distribution Service 3.0
RP178: 3/16/2012 10:38:19 PM - Software Distribution Service 3.0
RP179: 3/17/2012 12:09:11 AM - Software Distribution Service 3.0
RP180: 3/17/2012 10:27:30 AM - Installed WeatherBug
RP181: 3/18/2012 4:50:32 AM - Software Distribution Service 3.0
RP182: 3/18/2012 11:43:18 AM - Software Distribution Service 3.0
RP183: 3/19/2012 10:46:54 PM - Software Distribution Service 3.0
RP184: 3/19/2012 11:29:04 PM - Software Distribution Service 3.0
RP185: 3/21/2012 12:00:34 AM - System Checkpoint
RP186: 3/21/2012 7:03:43 AM - Software Distribution Service 3.0
RP187: 3/22/2012 1:45:25 AM - Software Distribution Service 3.0
RP188: 3/23/2012 2:00:41 AM - System Checkpoint
RP189: 3/23/2012 7:03:13 AM - Software Distribution Service 3.0
RP190: 3/24/2012 7:09:42 AM - Software Distribution Service 3.0
RP191: 3/25/2012 7:19:26 AM - Software Distribution Service 3.0
RP192: 3/26/2012 4:49:56 PM - Software Distribution Service 3.0
RP193: 3/27/2012 11:28:10 PM - Software Distribution Service 3.0
RP194: 3/28/2012 7:49:53 AM - Software Distribution Service 3.0
RP195: 3/29/2012 5:11:36 PM - Software Distribution Service 3.0
RP196: 3/30/2012 7:03:56 AM - Software Distribution Service 3.0
RP197: 3/30/2012 10:21:04 PM - Software Distribution Service 3.0
RP198: 4/1/2012 4:03:14 AM - Software Distribution Service 3.0
RP199: 4/2/2012 2:33:10 PM - Software Distribution Service 3.0
RP200: 4/3/2012 10:30:59 PM - Software Distribution Service 3.0
RP201: 4/5/2012 4:15:35 AM - Software Distribution Service 3.0
RP202: 4/6/2012 5:25:33 AM - Software Distribution Service 3.0
RP203: 4/7/2012 8:24:39 AM - Software Distribution Service 3.0
RP204: 4/8/2012 10:14:08 AM - System Checkpoint
RP205: 4/8/2012 10:51:17 AM - Software Distribution Service 3.0
RP206: 4/9/2012 2:46:15 PM - Software Distribution Service 3.0
RP207: 4/10/2012 11:26:10 PM - Software Distribution Service 3.0
RP208: 4/11/2012 10:23:26 PM - Software Distribution Service 3.0
RP209: 4/12/2012 4:25:26 PM - Software Distribution Service 3.0
RP210: 4/13/2012 7:38:43 PM - Software Distribution Service 3.0
RP211: 4/14/2012 10:42:22 PM - Software Distribution Service 3.0
RP212: 4/15/2012 8:32:26 AM - Software Distribution Service 3.0
RP213: 4/15/2012 8:59:04 AM - Software Distribution Service 3.0
RP214: 4/16/2012 9:12:25 AM - Software Distribution Service 3.0
RP215: 4/17/2012 11:12:22 AM - System Checkpoint
RP216: 4/17/2012 10:42:24 PM - Software Distribution Service 3.0
RP217: 4/18/2012 8:04:47 AM - Software Distribution Service 3.0
RP218: 4/18/2012 10:17:06 AM - Software Distribution Service 3.0
RP219: 4/19/2012 7:04:39 AM - Software Distribution Service 3.0
RP220: 4/19/2012 1:22:33 PM - Software Distribution Service 3.0
RP221: 4/20/2012 4:37:24 AM - Software Distribution Service 3.0
RP222: 4/20/2012 2:40:19 PM - Software Distribution Service 3.0
RP223: 4/21/2012 3:55:21 AM - Software Distribution Service 3.0
RP224: 4/22/2012 7:26:39 AM - Software Distribution Service 3.0
RP225: 4/23/2012 12:53:07 AM - Software Distribution Service 3.0
RP226: 4/23/2012 7:19:47 AM - Software Distribution Service 3.0
RP227: 4/24/2012 11:32:24 AM - System Checkpoint
RP228: 4/24/2012 3:35:23 PM - Software Distribution Service 3.0
RP229: 4/25/2012 6:47:56 AM - Software Distribution Service 3.0
RP230: 4/25/2012 7:07:19 AM - Software Distribution Service 3.0
RP231: 4/26/2012 1:38:12 AM - Software Distribution Service 3.0
RP232: 4/26/2012 4:58:49 AM - Removed WeatherBug
RP233: 4/26/2012 11:14:25 AM - Software Distribution Service 3.0
RP234: 4/26/2012 11:09:28 PM - Software Distribution Service 3.0
RP235: 4/27/2012 7:03:46 PM - Software Distribution Service 3.0
RP236: 4/28/2012 7:53:52 PM - System Checkpoint
RP237: 4/29/2012 7:37:43 PM - Software Distribution Service 3.0
RP238: 4/30/2012 8:56:02 AM - Software Distribution Service 3.0
RP239: 5/1/2012 7:45:08 AM - Software Distribution Service 3.0
RP240: 5/2/2012 8:21:54 AM - Software Distribution Service 3.0
RP241: 5/2/2012 8:49:31 AM - Software Distribution Service 3.0
RP242: 5/2/2012 7:00:14 PM - Installed Windows 7 Upgrade Advisor
RP243: 5/2/2012 7:14:22 PM - Removed Windows 7 Upgrade Advisor
RP244: 5/3/2012 9:54:47 AM - Software Distribution Service 3.0
RP245: 5/3/2012 1:02:01 PM - Software Distribution Service 3.0
RP246: 5/3/2012 3:29:01 PM - Removed RegWork.
RP247: 5/5/2012 6:42:18 PM - Software Distribution Service 3.0
RP248: 5/6/2012 9:54:18 AM - Installed Windows XP KB2653956.
RP249: 5/6/2012 9:55:17 AM - Installed Windows XP KB2653956.
RP250: 5/6/2012 11:20:16 AM - Installed Driver Manager.
RP251: 5/6/2012 11:29:10 AM - Removed Driver Manager.
RP252: 5/6/2012 11:48:24 AM - Installed Driver Tool.
RP253: 5/6/2012 11:53:39 AM - Removed Driver Tool.
RP254: 5/6/2012 7:27:42 PM - Software Distribution Service 3.0
RP255: 5/6/2012 8:13:49 PM - Software Distribution Service 3.0
RP256: 5/6/2012 8:25:24 PM - Restore Operation
RP257: 5/6/2012 8:28:19 PM - Restore Operation
RP258: 5/6/2012 8:33:47 PM - Software Distribution Service 3.0
RP259: 5/7/2012 8:41:36 PM - Installed Windows XP KB2653956.
RP260: 5/7/2012 8:55:21 PM - Installed Driver Tool.
RP261: 5/7/2012 9:03:03 PM - Software Distribution Service 3.0
RP262: 5/7/2012 9:07:16 PM - Removed Driver Tool.
RP263: 5/7/2012 10:02:30 PM - Restore Operation
RP264: 5/7/2012 10:08:16 PM - Restore Operation
RP265: 5/9/2012 7:38:04 AM - Software Distribution Service 3.0
RP266: 5/9/2012 7:47:44 AM - Software Distribution Service 3.0
RP267: 5/9/2012 3:28:42 PM - Installed Windows XP KB2653956.
RP268: 5/9/2012 3:59:15 PM - Restore Operation
RP269: 5/9/2012 5:54:23 PM - Restore Operation
RP270: 5/9/2012 7:35:00 PM - Software Distribution Service 3.0
RP271: 5/10/2012 2:29:40 PM - Software Distribution Service 3.0
RP272: 5/10/2012 3:28:14 PM - Installed RegWork.
RP273: 5/11/2012 7:06:14 PM - Software Distribution Service 3.0
RP274: 5/12/2012 9:29:54 PM - Software Distribution Service 3.0
RP275: 5/13/2012 2:13:25 PM - Software Distribution Service 3.0
RP276: 5/14/2012 7:22:52 AM - Software Distribution Service 3.0
RP277: 5/14/2012 10:30:22 AM - Installed Windows XP KB2653956.
RP278: 5/14/2012 11:52:53 AM - Software Distribution Service 3.0
RP279: 5/14/2012 12:27:01 PM - Software Distribution Service 3.0
RP280: 5/15/2012 10:37:46 PM - Software Distribution Service 3.0
RP281: 5/16/2012 7:11:37 AM - Software Distribution Service 3.0
RP282: 5/17/2012 5:26:51 PM - Software Distribution Service 3.0
RP283: 5/18/2012 7:45:06 PM - Software Distribution Service 3.0
RP284: 5/20/2012 5:39:12 AM - Software Distribution Service 3.0
RP285: 5/20/2012 2:11:26 PM - Software Distribution Service 3.0
RP286: 5/21/2012 6:51:35 AM - Software Distribution Service 3.0
RP287: 5/21/2012 11:59:56 PM - Software Distribution Service 3.0
RP288: 5/22/2012 11:45:08 PM - Installed Java™ 7 Update 4
RP289: 5/22/2012 11:50:59 PM - Installed JavaFX 2.1.0
RP290: 5/23/2012 12:16:23 AM - Software Distribution Service 3.0
RP291: 5/23/2012 3:01:20 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Browser Defender 3.0
DVD Solution
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HitmanPro 3.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Internet Explorer (Enable DEP)
J2SE Runtime Environment 5.0 Update 2
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
Lexmark 3400 Series
Lexmark Fax Solutions
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Power2Go 4.0
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
RegWork
Sandboxie 3.68 (32-bit)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Soft Data Fax Modem with SmartCP
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows PowerShell™ 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
5/23/2012 8:42:36 AM, error: Service Control Manager [7034] - The lxcy_device service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Owner at 9:00:45 on 2012-05-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.59 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Browser Defender\BDTUpdateService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Defender\FGuard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.semo.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\browser defender\PCTBrowserDefender.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\browser defender\PCTBrowserDefender.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\browser defender\PCTBrowserDefender.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCTools FGuard] c:\program files\browser defender\FGuard.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6A321DC9-E828-4D9A-8EC4-7E6D3D74B329} : DhcpNameServer = 192.168.1.254
