Re: [Malware] Malware Issue

Author	All Replies
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to daparker Re: [Malware] Malware Issue With a zero access trojan detected and removed, it's time to check and make sure no friends were invited. Please download [color=blue]Malwarebytes Anti-Rootkit[/color] and save it to your desktop. []Be sure to print out and follow these [color=blue]instructions[/color] for performing a scan. [][color=red]Caution[/color]: This is a beta version so also read the disclaimer and [color=blue]back up[/color] all your data before using. []When the scan completes, click on the Cleanup* button to remove any threats found and reboot the computer if prompted to do so. []Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup* once more and repeat the process. []If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage* tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer. []Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder. []Copy and paste the contents of these two log files in your next reply. Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2013-04-04 11:13:43 ·

daparker Premium join:2001-11-06 Monteca	--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1022 (c) Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.333000 GHz Memory total: 6440628224, free: 2990657536 ------------ Kernel report ------------ 04/04/2013 08:21:24 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\intelide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\drivers\pciide.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\N360x64\1402000.013\SYMDS64.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\ohci1394.sys \SystemRoot\system32\DRIVERS\1394BUS.SYS \SystemRoot\system32\DRIVERS\Rtlh64.sys \SystemRoot\system32\DRIVERS\CAXHWBS2.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\CAX_DPV.sys \SystemRoot\system32\DRIVERS\CAX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\lmimirr.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\N360x64\1402000.013\ccSetx64.sys \SystemRoot\system32\drivers\N360x64\1402000.013\Ironx64.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\DRIVERS\spc1000.sys \SystemRoot\system32\DRIVERS\STREAM.SYS \SystemRoot\system32\DRIVERS\spc1000c.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\phaudlwr.sys \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\System32\Drivers\N360x64\1402000.013\SYMTDIV.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\SymIMv.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\Drivers\dfsc.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\lmimirr.dll \SystemRoot\System32\lmimirr2.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\RtNdPt60.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys \??\C:\Windows\system32\drivers\LMIRfsDriver.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\xaudio64.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\LVPr2M64.sys \SystemRoot\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130403.001\IDSvia64.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130404.003\EX64.SYS \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130404.003\ENG64.SYS \SystemRoot\System32\cdd.dll \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- >> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8008e03790 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000008c\ Lower Device Object: 0xfffffa8008e03060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 >> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa80088b2060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000008a\ Lower Device Object: 0xfffffa8008d8b620 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR >> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa800882e060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000089\ Lower Device Object: 0xfffffa80088c87a0 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR >> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa80087b1060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000088\ Lower Device Object: 0xfffffa8008892620 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR >> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8008d9c790 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa800882d760 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR >> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800775a640 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8006143060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.04.04.04 Downloaded database version: v2013.03.25.01 Initializing... Done! >> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800775a640, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800775a170, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800775a640, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8006141580, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8006143060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0xfffff880298035b0, 0xfffffa800775a640, 0xfffffa800f0112a0 Lower DeviceData: 0xfffff8801734b130, 0xfffffa8006143060, 0xfffffa8006be4450 >> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... >> Device number: 0, partition: 3 >> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 90000000 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 128457 Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 129024 Numsec = 31457280 Partition 2 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 31586304 Numsec = 1433559040 Partition file system is NTFS Partition is bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8008d9c790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008d9c2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008d9c790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa800882d760, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa80087b1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80087b1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80087b1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8008892620, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800882e060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800882eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800882e060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa80088c87a0, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa80088b2060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80088b2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80088b2060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8008d8b620, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8008e03790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008e02040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008e03790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8008e03060, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}\Impulse_setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}\Impulse_setup.lan" is compressed (flags = 1) Read File: File "c:\ProgramData\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}\instance.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}\Impulse_setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}\Impulse_setup.lan" is compressed (flags = 1) Read File: File "c:\ProgramData\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}\instance.dat" is compressed (flags = 1) Done! Scan finished ======================================= Malwarebytes Anti-Rootkit BETA 1.01.0.1022 www.malwarebytes.org Database version: v2013.04.04.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 David :: ARTHAS [administrator] 4/4/2013 8:47:45 AM mbar-log-2013-04-04 (08-47-45).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM \| P2P Scan options disabled: Objects scanned: 31979 Time elapsed: 25 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
	to forum · permalink · 2013-04-04 11:50:18 ·

Broadband Tech > Security > Security Cleanup > [Malware] Malware Issue