Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects me and I can't open any antivirus scan software


  • This topic is locked This topic is locked
4 replies to this topic

#1 troywahl

troywahl

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 24 August 2011 - 09:21 AM

I keep getting redirected by google and everytime I try to run a scan it loads then exits and won't let me open the programs. It says that I don't have the appropriate permissions.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Troy Wahl at 7:54:05 on 2011-08-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3199.2676 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZon0.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZon0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZon0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [nwiz] nwiz.exe /install
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\documents and settings\troy wahl\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 167.142.225.3 167.142.225.5
TCP: Interfaces\{9BCD25B2-3243-44E1-948F-15879132A0A2} : DhcpNameServer = 167.142.225.3 167.142.225.5
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\troy wahl\application data\mozilla\firefox\profiles\cqh5qxxr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-10-14 132184]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-24 64512]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-22 525840]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-21 327256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-8-21 54760]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-21 2214504]
S2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;c:\program files\ecs motherboard utility\edlu\ECSIoDriver.sys [2011-8-21 14528]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-7-25 36744]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-8-21 119528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-24 12:47:31 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-24 12:40:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2011-08-24 12:31:47 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-24 12:31:41 -------- d-----w- c:\program files\Lavasoft
2011-08-24 12:26:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 12:26:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 12:26:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
2011-08-24 12:22:58 -------- d--h--w- c:\windows\PIF
2011-08-24 12:16:59 -------- d-----w- c:\documents and settings\troy wahl\application data\Malwarebytes
2011-08-24 12:16:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-24 12:16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 10:08:49 -------- d-----w- c:\program files\GameCommanderPro
2011-08-22 21:23:41 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-22 13:05:27 -------- d-----w- c:\documents and settings\troy wahl\application data\DDMSettings
2011-08-22 13:04:46 -------- d-----w- c:\documents and settings\troy wahl\application data\NVIDIA
2011-08-22 13:02:48 -------- d-----w- c:\program files\common files\DivX Shared
2011-08-22 12:59:17 -------- d-----w- c:\program files\DivX
2011-08-22 12:58:27 -------- d-----w- c:\documents and settings\all users\application data\DivX
2011-08-22 08:43:39 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-08-22 08:43:39 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-22 08:43:39 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-08-21 18:47:15 -------- d-----w- c:\documents and settings\troy wahl\local settings\application data\AOL
2011-08-21 18:47:15 -------- d-----w- c:\documents and settings\troy wahl\local settings\application data\AIM
2011-08-21 17:37:44 -------- d-----w- c:\documents and settings\troy wahl\Tracing
2011-08-21 17:36:46 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-08-21 17:36:02 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-08-21 17:35:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-08-21 17:34:33 -------- d-----w- c:\program files\Microsoft
2011-08-21 17:34:16 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-08-21 17:33:34 4927864 ----a-w- c:\program files\common files\windows live\.cache\73a247381cc6028\Silverlight.2.0.exe
2011-08-21 17:31:51 74520 ----a-w- c:\program files\common files\windows live\.cache\36211d801cc6028\DSETUP.dll
2011-08-21 17:31:51 484632 ----a-w- c:\program files\common files\windows live\.cache\36211d801cc6028\DXSETUP.exe
2011-08-21 17:31:51 1670936 ----a-w- c:\program files\common files\windows live\.cache\36211d801cc6028\dsetup32.dll
2011-08-21 17:31:41 1013800 ----a-w- c:\program files\common files\windows live\.cache\307060b21cc6028\WindowsXP-KB954708-x86-ENU.exe
2011-08-21 17:31:34 -------- d-----w- c:\documents and settings\all users\application data\AIM
2011-08-21 17:31:30 -------- d-----w- c:\program files\AIM
2011-08-21 17:31:29 -------- d-----w- c:\program files\common files\Software Update Utility
2011-08-21 17:31:27 -------- d-----w- c:\program files\common files\AOL
2011-08-21 17:27:58 -------- d-----w- c:\program files\common files\Windows Live
2011-08-21 17:24:55 -------- d-----w- c:\program files\Yahoo!
2011-08-21 17:20:11 -------- d-----w- c:\documents and settings\troy wahl\local settings\application data\Deployment
2011-08-21 17:10:23 -------- d-----w- c:\documents and settings\troy wahl\application data\#ISW.FS#
2011-08-21 17:08:49 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky SDK
2011-08-21 17:07:00 -------- d-----w- C:\MyBackup
2011-08-21 17:06:30 -------- d-----w- c:\program files\PC Tune-Up
2011-08-21 17:05:09 -------- d-----w- c:\windows\pss
2011-08-21 17:00:19 -------- d-----w- c:\documents and settings\troy wahl\application data\MailFrontier
2011-08-21 16:59:35 -------- d-----w- c:\documents and settings\troy wahl\local settings\application data\Adobe
2011-08-21 16:59:29 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-08-21 16:42:44 -------- d-----w- c:\documents and settings\troy wahl\application data\CheckPoint
2011-08-21 16:42:38 -------- d-----w- c:\program files\Conduit
2011-08-21 16:42:36 -------- d-----w- c:\documents and settings\troy wahl\local settings\application data\ZoneAlarm_Extreme_Security
2011-08-21 16:42:36 -------- d-----w- c:\documents and settings\troy wahl\local settings\application data\ConduitEngine
2011-08-21 16:42:35 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-21 16:42:35 -------- d-----w- c:\program files\ConduitEngine
2011-08-21 16:42:34 -------- d-----w- c:\documents and settings\troy wahl\local settings\application data\Temp
2011-08-21 16:42:34 -------- d-----w- c:\documents and settings\troy wahl\local settings\application data\Conduit
2011-08-21 16:42:32 -------- d-----w- c:\program files\ZoneAlarm_Extreme_Security
2011-08-21 16:36:23 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-08-21 16:36:19 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-21 16:36:19 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-21 16:34:01 -------- d-----w- c:\program files\CheckPoint
2011-08-21 16:29:41 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-08-21 16:29:09 -------- d-----w- c:\documents and settings\troy wahl\local settings\application data\ApplicationHistory
2011-08-21 16:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-21 16:25:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-21 15:43:04 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-21 15:36:14 -------- d-----w- c:\windows\system32\XPSViewer
2011-08-21 15:35:55 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-08-21 15:35:52 117760 ------w- c:\windows\system32\prntvpt.dll
2011-08-21 15:35:51 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-08-21 15:35:51 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-08-21 15:35:51 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-08-21 15:35:51 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-08-21 15:35:51 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-08-21 15:35:51 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-08-21 15:35:51 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-08-21 15:35:51 -------- d-----w- C:\41cd0b2419269be05207
2011-08-21 15:34:34 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-08-21 15:34:22 -------- d-----w- c:\windows\ShellNew
2011-08-21 15:31:41 -------- d-----w- c:\documents and settings\troy wahl\application data\Mumble
2011-08-21 15:31:08 -------- d-----w- c:\program files\Windows Media Connect 2
2011-08-21 15:30:27 -------- d-----w- c:\windows\system32\LogFiles
2011-08-21 15:29:05 -------- d-----w- c:\windows\system32\URTTEMP
2011-08-21 15:18:48 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-08-21 15:18:48 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-08-21 15:18:12 -------- d-----w- c:\program files\Mumble
2011-08-21 15:12:03 -------- d-sh--w- c:\documents and settings\troy wahl\IECompatCache
2011-08-21 15:07:10 -------- d-sh--w- c:\documents and settings\troy wahl\PrivacIE
2011-08-21 15:05:31 -------- d-sh--w- c:\documents and settings\troy wahl\IETldCache
2011-08-21 15:02:12 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-08-21 15:02:03 -------- d-----w- c:\windows\ie8updates
2011-08-21 15:01:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-08-21 15:01:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-08-21 15:01:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-08-21 15:01:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-08-21 15:01:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-08-21 15:01:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-08-21 15:01:59 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-08-21 15:01:04 -------- dc-h--w- c:\windows\ie8
.
==================== Find3M ====================
.
2011-08-24 12:52:03 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-21 17:28:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-21 16:37:08 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-21 16:37:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-21 16:37:02 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-07-22 20:51:50 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 7:54:36.92 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-24 09:19:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-00UU3A0 rev.01.03B01
Running: gmer.exe; Driver: C:\DOCUME~1\TROYWA~1\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB5DD45CA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB5DF358A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB5DD51E0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB5DF4E3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB5DF47B2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB5DF5794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB5DF599C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB5DD4DF2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB5DF672A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB5DF6060]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB5DF70FC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB5DD55A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB5DF6C6A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB5DF3F72]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\TROYWA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1784] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AA2FB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1784] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AA28D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1784] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104B1BD2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1784] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104B219D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Files - GMER 1.0.15 ----

