Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Help!! win32.trojandownloader.zlob

  • 17-04-2007 10:14am
    #1
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭


    Hi guys,

    The other halfs laptop got this trojan appearing yesterday. It is protected with Norton but it is not picking anything up when scanned. it has also been scanned in safe mode and still nothing. Have hitmanpro on it to which scanned it and found it, but unable to select the files to quarrantine them. have looked on some other threads about trojan removal. Almost all of these give link to a sites for removal programmes. But the problem we are having is that it will not allow us to access the internet!!! Its running in Internet Explorer. Could this trojan have changed the details in the internet options or something? Really need to know how to get back online so we can be able to download some software to get rid of it!!

    Hope someone out there can hellp!!

    Thanks


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    dl this and get it onto ur other halfs pc
    http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10379544.html?tag=lst-0-1
    Make sure you unzip it into a permanent folder
    click "Do a system scan and save a logfile" and post that here


  • #3
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    cool. will try that later and let you know how i get on.

    Thanks


  • #4
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    Stupid question. But if i want to get this onto the other laptop, shall i just download it, unzip it, then save it to a cd or something instead of opening it on my laptop? if i then put the cd into the infected laptop and open the hijack folder will it execute itself?

    Sorry, just want to make sure i do that bit correctly!

    Thanks again.


  • #5
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    you dont need to unzip it, just get the file in the link, put it on a cd or a flash key or whatever you can to get it onto your friends pc.
    then unzip it on ur mates pc, run it, and send a logfile.

    you will need to run the file urself if its on a cd @ ur friends house. it doesnt need to be installed though.

    hope i answered your question :)


  • #6
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    You did indeed. Ill get the log file up as soon as i can. Will prob be tmrw evening though.

    Thanks Actor.


  • Advertisement
  • #7
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    here is the hijack log file



    Logfile of HijackThis v1.99.1
    Scan saved at 11:56:49, on 18/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Documents and Settings\Shaun\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/0809/bF8.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0809&ac
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0809&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0809&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0809&s=search&ap=b204
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0809&ac
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video ActiveX Object\isadd.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mmp.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mmp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Belkin Wireless Utility.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174147030427
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174594930149
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Unknown owner - C:\WINDOWS\system32\HPConfig.exe (file missing)
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe



    Hope this helps


    Thanks


  • #8
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Thanks for that. Make sure you do all these steps

    Go to Start > Control Panel > Add or Remove programs > Remove these program in bold
    Video ActiveX Object

    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Next run HijackThis, and check these entries if present :

    O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video ActiveX Object\isadd.dll (file missing)
    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
    O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mmp.exe
    O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mmp.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


    close all windows except for HijackThis and click Fix checked

    Now delete this folder in bold

    C:\Program Files\Video ActiveX Object

    Please delete these files in bold if present
    C:\Windows\system32\mmp.exe
    C:\WINDOWS\web\related.htm

    Once you done all these steps, do the following

    It's extremely important and essential that you update Windows to the latest Service Pack, you need to do that here
    http://windowsupdate.microsoft.com/
    Make sure you download Service Pack 2 and any other important updates.

    Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
    http://www.adobe.com/products/acrobat/readstep2.html

    Post the combofix log and a new HijackThis log here in your next reply.


  • #9
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    Em....how do i download the combo thingy? cant access the net still on the infected laptop. have it here in front of me with my own one.

    Thanks


  • #10
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    oops my bad, forgot bout that small problem :)
    ignore the combofix for the time being, and do the HijackThis fixes.

    what you need to do is get combofix.exe onto a flash key/cd and load it up on the infected pc. Also once you do all the steps that are possible, reboot the laptop into safe mode by pressing F8 when it loads up, and do a full System scan with Webroot Spysweeper.


  • #11
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    ok. i got combofix and combo scan onto it via the flash pen so am now going to follow your first set of instructions.


  • Advertisement
  • #12
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    Video active x is not listed in the add or remove programmes. there is an one called - Adobe Flash Player 9 ActiveX. would that be it?


  • #13
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    no thats not it, dont worry about that, HJT and combofix will fix it


  • #14
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    Ok. combofix scanning now. Thanks.

