Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

System not right

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

System not right

Unread postby michellep71 » March 25th, 2009, 9:03 pm

Would you please look at the info below and advise me on what needs to be done. Thanks.GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-03-25 20:44:54
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey2
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSystemDebugControl
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4968 12 Bytes [ 90, CE, CA, AD, 80, 3C, CB, ... ]
.text ntoskrnl.exe!ZwYieldExecution + 16E 804E49A8 8 Bytes [ 70, 9C, CA, AD, 10, 6D, CB, ... ]
.text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A38 8 Bytes [ 30, 72, CB, AD, B0, 72, CB, ... ]
.text ntoskrnl.exe!ZwYieldExecution + 376 804E4BB0 8 Bytes [ 70, 79, CB, AD, D0, 73, CB, ... ]

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL [ADA66C3D] tfsnifs.sys
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL [ADA66C3D] tfsnifs.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [ADCC05C0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [ADCC05C0] vsdatant.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN BA95BC74
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP BA958400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP BA958400
Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible BA95BBCE

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155aec9a.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155aec9a.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155b1c35.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155b1c35.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155b6d3c.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155b6d3c.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c820b800bbad.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c820b800bbad.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c83cfa7b1763.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c83cfa7b1763.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\All Users\Documents\Favorites\AT&T - Residential Products and Services.url:favicon
ADS ...
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155aec9a.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155aec9a.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155b1c35.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155b1c35.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155b6d3c.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c811155b6d3c.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c820b800bbad.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c820b800bbad.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c83cfa7b1763.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1582456506-3236537422-1373595852-1006$201c83cfa7b1763.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS N:\Seagate Backup\NMP\C\Documents and Settings\All Users\Documents\Favorites\AT&T - Residential Products and Services.url:favicon
ADS ...

---- EOF - GMER 1.0.12 ----
michellep71
Active Member
 
Posts: 1
Joined: March 25th, 2009, 8:57 pm
Top
Advertisement
Register to Remove

Re: System not right

Unread postby NonSuch » March 25th, 2009, 11:46 pm

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and include your HijackThis log in the same post as other information you would like to provide.

Do not post a reply to your topic until you have received a response from a helper.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 276 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index