File C:\Program Files\Malwarebytes' Anti-Malware3 0 bytes
ADS C:\WINDOWS\659951078:435333592.exe 816 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\$NtUninstallKB20437$\2390446539 0 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703 0 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\L 0 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\L\zfbzogmx 64512 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\loader.tlb 2540 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\U 0 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\U\@00000001 41360 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\U\@000000c0 2560 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\U\@000000cb 2048 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\U\@80000000 25600 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\U\@800000c0 33280 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\U\@800000cb 27648 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\U\@800000cf 27648 bytes
File C:\WINDOWS\$NtUninstallKB20437$\3859633703\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\659951078:435333592.exe [MANUAL] e60d5627 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:55 PM

Posted 25 August 2011 - 11:02 AM

Hello troywahl,

Welcome to Bleeping Computer.

  • Please tell me why you are running the tools from Safe Mode with networking.
  • Please download DummyCreator.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      C:\WINDOWS\659951078
    • Press Create button and post the result.
  • Important: Restart the computer.
  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:55 PM

Posted 29 August 2011 - 05:28 AM

Are you still there?

#4 troywahl

troywahl
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 30 August 2011 - 04:33 AM

I apologize for not responding sooner. The computer problems got worse and I had to reformat my hard drive. Thanks for trying to help me. It seems my antivirus wasn't any good and I have since installed Avast after the reformat.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:55 PM

Posted 30 August 2011 - 01:06 PM

Glad the issue is resolved and thank for letting me know. :)

This thread will now be closed since the issue seems to be resolved.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users