Tech Support Forum - View Single Post

pt49 · 08-06-2006, 05:48 AM

Here's the short log from Gmer... I have not been able to get a full report log so far. The computer keeps crashing before it completes.

I saved the short log report... I'm currently running Gmer full scan in SaAFE mode to see if I can get the full log... I'll post it next if I get it.

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-06 21:22:53
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.10 ----

SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwQuerySystemInformation <-- ROOTKIT !!!

---- Devices - GMER 1.0.10 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F7D7685A] avgtdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F7D7685A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F7D7685A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2EE8230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F7D7685A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [B2EE8230] vsdatant.sys

---- Processes - GMER 1.0.10 ----

Process hidden process (*** hidden *** ) 2972 <-- ROOTKIT !!!

---- Services - GMER 1.0.10 ----

Service C:\WINDOWS\system32\mssync20.sys (*** hidden *** ) [AUTO] mssync2020 <-- ROOTKIT !!!

---- EOF - GMER 1.0.10 ----

08-06-2006, 05:48 AM	#4 (permalink)
pt49 Registered User Join Date: Aug 2006 Location: Australia Posts: 22 OS: XP My System	Gmer short report log Here's the short log from Gmer... I have not been able to get a full report log so far. The computer keeps crashing before it completes. I saved the short log report... I'm currently running Gmer full scan in SaAFE mode to see if I can get the full log... I'll post it next if I get it. GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-08-06 21:22:53 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwEnumerateKey <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwEnumerateValueKey <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwQueryDirectoryFile <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwQuerySystemInformation <-- ROOTKIT !!! ---- Devices - GMER 1.0.10 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F7D7685A] avgtdi.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F7D7685A] avgtdi.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F7D7685A] avgtdi.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2EE8230] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F7D7685A] avgtdi.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [B2EE8230] vsdatant.sys ---- Processes - GMER 1.0.10 ---- Process hidden process (* hidden * ) 2972 <-- ROOTKIT !!! ---- Services - GMER 1.0.10 ---- Service C:\WINDOWS\system32\mssync20.sys (* hidden * ) [AUTO] mssync2020 <-- ROOTKIT !!! ---- EOF - GMER 1.0.10 ----