New
#1
Dell M5010, New Mobo and Possible Rootkit???
Long time lurker of the forum, first time poster. The info I have found here has always been so helpful that I've never needed to ask for help until now - I have one Dell's crappy and cursed over-heating laptops. Two months ago, it was barely out of warranty when the board died. After screaming and threatening to sue, Dell sent a tech to my loft (yes - IN HOME repair) and replaced it free of charge, but afterwards the fan didn't operate. Dell completely ignored my questions & complaints about this. Took me about a month, but I discovered SpeedFan, figured out how to operate it and solved that problem. While I was looking for solution, I noticed every search engine was returning the exact same findings. Most of the results didn't make sense and there were only five pages of findings, on every search engine. Additionally, I've noticed some rather questionable files when poking around Autoruns and Regedit. For example - Promise Super Track Ex Driver for Windows and an entry called "FalconBetaAccount". What are those? Neither sound legit??? Yesterday, a printer that I don't own showed up on my network (screen shots attached).
I have a firewall & virus protection with an annual subscription and I haven't done any covert downloading recently... Its been at least several months before the board was replaced. So I am not sure where it came from? I've scanned with Norton 360 (have subscription), Malwarebytes, Malwarebytes Chameleon, Webroot Portable, OTL, GMER, etc. and nothing. I can't find it?! So I decided to scan with everything again... Just now, GMER popped up on the screen under the "Rootkit/Malware" tab a list with a list containing the files below (text file from GMER attached).
Are these files the rootkit(s)??? Does SpeedFan contain the rootkit? I gotta have SpeedFan or my laptop will spontaneously combust and burn my building down! I am completely confused!
Also, I have two computers networked via my wireless router/cable modem (desktop XP, laptop Win7). Over the weekend, I noticed that my desktop was returning screwy search engine results too. I drag files back and forth between my desktop and laptop constantly. Did I pass the infection to my desktop??? Is my iPhone safe??? I kinda know what I am doing. But truthfully, I know just enough to be dangerous, so someone HELP ME PLEASE!
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-19 09:53:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 ST964032 rev.0002 596.17GB
Running: zhpmch4f.exe; Driver: C:\Users\Misti\AppData\Local\Temp\kxdyqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\SpeedFan\speedfan.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778d1465 2 bytes [8D, 77]
.text C:\Program Files (x86)\SpeedFan\speedfan.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778d14bb 2 bytes [8D, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1404:1408] 0000000000e60d9a
Thread C:\Windows\SysWOW64\ntdll.dll [1404:1124] 00000000748de196
Thread C:\Windows\SysWOW64\ntdll.dll [1404:2596] 0000000071b0eec8
Thread C:\Windows\SysWOW64\ntdll.dll [1404:2628] 0000000071b0eec8
Thread C:\Windows\SysWOW64\ntdll.dll [1404:1796] 0000000071b0eec8
Thread C:\Windows\SysWOW64\ntdll.dll [1404:1912] 0000000071e73bff
Thread C:\Windows\SysWOW64\ntdll.dll [1404:2964] 0000000074057019
Thread C:\Windows\SysWOW64\ntdll.dll [1404:3068] 0000000073901854
---- EOF - GMER 2.1 ----