Free Malware Removal Forum

[peku006]

Hi Skip

Please download gmer.zip from Gmer and save it to your desktop.

• Right click on gmer.zip and select Extract All....
• Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
• Click on the Browse button. Click on Desktop. Then click OK.
• Click Next. It will start extracting.
• Once done, check (tick) the Show extracted files box and click Finish.
• Double click on gmer.exe to run it.
• Select the Rootkit tab.
• On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click on the Scan button.
• When the scan is finished, click Copy to save the scan log to the Windows clipboard.
• Open Notepad or a similar text editor.
• Paste the clipboard contents into the text editor.
• Save the Gmer scan log and post it in your next reply.
• Close Gmer.
• Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
• In Command Prompt, type in net stop gmer. Press Enter.
• Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.

Thanks peku006

[skip_ski73]

Hi peku006

Please find below results from GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-03 19:25:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Kev\LOCALS~1\Temp\fgtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF742ED72]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF740F9A6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF740FB98]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF742F568]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF742F820]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF742DA80]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF742FC8A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF742F036]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB566E620]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xBAD9E340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6300, 0x234A20, 0xF8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B56FE990] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVRec.sys (PC Tools Recognizer Driver for Windows 2000/XP/PC Tools Research Pty Ltd )
AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVRec.sys (PC Tools Recognizer Driver for Windows 2000/XP/PC Tools Research Pty Ltd )

---- EOF - GMER 1.0.15 ----

Thanks
Skip

[peku006]

Hi Skip

all the logs look good
How's the computer running now? Any problems?

Thanks peku006

[NonSuch]

Due to a lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.