Jump to content

Glarner09

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you TwinHeadedEagle! The FARBAR scan results txt files are attached. Here are the results from the MB Anti-Rootkit Scan: Malwarebytes Anti-Rootkit BETA 1.08.2.1001 www.malwarebytes.org Database version: v2014.12.13.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.17183 Home :: WARREN-PC [administrator] 12/13/2014 1:12:15 AM mbar-log-2014-12-13 (01-12-15).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 533606 Time elapsed: 21 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) ************************************************************************* Malwarebytes Anti-Rootkit BETA 1.08.2.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.17183 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, J:\ DRIVE_FIXED CPU speed: 2.793000 GHz Memory total: 8580620288, free: 5735374848 Downloaded database version: v2014.12.13.02 Downloaded database version: v2014.12.08.03 Downloaded database version: v2014.12.06.01 ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... ------------ Kernel report ------------ 12/13/2014 01:11:57 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\drivers\bftpdskc64.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\DRIVERS\mfencbdc.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\LVPr2M64.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\system32\drivers\cfwids.sys \??\C:\Windows\system32\Drivers\PROCEXP113.SYS \SystemRoot\system32\DRIVERS\umpass.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\comdlg32.dll \Windows\System32\rpcrt4.dll \Windows\System32\urlmon.dll \Windows\System32\ws2_32.dll \Windows\System32\nsi.dll \Windows\System32\Wldap32.dll \Windows\System32\difxapi.dll \Windows\System32\imagehlp.dll \Windows\System32\msvcrt.dll \Windows\System32\kernel32.dll \Windows\System32\gdi32.dll \Windows\System32\imm32.dll \Windows\System32\shell32.dll \Windows\System32\iertutil.dll \Windows\System32\user32.dll \Windows\System32\lpk.dll \Windows\System32\normaliz.dll \Windows\System32\wininet.dll \Windows\System32\setupapi.dll \Windows\System32\psapi.dll \Windows\System32\shlwapi.dll \Windows\System32\clbcatq.dll \Windows\System32\msctf.dll \Windows\System32\ole32.dll \Windows\System32\usp10.dll \Windows\System32\advapi32.dll \Windows\System32\sechost.dll \Windows\System32\oleaut32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\devobj.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\wintrust.dll \Windows\System32\userenv.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\profapi.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa800a464790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa800a1e8b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa800a3c7060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000082\ Lower Device Object: 0xfffffa800a19fb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa800a16d790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000081\ Lower Device Object: 0xfffffa800a194b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa800a395060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000080\ Lower Device Object: 0xfffffa800a18eb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800a168790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007f\ Lower Device Object: 0xfffffa800a19cb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007e5b060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8007aeb060 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007e5b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007c79b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007e5c030, DeviceName: Unknown, DriverName: \Driver\bftpdskc64\ DevicePointer: 0xfffffa8007e5b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007ae9580, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8007aeb060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\bftpdskc64\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2BD2C32A Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30801920 Numsec = 2899473200 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1500301910016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa800a168790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a19eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a168790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a19cb60, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa800a395060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a1a6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a395060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a18eb60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800a16d790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a1a5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a16d790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a194b60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa800a3c7060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a1a4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a3c7060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a19fb60, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 5, DevicePointer: 0xfffffa800a464790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006d61350, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a464790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a1e8b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 5 Scanning MBR on drive 5... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8D399BC0 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 1953520002 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam... Removal finished FRST.txt Addition.txt
  2. Hi, I am hoping someone can help me solve a problem that I suspect is related to Malware. Over the past 3 weeks my computer (Dell desktop running Win 7) has become increasingly unstable (freezing when browsing with IE) and showing a blue screen occasionally. I checked processes in Task Manager and there are a host of .exe files that are running and taking large amounts of memory: dvdupgrd.exe dllhost.exe *32 (multiple copies) rundll32.exe wiaacmgr.exe upnpcont.exe cmmon32.exe and so on... These seem to change with time (each time I close and reopen IE - I am running version 10.0.9200.17183). Then yesterday something hijacked the "Frequently visited sites" tiles that appear when you open a new browser tab to a host of very suspicious and unknown sites. I ran Malewarebytes and cleaned one thing - made no difference. Then I did a System Restore to 3 weeks earlier. This seemed to solve things - IE behaved fine and the Frequently Visited tiles were all familiar and valid. Then overnight Windows did a host of automatic updates and now I'm back to the same behavior (Frequently Visited Tiles hijacked and lots of strange processes chewing up memory). I've read some similar things in various forums but I cannot find a generic magic bullet to fix this. Can anyone give me a hand? It would be much appreciated! Warren
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.