Sign In
Create Account
1
I'm sorry if this is the wrong area please advise if so.
My son's computer is very infected and all attempts at removal are blocked any help appreciated:
I've only been able to run gmer and get the following log if that helps.
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 06:52:18
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awadafow.sys
---- System - GMER 1.0.15 ----
SSDT 8C19F800 ZwConnectPort
---- Kernel code sections - GMER 1.0.15 ----
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1912] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1912] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1912] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Messenger\msmsgs.exe[2012] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Messenger\msmsgs.exe[2012] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Messenger\msmsgs.exe[2012] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[1912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[1912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [204] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [484] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [780] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1096] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe [1196] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1240] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1368] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1492] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [1540] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [1788] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgnsx.exe [1880] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [1912] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Messenger\msmsgs.exe [2012] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe [3124] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [3280] 0x35670000
Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3492] 0x35670000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@imagepath \systemroot\system32\drivers\SKYNETdargrsck.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main@aid 10096
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETdargrsck.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETcmd.dll \systemroot\system32\SKYNETtfoeijbo.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETlog.dat \systemroot\system32\SKYNETwysvtueq.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETwsp.dll \systemroot\system32\SKYNETxtbjgoiq.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNET.dat \systemroot\system32\SKYNETmnrsmpie.dat
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
---- Files - GMER 1.0.15 ----
ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1514\A0379575.sys:1 8704 bytes executable
ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1514\A0379665.sys:1 8704 bytes executable
ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1516\A0379833.sys:1 8704 bytes executable
ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1516\A0379891.sys:1 8704 bytes executable
ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0379933.sys:1 8704 bytes executable
ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1519\A0380024.sys:1 8704 bytes executable
---- EOF - GMER 1.0.15 ----
-
This topic is locked
Back to top
#2
Posted 04 November 2009 - 09:08 AM
-
- Experts
-
- 1,229 posts
Elite Member
- Gender:Male
- Location:Finland
- Interests:Floorball, football, music, computers..
Hi,
Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Microsoft MVP Consumer Security 2008 2009 2010 2011
ASAP & UNITE member since 2006
ASAP & UNITE member since 2006
#3
Posted 12 November 2009 - 01:58 AM
-
- Administrators
-
- 22,575 posts
Forum Deity
- Gender:Male
- Location:US
Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
Other members who need assistance please start your own topic in a new thread. Thanks!
The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
