two computers in the same room are involved (i'll call them pc-1 and pc-2)
they're connected to the same modem but otherwise not connected
course of events as follows:
i run some .exe that is obviously meant to infect my computer (but i do it on someone's recommendation and don't think); momentarily i receive a panda notification - i do a hard reset & unplug lan; after booting i try to see what's going on and look into processes and installed programs and i see new fuzzy creatures; at first, i angrily start deleting stuff by hand but eventually stop and turn on mbam
i run mbam and panda scans and there are positives (i can submit it); second scan, third reboot - there are 0 positives in both
i also run gmer, tdsskiller and malwarebytes anti-rootkit
- i'm incapable to interpret gmer results but superficially, after some googling, they didn't seem problematic (submitted below)
- tdsskiller: 0 positives
- malwarebytes anti-rootkit: when it finishes it closes (tried several times; ran it from desktop) and i don't get an opportunity to see the results in the program, but it created a log that seemed kinda normal to me (i can post it too)
*everything works fine on this machine*
at some point, i unplug a usb flash drive that was there more or less the whole time (forgot to remove it)
i absentmindedly plug that flash drive into pc-2 and move a file from it to hd; then i remove the flash drive
i realize that i'm being dumb and run some scans and they are negative
a bit later, instead waking from sleep normally, pc-2 performs a chkdsk of C (submitted below)
it doesn't seem bad but it's weird
*this machine also works fine and a subequent chkdsk is 100% normal*
the question: should i be worried?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~gmer on pc-1~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-06-22 10:18:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-22A7B0 rev.01.03B01 465.76GB
Running: 7rfczy26.exe; Driver: C:\Users\ ... \AppData\Local\Temp\pftdqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002e04000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff80002e04042 4 bytes [14, 00, 00, 00]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000e4300 7 bytes [00, A1, F3, FF, 41, B4, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000e4308 3 bytes [00, 07, 02]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b0d0c2676 (not active ControlSet)
---- EOF - GMER 2.1 ----
~~~~~~~~~~~~~~~~~~~~~~~~~~~~chkdsk on pc-2~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking file system on C:
The type of the file system is NTFS.
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 3)...
203776 file records processed. File verification completed.
382 large file records processed. 0 bad file records processed. 2 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)...
265338 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)...
203776 file SDs/SIDs processed. Cleaning up 502 unused index entries from index $SII of file 0x9.
Cleaning up 502 unused index entries from index $SDH of file 0x9.
Cleaning up 502 unused security descriptors.
Security descriptor verification completed.
30782 data files processed. CHKDSK is verifying Usn Journal...
36215696 USN bytes processed. Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system
Edited by bob1771, 22 June 2015 - 07:21 AM.