Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection, GMER log


  • This topic is locked This topic is locked
2 replies to this topic

#1 lightxdark7

lightxdark7

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 12 November 2015 - 01:23 AM

Hello. I'd like to say that the first 8 things that popped up in the log sort of scare me. I'm no expert on these sort of things. Can someone take a look at them please?

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-11-12 01:06:53
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d TOSHIBA_MQ01ABD100 rev.AX003J 931.51GB
Running: m7xbc2q7.exe; Driver: C:\Users\THERASH\AppData\Local\Temp\ugldrpow.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text   C:\Program Files\CCleaner\CCleaner64.exe[6388] C:\WINDOWS\system32\USER32.dll!ShowScrollBar    00007ffaf02b1150 5 bytes JMP 00007ffb70320018
.text   C:\Program Files\CCleaner\CCleaner64.exe[6388] C:\WINDOWS\system32\USER32.dll!SetScrollInfo    00007ffaf02bc770 5 bytes JMP 00007ffb702d0018
.text   C:\Program Files\CCleaner\CCleaner64.exe[6388] C:\WINDOWS\system32\USER32.dll!GetScrollInfo    00007ffaf02c66f0 5 bytes JMP 00007ffb702e0018
.text   C:\Program Files\CCleaner\CCleaner64.exe[6388] C:\WINDOWS\system32\USER32.dll!SetScrollRange   00007ffaf02c90c0 5 bytes JMP 00007ffb702f0018
.text   C:\Program Files\CCleaner\CCleaner64.exe[6388] C:\WINDOWS\system32\USER32.dll!SetScrollPos     00007ffaf02e50d0 5 bytes JMP 00007ffb70360018
.text   C:\Program Files\CCleaner\CCleaner64.exe[6388] C:\WINDOWS\system32\USER32.dll!EnableScrollBar  00007ffaf02e7340 5 bytes JMP 00007ffb70300018
.text   C:\Program Files\CCleaner\CCleaner64.exe[6388] C:\WINDOWS\system32\USER32.dll!GetScrollPos     00007ffaf02efcc0 5 bytes JMP 00007ffb70310018
.text   C:\Program Files\CCleaner\CCleaner64.exe[6388] C:\WINDOWS\system32\USER32.dll!GetScrollRange   00007ffaf033ed20 5 bytes JMP 00007ffb70350018
 
---- Threads - GMER 2.1 ----
 
Thread  C:\WINDOWS\system32\csrss.exe [580:4564]                                                       fffff960008fc2d0
Thread  C:\WINDOWS\System32\svchost.exe [932:5708]                                                     00007ffad8ab6370
Thread  C:\WINDOWS\System32\svchost.exe [932:5204]                                                     00007ffad8ab98f0
Thread  C:\WINDOWS\System32\svchost.exe [932:6608]                                                     00007ffae7ff1120
Thread  C:\WINDOWS\system32\svchost.exe [976:1164]                                                     00007ffae66dd0f0
Thread  C:\WINDOWS\system32\svchost.exe [1304:1696]                                                    00007ffae6df49c0
Thread  C:\WINDOWS\system32\svchost.exe [1304:6404]                                                    00007ffae6df65a0
Thread  C:\WINDOWS\system32\svchost.exe [1304:1896]                                                    00007ffae7092150
Thread  C:\WINDOWS\system32\svchost.exe [1304:2344]                                                    00007ffae65c1600
Thread  C:\WINDOWS\system32\svchost.exe [1304:4428]                                                    00007ffae5961b70
Thread  C:\WINDOWS\system32\svchost.exe [1304:4440]                                                    00007ffae67d7470
Thread  C:\WINDOWS\system32\svchost.exe [2580:2468]                                                    00007ffae7ff1120
Thread  C:\WINDOWS\system32\svchost.exe [2580:2536]                                                    00007ffae800b270
Thread  C:\WINDOWS\Explorer.EXE [3496:5000]                                                            00007ffada4e2710
Thread  C:\WINDOWS\Explorer.EXE [3496:1824]                                                            00007ffae9221120
Thread  C:\WINDOWS\Explorer.EXE [3496:2756]                                                            00007ffae5139970
Thread  C:\Windows\System32\SettingSyncHost.exe [6864:5796]                                            00007ffad83a7090
 
---- Disk sectors - GMER 2.1 ----
 
Disk    \Device\Harddisk0\DR0                                                                          unknown MBR code
 
---- EOF - GMER 2.1 ----


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:43 AM

Posted 12 November 2015 - 04:25 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:43 AM

Posted 18 November 2015 - 04:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users