Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE Browser Hijack Google Search Results Re-directed

Started by frw28 , Oct 02 2006 02:46 PM

  • Please log in to reply

#16
Wizard
Posted 03 October 2006 - 02:32 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Neither attachment shows me anything useful.

I was hoping there was an attachment or a link to check out.


OK,lets back track a little.

Go to your C:\ drive and see if the folder !Killbox is there?

If so Ill give you a place to submit it.

Im also going to PM you a private email address thats used for nothing more than malware.

If you can figure a way to forward me a refused email,that would be great!


Something I want to check as well.


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

Advertisements

#17
frw28
Posted 03 October 2006 - 02:56 PM

frw28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Have sent 2 seperate emails to address you sent hope they make sense.

Here is SmitFraudFix

mitFraudFix v2.104

Scan done at 21:54:03.37, 03/10/2006
Run from C:\Documents and Settings\Frank Wilson\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Frank Wilson


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Frank Wilson\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FRANKW~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#18
Wizard
Posted 03 October 2006 - 05:39 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Sorry for the delay,hadda go out with the wife for a bit.

For now,will you please install the free version of Zone Alarm Free Firewall since there is no real firewall other than windows which is failing.

ZoneAlarm Free

It will also provide us with some logs that may help and should reduce or cease the spamming.

Edited by Cretemonster, 03 October 2006 - 05:39 PM.

  • 0

#19
Wizard
Posted 03 October 2006 - 06:02 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I got the email with the Killbox log and the 2 files but I didnt get the other one.

We need to search for the file I dont see


Open Notepad and Copy&Paste all the text in the Code Box below


dir \cpu3072.exe /a h /s > File.txt


Name the file find.bat
Save as Type: All files
Save it to the desktop.


Double Click find.bat and wait for the dos window to close.


File.txt should be genrated on the desktop

Post the entire contents of that text file please.
  • 0

#20
frw28
Posted 04 October 2006 - 12:56 AM

frw28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here are the contents of file text

Volume in drive C has no label.
Volume Serial Number is D414-0F8D

I have not installed the firewall you suggest yet. I connect to the internet via my home lan and a netgear router so I use the firewall rules on the router as my firewall i.e. NAT and stopping all inbound requests. I have stopped the spam getting out since I noticed them by stopping all outbound requests from my machine 10.0.0.17 via port 25 which means I cannot send email via Outlook but at least I am not using up bandwidth on my broadband conection. Each morning I get a log of all banned requests to the router her is a copy of this mornings log

Tue, 2006-10-03 15:27:47 - TCP Packet - Source:10.0.0.17,2096 Destination:193.133.99.168,25 - [SMTP match] Tue, 2006-10-03 15:28:08 - TCP Packet - Source:10.0.0.17,2099 Destination:193.163.255.184,25 - [SMTP match] Tue, 2006-10-03 15:28:29 - TCP Packet - Source:10.0.0.17,2116 Destination:193.165.211.30,25 - [SMTP match] Tue, 2006-10-03 15:28:50 - TCP Packet - Source:10.0.0.17,2117 Destination:193.17.15.21,25 - [SMTP match] Tue, 2006-10-03 15:29:11 - TCP Packet - Source:10.0.0.17,2118 Destination:193.188.125.146,25 - [SMTP match] Tue, 2006-10-03 15:29:32 - TCP Packet - Source:10.0.0.17,2122 Destination:193.189.140.95,25 - [SMTP match] Tue, 2006-10-03 15:29:53 - TCP Packet - Source:10.0.0.17,2135 Destination:193.193.162.5,25 - [SMTP match] Tue, 2006-10-03 15:30:14 - TCP Packet - Source:10.0.0.17,2136 Destination:193.201.42.4,25 - [SMTP match] Tue, 2006-10-03 15:30:35 - TCP Packet - Source:10.0.0.17,2137 Destination:193.209.83.133,25 - [SMTP match] Tue, 2006-10-03 15:30:56 - TCP Packet - Source:10.0.0.17,2138 Destination:193.209.83.72,25 - [SMTP match] Tue, 2006-10-03 15:31:17 - TCP Packet - Source:10.0.0.17,2139 Destination:193.212.240.190,25 - [SMTP match] Tue, 2006-10-03 15:31:38 - TCP Packet - Source:10.0.0.17,2140 Destination:193.229.0.46,25 - [SMTP match] Tue, 2006-10-03 15:31:59 - TCP Packet - Source:10.0.0.17,2154 Destination:193.229.5.160,25 - [SMTP match] Tue, 2006-10-03 15:32:21 - TCP Packet - Source:10.0.0.17,2162 Destination:193.23.116.16,25 - [SMTP match] Tue, 2006-10-03 15:32:42 - TCP Packet - Source:10.0.0.17,2163 Destination:193.246.239.75,25 - [SMTP match] Tue, 2006-10-03 15:33:03 - TCP Packet - Source:10.0.0.17,2164 Destination:193.247.238.19,25 - [SMTP match] Tue, 2006-10-03 15:33:24 - TCP Packet - Source:10.0.0.17,2165 Destination:193.25.197.210,25 - [SMTP match] Tue, 2006-10-03 15:33:45 - TCP Packet - Source:10.0.0.17,2172 Destination:193.25.197.64,25 - [SMTP match] Tue, 2006-10-03 15:34:06 - TCP Packet - Source:10.0.0.17,2180 Destination:193.252.23.4,25 - [SMTP match] Tue, 2006-10-03 15:34:24 - TCP Packet - Source:10.0.0.17,1177 Destination:141.156.31.135,25 - [SMTP match] Tue, 2006-10-03 15:34:24 - TCP Packet - Source:10.0.0.17,1388 Destination:162.94.28.26,25 - [SMTP match] Tue, 2006-10-03 17:41:38 - TCP Packet - Source:10.0.0.17,2760 Destination:144.140.90.13,25 - [SMTP match] Tue, 2006-10-03 17:41:59 - TCP Packet - Source:10.0.0.17,2774 Destination:148.87.113.120,25 - [SMTP match] Tue, 2006-10-03 17:42:20 - TCP Packet - Source:10.0.0.17,2775 Destination:155.212.2.45,25 - [SMTP match] Tue, 2006-10-03 20:16:11 - TCP Packet - Source:10.0.0.17,1226 Destination:12.104.110.36,25 - [SMTP match] Tue, 2006-10-03 20:16:32 - TCP Packet - Source:10.0.0.17,1227 Destination:129.41.169.30,25 - [SMTP match] Tue, 2006-10-03 20:16:53 - TCP Packet - Source:10.0.0.17,1228 Destination:137.122.6.56,25 - [SMTP match] Tue, 2006-10-03 20:17:14 - TCP Packet - Source:10.0.0.17,1229 Destination:141.146.126.231,25 - [SMTP match] Tue, 2006-10-03 20:17:43 - TCP Packet - Source:10.0.0.17,1230 Destination:129.41.169.30,25 - [SMTP match] Tue, 2006-10-03 20:18:04 - TCP Packet - Source:10.0.0.17,1231 Destination:137.122.6.56,25 - [SMTP match] Tue, 2006-10-03 20:18:25 - TCP Packet - Source:10.0.0.17,1232 Destination:141.146.126.231,25 - [SMTP match] Tue, 2006-10-03 20:18:46 - TCP Packet - Source:10.0.0.17,1233 Destination:144.140.90.13,25 - [SMTP match] Tue, 2006-10-03 20:19:07 - TCP Packet - Source:10.0.0.17,1234 Destination:148.87.113.120,25 - [SMTP match] Tue, 2006-10-03 20:19:29 - TCP Packet - Source:10.0.0.17,1235 Destination:155.212.2.45,25 - [SMTP match] Tue, 2006-10-03 20:19:50 - TCP Packet - Source:10.0.0.17,1236 Destination:161.58.16.34,25 - [SMTP match] Tue, 2006-10-03 20:20:11 - TCP Packet - Source:10.0.0.17,1237 Destination:161.58.18.5,25 - [SMTP match] Tue, 2006-10-03 20:20:32 - TCP Packet - Source:10.0.0.17,1238 Destination:162.115.227.108,25 - [SMTP match] Tue, 2006-10-03 20:20:53 - TCP Packet - Source:10.0.0.17,1239 Destination:167.206.4.77,25 - [SMTP match] Tue, 2006-10-03 20:21:15 - TCP Packet - Source:10.0.0.17,1246 Destination:167.206.4.79,25 - [SMTP match] Tue, 2006-10-03 20:21:36 - TCP Packet - Source:10.0.0.17,1247 Destination:168.144.68.108,25 - [SMTP match] Tue, 2006-10-03 20:21:57 - TCP Packet - Source:10.0.0.17,1248 Destination:193.25.197.210,25 - [SMTP match] Tue, 2006-10-03 20:22:18 - TCP Packet - Source:10.0.0.17,1249 Destination:193.25.197.64,25 - [SMTP match] Tue, 2006-10-03 20:22:39 - TCP Packet - Source:10.0.0.17,1250 Destination:193.252.23.4,25 - [SMTP match] Tue, 2006-10-03 20:23:00 - TCP Packet - Source:10.0.0.17,1251 Destination:193.71.180.98,25 - [SMTP match] Tue, 2006-10-03 20:23:21 - TCP Packet - Source:10.0.0.17,1252 Destination:194.105.138.72,25 - [SMTP match] Tue, 2006-10-03 20:23:42 - TCP Packet - Source:10.0.0.17,1253 Destination:194.106.220.51,25 - [SMTP match] Tue, 2006-10-03 20:24:03 - TCP Packet - Source:10.0.0.17,1261 Destination:194.106.220.67,25 - [SMTP match] Tue, 2006-10-03 20:24:24 - TCP Packet - Source:10.0.0.17,1262 Destination:194.109.24.132,25 - [SMTP match] Tue, 2006-10-03 20:24:45 - TCP Packet - Source:10.0.0.17,1263 Destination:194.116.174.97,25 - [SMTP match] Tue, 2006-10-03 20:25:06 - TCP Packet - Source:10.0.0.17,1264 Destination:194.12.224.131,25 - [SMTP match] Tue, 2006-10-03 20:42:45 - TCP Packet - Source:10.0.0.17,1374 Destination:88.208.206.144,25 - [SMTP match] Tue, 2006-10-03 20:43:27 - TCP Packet - Source:10.0.0.17,1378 Destination:88.208.206.144,25 - [SMTP match] Tue, 2006-10-03 20:44:28 - TCP Packet - Source:10.0.0.17,1379 Destination:88.208.206.144,25 - [SMTP match] Tue, 2006-10-03 20:45:29 - TCP Packet - Source:10.0.0.17,1393 Destination:88.208.206.144,25 - [SMTP match]


Do you still want me to set up the free firewall you suggest?
  • 0

#21
Wizard
Posted 04 October 2006 - 03:08 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I think the router will suffice since you have been smart enough to stop it at the router! :whistling:


For now,go ahead and Delete Smitfraud Fix and ComboFix since we really dont need them.


Lets see what all is in the Windows and System 32 folder.


Please download Filelist to your desktop.

Unzip this file to your desktop

Doubleclick onto the filelist.bat to run it and notepad will open with the results.

The list may be huge,so just attach it to the post so I can see the entire log.


I alos want to see what Kaspersky sees.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#22
frw28
Posted 04 October 2006 - 05:15 AM

frw28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Attached as requested - Kaspersky looks promising?

Attached Files


  • 0

#23
Wizard
Posted 04 October 2006 - 09:42 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
If I only knew what this reflected I may have more clues.

C:\System Volume Information\_restore{2CBB8F3F-6DF1-4FF5-AE43-31A952EB419C}\RP797\A0045651.exe Infected: Trojan.Win32.Agent.zq skipped



Lets have a look at another scan please,again,the list will be way to large so please attach it to the post.
  • Please download StartupList to your desktop.
  • Double click the startuplist.zip to extract the files inside.
  • When the new window opens, please double click on StartupList.exe
  • A window will open that will begin listing all of the startups with icons and text. In the lower left hand corner, it will show the status. When it says "ready" in the bottom left corner, it has finished running.
  • At the top of the window, click File>Save As and save startuplist.txt to your desktop.
  • Close startuplist.exe window
  • Post a copy of startuplist.txt in your next reply

  • 0

#24
frw28
Posted 04 October 2006 - 11:19 AM

frw28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Attached as requested. Thanks.

Attached Files


  • 0

#25
Wizard
Posted 04 October 2006 - 11:48 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hmmm,Im running out of idea here! :whistling:

Would you consider forwarding another of the emails that are being spammed?

It will be a different address this time and maybe it will slide through.


Please download Rootkit Revealer (link is at the very bottom of the page)
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save.
  • Make sure to save this log to your C:\ drive and name it RKR.txt
  • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

  • 0

Advertisements

#26
frw28
Posted 04 October 2006 - 12:25 PM

frw28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi again. I have forwarded a spam email to the address you supplied. Here is the log you asked for.

HKLM\S-1-5-21-682003330-527237240-839522115-1004\RemoteAccess\InternetProfile 06/02/2005 10:24 3 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}* 04/05/2006 08:04 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354}* 30/03/2006 10:07 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}* 04/05/2006 08:04 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{A211FD50-104A-552A-E783321B77B5C9DA}\{4E700FFC-D5B6-D24A-08D9C51A05E3FA14}\{72F82311-8741-4D82-9043D22F7FAD5282}* 30/03/2006 10:07 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EAE54BA3-56A0-7636-9D760FE75B19E95C}\{32AED356-A62E-B541-0C1631C471EC4552}\{622BCC28-1320-8061-75578A77CF92A31A}* 30/03/2006 10:07 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FE8DBE89-D247-CDA0-331071706D351D5D}\{D7E03019-A44C-9829-6C33C3798CE56E87}\{A96D9761-82B1-07BB-8B5956B67D5931EC}* 04/05/2006 08:04 0 bytes Key name contains embedded nulls (*)
  • 0

#27
Wizard
Posted 04 October 2006 - 04:10 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Im still unsure of what all those CLSIDs are about,im researching them further.

Again,the email didnt show up,I will PM you another address to try please.


Click start> run> type: msconfig and hit enter.
click the Boot.ini tab
checkmark the entry for /BOOTLOG
Click "Apply" and OK.
When asked to restart click Ok to restart.

Once restarted you may get warning about changes to the way windows starts.
Just check 'don't tell me this again" and click OK.

Go here:

C:\Windows
Locate ntbtlog.txt and delete it.

Reboot

Post the new c:\windows\ntbtlog.txt
  • 0

#28
frw28
Posted 05 October 2006 - 01:14 AM

frw28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here are contents fo ntbtlog.txt

Service Pack 210 5 2006 08:10:02.500
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver viaide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver viasraid.sys
Loaded driver \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver sr.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver timntr.sys
Loaded driver viaagp1.sys
Loaded driver snapman.sys
Loaded driver Mup.sys
Loaded driver gagp30kx.sys
Loaded driver \SystemRoot\system32\DRIVERS\ati2mtag.sys
Loaded driver \SystemRoot\system32\DRIVERS\yk51x86.sys
Loaded driver \SystemRoot\system32\DRIVERS\RT2500.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\Drivers\cdrbsdrv.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\system32\DRIVERS\parport.sys
Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\system32\drivers\ALCXWDM.SYS
Loaded driver \SystemRoot\system32\drivers\ALCXSENS.SYS
Loaded driver \SystemRoot\system32\DRIVERS\processr.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\DRIVERS\AvgAsCln.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\avg7core.sys
Loaded driver \SystemRoot\System32\Drivers\avg7rsw.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \SystemRoot\System32\Drivers\avg7rsxp.sys
Loaded driver \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Loaded driver \SystemRoot\system32\DRIVERS\tifsfilt.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \??\C:\WINDOWS\System32\Drivers\avgtdi.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \??\C:\WINDOWS\system32\ASNDIS5.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
  • 0

#29
Wizard
Posted 05 October 2006 - 02:48 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Attach the Bootlog,its too long to post.

You can remove any of the items downloaded that we arent using anymore.


Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Click on the Services tab.
  • From the two drop down boxes next to Filter list:, on the left one choose List all type of services and on the right one choose List all services.
  • Click on the Configuration tab.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Under File Options click Select All
  • Under Other Options put a check to both Show All boxes
  • Please maximize the window in order to be able to view the Status Bar where you can see the progress of the scan.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.

Again,the report will be huge so just attach it.
  • 0

#30
frw28
Posted 05 October 2006 - 03:24 AM

frw28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Attached as requested.

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP