Tech Support Forum - View Single Post

rspatch · 07-04-2009, 07:55 AM

Sorry about that. I thought I was to send this only if requested. Here is the text from the GMER scan. Thanks again

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-01 05:48:32
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT 8A2D3D90 ZwAllocateVirtualMemory
SSDT E194B940 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E]
SSDT 8A371170 ZwCreateProcess
SSDT 8A3DC278 ZwCreateProcessEx
SSDT 8A399AA0 ZwCreateThread
SSDT 8A3D3328 ZwDeleteKey
SSDT 8A399C60 ZwDeleteValueKey
SSDT 8A386238 ZwQueueApcThread
SSDT 8A3D3710 ZwReadVirtualMemory
SSDT 8A3BC328 ZwRenameKey
SSDT 8A3871E8 ZwSetContextThread
SSDT 8A3BC510 ZwSetInformationKey
SSDT 8A3BB180 ZwSetInformationProcess
SSDT 8A385FA8 ZwSetInformationThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918BFE]
SSDT 8A3D6538 ZwSuspendProcess
SSDT 8A2D3B08 ZwSuspendThread
SSDT 8A370020 ZwTerminateProcess
SSDT 8A373258 ZwTerminateThread
SSDT 8A2D3D18 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip 8A3540D8
Device \Driver\Tcpip \Device\Ip 8A2374D8
Device \Driver\Tcpip \Device\Ip 8A0ABD60
Device \Driver\Tcpip \Device\Ip 89A780C8
Device \Driver\Tcpip \Device\Ip 89B200C8
Device \Driver\Tcpip \Device\Ip 89C9D068
Device \Driver\Tcpip \Device\Ip 8A12C6E0

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Tcp 8A3540D8
Device \Driver\Tcpip \Device\Tcp 8A2374D8
Device \Driver\Tcpip \Device\Tcp 8A0ABD60
Device \Driver\Tcpip \Device\Tcp 89A780C8
Device \Driver\Tcpip \Device\Tcp 89B200C8
Device \Driver\Tcpip \Device\Tcp 89C9D068
Device \Driver\Tcpip \Device\Tcp 8A12C6E0

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp 8A3540D8
Device \Driver\Tcpip \Device\Udp 8A2374D8
Device \Driver\Tcpip \Device\Udp 8A0ABD60
Device \Driver\Tcpip \Device\Udp 89A780C8
Device \Driver\Tcpip \Device\Udp 89B200C8
Device \Driver\Tcpip \Device\Udp 89C9D068
Device \Driver\Tcpip \Device\Udp 8A12C6E0

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\RawIp 8A3540D8
Device \Driver\Tcpip \Device\RawIp 8A2374D8
Device \Driver\Tcpip \Device\RawIp 8A0ABD60
Device \Driver\Tcpip \Device\RawIp 89A780C8
Device \Driver\Tcpip \Device\RawIp 89B200C8
Device \Driver\Tcpip \Device\RawIp 89C9D068
Device \Driver\Tcpip \Device\RawIp 8A12C6E0

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST 8A3540D8
Device \Driver\Tcpip \Device\IPMULTICAST 8A2374D8
Device \Driver\Tcpip \Device\IPMULTICAST 8A0ABD60
Device \Driver\Tcpip \Device\IPMULTICAST 89A780C8
Device \Driver\Tcpip \Device\IPMULTICAST 89B200C8
Device \Driver\Tcpip \Device\IPMULTICAST 89C9D068
Device \Driver\Tcpip \Device\IPMULTICAST 8A12C6E0

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

07-04-2009, 07:55 AM	#3 (permalink)
rspatch Registered User Join Date: Jun 2009 Posts: 8 OS: xp pro	Re: Going to reformat unless help arrives Sorry about that. I thought I was to send this only if requested. Here is the text from the GMER scan. Thanks again GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-01 05:48:32 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT 8A2D3D90 ZwAllocateVirtualMemory SSDT E194B940 ZwConnectPort SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E] SSDT 8A371170 ZwCreateProcess SSDT 8A3DC278 ZwCreateProcessEx SSDT 8A399AA0 ZwCreateThread SSDT 8A3D3328 ZwDeleteKey SSDT 8A399C60 ZwDeleteValueKey SSDT 8A386238 ZwQueueApcThread SSDT 8A3D3710 ZwReadVirtualMemory SSDT 8A3BC328 ZwRenameKey SSDT 8A3871E8 ZwSetContextThread SSDT 8A3BC510 ZwSetInformationKey SSDT 8A3BB180 ZwSetInformationProcess SSDT 8A385FA8 ZwSetInformationThread SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918BFE] SSDT 8A3D6538 ZwSuspendProcess SSDT 8A2D3B08 ZwSuspendThread SSDT 8A370020 ZwTerminateProcess SSDT 8A373258 ZwTerminateThread SSDT 8A2D3D18 ZwWriteVirtualMemory ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) Device \Driver\Tcpip \Device\Ip 8A3540D8 Device \Driver\Tcpip \Device\Ip 8A2374D8 Device \Driver\Tcpip \Device\Ip 8A0ABD60 Device \Driver\Tcpip \Device\Ip 89A780C8 Device \Driver\Tcpip \Device\Ip 89B200C8 Device \Driver\Tcpip \Device\Ip 89C9D068 Device \Driver\Tcpip \Device\Ip 8A12C6E0 AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB) Device \Driver\Tcpip \Device\Tcp 8A3540D8 Device \Driver\Tcpip \Device\Tcp 8A2374D8 Device \Driver\Tcpip \Device\Tcp 8A0ABD60 Device \Driver\Tcpip \Device\Tcp 89A780C8 Device \Driver\Tcpip \Device\Tcp 89B200C8 Device \Driver\Tcpip \Device\Tcp 89C9D068 Device \Driver\Tcpip \Device\Tcp 8A12C6E0 AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) Device \Driver\Tcpip \Device\Udp 8A3540D8 Device \Driver\Tcpip \Device\Udp 8A2374D8 Device \Driver\Tcpip \Device\Udp 8A0ABD60 Device \Driver\Tcpip \Device\Udp 89A780C8 Device \Driver\Tcpip \Device\Udp 89B200C8 Device \Driver\Tcpip \Device\Udp 89C9D068 Device \Driver\Tcpip \Device\Udp 8A12C6E0 AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB) Device \Driver\Tcpip \Device\RawIp 8A3540D8 Device \Driver\Tcpip \Device\RawIp 8A2374D8 Device \Driver\Tcpip \Device\RawIp 8A0ABD60 Device \Driver\Tcpip \Device\RawIp 89A780C8 Device \Driver\Tcpip \Device\RawIp 89B200C8 Device \Driver\Tcpip \Device\RawIp 89C9D068 Device \Driver\Tcpip \Device\RawIp 8A12C6E0 AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\Tcpip \Device\IPMULTICAST 8A3540D8 Device \Driver\Tcpip \Device\IPMULTICAST 8A2374D8 Device \Driver\Tcpip \Device\IPMULTICAST 8A0ABD60 Device \Driver\Tcpip \Device\IPMULTICAST 89A780C8 Device \Driver\Tcpip \Device\IPMULTICAST 89B200C8 Device \Driver\Tcpip \Device\IPMULTICAST 89C9D068 Device \Driver\Tcpip \Device\IPMULTICAST 8A12C6E0 AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ---- EOF - GMER 1.0.15 ----