Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

weird virus operating from hidden partition


  • Please log in to reply
34 replies to this topic

#1 fzx

fzx

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 17 April 2013 - 01:32 PM

- <System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="32768">1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-04-17T15:48:12.000Z" />
<EventRecordID>3082</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>fzxx-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-3365342374-357495599-3894976697-1000_Classes: Process 4960 (\Device\HarddiskVolume2\Windows\System32\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-3365342374-357495599-3894976697-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache</Data>
</EventData>
</Event>

 



BC AdBot (Login to Remove)

 


#2 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 17 April 2013 - 02:26 PM

im sorry i know yhats not how your supposed to start but i had to save the information someware and i think i need your help so il start over tomorrow its to late here



#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:30 PM

Posted 17 April 2013 - 06:40 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif NOTE. Make sure all logs are pasted not attached.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 April 2013 - 05:30 PM

Results of screen317's Security Check version 0.99.62  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security Online   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 7 Update 17  
 Adobe Flash Player     11.7.700.169  
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````



#5 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 April 2013 - 05:33 PM

Farbar Service Scanner Version: 14-04-2013
Ran by atien (ATTENTION: The logged in user is not administrator) on 19-04-2013 at 00:32:42
Running from "C:\Users\atien\Downloads\Programs"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-04-15 00:27] - [2013-01-04 13:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#6 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 April 2013 - 05:36 PM

MiniToolBox by Farbar  Version:05-03-2013
Ran by atien (ATTENTION: The logged in user is not administrator) on 19-04-2013 at 00:35:17
Running from "C:\Users\atien\Downloads\Programs"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Trådløs nettverkstilkobling (Connected)
TAP-Win32 Adapter V9 = Lokal tilkobling 2 (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Lokal tilkobling (Media disconnected)


# ----------------------------------
# IPv4-konfigurasjon
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Tr†dl›s nettverkstilkobling" nexthop=10.0.0.138 metric=1
add address name="Tr†dl›s nettverkstilkobling" address=10.0.0.57


popd
# Slutt p† IPv4-konfigurasjon



Windows IP-konfigurasjon

   Vertsnavn   . . . . . . . . . . . : fzxx-PC
   Prim‘r DNS-suffiks  . . . . . . . :
   Nodetype  . . . . . . . . . . . . : Hybrid
   IP-ruting aktivert  . . . . . . . : Nei
   WINS Proxy aktivert . . . . . . . : Nei

Tr†dl›st LAN-kort Tr†dl›s nettverkstilkobling:

   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Fysisk adresse  . . . . . . . . . : 00-22-FA-28-1B-EC
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja
   Koblingslokal IPv6-adresse. . . . : fe80::6d8d:cfb2:ed37:ade1%16(Foretrukket)
   IPv4-adresse. . . . . . . . . . . : 10.0.0.57(Foretrukket)
   Nettverksmaske . . . . . . . . . .: 255.255.255.0
   Standard gateway . . . . . . . . .: 10.0.0.138
   DHCPv6-IAID . . . . . . . . . . . : 268444410
   DHCPv6 klient-DUID. . . . . . . . : 00-01-00-01-18-EB-50-89-00-1F-16-AF-D9-4C
   DNS-servere . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Aktivert

Ethernet-kort Lokal tilkobling 2:

   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : TAP-Win32 Adapter V9
   Fysisk adresse  . . . . . . . . . : 00-FF-6F-A2-BD-E6
   DHCP aktivert . . . . . . . . . . : Ja
   Automatisk konfigurasjon aktivert : Ja
   Koblingslokal IPv6-adresse. . . . : fe80::d5bf:299b:ca58:dfdc%14(Foretrukket)
   IPv4-adresse. . . . . . . . . . . : 10.117.1.6(Foretrukket)
   Nettverksmaske . . . . . . . . . .: 255.255.255.252
   Leieavtale inng†tt. . . . . . . . : 19. april 2013 00:21:50
   Leieavtale utl›per. . . . . . . . : 19. april 2014 00:21:49
   Standard gateway . . . . . . . . .:
   DHCP-server . . . . . . . . . . . : 10.117.1.5
   DHCPv6-IAID . . . . . . . . . . . : 234946415
   DHCPv6 klient-DUID. . . . . . . . : 00-01-00-01-18-EB-50-89-00-1F-16-AF-D9-4C
   DNS-servere . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Aktivert

Ethernet-kort Lokal tilkobling:

   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Fysisk adresse  . . . . . . . . . : 00-1F-16-AF-D9-4C
   DHCP aktivert . . . . . . . . . . : Ja
   Automatisk konfigurasjon aktivert : Ja

Tunnelkort Lokal tilkobling*:

   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : isatap.{AA5C005F-E42A-4F39-ABF9-BA282B69063D}
   Fysisk adresse  . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja

Tunnelkort Lokal tilkobling* 3:

   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Fysisk adresse  . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja

Tunnelkort Lokal tilkobling* 2:

   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : 6TO4 Adapter
   Fysisk adresse  . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja

Tunnelkort Lokal tilkobling* 6:

   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Fysisk adresse  . . . . . . . . . : 02-00-54-55-4E-01
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja

Tunnelkort Lokal tilkobling* 12:

   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : isatap.{6FA2BDE6-114D-4E5A-80DF-211B6D8185E3}
   Fysisk adresse  . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Navn:    google.com
Addresses:  2a00:1450:4001:c02::71
      173.194.70.113
      173.194.70.138
      173.194.70.100
      173.194.70.102
      173.194.70.101
      173.194.70.139



Pinger google.com [173.194.70.139] med 32 byte data:

Generell feil.

Generell feil.



Ping-statistikker for 173.194.70.139:

    Pakker: sendt = 2, mottatt = 0, tapt = 2 (100% tap),

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Navn:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24



Pinger yahoo.com [98.139.183.24] med 32 byte data:

Generell feil.

Generell feil.



Ping-statistikker for 98.139.183.24:

    Pakker: sendt = 2, mottatt = 0, tapt = 2 (100% tap),



Pinger 127.0.0.1 med 32 byte data:

Generell feil.

Generell feil.



Ping-statistikker for 127.0.0.1:

    Pakker: sendt = 2, mottatt = 0, tapt = 2 (100% tap),

===========================================================================
Grensesnittliste
 16 ...00 22 fa 28 1b ec ...... Intel® WiFi Link 5100 AGN
 14 ...00 ff 6f a2 bd e6 ...... TAP-Win32 Adapter V9
 11 ...00 1f 16 af d9 4c ...... Broadcom NetLink ™ Gigabit Ethernet
  1 ........................... Software Loopback Interface 1
 12 ...00 00 00 00 00 00 00 e0  isatap.{AA5C005F-E42A-4F39-ABF9-BA282B69063D}
 17 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
 10 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 15 ...00 00 00 00 00 00 00 e0  isatap.{6FA2BDE6-114D-4E5A-80DF-211B6D8185E3}
===========================================================================

IPv4 rutetabell
===========================================================================
Aktive ruter:
Nettverksm†l   Nettverksmaske          Gateway     Grensesnitt Metrikk
          0.0.0.0          0.0.0.0       10.0.0.138        10.0.0.57     51
          0.0.0.0        128.0.0.0       10.117.1.5       10.117.1.6     30
         10.0.0.0    255.255.255.0         Ved LAN         10.0.0.57    281
        10.0.0.57  255.255.255.255         Ved LAN         10.0.0.57    281
       10.0.0.255  255.255.255.255         Ved LAN         10.0.0.57    281
       10.117.1.1  255.255.255.255       10.117.1.5       10.117.1.6     30
       10.117.1.4  255.255.255.252         Ved LAN        10.117.1.6    286
       10.117.1.6  255.255.255.255         Ved LAN        10.117.1.6    286
       10.117.1.7  255.255.255.255         Ved LAN        10.117.1.6    286
  109.201.152.225  255.255.255.255       10.0.0.138        10.0.0.57     25
        127.0.0.0        255.0.0.0         Ved LAN         127.0.0.1    306
        127.0.0.1  255.255.255.255         Ved LAN         127.0.0.1    306
  127.255.255.255  255.255.255.255         Ved LAN         127.0.0.1    306
        128.0.0.0        128.0.0.0       10.117.1.5       10.117.1.6     30
        224.0.0.0        240.0.0.0         Ved LAN         127.0.0.1    306
        224.0.0.0        240.0.0.0         Ved LAN        10.117.1.6    286
        224.0.0.0        240.0.0.0         Ved LAN         10.0.0.57    281
  255.255.255.255  255.255.255.255         Ved LAN         127.0.0.1    306
  255.255.255.255  255.255.255.255         Ved LAN        10.117.1.6    286
  255.255.255.255  255.255.255.255         Ved LAN         10.0.0.57    281
===========================================================================
Faste ruter:
  Nettverksadresse          Nettverksmaske  Gateway-adresse  Metrisk
          0.0.0.0          0.0.0.0       10.0.0.138       1
===========================================================================

