Jump to content

bitcoin virus HELP!

maniaca
 Share

Recommended Posts

maniaca

maniaca

Posted
Posted

Hello

I have been infected by a bitcoin virus or something like that

I ran the dds.exe tool and here are the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16521  BrowserJavaVersion: 10.21.2
Run by MITAKA at 15:02:59 on 2013-06-18
Microsoft Windows 7 Professional   6.1.7601.1.1251.359.1033.18.6051.4493 [GMT 3:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Connectify\ConnectifyService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Connectify\ConnectifyD.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Users\MITAKA\AppData\Roaming\WinRAR\wmsn.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Dexpot\dexpot.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dexpot\Dexpot64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dexpot\plugins\DexControl.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - 
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [information Schema] C:\Users\MITAKA\AppData\Roaming\WinRAR\wmsn.exe
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Viber] "C:\Users\MITAKA\AppData\Local\Viber\Viber.exe" StartMinimized
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMA~1.LNK - C:\Windows\System32\taskmgr.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 10.1.110.1 192.168.123.1
TCP: Interfaces\{834F0880-F6A5-4572-97E4-33DF7623F229} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{834F0880-F6A5-4572-97E4-33DF7623F229}\34F6E6E6563647966697D2A59405055425 : DHCPNameServer = 192.168.198.1
TCP: Interfaces\{834F0880-F6A5-4572-97E4-33DF7623F229}\4555D2651627E616F54565 : DHCPNameServer = 10.254.253.1 194.141.0.3 85.14.44.10
TCP: Interfaces\{834F0880-F6A5-4572-97E4-33DF7623F229}\4656661657C647 : DHCPNameServer = 10.1.55.1
TCP: Interfaces\{9880CF69-6A56-4D77-8F8C-1E4192CFBDF7} : DHCPNameServer = 10.1.110.1 192.168.123.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
AppInit_DLLs= c:\windows\syswow64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-2-20 30496]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-2-9 70256]
R1 cnnctfy2;Connectify LightWeight Filter;C:\Windows\System32\drivers\cnnctfy2.sys [2013-2-14 31344]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-30 283200]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-2-20 284448]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2013-2-14 65536]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-30 2655768]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-30 406632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-8-15 15680000]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
S3 iDispService;iDispService;C:\Windows\System32\drivers\idisplayminiport.sys [2013-4-11 14248]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-4-5 18360]
S3 RFDisplay;Celio Virtual Video Display;C:\Windows\System32\drivers\RFDisplay.sys [2011-11-4 7680]
S3 RFMirror;Celio Mirror Display;C:\Windows\System32\drivers\RFMirror.sys [2011-11-4 7680]
S3 SaiH5F0D;SaiH5F0D;C:\Windows\System32\drivers\SaiH5F0D.sys [2007-5-1 171144]
S3 SaiU5F0D;SaiU5F0D;C:\Windows\System32\drivers\SaiU5F0D.sys [2007-5-1 34304]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-1 1255736]
S3 wovad_micarray;WO Mic Device;C:\Windows\System32\drivers\womic.sys [2012-7-26 59344]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WINWORD.EXE="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1" [userChoice] [default=edit - 'Open' doesn't exist]
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-06-16 19:16:46 -------- d-----w- C:\ProgramData\Saitek
2013-06-06 21:25:49 -------- d-----w- C:\Users\MITAKA\AppData\Local\Macromedia
2013-06-06 21:25:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-06 21:25:02 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-06 21:22:16 -------- d-----w- C:\Users\MITAKA\AppData\Local\Mozilla
2013-06-06 18:14:47 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-28 14:09:57 -------- d-----w- C:\Users\MITAKA\AppData\Local\Chromium
2013-05-28 13:25:27 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2013-05-27 20:30:46 -------- d-----w- C:\Users\MITAKA\AppData\Local\PMB Files
2013-05-27 20:30:45 -------- d-----w- C:\ProgramData\PMB Files
2013-05-27 20:30:34 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-05-27 20:30:21 -------- d-----w- C:\Users\MITAKA\.swt
2013-05-26 01:42:59 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4F68088-BBFF-4E47-826E-C3A33F4C3564}\mpengine.dll
2013-05-21 13:40:25 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
.
==================== Find3M  ====================
.
2013-06-17 08:50:32 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-17 08:50:32 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-16 19:22:47 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-06 18:14:40 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-06 18:14:40 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-28 14:03:59 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-05-18 17:28:13 151552 ----a-w- C:\Windows\KMSEmulator.exe
2013-05-01 23:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-10 14:11:20 6544 ----a-w- C:\Windows\SysWow64\PerfStringBackup.TMP
2013-04-06 14:52:06 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 11:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 15:03:49.06 ===============
 

attach.rar

attach.rar

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites
maniaca

maniaca

Posted
  • Author
Posted

here is the content of the ark.txt log file:

