|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
07-16-2009, 10:49 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2009
Location: Texas
Posts: 3
OS: Windows xp media center
 |
rootkit problem
Ok, so I was downloading a torrent file, something that I normally don't do. And now I have a virus and rootkit problem. My ESET scanner said that first I got a Win32/Olmarik.IF virus in my c:/documents and settings/brandon/local settings/temp folder. Then, in the operating memory, I have a Win32/Rootkit.Agent.ODG trojan. It is unable to clean either one. I can not run dds because there are no file associations, but I have included the GMER log. Any help would be greatly appreciated. Thanks.
|
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-16-2009, 02:28 PM
|
#2 (permalink) |
|
Registered User
Join Date: Jul 2009
Location: Texas
Posts: 3
OS: Windows xp media center
|
Re: rootkit problem
I apologize. I have attached the new ark.txt file. The old GMER log did not have the sections, iat/eat boxes unchecked. I hope someone can help with this. Mabey I just need to format and start from scratch?
|
|
|
|
|
07-16-2009, 03:03 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jul 2009
Location: Texas
Posts: 3
OS: Windows xp media center
|
Re: rootkit problem
ok. I was finally able to get dds to run. Here is the log, and I have attached the other files as instructed. Sorry for the delay.
DDS (Ver_09-06-26.01) - NTFSx86 Run by Brandon at 13:49:23.34 on Thu 07/16/2009 Internet Explorer: 8.0.6001.18702 ============== Running Processes =============== ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.2.0.750\ssd.dll uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.EXE uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {722FE9B2-6895-42D9-9984-F4CB26616023} - {722FE9B2-6895-42D9-9984-F4CB26616023} - c:\program files\cosmi\perfect pdf creator essentials\pdfshell.dll Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241071294156 DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 85.255.112.211,85.255.112.149 TCP: {92642196-DE8C-45AA-A052-55D3C216CD68} = 85.255.112.211,85.255.112.149 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-07-16 00:34 <DIR> --d----- C:\RootkitNO 2009-07-16 00:34 2 a--shrot c:\windows\winstart.bat 2009-07-16 00:34 <DIR> --d----- c:\program files\UnHackMe 2009-07-15 23:29 <DIR> --d----- c:\windows\system32\Cache 2009-07-15 23:27 57 a------- c:\windows\system32\mapisvc.inf 2009-07-15 23:27 <DIR> --d----- c:\windows\system32\msmq 2009-07-15 23:26 <DIR> --d----- C:\Inetpub 2009-07-15 20:34 219,648 a------- c:\windows\PEV.exe 2009-07-15 20:34 161,792 a------- c:\windows\SWREG.exe 2009-07-15 20:34 98,816 a------- c:\windows\sed.exe 2009-07-15 20:22 <DIR> --ds---- C:\Combo-Fix 2009-07-15 20:12 389,120 a------- c:\windows\system32\CF4598.exe 2009-07-15 20:09 389,120 a------- c:\windows\system32\CF3922.exe 2009-07-15 13:36 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-07-15 13:10 <DIR> --d----- c:\program files\AVG 2009-07-15 13:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-07-15 13:09 <DIR> --d----- c:\program files\Sophos 2009-07-10 22:04 <DIR> --d----- c:\program files\System Search Dispatcher 2009-07-10 22:03 <DIR> --d----- c:\program files\DoubleD 2009-07-01 13:48 36,864 a------- c:\windows\system32\PalmDevC.dll 2009-07-01 13:48 19,968 a------- c:\windows\system32\drivers\VisorUsb.sys 2009-07-01 13:48 7,812 a------- c:\windows\system32\visorusb.dll 2009-07-01 13:48 <DIR> --d----- c:\program files\Handspring 2009-07-01 13:45 <DIR> --d----- c:\program files\Injectoclean 2009-07-01 13:45 <DIR> --d----- c:\documents and settings\brandon\WINDOWS 2009-06-30 11:15 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-06-30 11:15 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-06-30 11:15 <DIR> --d----- c:\program files\iPod 2009-06-30 11:15 <DIR> --d----- c:\program files\iTunes 2009-06-30 11:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-30 11:15 <DIR> --d----- c:\program files\Bonjour 2009-06-21 19:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk 2009-06-21 15:15 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-21 15:15 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-21 15:15 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-06-21 15:15 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-06-21 15:03 <DIR> --d----- c:\program files\common files\WPE 2009-06-21 13:07 116 a------- c:\windows\NeroDigital.ini 2009-06-20 11:58 155,648 a------- c:\windows\system32\NeroCheck.exe 2009-06-20 11:57 129,516 -------- c:\windows\UNNeroVision.cfg 2009-06-20 11:57 2,670,592 -------- c:\windows\UNNeroVision.exe 2009-06-20 11:56 471,040 -------- c:\windows\system32\ImagXRA7.dll 2009-06-20 11:56 364,544 -------- c:\windows\system32\TwnLib4.dll 2009-06-20 11:56 262,144 -------- c:\windows\system32\ImagXR7.dll 2009-06-20 11:56 106,496 a------- c:\windows\system32\TwnLib20.dll 2009-06-20 11:56 1,568,768 -------- c:\windows\system32\ImagX7.dll 2009-06-20 11:56 476,320 -------- c:\windows\system32\ImagXpr7.dll 2009-06-20 11:56 38,912 -------- c:\windows\system32\picn20.dll 2009-06-18 06:38 <DIR> --d----- c:\docume~1\brandon\applic~1\Malwarebytes 2009-06-18 06:38 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-18 06:38 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-18 06:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-06-18 06:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-17 18:28 <DIR> --d----- c:\windows\system32\VITrans 2009-06-17 18:28 <DIR> --d----- C:\VTPFiles 2009-06-17 18:28 111,104 a------- c:\windows\system32\Uharc.exe 2009-06-17 18:28 94,208 a------- c:\windows\system32\pskill.exe 2009-06-17 18:28 69,632 a------- c:\windows\system32\moveex.exe 2009-06-17 18:28 19,968 a------- c:\windows\system32\reico.exe 2009-06-17 18:28 8,636 a------- c:\windows\system32\modifype.exe 2009-06-17 17:30 <DIR> --d----- c:\program files\Jamorama 2009-06-17 14:26 <DIR> --d----- c:\docume~1\brandon\applic~1\Camfrog 2009-06-17 14:26 <DIR> --d----- c:\program files\Camfrog 2009-06-17 12:07 48 a------- c:\windows\PickList.ini ==================== Find3M ==================== 2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll 2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll 2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-04-30 09:08 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-04-28 21:53 87,608 a------- c:\docume~1\brandon\applic~1\inst.exe 2009-04-28 21:53 47,360 a------- c:\docume~1\brandon\applic~1\pcouffin.sys 2009-04-28 13:25 109,920 a------- c:\windows\hpoins08.dat 2009-04-28 12:01 21,640 a------- c:\windows\system32\emptyregdb.dat ============= FINISH: 13:49:59.59 =============== |
|
|
|
|
| Thread Tools | |
|
|
