Jump to content

ckblackm

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. When combofix finishes, it says it can't find a combo fix log and the notepad that comes up is empty.
  2. I put it back in normal startup mode and I still don't see zonealarm running. When I tried to uninstall zonealarm by using the add/remove programs and clicked on change/remove... nothing happens. *sigh*
  3. I'm running with the selective startup and all startup programs disabled. Even the ZA icon that shows up when it's running (in the bottom right hand corner) isn't on. I'm just going to uninstall ZA and see if that helps.
  4. The c:\ComboFix.txt file is an empty file.... it may not have been able to run, I don't remember. Do you want me to try running it?
  5. Here are the logs, the instructions said to put attach.txt as a zip file, so I did that.. if you want me to just copy it to a post, I can do that to. One other thing.. I noticed the Norton thingy running, and have tried to run the norton removal tool, but that fails. DDS (Ver_09-10-13.01) - NTFSx86 Run by Owner at 12:45:31.20 on Sat 10/17/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.284 [GMT -4:00] FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\windows\system32\svchost -k DcomLaunch svchost.exe C:\windows\System32\svchost.exe -k netsvcs svchost.exe C:\windows\system32\spoolsv.exe C:\windows\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c mSearch Bar = hxxp://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: ZIBho Class: {029ca12c-89c1-46a7-a3c7-82f2f98635cb} - c:\program files\kontiki\bin\bh304041.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL TB: {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0819.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uPolicies-explorer: <NO NAME> = mPolicies-explorer: <NO NAME> = IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html IE: MyPoints - file://c:\program files\mypoints_pointalert\sy800\tp800\scri800a.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0819.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01112B00-3E00-11D2-8470-0060089874ED} - hxxp://support.fastaccess.com/sdccommon/download/tgrc.cab DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://support.fastaccess.com/sdccommon/download/tgctlcm.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/SU/ocx/12119/CTSUEng.cab DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {3907FEBA-74A6-49C1-A389-B1E076416538} - hxxp://www.topmoxie.com/external/builds/mypoints/mypt800_301.cab DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://email4.uncg.edu/iNotes6W.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251846348972 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251846327030 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_02-win.cab DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} - hxxp://www.shop.intuit.com/commerce/account/downloads/executables/ie/IDA.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37634.3881481482 DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/SU/ocx/12119/CTPID.cab Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\tz4bns9l.default\ FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava11.dll FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava12.dll FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava131_02.dll FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava32.dll FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPOJI600.dll FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll ============= SERVICES / DRIVERS =============== R0 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys [2002-11-22 48111] R0 ezgmntr;EZ GIG II Backup Archive Explorer;c:\windows\system32\drivers\ezgmntr.sys [2004-2-18 170080] R2 ezgfsfilt;EZ GIG II FS Filter;c:\windows\system32\drivers\ezgfsfilt.sys [2004-2-18 26912] R3 PRISM;Intersil PRISM Wireless LAN Driver;c:\windows\system32\drivers\PRISMNDS.sys [2003-1-13 51200] R3 Tp4Track;QuickPoint Driver;c:\windows\system32\drivers\tp4track.sys [2002-9-19 9447] S1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\xylocser.sys [2007-4-18 55712] S3 4mmdat;4mmdat;c:\windows\system32\drivers\4mmdat.sys [2004-6-27 12288] S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [2008-1-28 580992] S3 Avc2200;Adaptec AVC-2200 USB Device;c:\windows\system32\drivers\Avc2200.sys [2003-4-10 82176] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2003-7-31 2944] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2003-7-31 10368] S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-9-19 808939] S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2003-9-19 27088] S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2003-9-19 18416] S3 slz3unic;SL series Ver3 (WDM);c:\windows\system32\drivers\slz3unic.sys [2004-8-4 73040] S3 USBSAMP;OnSpecLink based USB Mass Storage Driver;c:\windows\system32\drivers\OnStor2K.SYS [2003-5-25 26274] S4 ramdisk;AR Soft RAM Disk Service;c:\windows\system32\drivers\ramdisk.sys [2004-11-5 10431] =============== Created Last 30 ================ 2009-10-17 12:45 <DIR> --d----- C:\1.tmp 2009-10-13 13:04 <DIR> --d----- c:\windows\system32\Temp 2009-10-13 11:46 <DIR> --d----- c:\program files\Glary Registry Repair 2009-10-13 11:46 <DIR> --d----- c:\docume~1\owner\applic~1\GlarySoft 2009-10-13 11:23 114,688 a------- c:\windows\~DF32A7.tmp 2009-10-12 13:06 <DIR> --d----- c:\program files\Trend Micro 2009-10-12 11:28 236,544 a------- c:\windows\PEV.exe 2009-10-12 11:28 161,792 a------- c:\windows\SWREG.exe 2009-10-12 11:28 98,816 a------- c:\windows\sed.exe ==================== Find3M ==================== 2009-10-17 12:45 1,431,584 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-10-17 12:33 17,804 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-09-09 12:14 311,296 a------- c:\windows\~DFCCD5.tmp 2009-09-09 11:55 311,296 a------- c:\windows\~DF9955.tmp 2009-09-09 11:49 311,296 a------- c:\windows\~DF7DB0.tmp 2009-09-09 10:14 311,296 a------- c:\windows\~DF6799.tmp 2009-09-09 09:56 16,384 a------- c:\windows\~DF1CE1.tmp 2009-09-09 09:56 16,384 a------- c:\windows\~DF1ABD.tmp 2009-09-02 18:21 262,144 a------- C:\ntuser.dat 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll 2003-06-15 17:27 64 a------- c:\documents and settings\owner\login_software.bat 2003-06-15 17:21 54 a------- c:\documents and settings\owner\login.bat 2001-08-18 08:00 94,784 ---sh--- c:\windows\twain.dll 2008-04-13 20:12 50,688 ---sh--- c:\windows\twain_32.dll 2008-04-13 20:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll 2008-04-13 20:12 57,344 ---sh--- c:\windows\system32\msvcirt.dll 2008-04-13 20:12 551,936 ---sh--- c:\windows\system32\oleaut32.dll 2008-04-13 