IPv6 rutetabell
===========================================================================
Aktive ruter:
 Gr Metr.  Nettv.  M†l              Gateway
  1    306 ::1/128                  Ved LAN
 14    286 fe80::/64                Ved LAN
 16    281 fe80::/64                Ved LAN
 16    281 fe80::6d8d:cfb2:ed37:ade1/128
                                    Ved LAN
 14    286 fe80::d5bf:299b:ca58:dfdc/128
                                    Ved LAN
  1    306 ff00::/8                 Ved LAN
 14    286 ff00::/8                 Ved LAN
 16    281 ff00::/8                 Ved LAN
===========================================================================
Faste ruter:
  Ingen
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/19/2013 00:03:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2013 00:03:05 AM) (Source: Windows Search Service) (User: )
Description: Kan ikke initialisere programmet.

Kontekst: Windows-program

Detaljer:
    Filen eller mappen er skadet og kan ikke leses.   (0x80070570)

Error: (04/19/2013 00:03:05 AM) (Source: Windows Search Service) (User: )
Description: Kan ikke initialisere Innsamler-objektet.

Kontekst: Windows-program, SystemIndex-katalog

Detaljer:
    Filen eller mappen er skadet og kan ikke leses.   (0x80070570)

Error: (04/19/2013 00:03:05 AM) (Source: Windows Search Service) (User: )
Description: Kan ikke initialisere plugin-modulen <Search.TripoliIndexer>.

Kontekst: Windows-program, SystemIndex-katalog

Detaljer:
    Kan ikke lese innholdsindeksen.   (0xc0041800)

Error: (04/19/2013 00:03:05 AM) (Source: Windows Search Service) (User: )
Description: Søketjenesten har oppdaget ødelagte datafiler i indeksen. Tjenesten vil forsøke å rette dette problemet automatisk ved å bygge indeksen på nytt.

Kontekst: Windows-program, SystemIndex-katalog

Detaljer:
    Kan ikke lese metadataene for innholdsindeksen.   0xc0041801 (0xc0041801)

Error: (04/19/2013 00:03:05 AM) (Source: Windows Search Service) (User: )
Description: Søketjenesten har oppdaget ødelagte datafiler i indeksen. Tjenesten vil forsøke å rette dette problemet automatisk ved å bygge indeksen på nytt.

Detaljer:
    Kan ikke lese metadataene for innholdsindeksen.   0xc0041801 (0xc0041801)

Error: (04/17/2013 07:23:32 PM) (Source: Application Error) (User: )
Description: Program med feil mmc.exe, versjon 6.0.6002.18005, tidsangivelse 0x49e01c0a, modul med feil unknown, versjon 0.0.0.0, tidsangivelse 0x00000000, unntakskode 0xc0000005, feilforskyvning 0x00000000,
prosess-ID 0x%9, starttid for program 0xmmc.exe0.

Error: (04/17/2013 05:39:57 PM) (Source: Windows Search Service) (User: )
Description: Oppføringen <C:\USERS\FX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FE44MMR4.DEFAULT\CACHE\9> i nummertilordningen kan ikke oppdateres.

