GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-28 20:19:59 Windows 6.0.6002 Service Pack 2 Running: sf79pdy3.exe; Driver: C:\Users\chris\AppData\Local\Temp\fwrcqpod.sys ---- System - GMER 1.0.15 ---- SSDT 88062068 ZwAlertResumeThread SSDT 8805E120 ZwAlertThread SSDT 881F4B50 ZwAllocateVirtualMemory SSDT 87EDB008 ZwAlpcConnectPort SSDT 880C7048 ZwAssignProcessToJobObject SSDT 881FB940 ZwCreateMutant SSDT 88200B38 ZwCreateSymbolicLinkObject SSDT 881ADEF0 ZwCreateThread SSDT 880D6D10 ZwDebugActiveProcess SSDT 881F4D68 ZwDuplicateObject SSDT 881F44B0 ZwFreeVirtualMemory SSDT 880AA110 ZwImpersonateAnonymousToken SSDT 880B8108 ZwImpersonateThread SSDT 87D184B8 ZwLoadDriver SSDT 881F4350 ZwMapViewOfSection SSDT 880AC068 ZwOpenEvent SSDT 881F4F80 ZwOpenProcess SSDT 880859F0 ZwOpenProcessToken SSDT 880AE048 ZwOpenSection SSDT 881F4EB8 ZwOpenThread SSDT 881FF930 ZwProtectVirtualMemory SSDT 8802A4A8 ZwResumeThread SSDT 8804E068 ZwSetContextThread SSDT 881F40B8 ZwSetInformationProcess SSDT 880CEAD0 ZwSetSystemInformation SSDT 880C9118 ZwSuspendProcess SSDT 88053118 ZwSuspendThread SSDT 88087A20 ZwTerminateProcess SSDT 8804F108 ZwTerminateThread SSDT 88087430 ZwUnmapViewOfSection SSDT 881F4800 ZwWriteVirtualMemory SSDT 881FF090 ZwCreateThreadEx ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- EOF - GMER 1.0.15 ----