[BrianDrab]

Thank you!! I'll pass that on to my instructor as well. If he didn't approve my posts quickly it would have taken a lot longer. Will you be posting the contents of the Malwarebytes log as well?

[Advertisements]

Well i would, but how do I do that, since I didnt get the usual log?

I mean should I take SS or?

Edited by MARKOCARS, 04 September 2014 - 12:59 PM.

[MARKOCARS]

Well i would, but how do I do that, since I didnt get the usual log?

I mean should I take SS or?

Edited by MARKOCARS, 04 September 2014 - 12:59 PM.

[BrianDrab]

So I assume the scan ran successfully and you just weren't able to get the log. If that's the case, see if this works
 
1. Open up the Malwarebytes program again. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".

    Don't double-click on the mbam-setup file as the program is already installed.
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Put a check mark next to Scan Log as shown in the picture below.
5. Click the view button as shown in the picture below. Copy and paste into your next post. Thank you.

[MARKOCARS]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4.9.2014

Scan Time: 20:24:26

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.04.07

Rootkit Database: v2014.08.21.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7

CPU: x86

File System: NTFS

User: Dexi

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 293488

Time Elapsed: 6 min, 25 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [4b5cffeafd7e4ee833b285f47e84ac54], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[BrianDrab]

Excellent job. Only two things left to do and then I can provide you with some follow-up recommendations.

 

Step#1 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Step#2 - ChkDsk Scan

You are recording some errors on your hard drive. We should do a scan so that any bad blocks can be repaired.

1. Click your Start button.

2. Type cmd and the hold your left CTRL & SHIFT buttons down while you hit enter on the keyboard.

3. Answer Yes to the prompt if asked to Allow.

4. You should now have a black window open that you can type in to.

5. Please type chkdsk /R and then press enter.

6. You may get a message that says the volume is locked and that you need to reboot for this to work. Answer OK then reboot your computer.

    Note: This may take awhile to run. Let it finish.

 

 

Step#3 - Retrieve ChkDsk Results

1. Click the start menu and type eventvwr and then hit enter on the keyboard.

2. Navigate to the Application Event Log

 

3. Right-click on the Application event log and chose Filter Current Log...

4. In the Event Sources Drop Down box select Wininit and then click OK.

5. You will find an entry that references ChkDsk. I need you to copy the text and paste into your next post. An example of what you are looking for is shown below.

 

 

  

 

Step#4- Items for your next post

1. Rootkit Scan log

2. Chkdsk Results

[MARKOCARS]

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-09-04 23:11:31

-----------------------------

23:11:31.803    OS Version: Windows 6.1.7600 

23:11:31.803    Number of processors: 2 586 0x6B02

23:11:31.806    ComputerName: DEXI-PC  UserName: Dexi

23:11:32.139    Initialize success

23:11:32.139    VM: initialized successfully

23:11:32.143    VM: Amd CPU virtualization not supported 

23:11:50.742    The log file has been saved successfully to "C:\Users\Dexi\Desktop\aswMBR.txt"

23:12:16.125    AVAST engine defs: 14090401

23:12:24.973    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6

23:12:24.976    Disk 0 Vendor: Hitachi_HDT721032SLA360 ST2OA31B Size: 305245MB BusType: 3

23:12:25.074    Disk 0 MBR read successfully

23:12:25.077    Disk 0 MBR scan

23:12:25.094    Disk 0 Windows 7 default MBR code

23:12:25.105    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

23:12:25.125    Disk 0 Boot: NTFS     code=2

23:12:25.144    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        84906 MB offset 206848

23:12:25.152    Disk 0 Partition - 00     0F Extended LBA            220233 MB offset 174095936

23:12:25.174    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       110115 MB offset 174095955

23:12:25.184    Disk 0 Partition - 00     05     Extended            110117 MB offset 399612864

23:12:25.213    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       110117 MB offset 399612883

23:12:25.223    Disk 0 scanning sectors +625134048

23:12:25.389    Disk 0 scanning C:\Windows\system32\drivers

23:12:33.421    Service scanning

23:12:44.721    Service KDHacker c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys **LOCKED** 5

23:12:45.083    Service KUsbGuard C:\Program Files\kingsoft\kingsoft antivirus\kusbquery.sys **LOCKED** 5

23:12:58.444    Modules scanning

23:13:05.555    Disk 0 trace - called modules:

23:13:05.568    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 

23:13:05.575    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a41650]

23:13:05.581    3 CLASSPNP.SYS[88fa259e] -> nt!IofCallDriver -> [0x855ad348]

23:13:05.587    5 ACPI.sys[88a113b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-6[0x855ac908]

23:13:05.980    AVAST engine scan C:\Windows

23:13:07.323    AVAST engine scan C:\Windows\system32

23:16:11.847    AVAST engine scan C:\Windows\system32\drivers

23:16:24.335    AVAST engine scan C:\Users\Dexi

23:17:17.333    Disk 0 MBR has been saved successfully to "C:\Users\Dexi\Desktop\MBR.dat"

23:17:17.405    The log file has been saved successfully to "C:\Users\Dexi\Desktop\aswMBR.txt"

[MARKOCARS]

To be honest i dont know is this full log, but ive gotta go to sleep, so I will provide more info tomorrow...

[BrianDrab]

That's all I need to see on that log. Just need the chkdsk results tomorrow when you get a chance. Thanks.

[BrianDrab]

I did want to mention to you that the chkdsk process could take hours to run depending on how big and how fast your hard drive is so if you need to use the computer all day it may be something you want to start and let run overnight.

 

Just want to ensure that your hard drive errors below are addressed.

 

Error: (08/22/2014 05:27:08 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR3.

 

Error: (08/22/2014 05:26:52 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR2.

 

Also if you didn't start the chkdsk process yet I'd like you to do the following and let me see the results before starting the process.

1. Download WinObj.exe from here and save it to your desktop.

2. Right-click on WinObj.exe and select Run as administrator. Allow the program to continue if prompted.

3. Answer Yes to the EULA when prompted.

4. Navigate to the GLOBAL?? node on the left and then locate the C:, D: & E: drives in the Name column on the right. Reply back with what the SymLink column says for each of these.

 

Thank you.

[MARKOCARS]

Im not sure if I did it right but here you go...

C: /Device/HarddiskVolume2

D: /Device/HarddiskVolume3

E: /Device/HarddiskVolume4

[BrianDrab]

Excellent. Are your D & E drives external USB drives that are plugged into your computer or are they all internal to the computer?

[MARKOCARS]

They are all internal to the computer..

[BrianDrab]

Excellent. Then proceed with the chkdsk instructions. Again this could take awhile to run.

 

Thanks.

[MARKOCARS]

Well I probably wont do it now becouse im gonna use computer... I will probably do it tonight...

[MARKOCARS]

Well im kinda stuck at this one. So yeah ive rebooted my computer and it showed black screen with some letters on it (ones that you get when you open the command prompt) and the computer rebooted normally. So my question is, did I do everything right and if I did how can I know when its done (i mean chkdsk check)