    Just wondering, where does that Video activeX thing come form? it just cos he has an account on my laptop here too and he was using it last week and there was an icon on the desktop for Video ActiveX!! He didnt know what it was so I just deleted it from the desktop. Hope myown virus programmes dealt with it and it doesnt apear on here to bite me in the bum!!

    He is always looking at Youtube. Is that the culprit?


  • #15
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    na youtube wouldn't be the culprit. It's hard to say for sure, but chances are some site tried forcing him to install a dodgy codec to play video files. Or maybe it just attached it to the laptop unknown to him like lot of spyware.

    Remember you gotta uninstall bad programs like that, a simple deletion wont get rid of it. As long as you do all the steps I said below we should fix up the laptop.


  • #16
    DamoKen
    Registered Users, Registered Users 2 Posts: 1,269 ✭✭✭DamoKen


    something else you could try is download and run Stinger http://download.nai.com/products/mcafee-avert/stng260.exe, a small free app from McAfee which can be quite good for finding and removing worms. Should fit on a floppy I think.
    Had the same problem as you a few years ago except it was only anti virus sites like symantec etc that I couldn't connect to, turns out it edited my .hosts file (normally located at C:\WINDOWS\system32\drivers\etc) and redirected a lot of ip's to the localhost (me).
    Stinger found and deleted the culprit and I just got rid of all the entries in my hosts that shouldn't be there.
    Even if you can't get Stinger at the moment might be worth your while to check the .hosts


  • #17
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    Ok. here are the two log files.

    Logfile of HijackThis v1.99.1
    Scan saved at 13:22:00, on 18/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Documents and Settings\Shaun\Application Data\U3\0000060416000003\LaunchPad.exe
    C:\Documents and Settings\Shaun\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0809&ac
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0809&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0809&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0809&s=search&ap=b204
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Belkin Wireless Utility.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174147030427
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174594930149
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E7361B7E-C642-42A6-BE04-5F4DF9F5AC64}: NameServer = 62.231.32.10,62.231.32.11
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Unknown owner - C:\WINDOWS\system32\HPConfig.exe (file missing)
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe






    Second one



    "Shaun" - 07-04-18 13:23:02 Service Pack 1
    ComboFix 07-04-18.V - Running from: C:\Documents and Settings\Shaun\Desktop\


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))


