I think I have a problem

View previous topic View next topic Go down

I think I have a problem

Post by MJ1 on Sun 25 Sep 2011, 7:09 am

My computer has been coming up with errors and unable to find drive, etc everytime I start it up. I wondered if I might have a rootkit problem and ran gmer. Here is the result. Do I have a problem?

I AM USING WINDOWS VISTA on this machine. I did an MBR check and it was fine.

GMER 1.0.15.15641 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-22 13:34:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005d WDC_WD32 rev.12.0
Running: gmer.exe; Driver: C:\Users\Spirit\AppData\Local\Temp\pwdiqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x873DC282]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x873DC474]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA8C727A0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x95CDA640]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA8C728E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA8C72980]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x873DC67C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 209 86CB298C 8 Bytes [82, C2, 3D, 87, 74, C4, 3D, ...]
.text ntkrnlpa.exe!KeSetEvent + 3F1 86CB2B74 4 Bytes [A0, 27, C7, A8]
.text ntkrnlpa.exe!KeSetEvent + 621 86CB2DA4 8 Bytes [40, A6, CD, 95, E4, 28, C7, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 86CB2E04 4 Bytes [80, 29, C7, A8]
.text ntkrnlpa.exe!KeSetEvent + 6E5 86CB2E68 4 Bytes [7C, C6, 3D, 87]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[440] kernel32.dll!CreateThread + 1A 75C0CB48 4 Bytes CALL 0044C771 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
.text C:\Program Files\real\realplayer\Update\realsched.exe[2908] kernel32.dll!SetUnhandledExceptionFilter 75BEA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\firefox.exe[4892] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00C213F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[440] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044C8C8] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
IAT C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044C8C8] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CC7817] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D1A86D] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CCBB22] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CBF695] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CC75E9] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CBE7CA] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73CF8395] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73CCDA60] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CBFFFA] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CBFF61] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CB71CF] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D4CAE2] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73CEC8D8] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CBD968] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipFree] [73CB6853] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CB687E] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1756] @ C:\WINDOWS\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CC2AD1] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{873553ED-2B1A-4768-8155-E9772D7F2131}@LeaseObtainedTime 1316625044
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{873553ED-2B1A-4768-8155-E9772D7F2131}@T1 1316625099
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{873553ED-2B1A-4768-8155-E9772D7F2131}@T2 1316625144
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{873553ED-2B1A-4768-8155-E9772D7F2131}@LeaseTerminatesTime 1316625164
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xC3 0x13 0xAF 0xD7 ...

---- EOF - GMER 1.0.15 ----




Last edited by MJ1 on Sun 25 Sep 2011, 7:11 am; edited 1 time in total (Reason for editing : forgot a bit of info)

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: I think I have a problem

Post by Belahzur on Sun 25 Sep 2011, 7:19 am

Hello.
GMER doesn't see any malware.

Please read this topic:
[You must be registered and logged in to see this link.]

Post the requested logs in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: I think I have a problem

Post by MJ1 on Sun 25 Sep 2011, 9:14 am

Thanks very much, appreciate the quick reply

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: I think I have a problem

Post by Sponsored content Today at 4:40 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum