Jump to content

gmer and vba32 antirootkit logs


Guest Bomb123

Recommended Posts

Guest Bomb123

Here is my antirootkit logs. Can someone check them?

Here is the gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-19 16:35:27
Windows 5.1.2600 Service Pack 3
Running: 1wk87dgx.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\agncyaod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[600] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 7E400000
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[600] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 7E40000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F81B1928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F81B1928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F81B1928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F81B1928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F81B1928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F81B1928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\MSXmlSl@Node_MDDHRHZPEJFMHMAOSABEWEVRISUBQBZVNZJPIPHOBHBDYKEJFMOIW MZQTLPAKNHQOPDTIRNUIWIZAYFWUJUCSN
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\MSXmlSl@Node_MDGHLYGPEJFMHMAOSABEWEVRISUBQBZVNZJPIPHOBHBDYKEJFMOIW O

---- EOF - GMER 1.0.15 ----

And here is the vba32 antirootkit log

I dont know why those agnitum drivers are still in my computer since i have uninstalled it. Also i had to download my windows copy with bit-torrent since i lost my installation cd but i have a legal license key though which i have paid also.

Thank you in advance!

Link to post
Share on other sites

Guest Bomb123
Hi,

Your GMER log is clean. I haven't thoroughly analyzed your VBA32 log file, but it appears to be clean.

Why do you want me to check your logs? Are you experiencing possible malware symptoms?

I am not sure i have experienced some strange things couple times like the computer restarting by itself and such maybe one or two time. Maybe it's not because of malware but i would like to be sure and also i have dumped memory from i think shimeng.dll or something like that and avira said they find malicious code fragments from the memory dumb then i scanned my computer with fsecure online scanner and it found an file system infection but could not specify the file or location that is infected nor remove it. I am currently using bullguard internet security.

Here is the dds log if that would reveal something

I appreciate all the help you can give me.

One strange thing is that one time my task bar turned to brown and then my computer just shut down i dont know what might caused that and i also cant turn off the microsoft file sharing feature in my computer. I use this 3g wireless connection in my computer.

Link to post
Share on other sites

  • 2 weeks later...

This case is resolved, and the topic now Closed.

The procedures used here were only for -this system- and no other.

If you are a casual viewer and are having issues, please create your own New Topic and follow forum procedures.

See http://www.malwarebytes.org/forums/index.php?showtopic=9573

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.