    2007-04-18 11:59 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\U3
    2007-04-16 15:08 9,600 --a
    C:\WINDOWS\system32\drivers\hidusb.sys
    2007-04-16 14:44 <DIR> d
    C:\Program Files\Lavasoft
    2007-04-16 12:17 593,408 --a
    C:\WINDOWS\system32\h323msp.dll
    2007-04-16 12:17 548,352 --a
    C:\WINDOWS\system32\rtcdll.dll
    2007-04-16 12:17 439,808 --a
    C:\WINDOWS\system32\ipnathlp.dll
    2007-04-16 11:21 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    2007-04-16 10:40 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    2007-04-16 10:27 <DIR> d-a
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-04-16 00:32 <DIR> d
    C:\Program Files\SpywareLocked 3.4
    2007-03-31 17:08 <DIR> d
    C:\WINDOWS\RegisteredPackages
    2007-03-31 17:06 98,816 --a
    C:\WINDOWS\system32\dmstyle.dll
    2007-03-31 17:06 974,848 --a
    C:\WINDOWS\system32\dxdiag.exe
    2007-03-31 17:06 83,968 --a
    C:\WINDOWS\system32\drivers\nabtsfec.sys
    2007-03-31 17:06 80,896 --a
    C:\WINDOWS\system32\dpvsetup.exe
    2007-03-31 17:06 8,192 --a
    C:\WINDOWS\system32\d3d8thk.dll
    2007-03-31 17:06 797,184 --a
    C:\WINDOWS\system32\d3dim700.dll
    2007-03-31 17:06 79,360 --a
    C:\WINDOWS\system32\dpwsockx.dll
    2007-03-31 17:06 77,824 --a
    C:\WINDOWS\system32\dpmodemx.dll
    2007-03-31 17:06 76,800 --a
    C:\WINDOWS\system32\dmscript.dll
    2007-03-31 17:06 733,184 --a
    C:\WINDOWS\system32\qedwipes.dll
    2007-03-31 17:06 723,968 --a
    C:\WINDOWS\system32\dpnet.dll
    2007-03-31 17:06 7,424 --a
    C:\WINDOWS\system32\drivers\mskssrv.sys
    2007-03-31 17:06 68,096 --a
    C:\WINDOWS\system32\dpnhupnp.dll
    2007-03-31 17:06 667,648 --a
    C:\WINDOWS\system32\dinput8.dll
    2007-03-31 17:06 648,704 --a
    C:\WINDOWS\system32\dinput.dll
    2007-03-31 17:06 64,512 --a
    C:\WINDOWS\system32\amstream.dll
    2007-03-31 17:06 602,624 --a
    C:\WINDOWS\system32\dx7vb.dll
    2007-03-31 17:06 58,368 --a
    C:\WINDOWS\system32\dmcompos.dll
    2007-03-31 17:06 52,096 --a
    C:\WINDOWS\system32\drivers\msdv.sys
    2007-03-31 17:06 5,504 --a
    C:\WINDOWS\system32\drivers\mstee.sys
    2007-03-31 17:06 5,248 --a
    C:\WINDOWS\system32\drivers\mspclock.sys
    2007-03-31 17:06 491,520 --a
    C:\WINDOWS\system32\dsdmoprp.dll
    2007-03-31 17:06 48,512 --a
    C:\WINDOWS\system32\drivers\stream.sys
    2007-03-31 17:06 470,528 --a
    C:\WINDOWS\system32\qdvd.dll
    2007-03-31 17:06 47,104 --a
    C:\WINDOWS\system32\wstdecod.dll
    2007-03-31 17:06 46,592 --a
    C:\WINDOWS\system32\dxdllreg.exe
    2007-03-31 17:06 4,608 --a
    C:\WINDOWS\system32\drivers\mspqm.sys
    2007-03-31 17:06 4,096 --a
    C:\WINDOWS\system32\ksuser.dll
    2007-03-31 17:06 4,096 --a
    C:\WINDOWS\system32\drivers\swenum.sys
    2007-03-31 17:06 381,952 --a
    C:\WINDOWS\system32\dsound.dll
    2007-03-31 17:06 381,952 --a
    C:\WINDOWS\system32\dpvoice.dll
    2007-03-31 17:06 354,816 --a
    C:\WINDOWS\system32\psisdecd.dll
    2007-03-31 17:06 34,304 --a
    C:\WINDOWS\system32\mciqtz32.dll
    2007-03-31 17:06 33,280 --a
    C:\WINDOWS\system32\dmloader.dll
    2007-03-31 17:06 324,096 --a
    C:\WINDOWS\system32\mswebdvd.dll
    2007-03-31 17:06 32,768 --a
    C:\WINDOWS\system32\dpnhpast.dll
    2007-03-31 17:06 316,928 --a
    C:\WINDOWS\system32\qdv.dll
    2007-03-31 17:06 31,744 --a
    C:\WINDOWS\system32\pid.dll
    2007-03-31 17:06 3,072 --a
    C:\WINDOWS\system32\dpnlobby.dll
    2007-03-31 17:06 3,072 --a
    C:\WINDOWS\system32\dpnaddr.dll
    2007-03-31 17:06 292,864 --a
    C:\WINDOWS\system32\ddraw.dll
    2007-03-31 17:06 28,160 --a
    C:\WINDOWS\system32\dplaysvr.exe
    2007-03-31 17:06 27,136 --a
    C:\WINDOWS\system32\dmband.dll
    2007-03-31 17:06 257,024 --a
    C:\WINDOWS\system32\qcap.dll
    2007-03-31 17:06 24,064 --a
    C:\WINDOWS\system32\ddrawex.dll
    2007-03-31 17:06 230,400 --a
    C:\WINDOWS\system32\dplayx.dll
    2007-03-31 17:06 19,968 --a
    C:\WINDOWS\system32\dpvacm.dll
    2007-03-31 17:06 186,880 --a
    C:\WINDOWS\system32\dsdmo.dll
    2007-03-31 17:06 181,248 --a
    C:\WINDOWS\system32\dmime.dll
    2007-03-31 17:06 18,944 --a
    C:\WINDOWS\system32\encapi.dll
    2007-03-31 17:06 18,688 --a
    C:\WINDOWS\system32\drivers\wstcodec.sys
    2007-03-31 17:06 18,432 --a
    C:\WINDOWS\system32\dswave.dll
    2007-03-31 17:06 173,056 --a
    C:\WINDOWS\system32\qasf.dll
    2007-03-31 17:06 16,896 --a
    C:\WINDOWS\system32\msyuv.dll
    2007-03-31 17:06 16,896 --a
    C:\WINDOWS\system32\dpnsvr.exe
    2007-03-31 17:06 16,384 --a
    C:\WINDOWS\system32\drivers\ccdecode.sys
    2007-03-31 17:06 15,104 --a
    C:\WINDOWS\system32\drivers\mpe.sys
    2007-03-31 17:06 14,976 --a
    C:\WINDOWS\system32\drivers\streamip.sys
    2007-03-31 17:06 132,608 --a
    C:\WINDOWS\system32\devenum.dll
    2007-03-31 17:06 130,304 --a
    C:\WINDOWS\system32\drivers\ks.sys
    2007-03-31 17:06 13,312 --a
    C:\WINDOWS\system32\msdmo.dll
    2007-03-31 17:06 122,880 --a
    C:\WINDOWS\system32\dmusic.dll
    2007-03-31 17:06 112,128 --a
    C:\WINDOWS\system32\dpvvox.dll
    2007-03-31 17:06 11,392 --a
    C:\WINDOWS\system32\drivers\bdasup.sys
    2007-03-31 17:06 100,864 --a
    C:\WINDOWS\system32\dmsynth.dll
    2007-03-31 17:06 10,880 --a
    C:\WINDOWS\system32\drivers\slip.sys
    2007-03-31 17:06 10,112 --a
    C:\WINDOWS\system32\drivers\ndisip.sys
    2007-03-31 17:06 1,798,144 --a
    C:\WINDOWS\system32\qedit.dll
    2007-03-31 17:06 1,769,472 --a
    C:\WINDOWS\system32\dxdiagn.dll
    2007-03-31 17:06 1,703,936 --a
    C:\WINDOWS\system32\d3d9.dll
    2007-03-31 17:06 1,294,336 --a
    C:\WINDOWS\system32\dsound3d.dll
    2007-03-31 17:06 1,230,336 --a
    C:\WINDOWS\system32\msvidctl.dll
    2007-03-31 17:06 1,201,152 --a
    C:\WINDOWS\system32\d3d8.dll
    2007-03-31 17:06 1,189,888 --a
    C:\WINDOWS\system32\dx8vb.dll
    2007-03-23 20:14 127,208 --a
    C:\WINDOWS\system32\mucltui.dll
    2007-03-22 21:20 6,550 --a
    C:\WINDOWS\jautoexp.dat
    2007-03-22 21:20 46,352 --a
    C:\WINDOWS\setdebug.exe
    2007-03-22 21:20 313,856 --a
    C:\WINDOWS\system32\dx3j.dll
    2007-03-22 21:20 171,280 --a
    C:\WINDOWS\system32\jit.dll
    2007-03-22 21:20 139,536 --a
    C:\WINDOWS\system32\javaee.dll
    2007-03-22 21:19 947,472 --a
    C:\WINDOWS\system32\msjava.dll
    2007-03-22 21:19 63,248 --a
    C:\WINDOWS\system32\javaprxy.dll
    2007-03-22 21:19 49,424 --a
    C:\WINDOWS\system32\clspack.exe
    2007-03-22 21:19 404,752 --a
    C:\WINDOWS\system32\javart.dll
    2007-03-22 21:19 286,992 --a
    C:\WINDOWS\system32\vmhelper.dll
    2007-03-22 21:19 21,264 --a
    C:\WINDOWS\system32\msjdbc10.dll
    2007-03-22 21:19 187,152 --a
    C:\WINDOWS\system32\javacypt.dll
    2007-03-22 21:19 172,304 --a
    C:\WINDOWS\system32\jview.exe
    2007-03-22 21:19 171,792 --a
    C:\WINDOWS\system32\wjview.exe
    2007-03-22 21:19 154,384 --a
    C:\WINDOWS\system32\msawt.dll
    2007-03-22 21:19 15,120 --a
    C:\WINDOWS\system32\jdbgmgr.exe
    2007-03-22 21:19 113 --a
    C:\WINDOWS\system32\zonedon.reg
    2007-03-22 21:19 113 --a
    C:\WINDOWS\system32\zonedoff.reg
    2007-03-21 00:40 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\MSN6
    2007-03-21 00:40 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    2007-03-19 20:40 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\Help
    2007-03-19 11:28 991,232 --a
    C:\WINDOWS\system32\esent.dll
    2007-03-19 11:12 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\Template
    2007-03-19 02:56 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\InterVideo
    2007-03-19 01:43 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\Nokia Multimedia Player
    2007-03-19 01:34 <DIR> d
    C:\DOCUME~1\Shaun\Phone Browser
    2007-03-19 01:34 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\Datalayer
    2007-03-19 01:32 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\Nokia
    2007-03-19 01:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-03-19 01:28 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\PC Suite
    2007-03-19 01:25 <DIR> d
    C:\Program Files\Nokia
    2007-03-19 01:25 <DIR> d
    C:\Program Files\Common Files\PCSuite
    2007-03-19 01:25 <DIR> d
    C:\Program Files\Common Files\Nokia
    2007-03-19 01:23 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    2007-03-19 00:42 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\Google
    2007-03-19 00:41 <DIR> d
    C:\Program Files\Google
    2007-03-18 22:16 89,088 --a
    C:\WINDOWS\system32\ATL71.DLL
    2007-03-18 22:16 86,016 --a
    C:\WINDOWS\system32\preflib.dll
    2007-03-18 22:16 81,920 --a
    C:\WINDOWS\system32\bcmwliss.dll
    2007-03-18 22:16 757,760 --a
    C:\WINDOWS\system32\bcm1xsup.dll
    2007-03-18 22:16 69,632 --a
    C:\WINDOWS\system32\bcmwlpkt.dll
    2007-03-18 22:16 667,648 --a
    C:\WINDOWS\system32\BCMLogon.dll
    2007-03-18 22:16 499,712 --a
    C:\WINDOWS\system32\msvcp71.DLL
    2007-03-18 22:16 44,032 --a
    C:\WINDOWS\system32\wltrynt.dll
    2007-03-18 22:16 425,216 --a
    C:\WINDOWS\system32\bcmwl5.sys
    2007-03-18 22:16 348,160 --a
    C:\WINDOWS\system32\msvcr71.DLL
    2007-03-18 22:16 33,664 --a
    C:\WINDOWS\system32\drivers\bcmwlnpf.sys
    2007-03-18 22:16 33,664 --a
    C:\WINDOWS\system32\bcmwlnpf.sys
    2007-03-18 22:16 2,129,920 --a
    C:\WINDOWS\system32\WLBCGCBPRO731.DLL
    2007-03-18 22:16 180,224 --a
    C:\WINDOWS\system32\bcmwlu00.exe
    2007-03-18 22:16 18,944 --a
    C:\WINDOWS\system32\wltrysvc.exe
    2007-03-18 22:16 122,880 --a
    C:\WINDOWS\system32\bcmwls32.exe
    2007-03-18 22:16 1,236,992 --a
    C:\WINDOWS\system32\wltray.exe
    2007-03-18 22:16 1,093,632 --a
    C:\WINDOWS\system32\bcmwltry.exe
    2007-03-18 22:16 1,060,864 --a
    C:\WINDOWS\system32\MFC71.DLL
    2007-03-18 22:16 <DIR> d
    C:\Program Files\Belkin
    2007-03-18 21:18 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\Adobe
    2007-03-18 20:28 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\Lavasoft
    2007-03-18 20:25 36,864 --a
    C:\WINDOWS\system32\mf3216.dll
    2007-03-18 20:23 <DIR> d
    C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
    2007-03-18 20:22 78,336 --a
    C:\WINDOWS\system32\drivers\ssi.sys
    2007-03-18 20:22 102,912 --a
    C:\WINDOWS\system32\islzma.dll
    2007-03-18 20:22 <DIR> d
    C:\Program Files\Webroot
    2007-03-18 20:22 <DIR> d
    C:\DOCUME~1\Shaun\APPLIC~1\Webroot
    2007-03-18 20:20 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-03-18 20:18 <DIR> d
    C:\Program Files\SpywareBlaster
    2007-03-18 20:12 <DIR> d
    C:\WINDOWS\system32\GroupPolicy
    2007-03-18 20:11 <DIR> d
    C:\Program Files\Hitman Pro
    2007-03-18 19:22 786,432 --ah
    C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-03-18 19:22 <DIR> d
    C:\DOCUME~1\ADMINI~1\WINDOWS
    2007-03-18 19:22 <DIR> d
    C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
    2007-03-18 12:51 32,256 --a
    C:\WINDOWS\system32\msgsvc.dll
    2007-03-18 12:48 544,256 --a
    C:\WINDOWS\system32\crypt32.dll
    2007-03-18 12:48 53,760 --a
    C:\WINDOWS\system32\cryptsvc.dll
    2007-03-18 12:48 238,080 --a
    C:\WINDOWS\system32\newdev.dll
    2007-03-18 12:35 226,816 --a
    C:\WINDOWS\system32\srrstr.dll
    2007-03-18 12:14 26,112 --a
    C:\WINDOWS\system32\xpsp1hfm.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-18 12:16
    d
    C:\Program Files\Common Files\symantec shared
    2007-03-31 18:17 12400 --a
    C:\WINDOWS\system32\drivers\secdrv.sys
    2007-03-31 17:11 7680 --a-s---- C:\WINDOWS\system32\xyxuic.dll
    2007-03-22 21:27
    d
    C:\Program Files\messenger
    2007-03-19 00:41
    d--h
    C:\Program Files\installshield installation information
    2007-03-18 12:12
    d
    C:\Program Files\hpq
    2007-03-18 12:12
    d
    C:\Program Files\Common Files\installshield
    2007-03-17 22:13
    d
    C:\Program Files\scanspyware v3.8.0.x
    2007-03-17 17:10
    d
    C:\Program Files\symantec
    2007-03-17 17:03
    d
    C:\Program Files\symnetdrv
    2007-03-17 15:33
    d
    C:\Program Files\norton internet security
    2007-03-17 15:30 2397 --a
    C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-03-17 15:22
    d
    C:\DOCUME~1\Shaun\APPLIC~1\symantec
    2007-03-17 15:17 57344 --a
    C:\WINDOWS\uneng.exe
    2007-03-17 15:17
    d
    C:\Program Files\roxio
    2007-03-17 14:59 0 -rahs---- C:\MSDOS.SYS
    2007-03-17 14:59 0 -rahs---- C:\IO.SYS
    2007-03-17 14:59
    d
    C:\Program Files\intervideo


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    {9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    {BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ATIModeChange"="Ati2mdxx.exe"
    "CARPService"="carpserv.exe"
    "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "PreloadApp"="c:\\hp\\drivers\\printers\\photosmart\\hphprld.exe c:\\hp\\drivers\\printers\\photosmart\\setup.exe -d"
    "srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
    "Display Settings"="C:\\Program Files\\HPQ\\Notebook Utilities\\hptasks.exe /s"
    "QT4HPOT"="C:\\Program Files\\HPQ\\One-Touch\\OneTouch.EXE"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "IS CfgWiz"="C:\\Program Files\\Common Files\\Symantec Shared\\cfgwiz.exe /GUID NIS /CMDLINE \"REBOOT\""
    "URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
    "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "user32.dll"="C:\\Program Files\\Video ActiveX Object\\isamntr.exe"
    "rare"="C:\\Program Files\\Video ActiveX Object\\pmsnrr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{}"="carolus"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
    Shell\AutoRun\command E:\LaunchU3.exe -a

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97e168b1-ed9b-11db-ade4-001150f3e7bb}]
    Shell\AutoRun\command E:\LaunchU3.exe -a


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A?p?????????? ??3B?????????????T?B? ??????

    scanning hidden files ...

    C:\system.sav\CTO.TXT 4096 bytes
    C:\system.sav\CTOHW.TXT 16 bytes
    C:\system.sav\DAYLGSAV.reg 320 bytes
    C:\system.sav\FAVTOOL.LOG 352 bytes
    C:\system.sav\INFO.BOM 16384 bytes
    C:\system.sav\INFO.COV 12288 bytes
    C:\system.sav\INFO2.BOM 8192 bytes
    C:\system.sav\ISLOGCHK.LOG 4096 bytes
    C:\system.sav\REBOOT.ME 48 bytes
    C:\system.sav\REGDEV.LOG 40 bytes
    C:\system.sav\REGFLUSH.LOG 4096 bytes
    C:\system.sav\RegionCF
    C:\system.sav\RegionCF\euro.reg 216 bytes
    C:\system.sav\RegionCF\SFr.reg 232 bytes
    C:\system.sav\RmDev.log 12288 bytes
    C:\system.sav\T56PGS.B22 4096 bytes
    C:\system.sav\TN15MS.033 568 bytes
    C:\system.sav\TN15PS.B22 4096 bytes
    C:\system.sav\TNX54G.B23 4096 bytes
    C:\system.sav\TNXHLC.005 4096 bytes
    C:\system.sav\TNXXPS.033 4096 bytes
    C:\system.sav\util
    C:\system.sav\util\AppEvBk1.old 65536 bytes
    C:\system.sav\util\ATIRES.EXE 69632 bytes
    C:\system.sav\util\bootldr.flg 0 bytes
    C:\system.sav\util\BOOTSEC.NT4 512 bytes
    C:\system.sav\util\CHECKLOG.EXE 98304 bytes
    C:\system.sav\util\CIA.INI 69632 bytes
    C:\system.sav\util\CMDOOBE.CMD 72 bytes
    C:\system.sav\util\COMPNAME.EXE 32768 bytes
    C:\system.sav\util\DEFUSER.REG 320 bytes
    C:\system.sav\util\delcia.flg 32 bytes
    C:\system.sav\util\deldir.log 4096 bytes
    C:\system.sav\util\grnscrn.bto 552 bytes
    C:\system.sav\util\grnscrn.exe 49152 bytes
    C:\system.sav\util\infobomg.exe 172032 bytes
    C:\system.sav\util\INSTALL.LOG 204800 bytes
    C:\system.sav\util\make_rtr.flg 136 bytes
    C:\system.sav\util\NbUtil.log 184 bytes
    C:\system.sav\util\NewIC.log 176 bytes
    C:\system.sav\util\oca.reg 352 bytes
    C:\system.sav\util\oca_mrk.bat 120 bytes
    C:\system.sav\util\oobe.min 136 bytes
    C:\system.sav\util\oobe.wpe 184 bytes
    C:\system.sav\util\osexclude.txt 200 bytes
    C:\system.sav\util\PININST.INI 112 bytes
    C:\system.sav\util\PININST.LOG 168 bytes
    C:\system.sav\util\POSTOOBE.CMD 280 bytes
    C:\system.sav\util\POSTOOBE.LOG 24 bytes
    C:\system.sav\util\postproc.ini 584 bytes
    C:\system.sav\util\Powerset.log 96 bytes
    C:\system.sav\util\random.ini 32 bytes
    C:\system.sav\util\SecEvBk1.old 65536 bytes
    C:\system.sav\util\SETNAME.EXE 32768 bytes
    C:\system.sav\util\sleep.exe 36864 bytes
    C:\system.sav\util\srtool.exe 36864 bytes
    C:\system.sav\util\sr_on.vbs 4096 bytes
    C:\system.sav\util\SysEvBk1.old 65536 bytes
    C:\system.sav\util\touchpad.log 192 bytes
    C:\system.sav\util\WINDVD.LOG 176 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 60

    ********************************************************************

    Completion time: 07-04-18 13:27:04
    C:\ComboFix ... 07-04-18 13:27
    C:\ComboFix-quarantined-files.txt ... 07-04-18 13:27
    C:\ComboFix2.txt ... 07-04-18 13:07


  • #18
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    ok. ran an ad-ware scan in safe mode after this and deleted the files found. one of which was the trojan. Its still a bit slow. Also still cannot connect it to the net. the signal is perfect but still wont load a page. any idea how i can get over this? its running on Internet Explorer 6.

    Any ideas?


  • #19
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Gonna need to put this onto a flash key/cd and transfer it over to your laptop. So the problem with your pc is that you can get online but Internet Explorer or Firefox wont work?

    Download GMER from here:
    http://www.gmer.net/files.php

    Unzip it to the desktop.

    Open the program and click on the Rootkit tab.
    Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
    Click on Scan. Tell me if it finds anything!!
    When the scan has run click Copy and paste the results (if any) into this thread.


  • #20
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    Here are those results.


