Hello,
I got whacked Monday with a fake Microsoft Security Essentials. While attempting to clean it I got hit with what Symantec calls "Boot.Tidserv" - little bugger infected my MBR - I removed it with TDSSKiller.exe from Kaspersky which is a stand alone tools created to clean this infection. Of course I had multiple spyware / viral problems - I used Malwarebytes, SuperAntispyware, and Spybot multiple times to clean up everything. Additionally I have run Panda's online scanner, Eset Online scanner, Blacklight and now GMER. Any infections that were detected I researched their damage and removed or fixed what I found... meaning added registry entries, directories etc..
I feel I'm at the final stage of clean up, however, I don't know how to interpret GMER's output / log. Below is the log after I ran GMER - would someone please take a look and tell me if it look like I'm NOT still infected by a rootkit. (Nothing came up in RED in GMER.)
Thank you
GMER LOG
GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-09-23 16:11:14
Windows 5.1.2600 Service Pack 3
Running: rj5xekhw.exe; Driver: C:\DOCUME~1\BSOBOC~1\LOCAL
S~1\Temp\k
wtdqpow.sy
s
---- System - GMER 1.0.15 ----
SSDT 8A670A68 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SY
S (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB309BDC0]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SY
S (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB309C020]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVER
S\nv4_mini
.sys section is writeable [0xB85F1360, 0x37388D, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSI
D\{05AF50A
A-22D7-AA1
D-A4F48F39
3CAE2202}\
{78C6AA3D-
BD77-7FA2-
B188C82FA3
887936}\{1
02B7915-3D
5B-6524-E7
7B0FDDDBDD
9024}
Reg HKLM\SOFTWARE\Classes\CLSI
D\{05AF50A
A-22D7-AA1
D-A4F48F39
3CAE2202}\
{78C6AA3D-
BD77-7FA2-
B188C82FA3
887936}\{1
02B7915-3D
5B-6524-E7
7B0FDDDBDD
9024}@RTPQ
MSV6Q4TS2B
3CLDVTIWDO
NA1 0x01 0x00 0x01 0x00 ...
---- EOF - GMER 1.0.15 ----
Sorry to be so vague on this but if you can provide back specifics on what you find throughout your search i will do my best to give you some tips and tricks.