Adlice forum
General Category => Malware removal help => Topic started by: Sami Cuevas on October 18, 2015, 06:36:33 AM
-
Hi, Rougekiller detect the following stuff, and i was wondering, should i worry?,
And when i run Panda Cloud Cleaner, my computer suddenly reboot, and with TDSS, the progam freezes, y put two, rkill and after that malwarebytes, and before it could analyse something, it throw a BSOD
Thanks for the help
RogueKiller V10.11.0.0 (x64) [Oct 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : samuel [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 10/17/2015 22:28:45
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 200.94.160.248 200.94.160.246 ([MEXICO (MX)][MEXICO (MX)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.94.160.248 200.94.160.246 ([MEXICO (MX)][MEXICO (MX)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3537d7f4-1f29-47b9-9801-8bd42a42697e} | DhcpNameServer : 200.94.160.248 200.94.160.246 ([MEXICO (MX)][MEXICO (MX)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d9405bd9-59c5-4299-b4b3-13dcab48d6b1} | DhcpNameServer : 192.168.1.254 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3537d7f4-1f29-47b9-9801-8bd42a42697e} | DhcpNameServer : 200.94.160.248 200.94.160.246 ([MEXICO (MX)][MEXICO (MX)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d9405bd9-59c5-4299-b4b3-13dcab48d6b1} | DhcpNameServer : 192.168.1.254 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 25 (Driver: Loaded) ¤¤¤
[IAT:Addr(Hook.IEAT)] (explorer.exe) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ user32.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ ole32.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ shlwapi.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ msctf.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ shell32.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ uxtheme.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ dwmapi.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ comctl32.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ explorerframe.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ twinui.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ ApplicationFrame.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ ntshrui.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ GdiPlus.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ grooveex.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ stobject.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ batmeter.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ InputSwitch.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ prnfldr.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ authui.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ dui70.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ duser.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ hgcpl.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ werconcpl.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ NPSMDesktopProvider.dll) gdi32!DeleteDC : Unknown @ 0x7ffc13250000
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 7566e601fc37fb011a6524949b91cc9c
[BSP] eefd9bcaf155d5eba732930c97cdddcb : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2312192 | Size: 454538 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 933208064 | Size: 782 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 934809600 | Size: 20490 MB
User = LL1 ... OK
User = LL2 ... OK
-
Hi Samuel,
Welcome to Adlice.com Forum.
Your report is clean.
BSOD are not always related to malwares. We will check.
Please download BlueScreenView (x64) (http://www.nirsoft.net/utils/bluescreenview-x64.zip) and unzip the archive.- Double click on BlueScreenView.exe to run the program.
- When scanning is done, go to EDIT - Select All.
- Go to FILE - SAVE Selected Items, and save the report as BSOD.txt.
- Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.
Regards.
-
Thanks for the answer, here is the log
==================================================
Dump File : 101715-18968-01.dmp
Crash Time : 10/17/2015 11:22:11 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff6fb`40000000
Parameter 2 : 00000000`00000000
Parameter 3 : fffff802`65edaa86
Parameter 4 : 00000000`00000002
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14e2e0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 10.0.10240.16545 (th1.150930-1750)
Processor : x64
Crash Address : ntoskrnl.exe+14e2e0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\101715-18968-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 10240
Dump File Size : 135,177
Dump File Time : 10/17/2015 11:22:46 PM
==================================================
==================================================
Dump File : 101715-30015-01.dmp
Crash Time : 10/17/2015 9:54:54 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff6fb`40000000
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`c1540a86
Parameter 4 : 00000000`00000002
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14e2e0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 10.0.10240.16545 (th1.150930-1750)
Processor : x64
Crash Address : ntoskrnl.exe+14e2e0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\101715-30015-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 10240
Dump File Size : 144,457
Dump File Time : 10/17/2015 9:55:30 PM
==================================================
==================================================
Dump File : 101315-22781-01.dmp
Crash Time : 10/13/2015 10:02:04 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : ffffe001`c60f74c0
Parameter 2 : fffff801`04c66550
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`0000000d
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+14160c
File Description : DirectX Graphics Kernel
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 10.0.10240.16515 (th1.150916-2039)
Processor : x64
Crash Address : ntoskrnl.exe+14e2e0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\101315-22781-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 10240
Dump File Size : 762,336
Dump File Time : 10/13/2015 10:02:42 PM
==================================================
==================================================
Dump File : 101115-21234-01.dmp
Crash Time : 10/11/2015 9:36:02 AM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : ffffe001`d3aa3010
Parameter 2 : fffff800`dac76550
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`0000000d
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+14160c
File Description : DirectX Graphics Kernel
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 10.0.10240.16515 (th1.150916-2039)
Processor : x64
Crash Address : ntoskrnl.exe+14e240
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\101115-21234-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 10240
Dump File Size : 825,518
Dump File Time : 10/11/2015 9:36:42 AM
==================================================
==================================================
Dump File : 100415-17796-01.dmp
Crash Time : 10/4/2015 8:02:37 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : ffffe001`f3701010
Parameter 2 : fffff801`b2616550
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`0000000d
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+14160c
File Description : DirectX Graphics Kernel
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 10.0.10240.16515 (th1.150916-2039)
Processor : x64
Crash Address : ntoskrnl.exe+14e240
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\100415-17796-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 10240
Dump File Size : 829,142
Dump File Time : 10/4/2015 8:03:13 PM
==================================================
==================================================
Dump File : 100415-18687-01.dmp
Crash Time : 10/4/2015 1:45:20 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : ffffe000`b3bbb4c0
Parameter 2 : fffff801`d0856550
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`0000000d
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+14160c
File Description : DirectX Graphics Kernel
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 10.0.10240.16515 (th1.150916-2039)
Processor : x64
Crash Address : ntoskrnl.exe+14e240
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\100415-18687-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 10240
Dump File Size : 828,625
Dump File Time : 10/4/2015 1:45:55 PM
==================================================
==================================================
Dump File : 100315-17734-01.dmp
Crash Time : 10/3/2015 2:53:45 PM
Bug Check String :
Bug Check Code : 0x00000119
Parameter 1 : 00000000`00000001
Parameter 2 : 00000000`0023ec31
Parameter 3 : 00000000`0023ec32
Parameter 4 : ffffe000`2429f010
Caused By Driver : watchdog.sys
Caused By Address : watchdog.sys+3c3d
File Description : Watchdog Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 10.0.10240.16384 (th1.150709-1700)
Processor : x64
Crash Address : ntoskrnl.exe+14e240
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\100315-17734-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 10240
Dump File Size : 151,177
Dump File Time : 10/3/2015 2:54:23 PM
==================================================
==================================================
Dump File : 100215-22656-01.dmp
Crash Time : 10/2/2015 4:30:04 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : ffffe000`fcfb4010
Parameter 2 : fffff800`d70b6550
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`0000000d
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+14160c
File Description : DirectX Graphics Kernel
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 10.0.10240.16515 (th1.150916-2039)
Processor : x64
Crash Address : ntoskrnl.exe+14e240
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\100215-22656-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 10240
Dump File Size : 763,648
Dump File Time : 10/2/2015 4:30:41 PM
==================================================
==================================================
Dump File : 092915-22734-01.dmp
Crash Time : 9/29/2015 10:16:31 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : ffffe000`9d5562f0
Parameter 2 : fffff801`b2446550
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`0000000d
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+142a8c
File Description : DirectX Graphics Kernel
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 10.0.10240.16515 (th1.150916-2039)
Processor : x64
Crash Address : ntoskrnl.exe+14e240
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\092915-22734-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 10240
Dump File Size : 827,155
Dump File Time : 9/29/2015 10:17:15 PM
==================================================
==================================================
Dump File : 092715-19984-01.dmp
Crash Time : 9/27/2015 3:57:58 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : ffffe000`d462b440
Parameter 2 : fffff800`300a6550
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`0000000d
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+142a8c
File Description : DirectX Graphics Kernel
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 10.0.10240.16515 (th1.150916-2039)
Processor : x64
Crash Address : ntoskrnl.exe+14e240
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\092715-19984-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 10240
Dump File Size : 764,258
Dump File Time : 9/27/2015 3:58:36 PM
==================================================
-
Hi Sami,
The BSODs don't seem to be malware related.
Did you install/connect some new hardwares, update any drivers or install a new application ?
Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
chkdsk C: /f /v /x
Please allow chkdsk to run on next reboot and restart the computer to perform the analysis.
Regards.
-
yes, i update the drivers a time ago, but i think the problem start after i install windows 10, because after that, every time i close my laptop, when i want to open it, throw a BSOD, and restart the computer, and lately, i put TDSS Killer and it freezes, with panda cloud cleaner throw a BSOD, and after use rkill, malwarebytes, it freezes completely, and the other day, my password with which i put before windows starts, change alone, were other password that i use for other accounts, it was very weird
I already run the chkdsk
-
Hi Sami,
It's certainly a driver issue.
I will advice you to update them and see if this help.
Regards.