Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security issue? or Hardware?


  • This topic is locked This topic is locked
6 replies to this topic

#1 GetInChopper

GetInChopper

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 01 October 2014 - 12:51 PM

For the last day, my laptop has been acting extremely strange.

 

I left it on sleep mode overnight on Monday, and when I woke up it had automatically shutdown. It didn't really strike me as anything, so I booted it back up. As Window 7 was loading, the computer had a hard shutdown with no signs of trouble. I booted it again and the same thing. I've also noticed that my fan is running at (what appears to be) top speed. It rarely does this, unless I'm playing a graphic intensive game. I thought that there was an issue with my processor, so I reapplied some heat paste to the cpu, but it didn't solve the problem. My fan is still running at max speed.

 

I'm starting to think that there might be some (serious) virus/malware behind this. I downloaded MalwareBytes and I've also download RogueKiller. I'm worried that PUM.dns might have something to do with it, but I'm not sure.

 

Here's a log from RogueKiller:

 

 

RogueKiller V9.2.13.0 (x64) [Sep 25 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KyleDes [Admin rights]
Mode : Scan -- Date : 10/01/2014  13:09:50
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63B6AF78-FFAD-4B28-9077-1E20C934519F} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{63B6AF78-FFAD-4B28-9077-1E20C934519F} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{63B6AF78-FFAD-4B28-9077-1E20C934519F} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 8 (Driver: LOADED) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x69db2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x69db2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x69db2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x69db2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x69db2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x69db2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x69db2c0
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\ETD @ Unknown (\SystemRoot\system32\drivers\ETD.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD050 SCSI Disk Device +++++
--- User ---
[MBR] 115fee5b7c83ff4fb0024ea448f54cb0
[BSP] cb30809d3cda6d3ec1ca9b0ba174b1b6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 490 MB
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1005568 | Size: 10240 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 21977088 | Size: 466208 MB
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )
 
+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 9316104665a782f81734208e2c0e3e52
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30432 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 


BC AdBot (Login to Remove)

 


#2 GetInChopper

GetInChopper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 01 October 2014 - 02:33 PM

This is my dds report

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:08 AM

Posted 06 October 2014 - 09:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#4 GetInChopper

GetInChopper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 06 October 2014 - 04:33 PM

Unfortunately, it looks like it may very well be a hardware issue.

 

The computer fails to fully start windows now (in either normal or safe mode). Whenever I get to the log-in screen for windows, the screen goes black and then the laptop shutsdown- once again, a hard shutdown with no warning.

 

I'm at the point where I can't even access windows to download any of these cleaning/virus removal softwares. I'm not sure what I can do now. 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:08 AM

Posted 07 October 2014 - 08:21 AM

I have mane a call to the experts in that field.

Someone should be contacting you soon using this topic.

#6 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:08 PM

Posted 08 October 2014 - 08:55 AM

Hi GetInChopper. My name is Naat and I will try to help you with your issues :)

Since it was two days from your last post, please let me know if you still need assisance and I will do my best.

Cheers,
Naat :)

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#7 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:08 PM

Posted 13 October 2014 - 03:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users