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-18 16:04:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9640423AS rev.0001DEM1 596.17GB
Running: bkc394iu.exe; Driver: C:\Users\MITAKA\AppData\Local\Temp\pxldapow.sys
 
 
---- Registry - GMER 2.1 ----
 
Reg   HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{1B5EE269-0DA5-4702-8B7C-CCA6CC5DB2C1}\Connection@Name  isatap.{26B2B31E-C32F-4467-84AB-5165960BE7BD}
Reg   HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7A302362-66FA-4971-B6BD-9D4EEA84E748}\Connection@Name  isatap.{6058D237-57D7-4F37-8131-083E11FF2759}
Reg   HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{C18DA1D8-893C-46CE-8499-ACDF89AA51FC}?\Device\{7A302362-66FA-4971-B6BD-9D4EEA84E748}?\Device\{1B5EE269-0DA5-4702-8B7C-CCA6CC5DB2C1}?\Device\{8C211A46-83DB-4FCF-B627-2A90FFBC764E}?\Device\{EA53F4A9-BB3D-4867-AEDC-5B7D7EF2EA5A}?\Device\{2CBCC546-B4AA-40EF-A931-412A80BF1D49}?\Device\{6EC321C5-164F-4B3C-AE20-3DEAFF4061A9}?
Reg   HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{C18DA1D8-893C-46CE-8499-ACDF89AA51FC}"?"{7A302362-66FA-4971-B6BD-9D4EEA84E748}"?"{1B5EE269-0DA5-4702-8B7C-CCA6CC5DB2C1}"?"{8C211A46-83DB-4FCF-B627-2A90FFBC764E}"?"{EA53F4A9-BB3D-4867-AEDC-5B7D7EF2EA5A}"?"{2CBCC546-B4AA-40EF-A931-412A80BF1D49}"?"{6EC321C5-164F-4B3C-AE20-3DEAFF4061A9}"?
Reg   HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{C18DA1D8-893C-46CE-8499-ACDF89AA51FC}?\Device\TCPIP6TUNNEL_{7A302362-66FA-4971-B6BD-9D4EEA84E748}?\Device\TCPIP6TUNNEL_{1B5EE269-0DA5-4702-8B7C-CCA6CC5DB2C1}?\Device\TCPIP6TUNNEL_{8C211A46-83DB-4FCF-B627-2A90FFBC764E}?\Device\TCPIP6TUNNEL_{EA53F4A9-BB3D-4867-AEDC-5B7D7EF2EA5A}?\Device\TCPIP6TUNNEL_{2CBCC546-B4AA-40EF-A931-412A80BF1D49}?\Device\TCPIP6TUNNEL_{6EC321C5-164F-4B3C-AE20-3DEAFF4061A9}?
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728910d8d9                                                                  
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728910d8d9@1887960d41d0                                                     0x23 0x26 0xD2 0xB4 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1B5EE269-0DA5-4702-8B7C-CCA6CC5DB2C1}@InterfaceName                       isatap.{26B2B31E-C32F-4467-84AB-5165960BE7BD}
Reg   HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1B5EE269-0DA5-4702-8B7C-CCA6CC5DB2C1}@ReusableType                        0
Reg   HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7A302362-66FA-4971-B6BD-9D4EEA84E748}@InterfaceName                       isatap.{6058D237-57D7-4F37-8131-083E11FF2759}
Reg   HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7A302362-66FA-4971-B6BD-9D4EEA84E748}@ReusableType                        0
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac728910d8d9 (not active ControlSet)                                              
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac728910d8d9@1887960d41d0                                                         0x23 0x26 0xD2 0xB4 ...
 
---- Disk sectors - GMER 2.1 ----
 
Disk  \Device\Harddisk0\DR0                                                                                                                        unknown MBR code
 
---- EOF - GMER 2.1 ----
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.