Admin tools event viewer-hard disk 4 corrupt..?

Dan E

Level 1
Thread author
Verified
Oct 7, 2015
24
Thank you for your assistance, I will purchase beer. :)
 

Attachments

  • FRST.txt
    45.5 KB · Views: 4
  • Addition.txt
    60.9 KB · Views: 4

Dan E

Level 1
Thread author
Verified
Oct 7, 2015
24
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 12/23/2015 1:44:16 PM
Event ID: 6281
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: EppPCool
Description:
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

File Name: \Device\HarddiskVolume4\Windows\System32\guard64.dll
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>6281</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2015-12-23T19:44:16.281035800Z" />
<EventRecordID>67946</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="5276" />
<Channel>Security</Channel>
<Computer>EppPCool</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">\Device\HarddiskVolume4\Windows\System32\guard64.dll</Data>
</EventData>
</Event>
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


warning.gif
Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:
  • Comodo Antivirus
  • avast! Antivirus

Uninstallation procedure:
  • Press the
    WindowsKey.png
    + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each uninstalled entry, right-click it and select Uninstall.
This should be done until any other steps will be taken.



51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.



51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.
 

Dan E

Level 1
Thread author
Verified
Oct 7, 2015
24
scan from rogue k. and malwarebytes in instructed modes. Also disabled anti virus on comodo through instructed way.
 

Attachments

  • rk_5990.tmp.txt
    7.6 KB · Views: 1
  • New folder.txt
    1 KB · Views: 1

Dan E

Level 1
Thread author
Verified
Oct 7, 2015
24
Zoek is stuck on a cmd.exe*32 and the process underneath it says PEVS.EXE*EXE. I found this out since scan was taking too long, and I activated comodo K.switch and seen this, went to online lookup and it was classified as a trojan dropper.
 

Dan E

Level 1
Thread author
Verified
Oct 7, 2015
24
Zoek is stuck on a cmd.exe*32 and the process underneath it says PEVS.EXE*EXE. I found this out since scan was taking too long, and I activated comodo K.switch and seen this, went to online lookup and it was classified as a trojan dropper.
correction PEVZ.EXE*32
 

Dan E

Level 1
Thread author
Verified
Oct 7, 2015
24
No luck on it, I have tried lots of times, I dont know if its being jammed up from a infection or what the deal is, but I see within kswitch the process showing red, and green both with command above and down below what i described above, rapidly opening and closing. Tell me what to do next boss.
 

Dan E

Level 1
Thread author
Verified
Oct 7, 2015
24
No it is infected. Dr. Web katana just block a autorun attempting to access my regedit in the background, then just a second ago right after that voodoo shield detected a positive on a worm it said , 3/4 engines from vt , I quarantined it but the PC somehow restarted automatically on me , so before I let it start back up I shut it down and brought it to emergency mode.
 

Dan E

Level 1
Thread author
Verified
Oct 7, 2015
24
I am going to run some scans in emergency mode, without networking, and wait to see if you have any ideas . Thank you.
 

Dan E

Level 1
Thread author
Verified
Oct 7, 2015
24
Ok , my guess is I will have to do some kind of wipe of the system, and reinstall windows eventually. Can you tell me what is the best method to go about doing this ? Thanks for taking the time looking at my stuff .
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top