1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

rootkit revealer results

Discussion in 'Virus & Other Malware Removal' started by AttackRabbit, Jul 21, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. AttackRabbit

    AttackRabbit Thread Starter

    Joined:
    Nov 27, 2003
    Messages:
    167
    hey everyone !

    ive been doing quite a bit of reading on rootkits, and recently donwloaded rootkit revealer. I ran the application and to my surprise my results showed something like 3094 descrepenices. First, is this normal , because the screen shots ive seen of the programm functioning only show a hadnful of results. As well, how do analyze these results ? ive got a text file with tonsa of entries. If someone can just put me in the right direction, that would be great !
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,279
    Please upload the report as an attachment and I'll take a look at it.
     
  3. AttackRabbit

    AttackRabbit Thread Starter

    Joined:
    Nov 27, 2003
    Messages:
    167
    thanks cookiegal! the file is two large to attach in one document so i broke it up into three text files . here is part one.
     

    Attached Files:

  4. AttackRabbit

    AttackRabbit Thread Starter

    Joined:
    Nov 27, 2003
    Messages:
    167
    here is part two
     

    Attached Files:

  5. AttackRabbit

    AttackRabbit Thread Starter

    Joined:
    Nov 27, 2003
    Messages:
    167
    and lastly part three
     

    Attached Files:

  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,279
    It's not normally that long but it doesn't indicate a rootkit either.

    Were you using the computer to do something else during the scan?

    Please do this:

    Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  7. AttackRabbit

    AttackRabbit Thread Starter

    Joined:
    Nov 27, 2003
    Messages:
    167
    thanks cookiegal ! i cant believe you sifted through that mess of results. im actually quite familiar with hijack this , but here is a log anyway.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:09:16 AM, on 7/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
    C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\ImageStudio\LowLight.exe
    D:\AdobeCS\Adobe Photoshop CS\Photoshop.exe
    C:\DOCUME~1\ADAMYO~1\LOCALS~1\Temp\~e5d141.tmp
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\DOCUME~1\ADAMYO~1\LOCALS~1\Temp\~e5d141.tmp
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Adam York\My Documents\adamwarez\Applictions\HijackThis!\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\AdobeCS\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\AdobeCS\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\AdobeCS\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [LogitechGalleryRepair] D:\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] D:\ImageStudio\LogiTray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - D:\AdobeCS\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\iomegaaccess.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

    mayb i should use msconfig , and do a selective start up , then run root kit revealer ?
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,279
    The log looks find. Let's try running this one:

    Download GMER from http://www.gmer.net

    Save it somewhere safe & unzip it to desktop

    Double click the gmer.exe to run it and select the rootkit tab, press scan and when it has finished press save and copy the log back here please.
     
  9. AttackRabbit

    AttackRabbit Thread Starter

    Joined:
    Nov 27, 2003
    Messages:
    167
    alrigth cookiegal here are the gmer results

    GMER 1.0.10.10122 - http://www.gmer.net
    Rootkit 2006-07-22 16:00:05
    Windows 5.1.2600 Service Pack 2


    ---- Files - GMER 1.0.10 ----

    File C:\System Volume Information\MountPointManagerRemoteDatabase
    File C:\System Volume Information\tracking.log
    File C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}

    ---- EOF - GMER 1.0.10 ----

    not much to this one at all.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,279
    Nothing there. How are things running?
     
  11. AttackRabbit

    AttackRabbit Thread Starter

    Joined:
    Nov 27, 2003
    Messages:
    167
    everything runs fine, the only reoccuring problem i have is with logic audio and samplitude. I used to be able to use these programs fine, however, the audio playback on project files has become choppy and distorted. Ive tried everything from changing the buffer size, reseting the scratch disks, to updating my onboard sound card drivers. its really strange because i have more memory now then i did previously when these applications worked.
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,279
    I think you should start a new thread in the Hardware forum for assistance with that. :)
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/485053

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice