PDA

View Full Version : Pleeeez help only one log will save..



wizird
2009-08-11, 18:01
Can not run antivirus, hijack or any other tools. If I open once cannot open or run program again. Please check this log and tell me if you see anything.
GMER 1.0.15.15020 [holgyy5e[1].exe] - http://www.gmer.net
Rootkit scan 2009-08-11 11:34:41
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\NDISRD.SYS The system cannot find the path specified. !
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !
? C:\DOCUME~1\MINE\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!TrackMouseEvent + 94 7E41DD7A 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3688] GDI32.dll!GetHFONT + 51 77F17EB7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3688] GDI32.dll!GetTextExtentPoint32W + 84 77F18031 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7906380] \SystemRoot\System32\Drivers\NDISRD.SYS
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F79063F0] \SystemRoot\System32\Drivers\NDISRD.SYS
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7906710] \SystemRoot\System32\Drivers\NDISRD.SYS
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7906750] \SystemRoot\System32\Drivers\NDISRD.SYS
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7906710] \SystemRoot\System32\Drivers\NDISRD.SYS
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F79063F0] \SystemRoot\System32\Drivers\NDISRD.SYS
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7906380] \SystemRoot\System32\Drivers\NDISRD.SYS

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 VolumeFilter.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 VolumeFilter.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [496] 0x35670000
Library \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\snmp.exe [592] 0x35670000
Library \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [936] 0x35670000
Library \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1128] 0x35670000
Library \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1268] 0x35670000
Library \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1980] 0x35670000
Library \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3688] 0x35670000
Library \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [3724] 0x35670000
Library \\?\globalroot\Device\__max++>\A0EB93E8.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3868] 0x35670000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\ASP.NET_2.0.50727\Performance@Last Counter 3150
Reg HKLM\SYSTEM\CurrentControlSet\Services\ASP.NET_2.0.50727\Performance@Last Help 3151
Reg HKLM\SYSTEM\CurrentControlSet\Services\ASP.NET_2.0.50727\Performance@First Counter 2960
Reg HKLM\SYSTEM\CurrentControlSet\Services\ASP.NET_2.0.50727\Performance@First Help 2961
Reg HKLM\SYSTEM\CurrentControlSet\Services\ASP.NET_2.0.50727\Performance@Object List 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962 2960 2962
Reg HKLM\SYSTEM\CurrentControlSet\Services\ASP.NET_2.0.50727\Performance@WbemAdapFileSize 23552

Blade81
2009-08-13, 08:47
Hi,

Please try this (print/save these since you won't be able to access them while in safe mode):
Press F8 before Windows' loading screen and select safe mode with command prompt -option.
Then write following command:
dir /s /a c:\windows\system32\scecli.dll c:\windows\system32\sceclt.dll c:\windows\system32\netlogon.dll c:\windows\system32\ntelogon.dll >c:\locations.txt
exit


Attach c:\locations.txt file to your reply.