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\browser defender\BDTUpdateService.exe [2011-11-7 337872]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-6 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-6 22344]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-4-10 135440]
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\program files\emsisoft anti-malware\a2ddax86.sys --> c:\program files\emsisoft anti-malware\a2ddax86.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-26 136176]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-3-18 105288]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\owner\locals~1\temp\aticdsdr.sys --> c:\docume~1\owner\locals~1\temp\ATICDSDr.sys [?]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2011-11-6 69692]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-26 136176]
.
=============== Created Last 30 ================
.
2012-05-23 05:17:29 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bbb1553e-d49e-423a-8f18-a1f1df1c4fe9}\mpengine.dll
2012-05-23 05:12:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2012-05-23 04:51:04 -------- d-----w- c:\program files\Oracle
2012-05-23 04:49:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-23 04:49:46 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-23 04:49:44 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-22 07:09:00 -------- d-----w- c:\program files\New Folder
2012-05-22 05:00:22 6737808 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-20 18:11:14 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-05-15 12:47:08 215920 ----a-w- c:\windows\system32\muweb.dll
2012-05-14 15:49:59 -------- d-----w- C:\remote-service
2012-05-13 15:21:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-10 20:33:44 -------- d-----w- c:\documents and settings\owner\application data\searchresultstb
2012-05-10 20:29:23 -------- d-----w- c:\documents and settings\owner\application data\Ask.com
2012-05-10 20:28:58 -------- d-----w- c:\documents and settings\all users\application data\RegWork
2012-05-10 20:28:29 -------- d-----w- c:\documents and settings\owner\application data\RegWork
2012-05-10 00:01:18 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-05-10 00:01:18 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-05-10 00:01:18 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-05-10 00:01:18 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-05-09 23:56:32 31744 ----a-w- c:\windows\system32\fxsroute.dll
2012-05-09 23:56:32 132608 ----a-w- c:\windows\system32\fxsclntR.dll
2012-05-09 23:56:32 11264 ----a-w- c:\windows\system32\fxssend.exe
2012-05-09 23:56:32 111104 ----a-w- c:\windows\system32\fxscfgwz.dll
2012-05-09 20:28:43 69632 ---ha-w- c:\windows\Alcmtr.exe
2012-05-06 16:50:23 -------- d-----w- c:\documents and settings\all users\application data\Driver Tool
2012-05-06 16:37:24 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-05-06 16:36:37 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2012-05-03 15:56:57 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mozilla
2012-05-03 11:27:40 -------- d-----w- C:\Intel
2012-05-03 00:02:04 -------- d-----w- c:\windows\Performance
2012-05-03 00:01:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\Microsoft Corporation
2012-04-27 03:10:47 293376 ------w- c:\windows\system32\browserchoice.exe
2012-04-27 02:42:06 -------- d-----w- c:\documents and settings\owner\application data\S.A.D
2012-04-27 00:53:16 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
.
==================== Find3M ====================
.
2012-05-09 13:34:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 01:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-29 00:01:41 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-02-26 14:36:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 9:03:09.21 ===============




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-22 23:13:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 WDC_WD1200BB-00RDA0 rev.20.00K20
Running: 173qzr63[1].exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxtdypob.sys


---- System - GMER 1.0.15 ----

Code F7C39C9C ZwRequestPort
Code F7C39D3C ZwRequestWaitReplyPort
Code F7C39BFC ZwTraceEvent
Code F7C39C9B NtRequestPort
Code F7C39D3B NtRequestWaitReplyPort
Code F7C39BFB NtTraceEvent

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:06 PM

Posted 23 May 2012 - 03:19 PM

Good evening. :)

I downloaded Firefox from Soft32 website, Himan Pro found an infection, a generic virus.

It is advisable to always download installation files from the home websites. Some software sites don't offer the original installation files, but have downloaders that give access to them once run - see here for an example. It looks like the scanner picked this up when it scanned the file in question. It's probably not malicious as such, but the code probably shares some components with know malware so it gets flagged as dubious.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I did a scan with Kaspersky TDSSKiller and it found a few rootkits.

The detections are flagged with the legend ( UnsignedFile.Multi.Generic ) - warning. These are not rootkits, but files that don't have a digital signature - see here for an explanation. Not all legitimate files have signatures, so this is no guarantee of maliciousness.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Are you seeing any indications of malware - pop-ups, browser redirections, etc?

So long, and thanks for all the fish.

 

 


#3 Reethu

Reethu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 23 May 2012 - 09:39 PM

Thanks for the reply :) . So everything's ok with my PC? Are the logs clean?

Edited by Reethu, 23 May 2012 - 09:42 PM.


#4 Reethu

Reethu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 23 May 2012 - 09:49 PM

There's also something else that I did, before I came here. I ran a scan with Emnisoft Anti-Malware and there were certain detections that I cleaned.


Emsisoft Anti-Malware - Version 6.0
Last update: N/A

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
Scan archives: On
ADS Scan: On

Scan start: 12/12/2011 12:01:53 PM

Value: hkey_local_machine\software\microsoft\windows\currentversion\run --> reminder detected: Trace.Registry.ftpattack!E1
D:\i386\Apps\App17981\comps\toolbar\toolbr.exe detected: Adware.Win32.SearchIt.t!E1

Scanned 494334
Found 2

Scan end: 12/12/2011 1:06:51 PM
Scan time: 1:04:58

D:\i386\Apps\App17981\comps\toolbar\toolbr.exe Quarantined Adware.Win32.SearchIt.t!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\run --> reminder Quarantined Trace.Registry.ftpattack!E1

Quarantined 3


Later I scanned once again:


Emsisoft Anti-Malware - Version 6.0
Last update: 12/12/2011 1:18:45 PM

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
Scan archives: On
ADS Scan: On

Scan start: 12/12/2011 1:20:04 PM

D:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP59\A0008340.exe detected: Adware.Win32.SearchIt.t!E1

Scanned 494525
Found 1

Scan end: 12/12/2011 2:41:01 PM
Scan time: 1:20:57

D:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP59\A0008340.exe Quarantined Adware.Win32.SearchIt.t!E1

Quarantined 2

Then a last scan, gave me clean results, after quarantining them

Emsisoft Anti-Malware - Version 6.0
Last update: 12/12/2011 10:46:15 PM

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
Scan archives: On
ADS Scan: On

Scan start: 12/12/2011 10:46:26 PM


Scanned 0
Found 0

Scan end: 12/12/2011 10:55:15 PM
Scan time: 0:08:49


One of the websites told me that it was Ask toolbar that was installed while I downloaded the software from the website. They adviced me to make certain changes to HijackThis entries and helped me clean it completly.

Edited by Reethu, 23 May 2012 - 09:50 PM.


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:06 PM

Posted 24 May 2012 - 02:53 PM

Good evening. :)

So everything's ok with my PC? Are the logs clean?

I asked the question in my previous post - "Are you seeing any indications of malware - pop-ups, browser redirections, etc?". I assume that the answer is No as you haven't said otherwise, but it would have helped if you had simply answered it.

I don't see anything untoward in the logs that you have posted, but if you are seeing signs of an infection then there is something that i've missed. If you aren't seeing anything, then i'd go with the idea that you have just seen some minor consequences of not using the original site to download files and also assuming that all that all that is detected by TDSSKiller is a rootkit.

One of the websites told me that it was Ask toolbar that was installed while I downloaded the software from the website. They adviced me to make certain changes to HijackThis entries and helped me clean it completly.

The bundling of the Ask toolbar is one of the reasons why you should avoid downloading software from certain download sites, so it is quite possible that that was what the file was.

So long, and thanks for all the fish.

 

 


#6 Reethu

Reethu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 24 May 2012 - 10:08 PM

Nope I don't see any indications of malware, pop-ups, browser redirections anymore :)

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:06 PM

Posted 25 May 2012 - 02:47 PM

Good evening. :)

In which case, you're good to go as far as I can tell - safe surfing.

So long, and thanks for all the fish.

 

 


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:06 PM

Posted 30 May 2012 - 02:38 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users