Jump to content

Malware Stopped from running


Recommended Posts

I'm sorry if this is the wrong area please advise if so.

My son's computer is very infected and all attempts at removal are blocked any help appreciated:

I've only been able to run gmer and get the following log if that helps.

GMER 1.0.15.15163 - http://www.gmer.net

Rootkit scan 2009-10-28 06:52:18

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awadafow.sys

---- System - GMER 1.0.15 ----

SSDT 8C19F800 ZwConnectPort

---- Kernel code sections - GMER 1.0.15 ----

? win32k.sys:1 The system cannot find the file specified. !

? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\iTunes\iTunesHelper.exe[1912] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\iTunes\iTunesHelper.exe[1912] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\iTunes\iTunesHelper.exe[1912] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Messenger\msmsgs.exe[2012] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Messenger\msmsgs.exe[2012] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Messenger\msmsgs.exe[2012] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\D04C5474.x86.dll

.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\D04C5474.x86.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\iTunes\iTunesHelper.exe[1912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\iTunes\iTunesHelper.exe[1912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\Messenger\msmsgs.exe[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\Messenger\msmsgs.exe[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\Mozilla Firefox\firefox.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

IAT C:\Program Files\Mozilla Firefox\firefox.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\D04C5474.x86.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [204] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [484] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [780] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1096] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe [1196] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1240] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1368] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1492] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [1540] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [1788] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgnsx.exe [1880] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [1912] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Messenger\msmsgs.exe [2012] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe [3124] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [3280] 0x35670000

Library \\?\globalroot\Device\__max++>\D04C5474.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3492] 0x35670000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd@imagepath \systemroot\system32\drivers\SKYNETdargrsck.sys

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main@aid 10096

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main@sid 0

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main@cmddelay 7200

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\injector@* SKYNETwsp.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETdargrsck.sys

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETcmd.dll \systemroot\system32\SKYNETtfoeijbo.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETlog.dat \systemroot\system32\SKYNETwysvtueq.dat

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNETwsp.dll \systemroot\system32\SKYNETxtbjgoiq.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETayveatyd\modules@SKYNET.dat \systemroot\system32\SKYNETmnrsmpie.dat

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1514\A0379575.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1514\A0379665.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1516\A0379833.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1516\A0379891.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0379933.sys:1 8704 bytes executable

ADS C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1519\A0380024.sys:1 8704 bytes executable

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.