Thread: So many problems......primarily Install issues
View Single Post
Old 03-02-2007, 09:01 AM   #26 (permalink)
champster2k6
Registered User
 
Join Date: Nov 2006
Location: London, England
Posts: 68
OS: Windows XP


GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-02 16:01:17
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 84BF8B68 ZwAlertResumeThread
SSDT 84BF8C40 ZwAlertThread
SSDT 84C6CB70 ZwAllocateVirtualMemory
SSDT 84CA33F0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 84BF8278 ZwCreateMutant
SSDT 84CB1F30 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 84C00580 ZwFreeVirtualMemory
SSDT 84BF8420 ZwImpersonateAnonymousToken
SSDT 84BF86C0 ZwImpersonateThread
SSDT 84C3F8F8 ZwMapViewOfSection
SSDT 84BF7F30 ZwOpenEvent
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 84C00EE8 ZwOpenProcessToken
SSDT 84BFB468 ZwOpenThreadToken
SSDT 84C06BC0 ZwResumeThread
SSDT 84BFA200 ZwSetContextThread
SSDT 84BFCA20 ZwSetInformationProcess
SSDT 84BF98F8 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 84BF79A8 ZwSuspendProcess
SSDT 84BF90B8 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 84BF9370 ZwTerminateThread
SSDT 84BFD138 ZwUnmapViewOfSection
SSDT 84C515C0 ZwWriteVirtualMemory
---- Processes - GMER 1.0.12 ----

Library C:\WINDOWS\system32\WTSAPI32.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [680] 0x76F50000
Library c:\windows\system32\WTSAPI32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1132] 0x76F50000
Library C:\WINDOWS\system32\WTSAPI32.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [1760] 0x76F50000
Library C:\WINDOWS\System32\WTSAPI32.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [2132] 0x76F50000
Library C:\WINDOWS\system32\WTSAPI32.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [2772] 0x76F50000
Library C:\WINDOWS\system32\wtsapi32.dll (*** hidden *** ) @ C:\Program Files\MSN Messenger\msnmsgr.exe [3908] 0x76F50000

---- Files - GMER 1.0.12 ----

File C:\Documents and Settings\All Users\Application Data\Tenebril\SpyCatcher\HiddenFiles.txt
File C:\Documents and Settings\All Users\Application Data\Tenebril\SpyCatcher\QuarantinedExecutables.txt
File C:\Documents and Settings\All Users\Application Data\Tenebril\SpyCatcher\QuarantinedLibraries.txt
File C:\Program Files\DAP\cabex.dll
File C:\Program Files\DAP\INSTALL.LOG
File C:\Program Files\DAP\license.txt
File C:\Program Files\DAP\privacy.txt
File C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
File C:\Program Files\SpyCatcher 2006\lsplib.dll
File C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
File C:\WINDOWS\system32\aniServ.exe <-- ROOTKIT !!!
File C:\WINDOWS\system32\UAService7.exe <-- ROOTKIT !!!
File C:\WINDOWS\system32\uninstdivx.exe
File C:\WINDOWS\system32\wbem\wmiutils.dll
File C:\WINDOWS\system32\wtsapi32.dll

---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\System32\aniServ.exe [AUTO] ANISERVICE <-- ROOTKIT !!!
Service C:\WINDOWS\system32\UAService7.exe [AUTO] UserAccess7 <-- ROOTKIT !!!

---- EOF - GMER 1.0.12 ----

Just doing the other bit now.
champster2k6 is offline