lisadouglas26

Members

View Profile See their activity

Posts
1
Joined
October 28, 2009
Last visited
October 28, 2009

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by lisadouglas26

Malware Stopped from running

lisadouglas26 posted a topic in Resolved Malware Removal Logs

I'm sorry if this is the wrong area please advise if so. My son's computer is very infected and all attempts at removal are blocked any help appreciated: I've only been able to run gmer and get the following log if that helps. GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2009-10-28 06:52:18 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awadafow.sys ---- System - GMER 1.0.15 ---- SSDT 8C19F800 ZwConnectPort ---- Kernel code sections - GMER 1.0.15 ---- ? win32k.sys:1 The system cannot find the file specified. ! ? win32k.sys:2 The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\iTunes\iTunesHelper.exe[1912] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\iTunes\iTunesHelper.exe[1912] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\iTunes\iTunesHelper.exe[1912] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Messenger\msmsgs.exe[2012] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Messenger\msmsgs.exe[2012] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Messenger\msmsgs.exe[2012] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\iTunes\iTunesHelper.exe[1912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\iTunes\iTunesHelper.exe[1912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\Messenger\msmsgs.exe[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\Messenger\msmsgs.exe[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\Mozilla Firefox\firefox.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll IAT C:\Program Files\Mozilla Firefox\firefox.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [204] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [484] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [780] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1096] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe [1196] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1240] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1368] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1492] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [1540] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [1788] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgnsx.exe [1880] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [1912] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Messenger\msmsgs.exe [2012] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe [3124] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [3280] 0x35670000 Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3492] 0x35670000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@group file system Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@imagepath \systemroot\system32\drivers\SKYNETdargrsck.sys Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main@aid 10096 Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main@sid 0 Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main@cmddelay 7200 Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\delete (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\injector (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\injector@* SKYNETwsp.dll Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\tasks (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETdargrsck.sys Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETcmd.dll \systemroot\system32\SKYNETtfoeijbo.dll Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETlog.dat \systemroot\system32\SKYNETwysvtueq.dat Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETwsp.dll \systemroot\system32\SKYNETxtbjgoiq.dll Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNET.dat \systemroot\system32\SKYNETmnrsmpie.dat Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 ---- Files - GMER 1.0.15 ---- ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1514\A0379575.sys:1 8704 bytes executable ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1514\A0379665.sys:1 8704 bytes executable ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1516\A0379833.sys:1 8704 bytes executable ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1516\A0379891.sys:1 8704 bytes executable ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0379933.sys:1 8704 bytes executable ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1519\A0380024.sys:1 8704 bytes executable ---- EOF - GMER 1.0.15 ----
- October 28, 2009
- 2 replies

Sign In

lisadouglas26

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by lisadouglas26

Malware Stopped from running

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information