20:12 84,992 ---sh--- c:\windows\system32\olepro32.dll 2008-04-13 20:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe ============= FINISH: 12:48:16.03 =============== GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2009-10-17 16:04:58 Windows 5.1.2600 Service Pack 3 Running: b6ytzxx6.exe; Driver: C:\kgtiipow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF5AFF930] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF5B0AA80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF5AFFF20] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF5B0B6E0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF5B0B440] SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF725025D] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF5B0B8B0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF5AFFD70] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF5B0C250] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF5B0BCB0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF5B0C080] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF5B00120] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF5B0B140] ---- Kernel code sections - GMER 1.0.15 ---- ? srescan.sys The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMSetAttributesEx] [F7250197] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMRegisterMiniport] [F724FE23] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F7250197] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F724FE23] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F725016D] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F72500B3] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F7250197] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F724FBC4] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F724FE23] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F5B07CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F5B081C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F5B08320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F5B07E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F7250197] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F724FE23] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F7250197] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F724FE23] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [F724FD3E] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F5B07E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F5B07CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F5B081C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [F7250197] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F5B08320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F7250197] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F724FE23] IPVNMon.sys (IPVNMon/Visual Networks) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F5B07CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F5B07E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F5B08320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F5B081C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F5B08320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F5B081C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F5B07CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F5B15330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F5B07E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F5B07CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F5B081C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F5B08320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F5B08320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F5B081C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F5B07E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F5B07CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [F5B07E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [F5B08320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [F5B081C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [F5B07CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F5B07CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F5B07E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F5B08320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F5B081C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F5B005C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F5B00770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F5B002D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F5B00670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Apricorn Snapshot API/Apricorn) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Apricorn Snapshot API/Apricorn) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Apricorn Snapshot API/Apricorn) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Apricorn Snapshot API/Apricorn) Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Attach.zip
  6. I've got a laptop running Windows XP. Both Firefox and IE 8 are unable to access any web pages, but ping works. Also Malwarebytes is unable to connect to it's server to do updates, and Hijack this was unable to contact it's server. Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:19:49 PM, on 10/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\windows\Explorer.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\PROGRA~1\COMMON~1\Sharp\SL\SSPCLI~1\SAUTOL~1.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\sharp\SL\SSPCLINK2\SNPLCEXE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\windows\system32\wuauclt.exe C:\windows\system32\ctfmon.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304041.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [sAutoLaunchExe] C:\PROGRA~1\COMMON~1\Sharp\SL\SSPCLI~1\SAUTOL~1.EXE O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - Startup: PowerReg Scheduler V3.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/ O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - http://support.fastaccess.com/sdccommon/download/tgrc.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {3907FEBA-74A6-49C1-A389-B1E076416538} - http://www.topmoxie.com/external/builds/my...mypt800_301.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://email4.uncg.edu/iNotes6W.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251846348972 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251846327030 O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab -- End of file - 6639 bytes Malwarebytes log: Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 5.1.2600 Service Pack 3 10/12/2009 1:58:11 PM mbam-log-2009-10-12 (13-58-11).txt Scan type: Quick Scan Objects scanned: 85658 Time elapsed: 12 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.