Kontekst: -program, SystemIndex-katalog

Detaljer:
    En enhet koblet til systemet virker ikke.   (0x8007001f)

Error: (04/17/2013 05:39:57 PM) (Source: Windows Search Service) (User: )
Description: Oppføringen <C:\USERS\FX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FE44MMR4.DEFAULT\CACHE\9> i nummertilordningen kan ikke oppdateres.

Kontekst: -program, SystemIndex-katalog

Detaljer:
    En enhet koblet til systemet virker ikke.   (0x8007001f)

Error: (04/17/2013 05:39:57 PM) (Source: Windows Search Service) (User: )
Description: Oppføringen <C:\USERS\FX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FE44MMR4.DEFAULT\CACHE\8> i nummertilordningen kan ikke oppdateres.

Kontekst: -program, SystemIndex-katalog

Detaljer:
    En enhet koblet til systemet virker ikke.   (0x8007001f)


System errors:
=============
Error: (04/19/2013 00:21:48 AM) (Source: Dhcp) (User: )
Description: IP-adresseleasingavtalen 10.116.1.6 for nettverkskortet med nettverksadressen 00FF6FA2BDE6 ble avslått av DHCP-serveren 10.117.1.5 (DHCP-serveren sendte en DHCPNACK-melding).

Error: (04/19/2013 00:13:05 AM) (Source: Ntfs) (User: )
Description: Filsystemstrukturen på disken er skadet og kan ikke brukes.
Kjør verktøyet for kontroll av disk på volumet ACER.

Error: (04/19/2013 00:12:52 AM) (Source: Ntfs) (User: )
Description: Filsystemstrukturen på disken er skadet og kan ikke brukes.
Kjør verktøyet for kontroll av disk på volumet ACER.

Error: (04/19/2013 00:12:48 AM) (Source: Ntfs) (User: )
Description: Filsystemstrukturen på disken er skadet og kan ikke brukes.
Kjør verktøyet for kontroll av disk på volumet ACER.

Error: (04/19/2013 00:11:51 AM) (Source: Ntfs) (User: )
Description: Filsystemstrukturen på disken er skadet og kan ikke brukes.
Kjør verktøyet for kontroll av disk på volumet ACER.

Error: (04/19/2013 00:11:21 AM) (Source: Ntfs) (User: )
Description: Filsystemstrukturen på disken er skadet og kan ikke brukes.
Kjør verktøyet for kontroll av disk på volumet C:.

Error: (04/19/2013 00:06:08 AM) (Source: Ntfs) (User: )
Description: Filsystemstrukturen på disken er skadet og kan ikke brukes.
Kjør verktøyet for kontroll av disk på volumet ACER.

Error: (04/19/2013 00:05:25 AM) (Source: Ntfs) (User: )
Description: Filsystemstrukturen på disken er skadet og kan ikke brukes.
Kjør verktøyet for kontroll av disk på volumet ACER.

Error: (04/19/2013 00:05:25 AM) (Source: Ntfs) (User: )
Description: Filsystemstrukturen på disken er skadet og kan ikke brukes.
Kjør verktøyet for kontroll av disk på volumet C:.

Error: (04/19/2013 00:05:24 AM) (Source: Ntfs) (User: )
Description: Filsystemstrukturen på disken er skadet og kan ikke brukes.
Kjør verktøyet for kontroll av disk på volumet ACER.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-04-18 23:36:54.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-18 23:36:54.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-18 23:36:53.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-18 23:36:53.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-18 23:36:53.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-18 23:36:52.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-18 23:36:52.623
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-18 23:36:52.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-18 23:03:00.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-18 23:03:00.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (Version: 3.2.2.28500)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe (Version: 2.5.6121)
Acer Crystal Eye webcam Ver:1.1.79.326 (Version: 1.1.79.326)
Acer eRecovery Management (Version: 4.00.3008)
Acer GridVista (Version: 2.72.317)
Acer PowerSmart Manager (Version: 4.01.3016)
Acer Product Registration (Version: 3.0.0.10)
Acer VCM (Version: 4.00.3004)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Reader X (10.1.0) - Norsk (Version: 10.1.0)
Agere Systems HDA Modem
Airport Mania First Flight
ALPS Touch Pad Driver (Version: 7.5.2015.101)
AmIcoSingLun (Version: 1.2.117.1)
Broadcom Gigabit NetLink Controller (Version: 11.34.02)
C:\Program Files\Acer GameZone\GameConsole (Version: 2.0.1.6)
Cake Mania 2
CCleaner (Version: 4.00)
Choice Guard (Version: 1.2.87.0)
COMODO Internet Security (Version: 6.0.64131.2674)
Compatibility Pack for 2007 Office (Version: 12.0.4518.1022)
Cooking Dash
Cradle of Rome
Dairy Dash
Dream Day Honeymoon
FreeCommander 2009.02b (Version: 2009.02)
Gadwin PrintScreen (Version: 4.7)
Galapago
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Intel Processor Diagnostic Tool  (Version: 19.0.0)
Internet Download Manager
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Jewel Quest Solitaire
Junk Mail filter update (Version: 14.0.8050.1202)
LatencyMon 5.00
Launch Manager (Version: 2.0.01)
Luxor 2
Mahjong Escape Ancient China
Microsoft .NET Framework 3.5 Language Pack SP1 - nor (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 (Version: 12.0.6215.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint Viewer 2007 (Norwegian (Bokmål)) (Version: 12.0.4518.1022)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Norwegian (Bokmål)) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Norwegian (Nynorsk)) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (Norwegian (Bokmål)) 2007 (Version: 12.0.4518.1022)
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 (Version: 12.0.6215.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 (Version: 12.0.6215.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MozBackup 1.5.1
Mozilla Firefox 20.0.1 (x86 nb-NO) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Internet Security (Version: 20.3.1.22)
NTI Backup Now 5 (Version: 5.1.2.616)
NTI Backup Now Standard (Version: 5.1.2.616)
NTI Media Maker 8 (Version: 8.0.2.6509)
NVIDIA Driver for HD-lyd 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Grafikkdriver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA kontrollpanel 307.83 (Version: 307.83)
NVIDIA oppdateringer 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX systemprogramvare 9.12.0604 (Version: 9.12.0604)
NVIDIA Update Components (Version: 1.10.8)
Ocean Express
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Opplastingsverktøy for Windows Live (Version: 14.0.8014.1029)
Orion (Version: 2.5.0)
Parking Dash
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Private Internet Access Support Files (Version: 1.0.0.0)
Puzzle Express
Påloggingsassistent for Windows Live (Version: 5.000.817.1)
Rainbow Web
Realtek High Definition Audio Driver (Version: 6.0.1.5992)
Språkpakke for Microsoft .NET Framework 3.5 SP1 - NOR
System Requirements Lab for Intel (Version: 4.5.13.0)
Tradewinds 2
TreeSize Free V2.7 (Version: 2.7)
Tri-Peaks Solitaire To Go
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Office 2007 (KB946691)
VLC media player 2.0.5 (Version: 2.0.5)
Wedding Dash
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Fotogalleri (Version: 14.0.8051.1204)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Writer (Version: 14.0.8050.1202)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Zuma Deluxe

========================= Devices: ================================

Name: Nuvoton EC Generic HID
Description: Nuvoton EC Generic HID
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Nuvoton Technology Corporation
Service: nuvotonhidgeneric
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 3065.98 MB
Available physical RAM: 1133.03 MB
Total Pagefile: 6334.27 MB
Available Pagefile: 4237.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.69 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:449.16 GB) (Free:268.51 GB) NTFS
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:8.97 GB) NTFS

========================= Users: ========================================

Brukerkontoer for \\FZXX-PC

Administrator            atien                    fx                       
Gjest                    UpdatusUser              
Kommandoen er fullf›rt.