    GMER 1.0.12.12244 - http://www.gmer.net
    Rootkit scan 2007-04-18 15:54:16
    Windows 5.1.2600 Service Pack 1


    ---- System - GMER 1.0.12 ----

    SSDT FF8A6168 ZwConnectPort
    SSDT SSI.SYS ZwCreateKey
    SSDT SSI.SYS ZwCreateProcess
    SSDT SSI.SYS ZwCreateProcessEx
    SSDT SSI.SYS ZwDeleteKey
    SSDT SSI.SYS ZwDeleteValueKey
    SSDT SSI.SYS ZwRenameKey
    SSDT SSI.SYS ZwSetInformationKey
    SSDT SSI.SYS ZwSetValueKey

    ---- Devices - GMER 1.0.12 ----

    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_READ [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_READ [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA [FAB2B20C] SSI.SYS
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP [FAB2B20C] SSI.SYS

    ---- EOF - GMER 1.0.12 ----



    Thanks


  • #21
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    I can't see any bad stuff on your laptop...
    So the problem with your laptop is that you can get online but Internet Explorer or Firefox wont work? Make sure you dont have two firewalls running. Have you tried reinstalling firefox?

    Has anybody been messing on your laptop,deleting stuff?

    I have a few more ideas we can try in a while, hopefully somebody else may have an idea.


  • Advertisement
  • #22
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    it does not have firefox, only explorer. if i uninstalled explorer and reinstalled it would that solve it? if i uninstalled it, would i be able to choose only to reinstall explorer from the operating cd? or could i take firefox from another laptop and load it into the crocked one?


  • #23
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    its pretty hard to get rid of internet explorer and can damage your pc. Your best bet is to get firefox installer onto a flash key and transfer it over. We can do something that might fix ur IE, but try Firefox first please


  • #24
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    I got firefox onto it. When i turn the laptop on or restart it, it will allow connection to the internet. but once i try to get onto another page it wont load and when i close the browser page and try to reopen one, it will not connect again. basically, its allowing a single connection to one page each time it starts up, then no more.


  • #25
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    in your original post you said "Its running in Internet Explorer" concerning the trojans, was this just a guess or did you see something there? If so can you expand on this

    Also what security programs are on the laptop besides norton internet security and webroot spysweeper? Any firewalls or real-time protection programs?

    Is there anything else I should know...im stumped for ideas really since ur pc appears to be clean.


  • #26
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    I meant that that was the internet browser it used. the trojan was found and they are now gone thanks to your earlier help.

    Because the internet was only working as i explained in the last post ie. allowing one page to open then not allowing to open another page etc, i installed firefox thinking it could be something wrong with its version of IE.

    But now, even with firefox, its still only allowing the one page to open then no connection again.

    from what i can see, there is Norton plus HitmanPro. All the programmes that downloaded with hitman were Ad-ware, Scanspyware, Spybot Search and Destroy, Spyware Blaster, Spyware Locked, Webroot. Thats all i can make out from the program files. Might these all be conflicting?

    I have AVG on CD. Should I uninstall Hitman and just use that?

    Sorry about this. You really have been a great help so far. I apreciate it!!


  • #27
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Spyware Locked is a bad program that may be causing the problems. Definitely uninstall Hitman, it could be causing conflicts.
    so go to Start > Control Panel > add or remove programs > remove HitmanPro

    after that go delete the folder in bold
    to C:\Program Files\HitmanPro(or whatever its called)
    also download this program to ur flash key and install it over to the laptop

    Download: CCleaner (freeware)
    http://www.ccleaner.com/download/
    Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
    Once installed, run CCleaner
    Next: click Options click the Settings tab
    Uncheck: "Only delete files older than 48 hrs.", click Ok
    Then click Run Cleaner (bottom right) then Exit

    After that click the Issues tab on the left, click Scan for Issues, click Fix all selected issues, MAKE sure you save a back up when it prompts you.

    Also can you get to this site in Internet Explorer
    http://windowsupdate.microsoft.com/
    and get Service Pack 2?


  • #28
    Countryripple
    Registered Users, Registered Users 2 Posts: 283 ✭✭Countryripple


    cool. its currently downloading service pack 2. is going slowly though. will do those other things when this is done. hopefully that will be that then!!

    thanks a million.

    R


Advertisement