**** End of log ****



#7 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 April 2013 - 05:54 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.18.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
fx :: FZXX-PC [administrator]

19.04.2013 00:40:39
mbam-log-2013-04-19 (00-40-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245506
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#8 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 April 2013 - 05:57 PM

the notepad opened automaticly i couldent

 

When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:30 PM

Posted 18 April 2013 - 06:02 PM

Nothing to remove so go ahead with next scan.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 April 2013 - 06:13 PM

much of the eventlog has been removed but i saved som here they are

 

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-HttpEvent" Guid="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" EventSourceName="HTTP" />
  <EventID Qualifiers="49152">15016</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-04-01T14:34:38.617Z" />
  <EventRecordID>22315</EventRecordID>
  <Correlation />
  <Execution ProcessID="4" ThreadID="52" />
  <Channel>System</Channel>
  <Computer>fzx-PC</Computer>
  <Security />
  </System>
- <EventData>
  <Data Name="DeviceObject">\Device\Http\ReqQueue</Data>
  <Data Name="SecurityPackage">Kerberos</Data>
  <Binary>000004000200300000000000A83A00C00000000000000000000000000000000000000000000000000E030980</Binary>
  </EventData>
  </Event>


- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Ntfs" />
  <EventID Qualifiers="49156">55</EventID>
  <Level>2</Level>
  <Task>2</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-04-01T15:02:35.175Z" />
  <EventRecordID>23369</EventRecordID>
  <Channel>System</Channel>
  <Computer>fzxx-PC</Computer>
  <Security />
  </System>
- <EventData>
  <Data />
  <Data>\Device\HarddiskVolume4</Data>
  <Binary>0C000C000200380002000000370004C000000000020100C000000000000000000000000000000000050305002800000000000100</Binary>
  </EventData>
  </Event>



#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:30 PM

Posted 18 April 2013 - 06:24 PM

This is not what I asked for.

You still need to....

 

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE

  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 April 2013 - 06:31 PM

its still scanning il post when its done



#13 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 April 2013 - 06:37 PM

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.18.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
fx :: FZXX-PC [administrator]

19.04.2013 01:32:52
mbar-log-2013-04-19 (01-32-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28493
Time elapsed: 21 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#14 fzx

fzx
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 April 2013 - 06:40 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 3214917632, free: 1609056256

------------ Kernel report ------------
     04/19/2013 01:10:00
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\Drivers\UBHelper.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NIS\1403010.016\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NIS\1403010.016\SYMEFA.SYS
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60x.sys
\SystemRoot\system32\DRIVERS\NETw5v32.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\drivers\NIS\1403010.016\ccSetx86.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\FPSensor.sys
\SystemRoot\system32\drivers\NIS\1403010.016\Ironx86.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\NIS\1403010.016\SYMTDIV.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\NIS\1403010.016\SRTSPX.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130417.001\IDSvix86.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\NIS\1403010.016\SRTSP.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130418.005\NAVEX15.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130418.005\NAVENG.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86ac53c0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff85705028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86ac5ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8573d028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Downloaded database version: v2013.04.18.10
Downloaded database version: v2013.04.17.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86ac5ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff869c2138, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86ac5ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8573d028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffae6c54f8, 0xffffffff86ac5ac8, 0xffffffff86a4cac8
Lower DeviceData: 0xffffffffb6a6b558, 0xffffffff8573d028, 0xffffffff86305040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 800ABA50

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 28672000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 28674048  Numsec = 941950976
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 970625024  Numsec = 6146048

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86ac53c0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86bc8d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86ac53c0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85705028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffb6df1710, 0xffffffff86ac53c0, 0xffffffff863ab0b8
Lower DeviceData: 0xffffffff9e4ac908, 0xffffffff85705028, 0xffffffff86526208
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2457BFA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976769024
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: c:\Users\atien\Desktop\bil\super_pi_mod.exe --> [Malware.Gen]
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86ac53c0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff85705028
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xffffffff86526208
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86ac5ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8573d028
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xffffffff86305040
Infected file c:\Users\atien\Desktop\bil\super_pi_mod.exe could not be remediated because backup file is not available
Done!
Scan finished
=======================================
 



#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:30 PM

Posted 18 April 2013 - 06:40 PM

I didn't see your last reply.


Edited by Broni, 18 April 2013 - 06:41 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users